This is somehow related to their project to remove SSANs from their system.
http://www.fox21.com/Global/story.asp?S=6067739&nav=2KPp
Personal data of students, staff may have been exposed on Web site
GREENVILLE, N.C. East Carolina University administrators are notifying students, former students and employees about a programming error that may have exposed personal data on a university Web site.
About 65-thousand people will receive notification letters from the university giving them tips on how to check for identity theft.
Officials say access to personal information in university files was available for a week last month.
The system was shut down within 15 minutes after the problem was reported and has since been corrected.
University officials say they are working to cut down on the use of Social Security numbers for identification.
On the Net: http://www.ecu.edu/incident
Embarrassing, but far less serious than sending all the information to a hacker. (See next article)
http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2007/02/10/npens10.xml
26,000 pensioners' bank details sent to wrong addresses
By Martin Beckford Last Updated: 1:53am GMT 10/02/2007
Thousands of pensioners have been put at risk of identity theft after the Government sent their bank details to the wrong addresses, it was disclosed last night.
As many as 26,000 letters containing pensioners' personal account numbers and National Insurance details have been posted to people who were not the intended recipients.
... However, the Department for Work and Pensions admitted that it was unsure whether computer failure or a human mistake was to blame. [Sounds like something to check BEFORE you announce. Bob]
... She added that DWP staff would be able to pinpoint where each letter went and would contact everyone affected.
This is how a hacker does it...
http://www.fortwayne.com/mld/journalgazette/16667910.htm
Hacker gets state credit card info
Web site breach affects thousands of Hoosiers, businesses
By Niki Kelly The Journal Gazette Posted on Sat, Feb. 10, 2007
INDIANAPOLIS – State technology officials sent letters Friday to 5,600 people and businesses informing them that a hacker obtained thousands of credit card numbers from the state Web site.
Although numbers are usually encrypted or shortened to the last four digits, the Office of Technology conceded a technical error allowed the full credit card numbers to remain on the system and be viewed by the intruder. [“The computer did it,” is a lousy excuse. It suggests that no one looked at the output of the program to ensure it was working! Bob]
“Like thousands of web sites, the state’s web site is constantly under attack from hackers,” the letter said. “To repel these attacks, the state has implemented the highest levels of security and submitted itself to regular independent audits to ensure that data is safeguarded.
“Despite these efforts, the state’s web site recently experienced a security breach.”
Chris Cotterill, director of the site, www.IN.gov, said the hacking occurred in early January but wasn’t discovered until Jan. 25. [Bad, but still better than TJX. Bob]
The next week was spent undergoing an outside audit, which revealed the credit card numbers had been compromised. That news came 10 minutes into the Super Bowl on Sunday.
“It was one thing that the hacker got in and another that they were able to access the info because of our technical mistake,” Cotterill said Friday, noting that no disciplinary action has yet been taken.
... The state has already notified the Secret Service and the credit card companies of those cards that were viewed.
... “We had planned for this but didn’t expect it,” [Better than saying “This was unforeseen.” Bob] Cotterill said. “This has caused a top-to-bottom review of all Web activity.”
... The letter was sent from “the IN.gov Team” and did not include the name of the person in charge – something Cotterill said he now regrets.
He said he signed his name to the first draft but was advised by staffers that Hoosiers receiving the letter could use his name to find his phone number and harass his family.
Another evil machine out-thinks management!
http://clubs.ccsu.edu/recorder/news/news_item.asp?NewsID=175
Social Security Numbers Exposed in CCSU Letters
By Melissa Traynor
News Editor Febuary 7, 2007
Over the past week approximately 750 CCSU students have received mail from the Bursar’s office that revealed their social security numbers in the name and address window of the envelopes. The letters were folded incorrectly by a malfunctioning machine in the office. [And no one looked to see if it was operating correctly? These things can be adjusted, you know. Bob]
The letters mailed were IRS 1098T forms, which are student tuition statements that were meant to be mailed out by January 31. Last Monday, during the preparation of the first batch of 2,300 letters which were being folded by the machine, all were folded incorrectly, but the office was able to catch about 1550 letters and correct them before they were mailed out.
Are we talking 40,000,000 cards?
http://new.channel5belize.com/archive_detail_story.php?story_id=17910
Date: Tuesday, February 06, 2007
Credit card recall applies to all banks
There is more detailed news to report tonight on the cautionary replacement of credit cards in Belize. Research reveals that the compromising of the Visa and Mastercards was not isolated to one bank but involves virtually all banks that issue those cards worldwide.
Good backgrounder...
http://www.informationweek.com/news/showArticle.jhtml?articleID=197004939
How Does The Hacker Economy Work?
It's a murky world of chat rooms, malware factories, and sophisticated phishing schemes. Here's a look inside.
By Larry Greenemeier J. Nicholas Hoover InformationWeek Feb 10, 2007 12:02 AM (From the February 12, 2007 issue)
... Credit card information is mostly sold in bulk. "You don't just buy one Amex card with no limit; you typically buy a set because any one could be canceled or entered into fraud claims," Dagon says. Though some sites have list prices, basic card information can go for as low as $1 a card, and prices often depend on the quality of the data, says Johannes Ullrich, CTO of the SANS Internet Storm Center.
... Despite these successes, the hacker economy continues to flourish. At the RSA Security Conference in San Francisco last week, RSA president Art Coviello told the audience that the market for stolen identities has reached $1 billion, according to IDC research, and that malware has risen by a factor of 10 in the last five years, according to the Yankee Group.
Because we wouldn't want anyone to know they were being scanned? This is another way to offer “personalized” services – your computer confirms your ID without your knowledge, greets you with a hearty “Good morning, Bob,” and records everything you do for future “personalization.”
http://www.livescience.com/scienceoffiction/070206_technovelgy.html
Stealthy Iris Scanner in the Works
By Bill Christensen posted: 06 February 2007 02:05 pm ET
A public iris scanning device has been proposed in a patent from Samoff Labs in New Jersey. The device is able to scan the iris of the eye without the knowledge or consent of the person being scanned. The device uses multiple cameras, and then combines images to create a single scan.
It is obvious, isn't it?
http://techdirt.com/articles/20070208/191319.shtml
Elections Officials Try To Defend Their Handling Of E-Voting Machine Testing
from the wasn't-really-that-bad,-they-claim dept
In the ongoing debate we've had with an e-voting company employee in our comments, we were told repeatedly that last month's story that the US Election Assistance Commission had barred the largest testing firm from testing e-voting machines was overblown. Now, it appears that EAC officials are trying to convince more people of that as well, saying that it was nothing out of the ordinary to ban the firm who tested most e-voting machines, after it was determined that they weren't complying with the testing rules. They claim that the press and blogs (such as this one, we assume) got something "lost in the translation." That may be true, but they seem to be missing the point. If there were real transparency in all of this and real security experts were free to do the tests they wanted, then people would feel a lot more comfortable about things. The problem is that there's almost no transparency, other than some "public tests" that are still limited. At the end of the article things get even more bizarre. The EAC folks complains that they haven't been able to do as much as they want because they have "limited resources." In other words, they're admitting that the current resources aren't enough for them to make sure these machines are thoroughly tested. There's a really simple solution to all of this. There is a good group of security experts out there who aren't just willing, but are pretty much begging to help test these machines to make sure they really are secure. Why won't the EAC open up the testing to let them take part? It should be a total win-win solution. The critics can see for themselves what's really going on and if the machines withstand the scrutiny then that should make everyone happy and a lot more comfortable with elections that use the machines.
Le amusement du jour! (Think of it as a way to ensure the President supports the arguments in your thesis.)
http://digg.com/celebrity/President_Bush_Singing_the_Hits_This_is_so_funny
President Bush Singing the Hits! This is so funny!
Here are some great videos of President Bush and other politicians singing. A hilarious cleverly dubbed/edited video of Bush singing Sunday Bloody Sunday, Bush singing Imagine and Walk on The Wildside Remix, Bush and Blair singing "Endless Love" together, Colin Powell singing YMCA in front of a live audience, and more....
Complete with annotated illustrations. Quick & easy.
http://www.rvc.cc.il.us/faclink/pruckman/humor/grading.htm
A Guide to Grading Exams
by Daniel J. Solove Associate Professor of Law, The George Washington University Law School
Posted at ConcurringOpinions.Com December 14, 2006
No comments:
Post a Comment