Thursday, February 22, 2007

Surprise, surprise, surprise! G. Pyle

http://www.madison.com/tct/business/index.php?ntid=119919&ntpid=0

TJX says computer security breach wider than previously reported

Data system also hacked in 2005

Published: February 21, 2007

FRAMINGHAM, Mass. (AP) - TJX Cos., operators of Marshall's and T.J. Maxx discount retail stores, said Wednesday a security breach into its computer systems was more extensive than previously reported.

TJX had thought the intrusion into its customer data files took place between May 2006 and January 2007, but has since learned its computer system also was hacked into in July 2005 and other periods during that year.

Credit and debit card data from transactions at its U.S. and Puerto Rican stores and credit card-only transactions at Canadian stores from January 2003 through June 2004 were stolen.

Also believed stolen are some drivers' license numbers together with related names and addresses associated with unreceipted merchandise returns at TJX's T.J. Maxx, Marshalls and Home Goods stores in the U.S. and Puerto Rico for the last four months of May 2003, as well as for May and June 2004.

TJX said it will notify those customers it can identify whose drivers' license numbers, names and addresses were taken.

Additionally, T.J. Maxx customers in Britain and Ireland may also have been compromised, the company said.

Names and addresses were not included with the stolen credit and debit card data. Also, debit card PIN numbers, information from transactions at the company's Bob's Stores and transactions made with Canadian bank debit cards are not believed to have been stolen.

TJX did not disclose the number of accounts affected, and said its investigation is ongoing.

[NOTE: There is a new statement (that says nothing) if you follow a link from the THX.com home page, but you have to look below that to find the actual (pdf) press release...

Click here to view the 2/21/07 Press Release Bob]


More.... (Great quote!)

http://www.eweek.com/article2/0,1759,2097398,00.asp?kc=EWRSS03119TX1K0000594

TJX: Data Theft Began in 2005; Data Taken from 2003

By Evan Schuman, Ziff Davis Internet February 21, 2007


... Mark Rasch, the managing director for technology at FTI Consulting in Washington, D.C. and a former federal prosecutor for high-tech crimes, said the continuing piecemeal disclosures from TJX of deeper and deeper penetrations of older data is potentially making a bad situation much worse.

"It's one thing to shoot yourself in the foot. It's another thing to reload," Rasch said. "And it's quite another thing to go get another gun."

Rasch argued that the original data breach—and the inability to quickly learn of the ongoing breach—was the foot-shooting. The way the investigation was initially handled was the reloading and the Feb. 21 statement that "what we said before wasn't true" is the "getting another gun," Rasch said.

... "The bigger questions are 'who else?' and 'when?' TJX has a mature IT shop with conservative practices, yet their data has been stolen for years. How many other retailers, who might not be quite as careful, are already being breached?" she asked.

... "This is nice, and I'm sure TJX is more secure today than they were before they discovered the breach. But how secure are they? Could they pass a PCI DSS audit right now?" Noell asked. "Until TJX has been validated as compliant by a Qualified Security Assessor, trusting them with credit card data is an act of faith."



Too small to get much attention...

http://atlanta.bizjournals.com/atlanta/stories/2007/02/19/daily20.html

Hackers hit Georgia Tech and steal personal info

Atlanta Business Chronicle - 3:28 PM EST Wednesday, February 21, 2007

The personal information of about 3,000 current and former Georgia Tech employees may have been compromised by unauthorized access to a Georgia Tech computer account by unknown sources outside the university, Georgia Tech reported Feb. 21.

The stolen information includes names, addresses, Social Security numbers and other sensitive information, including about 400 state purchasing card numbers. The individuals affected are mostly in the School of Electrical and Computer Engineering, the university said.

Georgia Tech said it is unaware of any misuse of the information from the compromised computer account, but it is contacting individuals affected by the incident as a precautionary measure. Georgia Tech is encouraging the affected staff to notify the appropriate credit reporting agencies that their personal information may have been compromised. Georgia Tech also has alerted the Georgia Bureau of Investigation and the Federal Bureau of Investigation.

"Georgia Tech regrets that this potential loss of data occurred and will work with the affected individuals to mitigate their exposure," said James Fetig, associate vice president of Institute Communications and Public Affairs. "Our investigation is continuing, and we apologize for any inconvenience this incident may cause."



It probably was an honest mistake. So how will managers prevent more of the same in the future?

http://www.myeyewitnessnews.com/news/local/story.aspx?content_id=8e926799-be39-4ad7-84b4-517cbafec403

Social Security Numbers Tossed Out By Employee

Last Update: Feb 21, 2007 9:08 PM Posted By: Shane Myers Watch This Video

Dozens of people recently applied for jobs at L.A. Weight Loss, but they probably did not expect the applications would end up in the trash.

Many of the applications listed social security numbers, phone numbers, addressees'. The information was in a box that was left next to a dumpster behind the store. We are told it was put there by an employee.

A company spokesperson says the employee still has a job, and is calling it an hone mistake. The company is calling those affected and offering them 1 year of I. D. theft protection.



A billion records is not a billion identities.

http://www.macon.com/mld/macon/business/technology/16750676.htm

8th Circuit upholds conviction in Acxiom data-theft case

LITTLE ROCK (AP) - A federal appeals court Wednesday upheld the conviction and 8-year prison sentence given to a Florida man in the theft of 1 billion records that the database manager Acxiom Corp. collected in its work for large corporations.

Scott Levine, 47, owned Snipermail Inc., a Florida company that distributed Internet ads to e-mail addresses. Prosecutors said Levine and others stole records from Acxiom, a Little Rock company that provides data-management services to large corporations for marketing purposes.

Levine, of Boca Raton, Fla., was also ordered to pay $153,395 in restitution [Why so little? Bob] to Acxiom, one of the world's largest repositories of personal, financial and corporate data.

... Prosecutors said Levine had permission to access part of Acxiom's database but that he used decryption software to obtain passwords and go beyond his authorized access. Data stolen included names, telephone numbers, street addresses and e-mail addresses, along with highly detailed demographic information.



Think of it as a tool for targeting your hacks. Technology: Making Identity Theft easier!

http://www.eweek.com/article2/0,1759,2097207,00.asp?kc=EWRSS03119TX1K0000594

Scentric Launches Free Data Privacy Assessment Tool

February 21, 2007 By Chris Preimesberger

Scentric, developer of what it calls "the world's first universal data classification solution," on Feb. 21 made available for free download a new data privacy assessment tool that enables enterprise users to make a full accounting of data with potential privacy risks.

The 3.57 MB Windows application is available at www.scentric.com for a 30-day period following free user registration on the site. The application provides on-demand classification of files on laptops, desktops, filers and file servers.

The tool scans local or network drives for files containing potentially sensitive information, such as credit card numbers and social security numbers.

The types of information it seeks to identify include:

# Personal identity—documents that may contain sensitive information related to a person's identity and which could be used for identity theft. The scan looks for a variety of items, including credit card (MasterCard, Visa, American Express, Diners Club International and Discover) and Social Security numbers.

# Confidential material—documents that may contain sensitive information related to company projects. The scan looks for keywords including "Confidential" and "For Internal Use."

# Medical information—documents that may contain sensitive medical or health-care-related information. The scan looks for keywords including "Life Insurance" and "Health Insurance."

# Payroll information—documents that may contain sensitive information related to the company payroll. The scan looks for keywords including "Salary," "Stock Options" and "Date of Hire."

# Objectionable material—documents that may contain explicit language of a sexual nature. A list of the words included in this search can be supplied on request.

Before downloading and installing the application, users need Microsoft's .NET Framework 2.0 or higher running on their computers. This can be downloaded from Microsoft's Web site.

... Scentric's Data Privacy Assessment Tool is a quick, non-obtrusive way to determine how bad your situation is in terms of privacy or other violations, either based on corporate or regulatory policies, said Arun Taneja, founder and consulting analyst, Taneja Group.



First, How much can we make? Second, How fast can we install these cameras? 497Th, Think anyone will object?

http://www.topix.net/content/trb/2793331669235160489206102145403682927625

Red-light cameras could rake in cash

The Orlando Sentinel Jay Hamburg February 21, 2007

What happens when drivers run red lights more than 11,000 times every day at just five intersections in Orange County?

Not a lot right now. But if county officials could install cameras to catch and automatically ticket those drivers, they'd stand to rake in fines that might rival lottery winnings: $2 million a day.

That's $180.50 per ticket for each violation. And that's not to mention the people saved from death or injury. [“'Cause who cares?” Bob]

... State statutes now allow law-enforcement agencies to use red-light cameras to catch and warn violators but not ticket them.

... Camera opponents cite privacy concerns, and critics say research is mixed on whether cameras act as deterrents or actually cause more rear-end crashes.

... Orlando police installed a red-light camera at the corner of Hiawassee Road and Raleigh Street at the end of 2005. In a little less than a year, they documented 7,549 red-light runners on southbound Hiawassee alone. They sent warning letters to about 3,000; the others could not be identified either because of obscured license plates or problems linking the auto to the correct vehicle registration. [Perhaps it won't be the vast revenue generator they expect. Looks like it is only half vast. Bob]



Interesting sequence of events...

http://www.law.com/jsp/article.jsp?id=1171965784912

Former Judge Collapses as He's Sentenced to 27 Months for Child Porn

By The Associated Press 02-21-2007

A former Orange County (Calif.) Superior Court judge collapsed in court Tuesday upon learning he was being sentenced to 27 months in prison for possessing child pornography on his home computer.

... He was arrested in November 2001 after a Canadian hacker used a computer program to download diary entries and other images from the former judge's computers. The hacked information was turned over to Pedowatch, a Colorado watchdog group, which notified Irvine, Calif., authorities. Police searched Kline's Irvine home and seized his computer.



Interesting summary. I wonder if TSA (and others) have heard of it?

http://www.bespacific.com/mt/archives/014015.html

February 21, 2007

DOJ Information Quality Factsheet: The Foundation for Justice Decision Making

Information Quality: The Foundation for Justice Decision Making -- Global Privacy and Information Quality Working Group (GPIQWG) - February 21, 2007.



Book suggestion

http://knowledge.wharton.upenn.edu/article.cfm?articleid=1663

Make Room, Wikipedia: Internet-based Collaboration Could Change the Way We Do Business

Published: February 21, 2007 in Knowledge@Wharton

... Wikinomics: How Mass Collaboration Changes Everything

[See also:

http://www.socialtext.net/wikinomics/index.cgi

Welcome to The Wikinomics Playbook, the "unwritten chapter" of Wikinomics: How Mass Collaboration Changes Everything -- the first peer-produced guide to business in the twenty-first century.



Do you suppose Bill Gates will be elected president?

http://politics.slashdot.org/article.pl?sid=07/02/21/2319213&from=rss

The World's First National Internet Election

Posted by samzenpus on Wednesday February 21, @08:04PM from the vote-through-the-tubes dept. The Internet Politics

InternetVoting writes "Expanding on the limited 2005 Internet voting pilot successes, the small European nation of Estonia will become the first country to allow voting in a national parliamentary election via the Internet. Fresh off the news of France's successful primary election using Internet voting and the announcement of 12 new UK election pilots, is Europe leaving the U.S. behind?"



Just think of it – some day those voting machines (we've been using for years) will be tested! Perhaps some may even pass the test! (Nah!) Colorado is the center of e-voting machine certification?

http://news.com.com/2061-10796_3-6161167.html?part=rss&tag=2547-1_3-0-5&subj=news

Feds OK pair of e-voting test labs

February 21, 2007 2:21 PM PST

Two Colorado-based laboratories on Wednesday became the first to receive final federal approval to test electronic voting machines for use by American voters.



Relax, we may be a monopoly but we love you...

http://news.com.com/2100-1016_3-6161250.html?part=rss&tag=2547-1_3-0-5&subj=news

Limited choices for Windows XP holdouts

If you're hesitant about making the leap to Windows Vista, expect a hassle trying to find a Windows XP PC on store shelves.

By Tom Krazit Staff Writer, CNET News.com Published: February 22, 2007, 4:00 AM PST

Despite words of caution from some in the tech industry that it's too early to make the switch to Microsoft's Windows Vista, many PC shoppers have no choice.



It's that last sentence...

http://science.slashdot.org/article.pl?sid=07/02/21/2326240&from=rss

SETI Finally Finds Something

Posted by samzenpus on Wednesday February 21, @09:21PM from the laptop-phone-home dept. It's funny. Laugh. Space Technology

QuatumCrypto writes "SETI@home is a distributed processing client from UC Berkeley that installs on the vounteers' home computers and harnesses their processing power in the search for extraterrestrial intelligence. So far nothing noteworthy has comeout of this massive project... that is until today! One of the voluteers was able to track down his wife's stolen laptop using the IP address that SETI@home client reports back to the server. After getting back the laptop his wife said, 'I always knew that a geek would make a great husband.'"

No comments: