Wednesday, February 07, 2007

Too trivial to mention?

http://www.wnyt.com/x11919.xml?ag=x995&sb=x183

Stolen laptop had personal info of 549 people

People warned to watch credit reports, bank accounts

GLENS FALLS, Feb. 6 By BILL LAMBDIN

Vital personal information on more than 500 people has been stolen in Glens Falls.

As a result the New York Department of Labor is warning victims to closely watch their credit reports.

The information was stolen from a Labor Department unemployment auditor. It was taken during a break-in to the auditor's home and car in Glens Falls on Jan. 21.

On Feb. 1 the New York Department of Labor mailed letters to the 549 people whose identities have been compromised.

Unfortunately, yes, it seemed to be a circumstance where their information was part of an audit,” explained Labor Department spokesman Rob Lillpopp.

The Labor Department spokesman says the tax auditor was authorized to carry the information around with him. [At least they knew the risk. Bob] It's needed to make sure businesses are complying with the unemployment laws.

Lillpopp says this is the first time information of this type has been stolen from Labor Department employees. As a result, they're reconsidering whether carrying around the information is necessary and appropriate. [Strong indication they did not do an adequate job in the first place? I would suggest this is not the best method they could come up with, but what were they considering? What about encrypting the data? Bob]

... The Labor Department sent the letters 10 days after the theft occurred. It did not release the information to the media at that time. Instead, NewsChannel 13 learned of the problem when one of the victims contacted us. Then the Department of Labor confirmed it.

A spokesman says they have specific guidelines on the number of victims before they reach out to the media. [“What can we get away with?” Bob] Apparently the compromise of 549 personal identities is not considered large enough.



This should have been big news.

http://news.yahoo.com/s/ap/20070206/ap_on_hi_te/internet_attacks

Hackers attack key Net traffic computers

By TED BRIDIS, Associated Press Writer Tue Feb 6, 6:43 PM ET

Hackers briefly overwhelmed at least three of the 13 computers that help manage global computer traffic Tuesday in one of the most significant attacks against the Internet since 2002.

Experts said the unusually powerful attacks lasted as long as 12 hours but passed largely unnoticed by most computer users, a testament to the resiliency of the Internet. Behind the scenes, computer scientists worldwide raced to cope with enormous volumes of data that threatened to saturate some of the Internet's most vital pipelines.

The motive for the attacks was unclear, said Duane Wessels, a researcher at the Cooperative Association for Internet Data Analysis at the San Diego Supercomputing Center. "Maybe to show off or just be disruptive; it doesn't seem to be extortion or anything like that," Wessels said.

Other experts said the hackers appeared to disguise their origin, but vast amounts of rogue data in the attacks were traced to South Korea. [Because they are the “most wired” nation? Or are the guys in the North testing weapons again? Bob]

... "There was what appears to be some form of attack during the night hours here in California and into the morning," said John Crain, chief technical officer for the Internet Corporation for Assigned Names and Numbers. He said the attack was continuing and so was the hunt for its origin. [What happens if we can “prove” that a particular country was responsible? Bob]


Just a thought: Is this a prelude to war? What would the economic impact be if the Internet was unavailable for a day or a week?

http://digg.com/security/Traffic_Graph_of_the_Core_Internet_DNS_Services_Being_Attacked_This_Morning

Traffic Graph of the Core Internet DNS Services Being Attacked This Morning

... Here is the graph of the traffic levels on the DNS servers.

http://dnsmon.ripe.net/dns-servmon/domain/plot?domain=root&day=5&month=2&year=2007&hour=16&period=48h&plot%2F=SHOW


More closely related to the previous articles than I'd like.

http://www.forbes.com/2007/01/30/info-traffic-jams-oped-cx_pk_0131network.html

Information Super Traffic Jam

Phil Kerpen 01.31.07, 6:00 AM ET WASHINGTON, D.C. -

A new assessment from Deloitte & Touche predicts that global traffic will exceed the Internet's capacity as soon as this year. Why? The rapid growth in the number of global Internet users, combined with the rise of online video services and the lack of investment in new infrastructure. If Deloitte's predictions are accurate, the traffic on many Internet backbones could slow to a crawl this year absent substantial new infrastructure investments and deployment.

[I think this points to the reports http://www.deloitte.com/dtt/press_release/0,1014,sid%253D2283%2526cid%253D142237,00.html Bob]



Well golly gee wilikers, how else would they do it? Every day those cards are in use could cost them money! (or Watch the video)

http://www.nbc5.com/money/10937192/detail.html

Customer: TJ Maxx Cancels Credit Card Without Warning

Hacker Caused Security Breach Last December

Video: http://www.nbc5.com/video/10937271/index.html

POSTED: 7:01 pm CST February 5, 2007 UPDATED: 7:20 pm CST February 5, 2007

CHICAGO -- Customers of a popular discount retailer are starting to feel the effects of a massive hacker attack.

... Deerfield resident Penny Robinson had no idea there was a problem with her credit card until hearing that dreaded word while shopping last week: declined.

"I said, 'Put it through again,'" Robinson remembered. "I figured I've often done that and it was just a system error, and they said 'Oh no, it's declined.'"

Embarrassed and confused, Robinson called her credit card issuer.

"They said to me, 'We canceled all the accounts that had shopped at T.J. Maxx over the holidays." [Overreaction? Bob]

"(I said), 'You offer me all sorts of things I don't want for extra money, but you can't call me to say that you're canceling my card?'" Robinson said. "They said, 'No, just didn't have time. We couldn't possibly call (all) our customers.'" [Perhaps something like the “Reverse 911” system? Bob]



A tool TJX could have used?

http://www.privcom.gc.ca/fs-fi/02_05_d_33_e.asp

Privacy Impact Assessments

What are Privacy Impact Assessments (PIAs)?

Privacy Impact Assessments (PIAs) are used to identify the potential privacy risks of new or redesigned federal government programs or services. They also help eliminate or reduce those risks.



Looks like we have to go through this argument again. Must be an election in the near future.

http://news.com.com/2100-1028_3-6156976.html?part=rss&tag=2547-1_3-0-5&subj=news

Senator to propose surveillance of illegal images

By Declan McCullagh Story last modified Wed Feb 07 05:26:03 PST 2007

A forthcoming bill in the U.S. Senate lays the groundwork for a national database of illegal images that Internet service providers would use to automatically flag and report suspicious content to police.

The proposal, which Sen. John McCain is planning to introduce on Wednesday, also would require ISPs and perhaps some Web sites to alert the government of any illegal images of real or "cartoon" minors. [and those homosexual TeleTubbys? Bob] Failure to do would be punished by criminal penalties including fines of up to $300,000.

The Arizona Republican claims that his proposal, a draft of which was obtained by CNET News.com, will aid in investigations of child pornographers. It will "enhance the current system for Internet service providers to report online child pornography on their systems, making the failure to report child pornography a federal crime," a statement from his office said.

... The Securing Adolescents from Exploitation-Online Act (PDF) states ISPs that obtain "actual knowledge" of illegal images must make an exhaustive report including the date, time, offending content, any personal information about the user, and his Internet Protocol address. That report is sent to local or federal police by way of the National Center for Missing and Exploited Children.

... Details on how the system would work are missing from McCain's legislation and are left to the center and ISPs. But one method would include ISPs automatically scanning e-mail and instant messaging attachments and flagging any matches. [Matches. Does that mean they have a “sample” of every possible offensive image? Bob]

... Another section of the draft bill says that anyone convicted of certain child exploitation-related offenses who also used the "Internet to commit the violation" will get an extra 10 years in prison.



Wow! Vista must be really, really secure. It took almost a week to copy it!

http://today.reuters.com/news/articlenews.aspx?type=internetNews&storyID=2007-02-06T202032Z_01_N06333309_RTRUKOC_0_US-MICROSOFT-PIRACY.xml

Pirated Vista dirt cheap on Latin American streets

Tue Feb 6, 2007 3:22 PM ET By Armando Tovar

MEXICO CITY (Reuters) - Days after a beaming Bill Gates unveiled his much-vaunted Windows Vista software at a retail price of $400 for the premium version, Latin American street vendors are hawking pirate copies for under $10.



Shouldn't every organization think it through like this?

http://www.bespacific.com/mt/archives/013880.html

February 06, 2007

New York State CIO Issues IT Trust Model Best Practice Guidelines

New York State Office of the CIO: "Identity and Access Management (IAM) provides an effective way to protect computer-based services and data for all state and local agencies from unauthorized access. Organizational business requirements often result in the need to grant external users access to services and data or to achieve multi-organizational system interoperability. Demand has become more prevalent due to legislative mandates and increasing connectivity offered by public and private networks. Issuing the NYS Trust Model as a best practice guideline (G07-001) is the first step in establishing a long term Identity and Access Management (IAM) strategy for the state enterprise. The NYS Trust Model establishes basic standards and processes that govern how identity credentials are issued, protected and managed."



Apparently, Steve thinks he has an alternative.

http://techdirt.com/articles/20070206/122012.shtml

Steve Jobs Says Record Labels Should Ditch Their DRM

from the preach-it-brother dept

Steve Jobs has been something of a key player in the ongoing debate about the restrictions and copy-protection placed on digital music files sold through download stores. His opinion on the matter seems to have flip-flopped, and it's hard to argue that the labels' insistence on DRM hasn't helped the iPod in some way. However, in a statement posted on Apple's web site, he's now calling for the big four record labels to drop their insistence on DRM. While he does make some questionable points (denying that any lock-in to the iPod exists, and saying that licensing Apple's FairPlay DRM wouldn't be manageable), his underlying point that DRM simply doesn't work, and does more harm than good certainly is a valid one. He points out that while the labels make such a fuss over restricting digital music, the other 90 percent of songs they sell aren't protected at all (try as they might), so to think that DRM will ever stop piracy is foolish. Jobs also points out that the added cost and complexity DRM brings to the music world holds back the number of companies that can create "innovative new stores and players", and dropping it could lead to an influx of investment and interest in digital music and result in the creation of exciting new devices and services for users -- which, he says, can only be a good thing for the music industry. We've called on people like Jobs and Bill Gates to use their influence to try and make Hollywood and content owners understand how they've got so much more to gain by dropping their insistence on copy protection than they stand to lose from piracy. While this note from Jobs isn't likely to create any instant change, it's a nice first step.



It seems the tide has turned.

http://techdirt.com/articles/20070206/185733.shtml

Court Awards Wrongly Sued Woman Legal Fees From The RIAA; Calls Lawsuits Frivolous And Unreasonable

from the indeed dept

Slowly, but surely, the courts are figuring out that there are some problems with the RIAA's legal strategy of suing thousands upon thousands of people based solely on an IP address where they think infringing material is available. There have been a number of cases lately where the judge has tossed out the case on the flimsy evidence -- but all too often the judges then turn down requests by those who were wrongfully sued to have the RIAA reimburse them for attorney's fees. However, in the latest case, it appears that the judge has taken that next step and told the RIAA it needs to pay up for attorney's fees as well, noting that these lawsuits based only on an IP address are "frivolous and unreasonable." The judge also noted that it was completely unfair to put liability on "an Internet-illiterate parent, who does not know Kazaa from a kazoo." The judge found that the "settlement offers" the RIAA puts forth offer no real way to contest the charges without going to court, and found that such a system does "not advance the aims of the Copyright Act." Indeed.

No comments: