Thursday, April 19, 2007

Laptops are simple, it takes muscles to carry a server!

http://pub.ucsf.edu/newsservices/releases/200704189/

UCSF computer server with research subject information is stolen

Corinna Kaarlela, News Director Source: Corinna Kaarlela ckaarlela@pubaff.ucsf.edu 415-476-2557

18 April 2007

A computer file server containing research subject information related to studies on causes and cures for different types of cancer was stolen from a locked UCSF office on March 30, 2007.

The server contained files with names, contact information, and social security numbers for study subjects and potential study subjects. For some individuals, the files also included personal health information.

... Notification letters were sent Monday, April 16, to about 3,000 individuals. Using backup files, UCSF officials are conducting an extensive analysis of the server data to determine as quickly as possible all the names involved in this incident.

Letter notification will continue as more names are identified. [A data inventory would have benn useful... Bob] Because of the large number of files on the server and their complex variety of formats, layouts, and data content, the process is extremely complicated, and UCSF officials cannot predict the total number of names at this time.



I'd like more detail on this. How does “making comments” interfere?

http://abcnews.go.com/US/wireStory?id=3053682

Student Arrested Over Va. Tech Remarks

Colorado Student Arrested After 'Threatening' Comments About Virginia Tech Shootings

The Associated Press

BOULDER, Colo. - A University of Colorado student pleaded not guilty Wednesday to making comments that classmates deemed sympathetic toward the gunman blamed for killing 32 students and himself at Virginia Tech, authorities said.

During a class discussion Tuesday of Monday's massacre at Virginia Tech, Max Karson "made comments about understanding how someone could kill 32 people," university police Cmdr. Brad Wiesley said.

... Karson, of Denver, was arrested Tuesday on a misdemeanor charge of interfering with staff, faculty or students of an education institution.

... At Oregon's Lewis & Clark College, another student was detained by campus police Wednesday shortly before a vigil for the Virginia Tech victims when he was spotted wearing an ammunition belt. Portland police later determined that it was "a fashion accessory" made of spent ammunition, and said the man did not have a weapon. The belt was confiscated. [...and will be sent to Guantanamo. Bob]



So easy a caveman could do it!

http://www.forbes.com/feeds/ap/2007/04/18/ap3626103.html

Feds: ID Theft Ring Run From Prison

Associated Press 04.18.07, 12:03 PM ET

A man in prison for identity theft is accused of running a similar operation from behind bars, with an Emmy award-winning television producer and animator among the victims.

... Curry will be transferred to federal custody this summer, Mrozek said. He is serving a three-year sentence for identity theft at Centinela prison in Imperial County.



What's going on here? Why weren't they ready for this? (They have done it before...) Would any other provider get this treatment? How could the IRS respond so quickly? (see next article) Who is getting paid to waive the regulations?

http://www.washingtonpost.com/wp-dyn/content/article/2007/04/18/AR2007041800213.html

No Penalty for Tax Filers Hit by Glitch

By JORDAN ROBERTSON The Associated Press Wednesday, April 18, 2007; 7:00 PM

SAN JOSE, Calif. -- Taxpayers who couldn't electronically file 11th-hour returns using Intuit Inc.'s TurboTax, ProSeries and Lacerte software won't be penalized for delays caused by the company's overtaxed servers, the Internal Revenue Service said Wednesday.

"We will do everything we can to assist taxpayers affected by the situation," said IRS spokesman Bruce Friedland. "If people couldn't e-file last night, we encourage them to file as soon as they can."

A record number of returns from individual taxpayers and accountants on Tuesday choked the Mountain View-based company's computers, leading to delays in customers receiving confirmation that their returns had been submitted successfully, Intuit spokeswoman Julie Miller said.

As the midnight filing deadline approached, the problem got worse.

[Here's the simple math: We sold X tax packages, so far Y returns have been filed. We still need to process (X-Y) returns. Bob]

... The company's server farm near San Diego processed more than a million returns Tuesday alone, twice the amount during the peak filing day last year, Miller said.

And once the system reached its capacity, many filers were simply turned away. The company said it will refund the $16.95 electronic filing fee for TurboTax users who experienced delays.

... Penalties for late filing start at 5 percent of the unpaid taxes per month, and max out at a total of 25 percent. The IRS said it would extend the deadline to midnight April 19 for people who encountered problems.

Customers lit up Intuit's online customer support forums with complaints, with some angrily swearing off Intuit's software altogether for future returns and others threatening to sue the company if they were penalized by the IRS.

Beyond Intuit's consumer products, the delays also hampered professional tax preparers who use the company's Lacerte brand software.

Wesley Fachner, a certified public accountant in Campbell, Calif., said the slowdowns started Monday [so the Tuesday volume wasn't the reason! Bob] and got worse Tuesday, with backups cropping up for nearly all of the 20 returns he filed those days.

... Kansas City, Mo.-based H&R Block Inc., whose TaxCut software also allows people to file electronically, said Wednesday it did not experience any slowdowns despite a similar spike in traffic. The company did not provide details on the number of filings it received.

Technology experts were flabbergasted that Intuit was caught off guard by a surge in activity on its busiest day of the year.

... At the peak, Intuit was processing 50 to 60 returns per second. [Trivial! Bob]


Not the most technologically sophisticated organization...

http://www.washingtonpost.com/wp-dyn/content/article/2007/04/17/AR2007041701433_pf.html

Wireless Security Puts IRS Data at Risk

The Associated Press Tuesday, April 17, 2007; 6:34 PM

WASHINGTON -- Internal Revenue Service offices across the nation that use wireless technology are still vulnerable to hackers, according to the latest assessment of the agency's security policies released Tuesday.

Despite efforts to improve wireless security the past four years, the Inspector General's assessment of 20 buildings in 10 cities discovered four separate locations at which hackers could have easily gained access to IRS computers using wireless technology.

... "However, anyone with a wireless detection tool could pick up the wireless signal and gain access to the computer," wrote Michael Phillips, the Inspector General.

... The vulnerabilities were discovered in Denver and at three other IRS facilities in Texas and Florida.



Is this a new consumer area? Monitoring your friends? (Didn't this used to be called “stalking?”)

http://digg.com/tech_news/See_All_of_Your_Friend_s_Online_Activity_in_One_Place

See All of Your Friend's Online Activity in One Place

With Tabber you can import your contacts from a number of sources (gmail, digg, myspace, yahoo, aim etc) and tie them to additional social sites such as blogs, del.icio.us and photo galleries. You can then view their recent activity on these sites in aggregate or individually.

http://www.tabber.org/index.php



Could they have done worse?

http://www.infoworld.com/article/07/04/18/HNrimbetterresponse_1.html?source=rss&url=http://www.infoworld.com/article/07/04/18/HNrimbetterresponse_1.html

Could RIM have responded better to outage?

Analysts disagree as to whether RIM should have been more communicative in the early stages of the BlackBerry outage

By Nancy Weil and Grant Gross, IDG News Service April 18, 2007

As of late Wednesday afternoon, U.S. Eastern Time, Research in Motion had offered no explanation for the cause of the BlackBerry e-mail service outage that affected users in North America.

Throughout the outage, which started Tuesday evening at about 8:15 p.m. ET and lasted through at least midmorning Wednesday ET, the RIM and BlackBerry Web sites lacked any information regarding the outage. Multiple inquiries to press representatives made via telephone and e-mail were not answered through Wednesday afternoon, although RIM did issue a statement to European reporters earlier in the day, confirming the outage and saying service had been restored to most users and that it was looking into the cause of the problems.

One crisis management consultant said customers expect more details in crisis situations. "The general rule is, if it's really bad, get [information] out fast," said James Lukaszewski, CEO of The Lukaszewski Group, in White Plains, New York. "It'd be a far less large situation if they communicated more."

However, another offered the opposite viewpoint. While more communication might help to contain a news story, RIM's focus might instead be on reassuring stock markets, said Mark Towhey, president of the Towhey Consulting Group in Toronto. His company provides crisis management advance, and he thought RIM's response seemed appropriate for the circumstances.



It probably works in the other direction too

http://www.bespacific.com/mt/archives/014588.html

April 17, 2007

Report: How U.S. Companies Select International Outside Counsel

ALM: "How do companies select counsel in foreign countries? What tools and resources do companies use to select overseas counsel? What are the "must-have" qualities for overseas outside counsel? See ALM's new study, How U.S. Companies Select International Outside Counsel."



Something to watch – literally!

http://slashdot.org/article.pl?sid=07/04/18/1523212&from=rss

Online Video Suddenly Gets Brainy

Posted by ScuttleMonkey on Wednesday April 18, @02:45PM from the hard-to-compete-against-jackass-tv dept. Television The Internet

David Kesmodel writes "Several online-video efforts are under way that offer a more cerebral alternative to the typical fare seen on the Web, the Wall Street Journal reports. T he ambitious Fora.tv, for example, intends to establish relations with all of the lecture series from the nation's scores of think tanks, civic groups, bookstores and the like, and then put tapes of their speeches and panel discussions online in an easily searchable fashion."



Always useful information...

http://www.bespacific.com/mt/archives/014597.html

April 18, 2007

GAO Report on E-Voting Challenges

Elections: All Levels of Government Are Needed to Address Electronic Voting System Challenges GAO-07-741T, April 18, 2007.

  • "Voting systems are one facet of a multifaceted, year-round elections process that involves the interplay of people, processes, and technology, and includes all levels of government. How well these systems play their role in an election depends in large part on how well they are managed throughout their life cycles, which begins with defining system standards; includes system design, development, and testing; and concludes with system operations. Important attributes of the systems' performance are security, reliability, ease of use, and cost effectiveness. A range of groups knowledgeable about elections or voting systems have expressed concerns about the security and reliability of electronic voting systems; these concerns can be associated with stages in the system life cycle. Examples of concerns include vague or incomplete voting system standards, system design flaws, poorly developed security controls, incorrect system configurations, inadequate testing, and poor overall security management."



They are even less trusting than we are...

http://www.searchbyheadlines.com/posted_news/100746.html

Latest National Research Reveals Lack Of Consumer Trust In The Security Of Data In The UK

Release Date: 04/17/2007 Industries: IT Category: Private Company News Website: http://www.secerno.com Source: Secerno

Poll shows 91% of the country is bothered about information protection and that consumers will not tolerate any organisation taking a lax approach to data security

OXFORD, Tuesday,17 April 2007, UK company Secerno, the technology leader in data security, today announced the results of an independent survey of over 1,200 UK consumers reviewing their concern on the issue of personal data theft.

The survey, conducted by Ipsos MORI, reveals that only 5% of respondents claimed not to be concerned about the security of their personal data. The recent publicity on international breaches, such as the TJX/TKMaxx data loss, has had a dramatic impact on the UK consumer.

It is not only the ability to secure UK data that concerns the public. More and more British companies are choosing to outsource their database storage and management facilities overseas. However, the survey reveals that 63% of adults are concerned about the ability of data centres to protect their data, in the UK and abroad.

The survey suggests there is clearly a requirement for the issue of high-profile data breaches to be addressed on a political level as 58% of respondents want to see Government bodies, along with banks and building societies, taking greater responsibility for the protection of personal data.

For those companies which disregard the importance of the immediate communication of security incidents to their affected customers, they can expect to see their customers firstly, abstaining from using their services (53%) before secondly, opting to cancel their credit cards (48%) and thirdly, reporting them to the Police (20%) or national consumer bodies, e.g Watchdog (17%).

... Additional findings from Secerno's survey include:

45% do not think that banks and online retailers do enough to protect their personal data;

83% specifying the security of their bank and credit card details as being their priority concern;

36% of consumers would not put personal information online, yet 11% of them have still been a victim of data theft;

As well as the security of financial data being a concern, 46% of all respondents are most concerned about protecting their medical records, and is highest amongst the 45+ ages 45-plus (52%).



Another reason to hate Powerpoint presentations?

http://www.vnunet.com/vnunet/news/2188023/hackers-turn-powerpoint-virus

Hackers turn to PowerPoint for virus infection

Slack patching leaves application open

Iain Thomson, vnunet.com 18 Apr 2007

Malware authors have made Microsoft's PowerPoint their vector of choice for infecting corporate systems.

Microsoft Word was the top choice for malware authors last year looking to embed code in seemingly innocuous documents.

But research from MessageLabs suggests that increased patching of Word, and a slack attitude to patching other applications, has prompted hackers to target PowerPoint.

... The research found that PowerPoint now hosts 45 per cent of attacks, compared to 35 per cent in Word documents.


...which is good news for:

http://it.slashdot.org/article.pl?sid=07/04/19/0247208&from=rss

Word Vulnerability Compromised US State Dept.

Posted by samzenpus on Wednesday April 18, @11:54PM from the you've-got-a-virus dept. Security Microsoft United States

hf256 writes "Apparently hackers using an undisclosed (at the time) vulnerability compromised the State Departments network using a Word document sent as an email attachment. Investigators found multiple instances of infection, informed Microsoft, then had to sever internet connectivity to avoid leaking too much data!"



Employee monitoring: Perhaps we should? (What else is there?)

http://www.informationweek.com/news/showArticle.jhtml?articleID=199100333

Porn Found On One In Four Corporate PCs

Think there aren't any pornographic images on your users' desktops or laptops? Think again. A new study shows that they're being downloaded and sent via e-mail through the office.

By Sharon Gaudin, InformationWeek April 17, 2007

A new study found pornography on one in four PCs despite the use of content filtering technology at the gateway.

PixAlert, a company that focuses on keeping illicit images out of corporate networks, audited 10,000 PCs on 125 business and public sector networks over the last nine months. The study found that one-quarter of the computers contained pornography or "other inappropriate images." The same audit found that 12.4% of the 12,000 e-mail accounts and 5.4% of 26,000 file server shares scanned were similarly affected.

"With over a third of all images found created in the last 12 months, it is clear that a significant number of employees continue to ignore corporate policies and in some cases are going to extraordinary lengths to bypass protection systems in order to obtain and distribute inappropriate material," said Andy Churley, a director at PixAlert, in a written statement. "Corporate officers wrongly assume that boundary protection systems stop all digital pornography from entering the organization but, in PixAlert's experience, almost all corporations will have a significant amount of pornography on their networks."

The study found that 46.8% of the images showed full nudity or sexual activity and 0.3% of all the images were determined to be illegal. [ 99.7% were okay? Bob] While 35% were downloaded online images, 45.2% of the images detected came from e-mails. The study also found that 35.5% were sent internally.

... Last month, Maryland authorities nabbed 22 state employees who were visiting pornographic Web sites -- sometimes a few thousand times a week -- on the job. Investigating officials reported that the number of employees involved was understated, and a wider investigation is being called for.

Pornographic images aren't the only problem in business settings. In February, forensic investigators announced that they went over 70 used hard drives bought from 14 sources and recovered "private information" on 62% of them. While they did indeed find pornographic images, they also found one man's will and a man's personal fan letter to a female celebrity.

No comments: