“The computer did it!”
http://www.mlive.com/news/muchronicle/index.ssf?/base/news-10/1166631362312200.xml&coll=8
E-problem puts library patrons' info on Internet
Wednesday, December 20, 2006 By Michael Buck CHRONICLE STAFF WRITER
A technical problem on the Lakeland Library Cooperative Web site made available personal information of more than 15,000 patrons across West Michigan on the Internet.
Information that was displayed included names, phone numbers, e-mail addresses, street addresses and library card numbers of library patrons registered on the site.
Minors were also indicated on the spreadsheet type document by a listing of parents' names.
"(Our systems manager) thinks there was a software malfunction," said Martha McKee, interim director of the Lakeland Cooperative Library. "They fixed that, so the information is not accessible anymore."
... "I don't think anything bad will happen, but we need to be proactive," she said.
... Less than 24 hours after VanOosterhout alerted library officials to the problem, Lakeland Cooperative computer administrators secured the data.
... Neither McKee nor VanOosterhout could estimate how long the information was available for viewing on the Internet. [Real managers keep records! Bob]
Note what they knew about this one. Every organization should have this information!
http://www.gazetteextra.com/bigfootwebsite122006.asp
Report: Privacy breach limited on Big Foot Web site
(Published Wednesday, December 20, 2006 01:16:06 PM CST) By Chris Schultz Gazette staff
WALWORTH-It appears that no one outside Big Foot High School saw personal information that accidentally was posted on the school's Web site, according to a summary report released by the school board Tuesday.
"We are completely certain that information was available only to our staff," Superintendent Thomas Nykl told the board.
... School board member Rick Ackman wanted to create a committee to review the incident and determine whether action should be taken against the person responsible.
He withdrew his motion at the request of Sue Pruessing, school board president, who said the board should wait for reaction from people affected by the breach. [Let's see if anyone cares... Bob]
... On Oct. 18, Nykl was trying to post financial information on the district Web site, including cost of individual teacher and staff salaries and benefits.
Nykl didn't know that personal information, such as Social Security numbers and dates of birth, was attached. Salary and benefit information is open to the public; the other information is not.
Social Security numbers, last names and years of birth of 87 current and former employees were published on the Internet.
... When the items were first posted about 9:40 a.m., the link to the financial and confidential information didn't work, the report said.
The links were repaired about 11:20 a.m. They were then accessed 37 times by 14 computers, all of them internal, the report says.
Two hits on the link came from outside, but they were not able to retrieve the files containing the confidential information, the report says. [This type (and detail) of information should be available in all of these privacy breach cases. Bob]
About 20 minutes later, secretaries informed the administration [...because no one else look to see if they had done what they were trying to do! Bob] that Social Security numbers and birthdates were on the Web site.
The report said files containing confidential information were accessible for 36 minutes before being taken down.
The report does not explain what caused the information to be posted. [Isn't that obvious? Bob]
As far as he determined, Nykl said, no one saved copies of the information, [of course, there are many ways to copy the data without leaving a trail on the server... Bob] and none of the confidential pages were cached by Internet service providers. Cached pages are copies that can be accessed and read later, even if the original is deleted or removed.
Only 200,000,000? No big deal...
Lawsuits settled over marketing use of sensitive driver info
12/20/2006, 3:40 p.m. ET By CURT ANDERSON The Associated Press
MIAMI (AP) — A settlement proposed Wednesday would resolve lawsuits claiming that national information companies improperly used sensitive motor vehicle records for marketing purposes, in a case that could affect 200 million people nationwide.
... "Everyone agrees that no one should have their driver's information used for marketing purposes without their consent," said Tom Loffredo, spokesman for the companies that include Atlanta-based Choicepoint Inc., Costa Mesa, Calif.-based Experian Information Solutions Inc. and U.S. units of London-based Reed Elsevier PLC.
Under the agreement, most of the defendant companies would adopt a series of safeguards aimed at protecting personal data commonly available from state motor vehicle agencies. No damages would be paid in the case, although each of the original plaintiffs would get up to $15,000 each and the lawyers involved could get $25 million in fees and expenses from the companies.
People around the country who have evidence they were harmed by misuse of personal data could still file lawsuits even if the settlement is approved as a nationwide agreement, plaintiffs' attorneys said.
... Martinez would retain jurisdiction over the settlement for seven years to ensure its terms are followed, attorneys said.
http://www.securitypark.co.uk/article.asp?articleid=26270&CategoryID=1
25 million personal records are exposed to theft and fraud annually
20/12/2006
75% of the world’s largest financial services organisations have reported a security breach in the last year (according to Deloitte Touche Tohmatsu). Almost, 25.5 million personal records have been exposed to potential theft and fraud in the UK during the past year according to a new study from DQM Group. This equates to the same number of identity exposures as there are households in the land.
The DQM Group research findings incorporate both data security breaches on the internet, along with poor practice over paper-based personal records. An ‘exposure’ occurs when a sufficiently detailed record is exposed for identity theft and fraud to take place.
... Security measures are currently concentrated on avoiding security breaches, yet DTI figures show that these are increasing nevertheless. Adrian Gregory, Managing Director, DQM Group, commented: “More attention needs to be paid to tracking and tracing data abusers, identity thieves and fraudsters once a breach has occurred, so that criminals can be brought to justice and the growing identity fraud problem be actively reduced. This can achieved by inserting seed names into databases. These are agents or identities that appear to be real customers, but have in fact been inserted into the database to obtain a view of any unauthorised use of record.”
... Adrian Gregory added: “UK public and private sector organisations are holding an increasing volume of data on customers and citizens. If such organisations are to continue to be allowed to use this information to improve customer service, they also have to take on the responsibility of keeping it safe and secure. The exposure of 25.45 million personal records every year to potential theft and fraud is already unacceptable."
Something for organizations with security cameras to consider...
RFE may be fined for alleged monitoring pedestrians
Prague, Dec 19 (CTK) - The Office for the Protection of Personal Data may impose a fine of up to 10 million crowns on Radio Free Europe/Radio Liberty (RFE/RL) for alleged monitoring of pedestrians outside its building in Prague, daily Pravo writes today.
The paper writes that employees of a private security service who guard the radio seat photograph and video record with digital apparatuses selected passers-by in places that are normally public accessible.
Pravo writes that data protectors have started to thoroughly deal with the matter. If the office found out that the law on personal data protection is breached, RFE/RL could be fined five million crowns.
If a bigger number of people were affected by the monitoring, the fine could reach up to 10 million crowns,the paper writes.
Pravo wrote recently that the security service agents make a database of possible suspects which they send to the United States, probably for the needs of the U.S. secret services.
The Czech police have been unofficially asked to check some of the photographed persons, Pravo wrote.
The security experts and lawyers Pravo has addressed say this is a problem and a possible breach of Czech laws and EU legislation.
The building has been officially guarded since the terrorist attacks on New York and Washington in 2001 and it is separated from its vicinity by concrete barriers. The radio is to move to another building which has started to be built outside the city centre.
(USD1=21.151 crowns)
http://techdirt.com/articles/20061220/150715.shtml
How Private Are Your Emails From The Government?
from the legal-questions dept
Slashdot has a post up claiming that the government has the right to read your emails, which is a little misleading. However, the story does raise some interesting issues. While the article there suggests that the government has an open right to snoop through your emails, what the actual case is about is the standard that the government can use before it can look at emails you have that are stored on someone else's servers (such as Yahoo or Google). The specific case involves a seller of "male enhancement" products who is being sued by the government. They viewed some of his emails that were stored Yahoo's mail servers. They didn't, as the original post implies, have free access to them, but required a court order directed at the companies hosting the servers to see them. The argument, then, is over whether or not a court order is enough, or if the government should have been required to get a search warrant, which would require a higher level of proof and support before a court would grant permission.
If you take it a step back, what this really becomes is an argument over who owns your emails. If you believe that you own your own emails once they're in your inbox, then like traditional mail, it would seem that a search warrant is the right standard. However, if you believe that whoever is storing the content owns the rights to access it, then, the court order should be enough. This is made that much more complicated by the fact that a piece of email traveling around a network could leave traces or copies on many different servers at times. Where this gets really tricky is that if the "court order" standard is accepted, that puts an awful lot of data at risk of being easily targeted by the government. With the rise of "hosted" services for things like enterprise software, email, photos and even documents and spreadsheets -- all of that information may now be much more easily viewed by government authorities. It still requires a court order, but as long as they're on someone else's server, it appears that a search warrant may not be needed. One of the reasons that many companies have shied away from software as service vendors was fear that by putting their data on other servers it would be more open to hackers or competitors. Apparently, it's also more open to government officials, based on the current ruling in this court case.
So many aspects...
http://techdirt.com/articles/20061220/160512.shtml
Is E-Voting Too Costly To Use? Or Too Costly Not To Use?
from the help-us-out-here dept
Remember earlier this month when the feds wouldn't decertify existing e-voting machines because that would be too costly? Well, thanks to John for pointing us to a report that notes that the too costly part was actually using the machines in the first place. Utah's elections officials (the same folks who forced an elections official out of his job for daring to conduct independent security tests of Diebold machines that later turned up a huge security hole) are now claiming they had no idea how expensive it would be to operate an election using e-voting machines. No wonder they were so pissed off at the elections official who tested the machines. As you may recall, Diebold then charged them to examine the reset the machines following the test. It's not just the cost of the machines that was the problem, but they required a lot more training, more poll-workers and additional costs for storage and maintenance of the machines. As that last article notes, elections shouldn't necessarily be cheap, but it's ridiculous to claim that we need to keep the faulty machines because it would be too expensive to get rid of them, when it looks like it's pretty damn expensive to keep them as well.
"It ain't over 'til it's over " Y. Berra, philosopher
http://news.com.com/2100-1027_3-6145266.html?part=rss&tag=2547-1_3-0-5&subj=news
Sony has far to go in rootkit case
By Greg Sandoval Story last modified Wed Dec 20 17:44:30 PST 2006
Sony BMG is making amends in California and Texas for secretly loading antipiracy software onto customers' computers. But the record label has a long way to go before putting the public relations nightmare behind it.
Sony BMG, which Sony operates jointly with Bertelsmann Music Group, agreed earlier this week to pay $1.5 million in fines and pay customers in California and Texas whose computers suffered damage as a result of Sony's surreptitiously installed digital rights management (DRM) software. The company declined to comment for this story other than to say that it was pleased to have reached the agreement with California and Texas.
Likely so, but the deal with California and Texas won't be the end of the "rootkit" fiasco for the music giant. Sony still has to contend with a consortium of 13 states, including Massachusetts, Nebraska and Florida, that are expected to look for a similar deal, according to Jeff McGrath, deputy district attorney for Los Angeles County, which took part in California's case against Sony. In addition, McGrath said an investigation launched earlier this year by the Federal Trade Commission looms. A spokesperson for the FTC declined to comment.
... The case has hounded Sony BMG and undermined the company's credibility, say Sony critics.
"I think that there was a lot of record labels who got carried away with the idea of DRM," said Cindy Cohn, legal director for the Electronic Frontier Foundation, one of the groups that filed a class-action suit against Sony last year on behalf of those affected by the antipiracy software. "I don't think many of them stopped to think about the impact to their customers when they used DRM."
... The EFF's Cohn said that something positive may come from the fiasco: the case provides another reason for entertainment companies to abandon DRM.
She said that there are indications some entertainment companies may be ready to do just that. First, Sony hasn't placed any DRM on CDs since the the rootkit ordeal surfaced. The latest example came this week with reports that Amazon.com is preparing to launch a music download site featuring DRM-free songs.
"I think we're seeing a growing consensus that DRM isn't working," Cohn said. "I think DRM was a bad idea that had a heyday but that it will be fading away soon. The (entertainment companies) are learning that DRM is an anticompetitive tool that ultimately hurts their business."
“Let's kill them all!”
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2006/12/20/MNG5CN2PUU1.DTL&feed=rss.news
An online outlet for road rage
Fast-growing site lets drivers vent -- but privacy an issue
Michael Taylor Wednesday, December 20, 2006
... Tired of clueless drivers? Want to vent a little, but realize that ramming your SUV into the offending Jaguar may not be the best way to deal with this?
Try www.platewire.com, a Web site created by two frustrated commuters who decided that the antics of their roadmates needed a public forum - someplace to snitch on all those idiots you see during the slog to work.
PlateWire, where the above rants originated, was "born out of frustration from years of driving alongside drivers who seem to have no concern with anyone's safety, including their own," founders Mark Buckman, 32, and Luke Sevenski, 27, announce on their site.
The way to lance that boil goes like this: Take down the license plate number of the reckless car; write an angry e-mail, including the plate number and time, date and place where this all happened; and send it in to PlateWire, which then posts the information along with the license plate number and invites responses from other site viewers.
... The venture does raise some thorny privacy issues, not to mention the possibility of lawsuits over disputed public identification of erratic driving. "We're taking feedback from the community," Buckman said. "Perhaps it will get so we only show the license plate numbers to registered PlateWire members. It's still evolving."
Think of the potential if we could extend this to include Solid State (locked in) modules for the processes that run the enterprise. No chance the reactor could be made to melt down, the water supply wouldn't stop purification, air traffic systems wouldn't ignore those head-on approaches... You get the idea.
http://www.technewsworld.com/rsstory/54830.html
Solid-State PCs: Computing's Next Horizon
By Jack M. Germain TechNewsWorld 12/21/06 4:00 AM PT
"Solid-state PCs are entirely feasible to develop, but there still are issues to solve in booting from Flash RAM," Robert Hoffer, cofounder and managing director of NewForth Partners, told TechNewsWorld. "The ideal approach is to use Linux. This is already being worked on by numerous companies."
Coming to computer stores in the not-too-distant future will be a new type of PC. It will not have a hard drive, and the operating system will be burned onto a chip, making malware manipulations and viruses problems of the past.
No comments:
Post a Comment