'Tis the season. Like
most retailers, the video is not reviewed unless a specific
incident/problem is under review. Waiting a month to notify the AG
is a bit unusual.
Ten registers in
Nordstrom stores in Aventura Florida reportedly were
tampered with and had keyloggers attached. Video
footage from security revealed that the criminals worked in groups to
distract and install the keyloggers between August 14 and October 5,
when Nordstrom discovered the problem.
Nordstrom believes that
some customer data may have been compromised, but all customers who
had transactions during the suspect period were offered free credit
monitoring and resolution services.
Nordstrom reported the
breach to the New Hampshire Attorney General’s office on November
7th.
Attention Ethical
Hackers. Target alert! Just make sure you can turn it back on as
the AAA guy arrives (and then off when he leaves)
French
automaker Renault can cut off your car battery if you don’t make
payments on time
Interesting.
Microsoft's
new Cybercrime Center combines tactics against hacking groups
… Microsoft Corp's
expanded Digital Crimes Unit inside the 16,800-square foot,
high-security facility combines a wide array of tactics that have
worked the best: massive data gathering and analysis, gumshoe
detective work, high-level diplomacy and creative lawyering.
All technology goes
from the rare and exotic to the common place and everyday. No doubt
most of this technology is available for free online, all you need do
is find it and assemble a toolkit (or hire one of my Ethical Hackers)
Corollary: By the time technology goes commercial, the military (and
those 3 letter agencies) have new tech toys.
Sean Gallagher reports:
Local
law enforcement is getting the kind of technological boost that used
to be limited to three-letter agencies, thanks to Web-based software
services that mine social media for intelligence. At last month’s
International Association of Chiefs of Police (IACP) conference in
Philadelphia, LexisNexis showed off a new tool it will bundle with
its research service for law enforcement agencies—one that will
help them “stake out” social media as part of their criminal
investigations.
Called
Social Media Monitor, the cloud-based service will watch social
networks for comments and activities that might offer clues to crimes
in the physical world. With direct connections into a variety of
social media services’ feeds, it will help police plow through
Twitter and Facebook in search of evidence that could lead to
arrests.
Read more on Ars
Technica.
Joe Cadillic also sends
along links to these reports:
(Related) You can work
backward from the results to the technology used. You can't work
backward to the laws requiring/justifying anything if the laws are
secret. (Ignorance of secret laws is an excuse?)
Victory:
Government to Release More NSA Documents and FISA Court Opinions in
Response to EFF Lawsuit
Mark Rumold writes:
On
Monday, the US Department of Justice will release to the public
hundreds of additional pages of government documents concerning its
use of Section 215 of the Patriot Act, the provision of law the NSA
relies on to collect the call records of millions of Americans.
The
disclosures will follow closely on the heels of yesterday’s reports
in the New
York Times and Wall
Street Journal that the CIA, too, has been using Section 215 to
collect, in bulk, the sensitive financial information of millions of
Americans making overseas financial transfers. The Times
reported that “Several officials also said more than one
other bulk collection program has yet to come to light.” While
it is not clear whether the documents released on Monday will contain
information about the CIA’s program, we’re hopeful that the
government will take the opportunity to finally be forthcoming with
the American public about all secret bulk collection
programs operating under Section 215.
Monday’s
disclosures are the result of a Freedom
of Information Act lawsuit filed by EFF over two years ago.
Read more on EFF.
How far from this to
new law?
INFORMATION
RESELLERS
Consumer Privacy
Framework Needs to Reflect Changes in Technology and the Marketplace
GAO was asked to
examine privacy issues and information resellers. This report
addresses (1) privacy laws applicable to consumer information held by
resellers, (2) gaps in the law that may exist,and (3) views on
approaches for improving consumer data privacy.
Something for the
Student Veterans Organization to notify members about? Better: tell
them how easy it is to cover the bar code with duct tape.
Jackie Calloway
reports:
Anyone
with a smartphone and a bar code app can scan any VA identification
card issued since 2004 and the cardholder’s Social Security number
immediately pops up on the screen.
Tampa
businessman and Army veteran Barry Landau wants answers. “I didn’t
think that was possible.” Landau said. “The card is absolutely
no good.”
WFTS
found Veterans Affairs published warnings about the veterans
information, or VIC, cards on their website in 2011 and in July of
this year.
The
alert states, “Some barcode readers, including those available as
applications on cell phones, can scan the bar code on the front of
the card, and reveal the veteran’s social security number.”
Read more on TCPalm.
No comments:
Post a Comment