Thursday, September 26, 2013
They didn't expect praise, did they? This isn't whistle blowing, it's digital paparazzi.
Hackers crack major data firms, sell info to ID thieves, says report
An illegal service that sells personal data "on any U.S. resident" -- which can then be used for identity theft -- hacked into servers at several major data aggregators including LexisNexis and Dun & Bradstreet, according to a report.
The service's customers have, the report said, "spent hundreds of thousands of dollars looking up SSNs, birthdays, driver's license records, and obtaining unauthorized credit and background reports on more than 4 million Americans."
In an article Wednesday, former Washington Post reporter Brian Krebs, who now writes the KrebsOnSecurity blog, outlined how a site called Expose.su managed earlier this year to post financial information on celebrities and government officials.
The site's activities triggered an FBI investigation, in part because Expose.su managed to publish the Social Security Number, address, and a credit report of then-FBI Director Robert Mueller.
According to Krebs, Expose.su (think "exposes you") got its info from another site, ssndob.ms, or SSNDOB (think "Social Security Number" and "date of birth"), which got the data by way of a small botnet it operates. The botnet appears to have access to compromised servers at several large data brokers in the United States, including LexisNexis, Dun & Bradstreet, and Kroll Background America. (And, in regard to the bot program installed on the hacked servers, Krebs reported that "none of the 46 top antimalware tools on the market today detected it as malicious.") [Probably because it is not. Bob]
… Krebs, who got his hands on a copy of SSNDOB's database, reported that a closer examination of it indicates that since SSNDOB came on the scene early last year, the service has sold more than 1.02 million unique SSNs and nearly 3.1 million date of birth records.
SSNDOB markets itself on underground cybercrime forums, Krebs said, and sells data at prices that "range from 50 cents to $2.50 per record, and from $5 to $15 for credit and background checks.
Another school board outsmarted by students. Why would anyone think this would not happen? Shouldn't they be rewarding this kind of independent learning? (My guess, it took a week for anyone to notice, but no time at all to hack the iPads.)
LAUSD halts home use of iPads for students after devices hacked
LAUSD students have figured out how to bypass security restrictions on iPads issued to them by the school district, giving them access to non-scholastic Internet sites.
Following news that students at a Los Angeles high school had hacked district-issued iPads and were using them for personal use, district officials have halted home use of the Apple tablets until further notice.
It took exactly one week for nearly 300 students at Theodore Roosevelt High School to hack through security so they could surf the Web on their new school-issued iPads, raising new concerns about a plan to distribute the devices to all students in the district.
… Students began to tinker with the security lock on the tablets because "they took them home and they can't do anything with them," [This is modern education? Bob] said Roosevelt senior Alfredo Garcia.
Roosevelt students matter-of-factly explained their technique Tuesday outside school. The trick, they said, was to delete their personal profile information. With the profile deleted, a student was free to surf.
Interesting. Being “most qualified” does not mean “any good.”
Seen on RT:
Supreme Court Justice Antonin Scalia said Wednesday the court eventually will have to determine the legality of far-reaching National Security Agency spying programs, though he is not convinced the court is equipped to based on modern security threats.
Scalia, speaking at the Northern Virginia Technology Council, said elected officials are most qualified to discern how much personal information of Americans the NSA can collect, and under what circumstances.
Read more on RT.
Well, they might be most qualified if they were actually informed, but we’ve already seen complaints where members of Congress were kept in the dark or not shown government documents that they supposedly should have had access to.
But even then, Congress may be willing to “give up a little privacy for security” so to speak, and laws they pass may not be constitutional, so eventually this will get to SCOTUS.
So simple. So true.
Gotta love xkcd.
If you’re not a regular reader of xkcd: (1) why not? and (2) remember to hover over the cartoon to see the alt text.
What sounds simple in the brainstorming session turns out to be a bit more complicated. Even if Yahoo is willing to “forget,” others are not. The “Right to be forgotten” is not observed by all players at the same time. Did Yahoo send notices to everyone on the “Recycled User's” contact list?
Kristin Burnham reports:
Yahoo announced late Tuesday night that the company plans to roll out a tool for recipients of recycled email accounts to return messages that were not intended for them. [And if they accidentally 'return' one that was meant for them? Bob] InformationWeek reported Tuesday on three [Potentially many more Bob] Yahoo users who began receiving emails containing personal information intended for the former user — including bank and wireless account information — after signing up for a recycled Yahoo account.
The new button, called “Not My Email,” will roll out this week and will be found under the “Actions” tab in users’ inboxes. The button will help users of recycled accounts train their inboxes [Potential to 'automatically' return the wrong email Bob] to recognize which email is intended for them and which is not, eventually rejecting email before the user has read it.
Yahoo said it also plans to offer help to users who have lost their Yahoo account due to inactivity. These steps include the option to reclaim your old account; outreach to users by phone and email; and extending the grace period for inactive accounts. Yahoo did not say when the option to reclaim an inactive account would be available.
Read more on InformationWeek.
It’s nice that honest netizens can report “not my mail,” but thanks to Yahoo!’s ridiculous recycling plan, there’s nothing that stops people from reading e-mail that was not intended for their eyes – as an earlier report by InformationWeek showed. They are considering a ”Require-Recipient-Valid-Since” protocol, but the sooner they fix this security and privacy mess that they’ve created, the better.
Another simple money saving idea that needed more research...
Loek Essers reports:
Schools that compel students to use commercial cloud services for email and documents are putting privacy at risk, says a campaign group calling for strict controls on the use of such services in education.
A core problem is that cloud providers force schools to accept policies [Only if they say “Yes” Bob] that authorize user profiling and online behavioral advertising. Some cloud privacy policies stipulate that students are also bound by these policies, even when they have not had the opportunity to grant or withhold their consent, said privacy campaign group SafeGov.org in a report released on Monday.
Read more on CIO.
Related: Protecting Vulnerable Data Subjects: Findings from a Survey of EU Data Protection Officials on the Use of Cloud Services in Organisations.
I suggest a Law School course titled “Technology for Lawyers”
'The First Time a Tumblr Has Been Used in an Argument in a Supreme Court Brief'
"Amicus Tumblr" has a certain ring to it, no?
On October 8, the Supreme Court will hear arguments in McCutcheon v. Federal Election Commission. The case centers on whether aggregate limits on donations to campaigns are constitutional, an extension of the legal logic behind the infamous Citizens United decision.
Before the Court hears arguments, though, the justices will have already consulted something unique: A legal document predicated on a Tumblr. According to Lawrence Lessig, the Harvard Law professor filing the brief, it’s the first time a Tumblr has been used in a Supreme Court filing.
On his own Tumblr this morning, Lessig (who’s also a contributor to The Atlantic) explained the reasoning:
The basic argument of the brief is that the Framers of the Constitution used the word “corruption” in a different, more inclusive way, than we do today. The Tumblr captures 325 such uses collected from the framing context, and tags to help demonstrate this more inclusive meaning.
… The Tumblr is already online (at ocorruption.tumblr.com), and its sidebar promises to “[collect] every use of the term ‘corruption’ among the records of the Framers.” Every entry consists of the name of one of the founders, a date, a block quote with all usages of corruption in bold, and a source. On July 25, 1788, for instance, James Iredell pronounced to North Carolina’s Constitutional Convention that the King of England:
has the disposal of almost all offices in the kingdom, commands the army and navy, is head of the church, and has the means of corrupting a large proportion of the representatives of the people, who form the third branch of the legislature.
Would our Congress look here for ideas? Laws that are “Worst Practices?”
Commentary – The ‘Legalization’ of China’s Internet Crackdown
Stanley Lubman – “Internet usage – especially microblogging on Sina Weibo, China’s largest Twitter-like social media site – is presenting new challenges and new attempts to meet them from a government determined to maintain control. In recent months Beijing has launched a multi-pronged offensive against online criticism of current policies and institutions that includes a propaganda campaign, arrests and a duplicative new legal rule that attempts to justify the response and deter future online critiques. This call to battle is not new, but its codification in legal dress is disturbing and represents a magnified threat to online discussion and dissent in China.”
Perspective. I'm surprised it waited this long. When will (more) big city papers follow?
World's oldest newspaper to end print edition, go digital only
After nearly 280 years in print, the world's oldest continuously published newspaper is stopping the presses in favor of a digital presence.
Lloyd's List, which was founded in 1734 as a notice posted to a London coffee shop's wall, announced Wednesday it will cease its print edition in December. The newspaper is widely regarded as the leading source of news and analysis for the global shipping market.
… "The overwhelming majority of our customers choose the capabilities of digital over print," editor Richard Meade said in a statement noting the advantages of a digital-only model.
… The Seattle Post-Intelligencer stopped publishing a print edition in March 2009, followed the next month by the Christian Science Monitor. Magazines such as Newsweek and US News & World Report have followed suit, choosing to publish only on the Internet.
For the Swiss Army toolkit.
– Turn back time? Yes! Intermission lets you pause and rewind live audio on your computer. Streaming audio will never be the same! With Intermission, you can jump back and replay something you missed, then resume live playback. You can even pause streaming audio on services like Pandora, iTunes Radio, or Spotify to build a buffer, then skip right past the ads and songs you don’t want to hear.
(Ditto) I'll check this one out...
– The Internet is forever. Your private communications don´t need to be. Wickr is a free app that provides military-grade encryption of text, picture, audio and video messages, sender-based control over who can read messages, where and for how long, best available privacy, anonymity and secure file shredding features, and security that is simple to use.
Have you been watching this? Un-possible! (The boats that fly are amazing!)
Oracle Team USA caps stunning comeback to win America's Cup
Skipper Jimmy Spithill and Oracle Team USA won the America's Cup on Wednesday with one of the greatest comebacks in sports history.
Spithill steered Oracle's space-age, 72-foot catamaran to its eighth straight victory, speeding past Dean Barker and Emirates Team New Zealand in the winner-take-all Race 19 on San Francisco Bay to keep the oldest trophy in international sports in the United States.
We have a huge color printer and we're not afraid to use it!
Complement 100 Diagrams That Changed the World with 17 equations that changed the world and the fantastic Cartographies of Time.
Dilbert illustrates the downside of winning an argument.