Thursday, June 07, 2007

Don't ya just love it!

http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9023778&taxonomyId=17&intsrc=kc_top

Mass. credit union bills TJX $590k for breach-related costs

Jaikumar Vijayan

June 06, 2007 (Computerworld) HarborOne Credit Union in Brockton, Mass., has sent The TJX Companies Inc. an invoice for $590,000 for what the financial institution says it incurred in actual costs and reputational damage as a result of the data compromise disclosed by the retailer in January.

The bill was sent to TJX on April 30, [Will this show in financial statements? Bob] but the company so far has not responded or commented on it in any fashion, said James Blake, the president and CEO of the 100,000-member, $1.4 billion credit union.

"The bill was for both direct operational costs that we incurred reissuing new debit cards to our customers, as well as the costs to us from a reputational standpoint," he said. According to Blake, the TJX breach resulted in HarborOne having to block and reissue about 9,000 cards at a cost of around $90,000. The remaining $500,000 is what Blake believes the breach cost the credit union in terms of brand damage.

"We had to notify customers of the fact that their account was breached. There were some questions on their part whether or not we were responsible [for the breach] when in fact it was TJX's responsibility," Blake said.

Rather that pursue a formal lawsuit against TJX for the amount, HarborOne has decided to give TJX a chance to do the "morally" right thing he said. [Not a snowball's chance... Bob] "Whether they will is another issue. They have chosen not to respond to any of our communications. They have run from the problem from the very beginning." [Sure looks that way to me! Bob]

According to Blake, in the last year alone, HarborOne has had to reissue debit cards more than 30 times to customers as a result of data breaches at various retailers. "You can understand why we are a little upset about this," he said.

[Another version: http://www.todaystmj4.com/news/local/7876507.html Bob]



Another case where no one seems to be certain of anything. Good luck prosecuting...

http://www.jsonline.com/watch/?watch=1&date=6/6/2007&id=24626

UPDATE: Students access personnel data

WEDNESDAY, June 6, 2007, 4:37 p.m. By Tom Kertscher

Cedarburg - School officials confirmed today that students gained access to confidential information of current and former School District employees, including names, addresses, Social Security numbers and, possibly, bank account numbers.

An undetermined number of Cedarburg High School students obtained the information from one or more school computers, Superintendent Daryl Herrick said.

Students are not allowed in the area on the computer network where the data was stored, Herrick said. However, the data should not have been stored in that particular area, because the area is accessible to school employees, he said.

Herrick said the improper storage of the data appeared inadvertent and that no actions have been taken against any School District employees.

... The breach was discovered about 11 a.m. Tuesday after a student told a teacher that students had accessed the data, Herrick said. There was evidence that students had obtained names, addresses and Social Security numbers of current and former School District employees, he said.

Bank account information also would have been available, but it was not clear whether students had accessed that information, he said.

... Herrick said "there is no correlation" between the security breach and a case involving former Cedarburg High School teacher Robert Zellner, who was fired for viewing pornography on his school computer.

Zellner's attorney has raised questions about whether others might have gained access to Zellner's computer. [Not exactly the facts in the next article, but you gotta ask yourself “Can the school prove anything?” Bob]



Technology to the rescue? Why wasn't the computer properly examined in the first place? More to learn here i think...

http://arstechnica.com/news.ars/post/20070606-substitute-teacher-spared-sentencing-for-porn-pop-ups-gets-new-trial.html

Substitute teacher spared sentencing for porn pop-ups, gets new trial

By Nate Anderson | Published: June 06, 2007 - 01:39PM CT

Julie Amero, the substitute teacher who could have received 40 years in jail after porn appeared on classroom PCs, was spared that fate—for now. Instead, Amero will get a new trial after revelations that the original computer analysis was flawed.

The backstory in a nutshell: Amero was substituting for an English class. She went to the restroom, and when she returned, students were gathered around a computer that was displaying porn pop-ups. Amero, who describes herself as a total computer novice, couldn't make them stop, and she eventually ran to the teacher's lounge to get help. In court, school officials admitted that the antivirus software installed on the PC was out of date and antispyware programs were not installed. A school official did tell parents, however, that the school district had comprehensive filtering and firewall software in place at the time.

Although it's hard to conjure up a simple explanation for why a substitute teacher would show middle-school students porn pop-ups on purpose, Amero was prosecuted on the ground that she had done this intentionally. She was eventually found guilty and faced the prospect of 40 years in jail because of the incident. A defense witness, who analyzed the computer but was unable to present all of his findings in court, called the case "one of the most frustrating experiences of my career, knowing full well that the person is innocent and not being allowed to provide logical proof." Her sentencing was scheduled for today, but the hearing instead turned into a motion for a new trial, according to the AP.

The computer in question was sent to a Connecticut state laboratory after the original trial finished, and the judge announced today that the lab findings may contradict those presented by the prosecution's computer expert at trial. Amero's lawyers asked for and received a new trial, and the request was not opposed by the prosecution. A date has yet to be set.



Gosh! Who'd a thunk it! (Attention MBA Students!)

http://news.bbc.co.uk/2/hi/technology/6729565.stm

Good privacy pays for web stores

People will pay more for goods if a website does a good job of protecting their privacy, a study shows.

The Carnegie Mellon study looked at what shoppers do when they are told what sites do with personal data.

It suggests that shoppers will pay a premium equal to about $0.60 (30p) on goods worth $15 (£7) [roughly 4% That's huge! Bob] if they are reassured about privacy.

The study was used to evaluate a tool that aims to give web users clearer information about privacy policies.

Poor choices

Before now, many studies have shown that many web users fear that the information they must surrender to buy goods and services online will be abused by some shops.

At the least, users fear their contact details will be passed on to marketing firms without their permission.

Many also worry about what is being done with credit card or bank details they hand over to make purchases.

Despite these fears many shoppers often made poor choices by surrendering valuable personal information if they thought they were getting low prices, said Lorrie Cranor, director of the Usable Privacy and Security Lab at Carnegie Mellon and lead author on the study.

"Our suspicion was that people care about their privacy, but that it's often difficult for them to get information about a website's privacy policies," Ms Cranor said.

The small study of 72 shoppers looked at how their behaviour changed if they were armed with a tool which showed how good a site's privacy policy was.

The study used a tool called the Platform for Privacy Preferences (P3P) developed by the World Wide Web Consortium to make it easier for the average net user to assess privacy policies.

The P3P tool tries to give consistent information about privacy policies across sites. However, it is currently only used by about 20% of e-commerce sites.

The results of the study suggest that people will turn toward sites with "high privacy" ratings and that they would pay slightly extra for that reassurance.



The more you censor, the more “inconsistent” search results become. How can that benefit anyone?

http://news.bbc.co.uk/2/hi/technology/6724531.stm

Censorship 'changes face of net'

Amnesty International has warned that the internet "could change beyond all recognition" unless action is taken against the erosion of online freedoms.

... Amnesty accused companies such as Google, Microsoft and Yahoo of being complicit in the problem.

... "The Chinese model of an internet that allows economic growth but not free speech or privacy is growing in popularity, from a handful of countries five years ago to dozens of governments today who block sites and arrest bloggers," said Tim Hancock, Amnesty's campaign director.

... According to the latest Open Net Initiative report on internet filtering, at least 25 countries now apply state-mandated net filtering including Azerbaijan, Bahrain, Burma, Ethiopia, India, Iran, Morocco and Saudi Arabia.

... Filtering was only one aspect of internet repression, the group said. It added that increasingly it was seeing "politically motivated" closures of websites and net cafes, as well as threats and imprisonments.

... It marks the first anniversary of Amnesty's website irrepressible.info, which is being relaunched to become an information hub for anyone interested in the future of internet freedom.



I fear this is common – because it is so easily done. More reason to have a forensic investigator look over your e-Discovery “take” (Can't be too good for the old reputation, either.)

http://techdirt.com/articles/20070606/005628.shtml

Best Buy Lawyer Altered Documents In Suit Over Illegal MSN Subscriptions

from the whoops dept

You may have heard recently about the racketeering case against Microsoft and Best Buy, where Best Buy would sign up customers for an MSN subscription without letting the subscriber know. A former Best Buy employee has explained how the whole scam worked. However, the case just got a lot more interesting, as a lawyer for Best Buy has admitted that he altered a few of the documents he handed over in the case, which certainly could end up costing the company millions more in fines. Combined with their other recent lawsuit over different versions of their website inside stores, and you have to wonder why anyone shops at Best Buy at all any more.



In theory, any student could read (podcast) their papers and we'd all be wiser...

http://research.bizreport.com/detail/RES/1179941253_704.html

Email Archiving and the Law - Expert Podcast

by MessageOne, Inc. Posted: June 6, 2007

Premieres: 12 Jun 2007, 09:00 EDT (13:00 GMT) Format: Audio Type: Podcast

ABSTRACT: An effective email archiving initiative starts with effective management decisions. CIO's need to determine what regulations to focus on, how to ensure compliance and what technology requirements need to be addressed up front. Attend this expert Podcast to learn ten essential decisions CIOs need to consider to ensure efficient email data backup and storage. Then download its companion Podcast to learn why CIOs considering email archiving need to look past compliance issues and focus on the impact electronic discovery and litigation have on email archiving.



Here's a trend we should watch carefully... Just because they pay the ISP does not mean I won't think they are SPAM. Now I have two targets for my lawsuit! Note: Today the ability to let mail through based on the senders URL is built into all filters...

http://hosted.ap.org/dynamic/stories/T/TECHBIT_E_MAIL_FEE?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

E-Mail Senders Can Pay to Bypass Filters

By ANICK JESDANUN AP Internet Writer Jun 6, 10:11 AM EDT

NEW YORK (AP) -- Four more Internet service providers will start charging banks, e-commerce sites and other large e-mail senders for guaranteed delivery.

In deals expected to be announced Thursday, Goodmail Systems Inc. is expanding its CertifiedEmail program to Comcast Corp., Cox Communications Inc., Time Warner Cable Inc.'s Road Runner and Verizon Communications Inc. Yahoo Inc. and Time Warner Inc.'s AOL became inaugural participants last year.

Individuals, businesses and organizations will be able to continue sending messages for free, but they risk finding those missives caught in increasingly aggressive spam filters. [“Let's filter anyone who can afford to pay us!” Bob]

With Goodmail, a company can pay a quarter of a penny per message to bypass those filters and reach inboxes directly. Recipients see a blue seal verifying that the message is legitimate; [Legitimate = they pay us Bob] senders get confirmations and can resend messages lost in transit.



Technology to the rescue! No doubt teens will learn to snort (and otherwise abuse) the powder...

http://www.reuters.com/article/oddlyEnoughNews/idUSPAR64994620070606

Just add water - students invent alcohol powder

Wed Jun 6, 2007 10:13AM EDT

AMSTERDAM (Reuters) - Dutch students have developed powdered alcohol which they say can be sold legally to minors.

The latest innovation in inebriation, called Booz2Go, is available in 20-gramme packets that cost 1-1.5 euros ($1.35-$2).

Top it up with water and you have a bubbly, lime-colored and -flavored drink with just 3 percent alcohol content.

"We are aiming for the youth market. They are really more into it because you can compare it with Bacardi-mixed drinks," 20-year-old Harm van Elderen told Reuters.

Van Elderen and four classmates at Helicon Vocational Institute, about an hour's drive from Amsterdam, came up with the idea as part of their final-year project.

"Because the alcohol is not in liquid form, we can sell it to people below 16," said project member Martyn van Nierop.

The legal age for drinking alcohol and smoking is 16 in the Netherlands.

In Germany, alcopops -- sweet drinks containing alcohol and in powder form -- caused quite a stir when launched on to the market. Alcohol powder, classified as a flavoring, was sold in the United States three years ago.

The students said companies interested in making the product commercially could avoid taxes because the alcohol was in powder form. A number of companies are interested, they said.


No comments: