Thursday, November 30, 2006

Security? We don't need no stinkin' security!”

http://www.wetmtv.com/news/local/story.aspx?content_id=98C87196-EBEF-40BE-9A73-85A770B8B4D9

Discarded Western Union Computer Found; Hard Drive Loaded with Customer Data

Last Update: 11/29/2006 2:42:33 PM Posted By: Rachel Rose

If you’ve ever wired or received money through Western Union, this may come as some alarming news:

An old Western Union computer filled with dozens of customers’ data somehow ended up at the Chemung County Transfer Station, completely unattended and otherwise up for grabs.

Company officials were notified about it a year ago. But they didn’t do anything about it until we stepped in last month.

... Skip Starr, President of R.E.A.C.T., an electronics recycling store in Big Flats, said his facility received the hard drive from the Chemung County Transfer Station last year. When he realized what it was, he said, he put it aside right away and called Western Union.

In fact, he says he made at least six calls to the corporate headquarters.

I spoke to a manager every time,” Starr said. “As of yet, they haven’t replied. They always tell me they’ll call me back.”

But, he says, for an entire year, no one did call him back!

So, we stepped in and called Western Union ourselves.

Within a few days, a company representative flew to Elmira from Colorado and picked up the hard drive at WETM-TV’s studios.

That was on Oct. 18th.

Almost a month later, a company spokesperson still couldn’t tell us how the computer ended up at the Transfer Station, but offered this statement:

... What’s worse, Danaher says there’s nothing to prevent companies like Western Union from throwing out their old data.

There are no restrictions or laws in effect, presently, that prohibit companies from getting rid of information.”

The law only requires a company to notify its customers if information like social security or other account numbers are compromised. However, a Western Union spokesperson says the company will not notify its customers about this incident because they don’t believe anyone was put at risk for identity theft.


http://cbs2.com/topstories/local_story_332234121.html

Nov 28, 2006 8:39 pm US/Pacific

Stolen Drive Puts Faculty, Student Info At Risk

(CBS) LOS ANGELES Personal information of 48 faculty members and more than 2,500 students and applicants of a Cal State L.A. teacher credential program was on a portable disk drive that was recently stolen, authorities said Tuesday.

... The college was recently informed that an employee's USB drive was inside a purse stolen from a car trunk in the Norwalk area.


First time I've seen this!

http://www.timesleader.com/mld/timesleader/16124655.htm

Computers, cameras stolen from state driver’s license center

By EDWARD LEWIS elewis@timesleader.com Posted on Wed, Nov. 29, 2006

HANOVER TWP. – Computers and computer-related equipment that may contain personal information were stolen from the state’s Drivers License Center when burglars deactivated an outside alarm system and forced open a steel door.

... Personal information isn’t kept at the Hanover Township-based center and is downloaded overnight to the Pennsylvania Department of Transportation’s headquarters in Harrisburg, Kelly said. [YES! Very good. Bob]



I suspect the same is true in the US.

http://www.loglogic.com/news/news-releases/2006/11/uk_financial_services_companies_vulnerable_to_data_theft_reveals_survey/

UK Financial Services Companies Vulnerable to Data Theft Reveals Survey

LogLogic survey finds 76.UK Financial Services Companies Vulnerable to Data Theft Reveals Survey

LogLogic survey finds 76 per cent of UK's biggest financial services companies unable to track and trace potential theft

While 86 per cent of large UK financial services companies report that their enterprise data is mission critical, 76 per cent reveal that that they do not currently have systems in place to track and trace potential data theft according to a survey commissioned by LogLogic, the log management and intelligence company. Of those companies who report having systems in place to monitor IT data, 57 per cent say it takes them several days to identify security breaches involving data theft and just 19 per cent report they are able to perform the appropriate forensics within one working day.

... The research found that of those financial services companies that do not have a system to track data theft, 94 per cent report that they are 'concerned' and cite a lack of budget as the key reason for the failure to address the security issue. Monitoring or tracking employees was also a concern with 29 per cent of those financial services companies surveyed reporting that they are not immediately aware when an employee leaves or is terminated from their organisation. Further compounding the issue, over one third of those surveyed admitted that they do not know how employees' data is handled before or after they leave.

Ironically, this same survey found that 86 per cent report that meeting data compliance legislation is a current priority in their organization, with 52 per cent acknowledging that the US Sarbanes-Oxley (SOX) regulation is relevant to their operations. SOX mandates companies have strict policies regarding data retention, security, and audit trails that clearly determine how employee data is handled at termination.



I'm sure that if we wait a few weeks, they'll get over it. You can't make political hay until just before the next election, and you wouldn't want to actually change anything...

http://techdirt.com/articles/20061129/143834.shtml

Feds Finally Realizing That Current E-Voting Standards Suck

from the it-took-them-this-long? dept

Despite the fact that people have been pointing this out for many years, it seems that the federal government is finally recognizing that current e-voting machines suck, and it's time to have much more stringent rules on e-voting machines. Specifically, they want to finally require voter verifiable paper trails so that every machine can have an audit and a recount if there are any questions about them -- which would mean that the plan in Sarasota county, Florida to resell their broken e-voting machines may have just gone out the window. Of course, as per usual, there are always some who are against such a plan. The article quotes an "elections expert" who complains: "If you insist on paper you're tying elections to an old technology." That's about the weakest argument we've heard. We need e-voting machines because they're new? How about accuracy or security? I would think in the long list of reasons why you'd want any particular voting method, "novelty" as opposed to "been around for a while" would be near the bottom of the list.



Is this typical? Should every business do this?

http://michaelzimmer.org/2006/11/28/google-now-gets-purchasing-data-too/

Google Now Gets Purchasing Data, Too

Posted on Tuesday, November 28th, 2006 at 10:39 am

With their recent push to get the citizens of Planet Google to start using Google Checkout, Google’s growing infrastructure of dataveillance now includes purchasing data. From Google Checkout’s privacy policy:

* Registration information - When you sign up for Google Checkout, we ask for your personal information so that we can provide you with the service. The information we require to register for the service includes your name, credit or debit card number, card expiration date, card verification number (CVN), address, phone number, and email address. For sellers, we also require you to provide your bank account number, and in some situations, your personal address, your business category, your taxpayer identification number or social security number, and certain information about your sales or transaction volume. This information allows us to process payments and protect users from fraud. In some cases, we may also ask you to send us additional information or to answer additional questions to help verify your information. The information we collect is stored in association with your Google Account.

* Information obtained from third parties - In order to protect you from fraud or other misconduct, we may obtain information about you from third parties to verify the information you provide. For example, we may use card authorization and fraud screening services to verify that your credit or debit card information and address match the information that you provided to us. Also, for sellers, we may obtain information about you and your business from a credit bureau or a business information service such as Dun & Bradstreet.

* Transaction information - When you use Google Checkout to conduct a transaction, we collect information about each transaction, including the transaction amount, a description provided by the seller of the goods or services being purchased, the names of the seller and buyer, and the type of payment used.

John Battelle has much more.



http://www.bivingsreport.com/2006/the-presence-of-magazines-on-the-internet/

The Presence of Magazines on the Internet

Posted on November 29th, 2006

TBG has recently completed a research study called "Analyzing the Presence of Magazines on the Internet". In the wake of success surrounding our previous newspaper study, "The Use of the Internet by America's Newspapers ", we decided to conduct similar research on the magazine industry.

Our study reviews the websites of the top 50 most circulated magazines in the United States and evaluates them based on the presence or absence of various Web 2.0 features. After finishing the research, it became clear that magazines are not making use of Web 2.0.

Despite their failure in terms of Web features, it should be recognized that magazines have taken on a more effective general strategy than newspapers when it comes to the Internet. Instead of replicating printed content online, as newspapers do, magazines have made efforts to publish unique, Web specific, and easily digestible materials on their websites. In this way, magazines are using the Internet as a supplement to, rather than a replacement of, their printed publications. Magazine websites limit their article content and focus on pushing customers to purchasing printed subscriptions.

Here are some key findings from our research:

  • The most common online feature offered by magazines is RSS feeds (48 per cent). All of the RSS feeds offered by magazine websites are partial feeds. In addition, none of the magazines are including advertisements in their RSS feeds, while just 28 per cent of magazines divide their RSS feeds into different sections.

  • Message boards/forums are offered by 46 per cent of magazine websites. This seemingly old-fashioned form of communication is extremely popular on magazine websites, particularly on the sites of women’s magazines.

  • 38 per cent of the magazines require registration to view all of the site’s content. While this feature is only present on 23 per cent of the nation’s top 100 newspaper sites, it seems that magazines are still heavily reliant on website registration. It must be noted, however, that newspaper and magazine online registration is very different. The large majority of the magazines we investigated allow users to view article content free of registration. However, to participate in forums, registration is required. This seems to serve as a mechanism for monitoring content that people post on message boards rather than to collect demographic information, as is the case with newspapers. Thus, this 38 per cent figure largely represents magazines that require forum registration, not registration for the purpose of reading articles.

  • 38 per cent of the magazines offer at least one reporter blog. Readers can comment on 16 of the 19 magazine blogs, while eight reporter blogs offer blogrolls, or external links to other blogs.

  • Video is an offering on 34 per cent of websites.

  • Just 14 per cent of websites use podcasts and bookmarking; eight percent allow comments on articles; and six per cent use tags.

You can read the report in its entirety here and view our data sheets here.




http://www.bespacific.com/mt/archives/013151.html

November 29, 2006

Rand Report on State and Local Emergency Preparedness

Combating Terrorism - How Prepared Are State and Local Response Organizations?

  • "This book presents the results of the third and final wave of a national survey to elicit assessments of state and local response agencies of the activities they have undertaken after 9/11 to respond to terrorist-related incidents and of federal programs intended to improve preparedness and readiness for terrorism. The survey also sought information on how state and local agencies are resourcing these activities." (197 pages, PDF)



Defining antitrust? Could a new car company claim that GM had an unfair advantage because it was buying all the output of one of its suppliers? Who is supposed to benefit?

http://techdirt.com/articles/20061129/102802.shtml

Is Aggressive Competition Anti-Competitive?

from the what's-the-difference dept

For any company, one of the most important decisions it has to make is the price of its goods or services. Straddling the line between competitiveness and profitability is a task that's made harder by the fact that from time to time, certain pricing decisions are deemed to be illegal, or at least the competition claims as such. We saw cries, earlier this year, that Microsoft's decision to sell its anti-virus suite at a cut-rate price was anti-competitive. Of course, while Microsoft's aggressive pricing may have been rough on the competition, it was a positive for customers, many of whom took to the offering. The Supreme Court is currently hearing an interesting case that involves paper and timber company Weyerhauser. The company is accused of buying too much lumber, to drive up the cost for their competitors, and then undercharging for the finished goods, again, to wreak havoc on their competitors profit margins and drive them out of business. It seems like the company has two valid defenses. The first is that you can't demonstrate the company's intent. Perhaps it really just wanted to buy up a lot of raw materials, and felt that it could still do well at that volume. The second is that even if the company took these actions for the express purpose of harming its competitors, then that's just aggressive business. Naturally a company wants to see their competitors pay more for raw materials. And as in the Microsoft case, it would seem like the end user benefits from Weyerhauser's actions, in the form of lower prices on end goods. Considering all of the questions surrounding intent, and the difference between being competitive and anti-competitive (which is an odd phrase), it definitely seems like a mistake to meddle in something as important as pricing.



http://techdirt.com/articles/20061129/134917.shtml

Justice Department Misses The Point In Suit Against Realtors

from the not-getting-it dept

Here's a story that hits on some of today's themes of monopolistic behavior and keeping stuff off the internet. The Department of Justice has been given the go ahead to proceed with a lawsuit against the National Association of Realtors, alleging that the group colluded to prevent listings from appearing online, in a bid to give established brokers an advantage. Now, we'd be tempted to say that however backwards the organization's thinking is, they have the right to distribute their data to whomever they want. But we should take a step back and ask why the NAR is in the position to monopolize this information in the first place. That fault rests with the government, which has put the NAR in charge of regulating its industry, and deciding who can and can't be a broker. In other words, its monopoly has official legal blessing. Without this, anyone could go out and get listings, and abide by whatever rules they wanted to, offerings to broker home sales as efficiently as possible. So instead of suing the NAR, for doing what it's intended to do (maximize profits for its members) why not get at the root of the problem and take away its monopoly status?



Attention RIAA!

http://techdirt.com/articles/20061129/112129.shtml

France To Cosmetics Companies: Get Online Or Else!

from the it's-the-21st-century dept

It's the time of the year when we're inundated with stories about online shopping, as if it were still this totally new phenomenon that warrants special attention. That being said, there are apparently several holdouts from the trend, as some companies have taken aggressive moves to prevent their products from being sold online. In France, ten cosmetics companies have reached a deal with the government, agreeing to become more flexible about internet sales. French regulators had accused these companies of "distorting the market" by restricting how their products could be sold. The reasons for not wanting to sell online aren't completely clear. It seems in some cases that it has to do with maintaining the mystique and aura of the brand. In any event, these companies should be able to come to any agreement with distributors that they want. If they insist on only physical sales, and that's what the retailer wants, then it doesn't seem like a problem. Making the whole discussion even sillier, is that there's nothing preventing another party from acquiring this merchandise, and then going on and selling it how they like, assuming the right of first sale were respected. It would be a different matter if, say, a large retail firm were telling its suppliers that they couldn't let their products get sold online, as Wal-Mart's done with DVD sales, pressuring Hollywood studios not to make their films available for download. Even this action might not warrant government intervention, but it's a lot closer to the market distortion that has the French so worried.



So, is there a cop assigned to monitor the internet, or do they rely on tipsters? Is a video “probable cause?” Should we arrest the “Men in Black” for driving after hitting the red button?

http://techdirt.com/articles/20061129/211700.shtml

Police Fine Driver Who Supplies His Own Speed Camera Via YouTube

from the zoom-zoom-zoom dept

Lots of people dislike speed cameras that have a history of malfunctioning, but it's another thing altogether to basically turn a speed camera on yourself. Following in the footsteps of others who have been arrested after documenting their misdeeds on MySpace or YouTube, a young man in Norway has been given a $1,300 fine for speeding after he posted a video of himself driving at speeds up to 150 mph, more than twice the legal speed limit in Norway. If anything, the police seem to have let him off easy, saying they could only prove he had averaged 86 miles per hour, and set the fine at that speed. Once again, though, it just goes to show that just because you get away with something, you still can get in plenty of trouble if you post the evidence online for everyone to see. However, it certainly does fit with the rise of exhibitionist culture these days.

No comments: