Friday, December 01, 2006

Yesterday's story stated that no personal information was kept on these computers... I guess that was a bit overly optimistic.

http://www.washingtonpost.com/wp-dyn/content/article/2006/11/30/AR2006113001073.html

Pa. Computers With Personal Data Stolen

By MICHAEL RUBINKAM The Associated Press Thursday, November 30, 2006; 6:18 PM

DUNMORE, Pa. -- Thieves stole equipment from a driver's license center and got away with computers containing personal information on more than 11,000 people, state officials said Thursday.

The thieves got a camera and a printer during the break-in late Tuesday, plus enough card stock and laminate to make about 750 fake licenses, said Betty Serian, Pennsylvania Department of Transportation deputy secretary, at a news conference Thursday.

They also stole two computers containing data on 11,384 people.

The information included names, addresses, dates of birth, drivers' license numbers and at least partial Social Security numbers. The data included complete Social Security numbers for 5,348 people, officials said.

... In response to the theft, the Transportation Department has made subtle changes to all new driver's licenses [If you already have a license, you will be considered a crook? Bob] and is reviewing security at all 97 driver license centers.


http://www.kxan.com/Global/story.asp?S=5752352&nav=menu73_2

Credit Bureau Security Breached

Nov 30, 2006 03:24 PM

TransUnion Credit Bureau is investigating who was able to get into their database and illegally download hundreds of people's personal information.

... According to the information we have, four different scam companies across the country got more than 1,700 people's credit information after someone obtained the TransUnion log in information from a courthouse in Kingman, Arizona.

... TransUnion told KXAN this was not due to a breach of security on their part. However, somehow, somebody with just one password was able to randomly download hundreds of people's information.


http://www.todaysthv.com/news/news.aspx?storyid=38018

Thousands At Risk In ID Theft Ring

Saline County investigators say they've uncovered one of the largest identity theft rings in the county, and possibly state's history. The amount of documents in evidence is in the thousands.

On Monday night, a traffic stop led officers to a storage unit that contained dozens of boxes of personal documents. The evidence belongs to people from all over Arkansas and across the U.S., and investigators say they've never seen anything like it.

They found hundreds of bank account numbers, home addresses, marriage licenses, death certificates, never used credit cards, and get this—an un-cashed $36,000 check.



http://slashdot.org/article.pl?sid=06/11/30/1819242&from=rss

John Dvorak On Vista's Launch

Posted by Zonk on Thursday November 30, @01:54PM from the he-said-lunch-not-launch dept. Windows Microsoft

An anonymous reader writes "John is at it again, this time with his take on the launch of Microsoft's Vista operating system. John covers the reality from a market perspective, looking at whether the release will affect PC sales, peripherals ... or even Microsoft."

From the article: "While there is no way that Vista will be a flop, since all new computers will come with Vista pre-installed, there seems to be no excitement level at all. And there does not seem to be any compelling reason for people to upgrade to Vista. In fact, the observers I chat with who follow corporate licensing do not see any large installations of Windows-based computers upgrading anytime soon. The word I keep hearing is 'stagnation.' Industry manufacturers are not too thrilled either. One CEO who supplies a critical component for all computers says he sees a normal fourth quarter then nothing special in the first quarter for the segment. Dullsville."



Another “Case that wouldn't die!”

http://yro.slashdot.org/article.pl?sid=06/11/30/2135242&from=rss

HP Faces Expanded Civil Lawsuit In Spying Case

Posted by Zonk on Thursday November 30, @05:11PM from the really-should-have-thought-this-through dept. Businesses HP The Courts The Almighty Buck

narramissic writes "ITworld is reporting that a shareholder lawsuit against HP for pretexting has been expanded to include charges of insider stock trading. On top of everything else, eight executives implicated in the spying ring also participated in the sale of 1.7 million shares of the company."

From the article: "An amended complaint filed Wednesday in the Superior Court of California for Santa Clara County accuses HP Chairman and Chief Executive Officer Mark Hurd and seven other company executives of selling $41.3 million worth of HP stock at 'inflated prices' shortly before the company revealed that its investigators had used questionable and possibly illegal techniques to gain access to personal records such as phone call logs."


Speaking of the HP pretexting case...

http://www.wired.com/news/technology/0,72214-0.html?tw=rss.index

MPAA Kills Anti-Pretexting Bill

By Ryan Singel 02:00 AM Dec, 01, 2006

A tough California bill that would have prohibited companies and individuals from using deceptive "pretexting" ruses to steal private information about consumers was killed after determined lobbying by the motion picture industry, Wired News has learned.

... "The MPAA has a tremendous amount of clout and they told legislators, 'We need to pose as someone other than who we are to stop illegal downloading,'" Goldberg said.

Consequently, when the bill hit the assembly floor Aug. 23, it was voted down 33-27, just days before revelations about Hewlett-Packard's use of pretexting to spy on journalists and board members put the practice in the national spotlight.

... California went on to pass a much more narrow bill that bans the use of deceit to obtain telephone calling records, and nothing else.



Tools & Techniques

http://it.slashdot.org/article.pl?sid=06/11/30/2227212&from=rss

Cracking the BlackBerry with a $100 Key

Posted by Zonk on Thursday November 30, @06:15PM from the reach-out-and-worming-someone dept. Security Handhelds IT

Hit Reply writes "Eweek is running the contents of a Symantec white paper that details how easy it is for a hacker to manipulate BlackBerry applications. Using a developer key that can be purchased by anyone for $100, an attacker can launch e-mail worms, SMS interception and backdoor attacks, and compromise the integrity of contacts, events and to-do items. The white paper has been yanked from Symantec's Web site."

From the article: "Signed applications can send e-mail and read incoming e-mail. A malicious application could be used to allow third parties to send messages from the infected BlackBerry and also read all received messages. A malicious application could also use e-mail as a command and control channel to receive instructions to send and receive e-mails; send and receive SMS messages; add, delete and modify contacts and PIM data; read dialed phone numbers; initiate phone calls; and open TCP/IP connections."


Ditto

http://www.echannelline.com/usa/story.cfm?item=21450

Newly discovered Trojan threatens cell phone privacy

30 November, 2006 By Vanessa Ho

A Trojan called RexSpy has been created by Wilfried Hafner, CEO of SecurStar GmbH to demonstrate that cell phone conversations as well as SMS messages can be eavesdropped and recorded.

RexSpy uses an undetectable SMS message that is completely invisible to the operating system. The SMS sender can spy on cell phone users at anytime as long as the cell phone is in use. With this Trojan, all SMS message and all conversations can be listened to and the surrounding areas can be monitored via this infected mobile device. In addition, the RexSpy Trojan can access and forward complete address books.



http://yro.slashdot.org/article.pl?sid=06/12/01/0551238&from=rss

Portions of SCO's Expert Reports Stricken

Posted by CowboyNeal on Friday December 01, @06:19AM from the gonna-have-to-do-

rm69990 writes "A day after Judge Dale Kimball reaffirmed Judge Wells' order tossing most of SCO's case, Judge Wells has stricken large portions of SCO's expert reports, stating that SCO was trying to do an end-run around IBM. As IBM put it in its motion papers, SCO will not be allowed to 'litigate by ambush.' This motion was regarding SCO's expert reports, where SCO attempted to insert new evidence after discovery had ended via their expert reports. Wells' ruled directly from the bench, and finished by telling SCO to 'take it up with Judge Kimball' if they had a problem. This really hasn't been a good week for SCO."



http://today.reuters.com/news/articleinvesting.aspx?type=fundsNews2&storyID=2006-12-01T014611Z_01_N30222160_RTRIDST_0_SECURITY-USA-QAEDA-UPDATE-3.XML

U.S. warns of possible Qaeda financial cyber attack

Thu Nov 30, 2006 8:46pm ET148 By Kristin Roberts

WASHINGTON, Nov 30 (Reuters) - The U.S. government warned American private financial services on Thursday of an al Qaeda call for a cyber attack against online stock trading and banking Web sites beginning on Friday, a source said.

The source, a person familiar with the warning, said the Islamic militant group aimed to penetrate and destroy the databases of the U.S. financial sites.

The Department of Homeland Security confirmed an alert had been distributed but said there was no reason to believe the threat was credible. [That means it's incredible, right? Bob]

... The warning said the threat called for attacks to begin Friday and run through the month of December in retaliation for the United States keeping terrorism suspects at the Guantanamo Bay naval base in Cuba.

"Denial of service is what it called for," said a Homeland Security official who spoke on condition of anonymity.

... Robert Albertson, chief investment strategist at Sandler O'Neill & Partners in New York, said it was unlikely al Qaeda members could do serious harm to financial Web sites.

"I'm not saying there aren't precautions to be taken, but I just can't fathom how there would be serious havoc," he added.


Unrelated?

http://redtape.msnbc.com/2006/11/researchers_who.html

ATM system called unsafe

Posted: Thursday, November 30 at 03:22 pm CT by Bob Sullivan

Researchers who work for an Israeli computer security company say they have discovered a fundamental weakness in the system that banks use to keep debit card PIN codes secret while they are transported across bank networks – a flaw that they say could undermine the entire debit card system.

The U.S. Secret Service is investigating the matter, and MSNBC.com obtained a memo compiled by the agency that indicates that organized criminals are systematically attempting to subvert the ATM system and unscramble encrypted PIN traffic.

The report has ignited a debate within the banking industry, with many financial industry experts downplaying the seriousness of the flaw and outside experts divided on its implications. But there is no disputing the impact that such a hack would have if successful.



http://www.bespacific.com/mt/archives/013158.html

November 30, 2006

2007 Digital Future Report

"The Center for the Digital Future at the USC Annenberg School has been tracking a representative sample of the American population for over six years watching as people move on-line and then move from modems to broadband."

  • "This year's report contains a large module looking at on-line communities and social networking in great detail. Readers can compare the social networking data and correlate it to six years of attitudes and behaviors on-line. As usual, the report continues to track off-line media use, purchasing both off-line and through e-commerce, social and political activity and a wealth of other data." [The report is available for purchase here.]



http://hosted.ap.org/dynamic/stories/T/TARGETING_INFORMANTS?SITE=FLTAM&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2006-11-30-20-28-31

Police Decry Web Site on Informants

By MATT APUZZO Associated Press Writer Nov 30, 8:28 PM EST

WASHINGTON (AP) -- Police and prosecutors are worried that a Web site claiming to identify more than 4,000 informants and undercover agents will cripple investigations and hang targets on witnesses.

The Web site, WhosaRat.com, first caught the attention of authorities after a Massachusetts man put it online and named a few dozen people as turncoats in 2004. Since then, it has grown into a clearinghouse for mug shots, court papers and rumors.

Federal prosecutors say the site was set up to encourage violence, and federal judges around the country were recently warned that witnesses in their courtrooms may be profiled online.

... Sean Bucci, a former Boston-area disc jockey, set up WhosaRat.com after federal prosecutors charged him with selling marijuana in bulk from his house. Bucci is under house arrest awaiting trial and could not be reached, but a WhosaRat spokesman identifying himself as Anthony Capone said the site is a resource for criminal defendants and does not condone violence.

... For two years, anyone with an Internet connection could search the site. On Thursday, a day after it was discussed at a courthouse conference in Washington, the site became a subscription-only service. The site has also disabled the ability to post photos of undercover agents, Capone said, because administrators of the Web site do not want officers to be hurt.

... Prosecutors in Boston have discussed whether WhosaRat is protected as free speech but have not moved to shut it down. In 2004, an Alabama federal judge ruled that a defendant had the right to run a Web site that included witness information in the form of "wanted" posters.

No comments: