Friday, May 04, 2007

This is a follow-up on the “financial records in a dumpster” story, so I almost missed the bit about the tape...

http://www.allheadlinenews.com/articles/7007219432

J.P. Morgan Probes Alleged Data Breach

May 2, 2007 6:30 a.m. EST Geoffrey Ramos - AHN Staff Writer

New York, NY (AHN) - J.P. Morgan Chase has started a probe into allegations by a large workers union that documents containing financial information of its customers has been accidentally thrown in the trash in five of its branch offices in New York.

The financial services company is also sending out letters to its Chicago-based customers, informing them of a potential compromise of their data after a tape containing the data went missing.

... Meanwhile, J.P. Morgan has started informing some 47,000 customers and employees in the Chicago area about a possible loss of their personal data. A disk containing data from J.P. Morgan's private-client services business was reported missing from an off-site storage facility late last year.



We just don't know...

http://www.baltimoresun.com/news/local/politics/bal-dnrstory0503,0,5558174.story?coll=bal-home-headlines

DNR names, Social Security numbers are missing

Union calls on state to act after information on 1,400 workers likely lost

By Candus Thomson Sun Reporter May 3, 2007, 11:55 AM EDT

The union representing Department of Natural Resources law enforcement officers wants the state to pay for several months of credit checks after learning that a thumb drive with the names and Social Security numbers of about 1,400 employees has been lost.

The miniature computer storage device, used by an employee of the agency's Information Technology unit to take work home with him, was reported missing about a week ago, said Eric Schwaab, DNR deputy secretary.

The thumb drive held information about Natural Resources Police officers and Maryland Park Service rangers dating back to the 1970s.

"It's quite disturbing to our members. No one, to my knowledge, knows what really happened. Was it lost, stolen, misplaced? No one has told us," said Ed Eicher, president of the State Law Enforcement Officers Labor Alliance.

... Those whose information was lost were told of the security breach by telephone [Wow, 1400 phone calls! Bob] and were given written updates, Schwaab said.

... As a result of the incident, the DNR is reviewing its security policy. Schwaab said he could not talk about whether the employee was disciplined, citing state personnel rules. [How could “Yes, he was disciplined.” have any privacy implications? Bob]



Quote du jour: "Thinking... is sometimes an afterthought." (Sounds like Yogi Berra)

http://media.www.lsureveille.com/media/storage/paper868/news/2007/05/03/News/Stolen.Laptop.May.Hold.Id-2892874.shtml

Stolen laptop may hold ID numbers

Delays follow in notification of theft

By: Leah Square Posted: 5/3/07

An Information Technology investigation has revealed that a laptop stolen from a faculty member's Baton Rouge home may contain personally identifiable information for about 750 University students.

But University officials released a notification letter to potentially affected students April 15 - more than 10 days after receiving news of the theft. The faculty member notified University officials April 4, but officials did not contact LSUPD.

The laptop is owned by the E.J. Ourso College of Business, and may have included students' Social Security numbers, full names and grades, according to a notification letter The Daily Reveille obtained Tuesday. The letter was signed by Brian Nichols, chief IT security and police officer, [IT security is handled by the cops not just some entry level IT guy! Bob] and Robert Sumichrast, dean of the E.J. Ourso College of Business.

... "People aren't necessarily aware of what they've got on their computers," Thompson said. "Thinking about what was lost on the computer is sometimes an afterthought."

... Thompson said the University is moving to eliminate Social Security numbers from all systems and databases, but "cleaning up" all University venues for possible theft will take years.



Mere hundreds...

http://abclocal.go.com/ktrk/story?section=local&id=5268451

Students' personal information posted on campus computers

(5/03/07 - KTRK/CONROE, TX) - There is a warning for hundreds of students at Montgomery College. You may be at risk for identity theft.

The discovery was made by students at the campus just outside of Conroe. Students found a list of all graduating seniors on a computer drive that is publicly accessible on all campus computers.

On that list of names was also personal and sensitive information, including social security numbers and addresses. School officials say it was posted on the public shared drive accidentally by a new employee, who has now been disciplined.



Laptops aren't the only thing people steal... Would be more amusing if it was an inside job?

http://www.vnunet.com/vnunet/news/2189126/prison-keys-sold-ebay

Prison keys sold on eBay

Quick lock change in order after security slip

Iain Thomson, vnunet.com 03 May 2007

A US prison is undergoing emergency lock changes after the keys to some of its doors appeared on eBay.

Keys to the Anamosa State Penitentiary in Iowa were spotted on eBay by prison guards. They came from a locksmith at the prison who retired in 1974 and died two years later. [In all those years, no one thought to change the locks? Bob]

...The medium security Anamosa State Penitentiary is home to about 1,250 inmates. [About? Bob]



Another cost...

http://www.9wsyr.com/content/news/your_stories/story.aspx?content_id=17b206d7-6cc1-4068-9b8d-25917c4edc1a

Your Stories Tracker: Credit Card Change

Last Update: May 2, 2007 4:46 PM

Syracuse (WSYR-TV) - We have a Your Stories Tracker about the continued fall out from the credit card information breach at retailers TJ Maxx and Marshalls.

In response to the news that millions of customers' credit and checking account information may have been stolen, many credit card companies sent members new credit cards, with new account numbers.

But customers are now finding that any automatic payments that were linked to their accounts did not transfer over when the new number was issued.

So, lots of people have been defaulting on bills they thought were automatically going to their credit cards.

We contacted HSBC about the problem. They tell us any customer who's charged a late fee should explain the situation to the merchant, to try and get the late fee removed.



This seems logical – what am I missing? Sounds like a slam dunk lawsuit to me!

http://techdirt.com/articles/20070503/112537.shtml

FCC Tells Phone Companies You Can't Arbitrarily Block Calls To Numbers You Don't Like

from the awfully-quiet-about-it dept

A few months back, telcos like AT&T and Sprint started blocking calls to various free conference call lines based in Iowa. As we had explained earlier, these systems were basically abusing bad regulations in Iowa, forcing telcos to pay them a lot of money for every incoming call. Even so, it seemed questionable that telcos could arbitrarily block who customers could call. It certainly echoed some of the concerns about network neutrality, where ISPs conceivably could block what sites users could visit. Based on all of this, it was somewhat surprising that the FCC didn't get involved. Eventually, however, the telcos backed down. We had assumed it was a combination of the bad publicity over the blocked calls (even if the Iowa telcos involved seriously overhyped the importance of being able to scam bigger telcos through regulatory loopholes) and the fact that the FCC was finally holding meetings on the issue. However, earlier today, FCC Chair Kevin Martin admitted that the FCC quickly called the big telcos in question to let them know, in no uncertain terms, that this was a violation of FCC rules. In fact, he claims that a week after the big telcos backed down, the FCC discovered that at least one was still somehow limiting or degrading calls to those Iowa numbers -- and the FCC contacted the telco again to tell them that this was not allowed. It's good to know that the FCC took this seriously (especially since it's one of the few times that it seems to have gone against the wishes of its good friends in the telco industry). It's still odd that the FCC didn't make any public announcement about this to make it abundantly clear to others not to go down this route. Perhaps Martin wanted to save his friends from some embarrassment. In the meantime, can anyone explain why no one is changing the silly regulations to get rid of the ridiculous and unnecessary fees to these Iowa telcos?



So why did they spend all that time and money?

http://techdirt.com/articles/20070503/091946.shtml

After Getting Shut Out Of Google, Belgian Newspapers Agree To Do What They Should Have Done In The First Place

from the took-you-long-enough dept

Google and a group of Belgian newspapers have settled part of their ongoing dispute, in which the papers alleged Google was violating their copyright by linking to their sites. In particular, they alleged that Google's caching of articles -- articles they charge people to read after a certain time -- was illegal. They could have, of course, just used either a robots.txt file or meta tags to control how Google indexed and cached their content, but they felt a lawsuit was a preferable course of action (since the dispute likely had little to do with copyright, and more to do with money). Given that, it's a little odd to see the papers now agreeing to use the "noarchive" tag so they can get back in Google search results. As Danny Sullivan points out, it's hard to see this as anything other than a victory for Google. While its appeal of the court case carries on, it would appear that Google's removal of the newspapers from its site -- in accordance with a court order -- illustrated to the newspapers how much free traffic Google sent them, and how much better off they are with it. Unlike in a similar, earlier case with the AFP news agency, Google hasn't had to cough up any cash or enter a licensing agreement with the Belgian papers -- but again, as Sullivan points out, removing the Belgian papers from its index was far simpler for Google than removing newswire content that gets republished across a wide range of sources. it's also far easier for each paper to measure the impact of their removal, whereas the removal of AFP's stories wasn't felt by the AFP itself, but rather by its customers. It's nice to see the Belgian papers come to their senses; hopefully the courts there will soon follow.



Maybe because I like science fiction?

http://it.slashdot.org/article.pl?sid=07/05/03/2031218&from=rss

The Internet of Things - What is a Spime?

Posted by CmdrTaco on Thursday May 03, @04:59PM from the sounds-like-it-would-taste-sour dept. The Internet IT

CoolVibe writes "From the abstract in the talk: "World-renowned Science Fiction writer and futurist Bruce Sterling will outline his ideas for SPIMES, a form of ubiquitous computing that gives smarts and 'searchabiliity' to even the most mundane of physical products. Imagine losing your car keys and being able to search for them with Google Earth." It's a very interesting lecture given by Bruce Sterling about something we might see in the near future. The lecture can be viewed here on Google Video."



Oooh! I want one!

http://yro.slashdot.org/article.pl?sid=07/05/03/2333244&from=rss

RFID Guardian Protects Your Privacy

Posted by CowboyNeal on Thursday May 03, @08:18PM from the don't-look-at-me dept. Privacy Technology

An anonymous reader writes "A new device devised by Amsterdam graduate student Melanie Rieback is designed to serve as a portable firewall for RFID tags. The portable battery-powered RFID Guardian uses an access control list to filter RFID queries, blocking queries that aren't approved. Rieback, who is also known for being the first researcher to develop a proof of concept RFID virus, hopes to offer version 3.0 of the RFID Guardian to the public at cost."



Research. Can't find what you want? Perhaps you need to shop around...

http://digg.com/tech_news/Top_100_Alternative_Search_Engines_of_2007

Top 100 Alternative Search Engines of 2007

I have spent a month - since the March update - scouring the World Wide Web for any brand new Search Engines or ones that might have been missed. Several alternative search engines have been added directly from readers' comments to the last list. And several readers suggested a new category: Charity Search Engines; so that category has been added.

http://www.readwriteweb.com/archives/top_100_alt_search_engines_april07.php?2



Keep an extra close watch on the “diverse” ones!

http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1250974,00.html?track=sy320

Employee profiling: A proactive defense against insider threats

Joel Dubin 05.03.2007

They might seem like normal employees, working away quietly like everybody else. But they're not. They're criminal insiders, using their privileged positions inside companies everywhere to access and steal confidential data or cause mayhem on the company's IT systems.

How can organizations protect themselves against these miscreants? How can enterprises weed out, let alone find, malicious insiders in their midst?

One way might be to build a profile of corporate turncoats. Once singled out, they can be scrutinized more closely than other employees. However, before starting an employee profiling program, there are three key questions to ask: What is the profile of a criminal insider? Is it legal or appropriate to single out suspected thieves? Is there a clever technical solution -- such as identity and access management -- to stop corporate sabotage without the fuss and hazards of profiling?



Urge all you want, there's money to be made...

http://www.thecrimson.com/article.aspx?ref=518748

Prof Urges Internet Search Purges

Working paper calls for search engines to delete Internet activity records

Published On 5/3/2007 3:03:16 AM By BERYL C.D. LIPTON Contributing Writer

Big Brother could be watching you online.

That’s what one Kennedy School associate faculty member cautioned yesterday, calling for a change in the way that internet activities are monitored and recorded.

In “Useful Void: The Art of Forgetting in the Age of Ubiquitous Computing,” Associate Professor of Public Policy Viktor Mayer-Schoenberger argued for computer systems to regularly delete information, a practice he calls “data ecology.”

... “The notion of limiting the time that [personally identifyable information] is collected and maintained about individuals should be the subject of government consideration.”

[Read the paper at:

http://ksgnotes1.harvard.edu/Research/wpaper.nsf/rwp/RWP07-022/$File/rwp_07_022_Mayer-Schoenberger.pdf



...and the first country to Ubiquitous Surveillance (Orwell was an optimist.)

http://www.thisislondon.co.uk/news/article-23394907-details/Council%20recruits%20spy%20plane%20in%20war%20on%20residents%20who%20waste%20energy/article.do

Council recruits spy plane for war on residents who waste energy

03.05.07

Every home in a London borough has been photographed from a spy plane as council bosses focus on residents wasting energy.

Haringey Council in north London is the first local authority in the UK to compile a heat map which can pinpoint how much energy is escaping from each property.

Councillor Isidoros Diakides, Labour's executive member for housing, said: "This single study will play a key role in helping us address three of the biggest issues currently facing Haringey - climate change, fuel poverty and housing waiting lists." [Huh? Bob]

But the move was slammed by Justin Hinchcliffe, of Haringey Conservatives.

He said: "Given that the council cannot even keep the streets clean, we're amazed that they've launched this project.

... Robert Wilkes, 39, boss of map suppliers hotmapping.co.uk, rejected any suggestion it was an intrusion into people's privacy along the lines of satellite imaging service Google Earth.

... The mapping took place seven years ago in 2000 but Haringey, which has spent £21,000 on the study, is understood to have now commissioned a 2007 update.

... It will also help identify empty properties to be used for housing.



How else should you learn Virtual Law?

http://www.eff.org/deeplinks/archives/005238.php

Virtual Classes on Cyberlaw

May 03, 2007

Learn cyberlaw without leaving cyberspace through the State of Play Academy. The Academy offers free classes through the virtual world There.com. The Spring Semester has already started, and runs through June 8.

The virtual classes will teach you the sort of fascinating stuff your real college never gets around to offering, like "Claims of Copyright Misuse based on First Amendment Interests," "The Viacom-Youtube Lawsuit," and "Election 2008 and the Remix Culture." EFF staff attorney Kevin Bankston is signed up to teach a class called "Every Move You Make: Location Tracking and the Law."

More information, including how to log on and participate in SOPA classes at: stateofplayacademy.com.



Maybe they should have outsourced/offshored this in the first place... Imagine computers as “stocking stuffers” by Christmas.

http://hardware.slashdot.org/article.pl?sid=07/05/04/048259&from=rss

India Hopes to Make $10 Laptops a Reality

Posted by CowboyNeal on Friday May 04, @02:55AM from the but-how-much-in-rupees dept. Portables The Almighty Buck

sas-dot writes "We all know Nicholas Negroponte's $100 OLPC. [Last cost I've seen is $145 Bob] India, which was a potential market, rejected it. India's Human Resources Development ministry's idea to make laptops at $10 is firmly taking shape with two designs already in and public sector undertaking Semiconductor Complex evincing interest to be a part of the project. So far, the cost of one laptop, after factoring in labor charges, is coming to $47 but the ministry feels the price will come down dramatically considering the fact that the demand would be for one million laptops."



The return of Chad?

http://www.bespacific.com/mt/archives/014762.html

May 03, 2007

Florida Moves to Paper Ballots for 2008 Presidential Election

Press release: "In a historic vote, the Florida House today unanimously passed CS/HB 537, already passed in the Senate, that provides almost all voters paper ballots in time for the 2008 Presidential election, and bans paperless DREs [direct-recording electronic voting machines], and bans paperless DREs outright by 2021."



Gosh, does this suggest that politicians don't understand technology, or have a clue how to project cost/revenue? How shocking!

http://techdirt.com/articles/20070503/013158.shtml

'Don't Spam Kids' Registry A Financial Disaster For Utah

from the nice-work dept

Michigan and Utah got some attention a couple years ago for each passing utterly pointless laws requiring spammers to remove email addresses of children. This seemed ridiculous for a variety of reasons, with the first among them being that, if anything, this kind of list seemed to put children's email addresses at an even greater risk. Eric Goldman has taken a deeper look at the Utah law and discovered a variety of other problems with it. He notes that, despite assurances that it was impossible that email addresses could be leaked from the registry, email addresses were leaked from the registry. However, the bigger point he makes is that the laws have been a huge financial disaster for Utah -- and more specifically, its taxpayers.

First, he points out that since the law clearly wouldn't stop any spam for children, the real purpose of the law was a secret email tax. The way the law is set up, firms need to pay a fee in order to compare their lists with the registry, and Utah in particular was apparently expecting $3 to $6 million in revenue. Instead, they've actually brought in $187,224. On top of that, the company that Utah has hired to run the registry, Unspam (who had also insisted it was impossible to leak the email address) gets to keep 80% of the revenue -- meaning Utah has received a grand total of $37,445 -- significantly less than expected, and not nearly enough to cover additional expenses created by the law. And it gets worse. The next part isn't entirely clear, but an expensive lawyer (who happens to be the son of Utah Senator Orrin Hatch) was hired by Unspam to defend the already questionable law in court -- but after the company felt it had spent too much, it appears to have handed the bill over to the state. So now Utah taxpayers are paying for this lawyer to defend their bad law -- and the lawyer makes many times what a state lawyer actually makes.

By the way, if the name Unspam sounds familiar to you, that's because it's the company that got a bunch of press last week for trying to sue a bunch of spammers for $1 billion. It was a case that got plenty of press, but seemed woefully short on details. Perhaps Unspam is simply looking to make up for lost time in getting Utah the money its CEO insisted the state would get if it passed the "don't spam kids" law and (of course) put his company in charge of running it. Oh, and it gets better. The recent ridiculous law to ban trademarked keyword advertising in Utah also just so happens to have come from this same CEO, who later defended the law on a blog, without mentioning his vested interest in it.



Tools & Techniques for hackers...

http://franticindustries.com/blog/2007/05/03/how-to-access-pandora-from-outside-the-us/

How to: access Pandora from outside the US

Published by Stan Schroeder May 3rd, 2007 in News, Tips Tags: anonymous browsing, hacks, News, Pandora, tips.

I’m not an avid Pandora user. Personally, I like Last.FM better. But it angers me when I see that such a great service will now be unavailable for users outside of the US. TechCrunch has the details, as well as a facsimile of the letter sent to Pandora’s international users.

Of course, I don’t blame Pandora for this: they’re just complying with the US (and international) laws and regulations.

I blame the laws and regulations.

In any case, this is the Internet, and it’s easy to be a hacker nowadays, so here’s a couple of services you can use to access Pandora from wherever you are (btw, Pandora still works for me although I’m from Croatia; I guess they haven’t covered all the IP ranges just yet):

No comments: