Friday, June 15, 2007

Ignorance R us! (OR) “Don't bother me with details!”

http://www.jsonline.com/story/index.aspx?id=619708

Personal data was just a few clicks away

Simple log-in names let Cedarburg students into server

By TOM KERTSCHER tkertscher@journalsentinel.com Posted: June 13, 2007

Cedarburg - A generic log-on and a few simple mouse clicks enabled students to see personal data of hundreds of current and former Cedarburg School District employees, several teachers and students said this week.

The breach in the district's computer network was revealed last week when a Cedarburg High School student asked a teacher if a certain nine-digit figure - the teacher's Social Security number - meant anything to him.

The student then gave the teacher more than 30 pages of printouts of the data, as well as instructions on how to access it on the district's computer network, teachers said.

The log-on and password, according to students, were simple: Both were the word student. [Remember that the next time someone claims their files are “Password Protected” Bob]

... The students and teachers who spoke this week about the breach did so on the condition of remaining anonymous, saying they feared reprisals from the School District.

According to those interviews:

One or more students discovered that logging on to the computer network using the student-student user name and password allowed them access to the names, addresses and Social Security numbers of current and former School Board members, administrators, teachers and staff of the School District.

The data was contained in a folder labeled "W-2," which could be reached with a few keystrokes after logging on to the network.

The W-2 folder, and the files inside of it containing the personal data, did not require any passwords to be viewed.

Herrick said the addresses and Social Security numbers of employees may have been accessible as early as September 2004. [We just don't know... Bob]

Herrick said he would not discuss until tonight's meeting how often the data might have been improperly accessed by students or employees.

He also would not discuss whether any actions are being taken against an employee who put the data on a "shared drive" of the computer network, but said the employee did so believing it was secure there. [At minimum, the need for a little security training is indicated. Bob]

... Another student said district officials questioned students who are computer savvy, [You have skills, you might be guilty? Bob] but that in his opinion the data was easy to access.

... So far, the School District has not received any reports of misuse of the personal data since the problem was disclosed June 5. [Another self-serving but meaningless statement. Bob]

... "It was definitely a lapse in security," said School Board President John Pendergast, but he added that he wants to reserve judgment until tonight's meeting about whether the School District had taken proper precautions with the personal data. [I'll save you time: NO! Bob]

... Bank account numbers were also accessible in the area where the addresses and Social Security numbers were stored, but it is not known whether the account numbers were accessed.



Same problem, different “manager”

http://www.pogowasright.org/article.php?story=20070614162545109

Arkansas Board of Psychology Web Exposure of SSN and DOB

Thursday, June 14 2007 @ 04:25 PM CDT Contributed by: PrivacyNews

On June 11, Aaron Titus notified PogoWasRight.org of a breach involving web exposure of the SSN, DOB, and other information on 285 licensed psychologists in Arkansas. You can read more details in his blog.

As has been the policy of this site, and at the request of the Executive Director of the Arkansas Psychology Board whom I contacted about the breach, this site withheld posting notice of the breach until the cached copy of the file was removed from Google.

Despite Google's assurances to the Board that the cached copy would be removed within 24-48 hours, it took three days for the cached copy to be removed. Google can and must do better when it comes to removing files that contain sensitive information.



If this was a big bag of cash, would it have been transferred this way?

http://www.nanaimobulletin.com/portals-code/list.cgi?paper=51&cat=23&id=1005555&more=0

Personal banking info goes missing

By Jenn Marshall The news Bulletin Jun 14 2007

Personal and financial information of about 120,000 Coastal Community Credit Union members could be in jeopardy.

Data tapes that the credit union moves from site to site to do computer backups were stolen from the courier company that transports them, said Garth Sheane, CCCU president and CEO.

But the credit union is confident the thieves cannot access the information on the tapes, as specialized commercial software is needed. [“Commercial” means, you have to buy it at WalMart Bob]



Well that didn't last long. I still think this is a natural (and ethical) tool for the police. (Not that there might not be potential abuses later...)

http://www.firstamendmentcenter.org/news.aspx?id=18674

Court reverses ban on NYPD videotaping of protesters

By The Associated Press 06.14.07

NEW YORK — A federal judge reversed his own ban on routine police videotaping of political activities, saying uncertainty had arisen about whether demonstrations at the heart of the case had been as law-abiding as participants maintained. [That should not be the deciding factor. Bob]

... The case evolved from what are known as the Handschu guidelines, which date to 1985. They require that police videotaping be for legitimate law enforcement purposes and follow a procedure that includes getting permission from a police official. The guidelines were named after the lead plaintiff in a 1971 case that included 1960s radical activist Abbie Hoffman and others as plaintiffs.

The Handschu guidelines were modified after the terrorist attacks of Sept. 11, 2001, to help the police department investigate terrorism or terrorism-related crimes.

In exchange for those modifications, the police department “promised to enact (and impliedly to follow)” the guidelines, Haight wrote Wednesday.

“If the N.Y.P.D. should break its promise to the court, I am not required to sit idly by with my hands tied,” he wrote.



Isn't everyone doing this? Shouldn't they?

http://www.businessweek.com/ap/financialnews/D8POO9480.htm

Monitoring of workers e-mail jumps

The Associated Press June 14, 2007, 2:09PM EST

NEW YORK Jane Terry has done more than her fair share of e-mail policing.

As president of Santa Ana, Calif.-based manufacturer Ajax Boiler Inc., Terry has on two occasions caught employees breaching network security. While testing a new company software system, she stumbled upon a staff member bringing a rival's proprietary information into Ajax's system. Terry spent $6,000 fixing that problem, and hundreds more when a senior manager at the 100-employee company hacked into the network of a former employer, with whom he was involved in a lawsuit.

"We found him reading the HR manager's e-mail," said Terry. "He was involved in a lawsuit and was probably looking for information on it. It was unbelievable."

Both staff members would have escaped notice if it weren't for a recent upgrade to Ajax's security software. The product, made by Vero Beach, Fla. -based SpectorSoft Corp., essentially records everything employees do on their computers including Web sites they have visited, time spent looking at a site, e-mails they have sent, and more.

... "You want to monitor your existing technology, but you need to stay up on what's new -- especially if you have a young work force," said Nancy Flynn, executive director of the ePolicy Institute.

... Some applications can detect credit card and Social Security numbers in an e-mail message, [Sounds like a great identity theft tool... Bob] a spreadsheet or an attached Word document; others limit accessibility of certain documents to a specific number or group of people.

... Washington D.C. RPost provides a service sponsored by 15 bar associations nationwide that gives legal proof that a message was received and also provides proof of the contents of the message, including attachments.



Not a common dissertation topic...

http://www.pogowasright.org/article.php?story=20070615062028867

Fi: Doctoral thesis says privacy protection has expanded

Friday, June 15 2007 @ 06:30 AM CDT Contributed by: PrivacyNews

Protection of privacy has been underscored considerably by Finnish courts in recent years, alongside freedom of speech, says Päivi Tiilikka in a doctoral thesis that she is defending on Friday at the Faculty of Law at the University of Helsinki.

Her thesis, Sananvapaus ja yksilön suoja: Lehtiartikkelin aiheuttaman kärsimyksen kovaaminen ("Freedom of Expression and Protection of Privacy. Compensating for Suffering Caused by a Newspaper Article") is the first doctoral thesis in Finland on the legal responsibilities of the press.

"Courts have given more attention than before to the fact that people in the public eye have the right to protect their privacy, if their private lives are not linked with the use of power in society", Tiilikka points out.

Source - Helsingin Sanomat



Is your organization a potential target of protesters?

http://news.com.com/Coming+attractions+for+historys+first+cyber-war/2010-7349_3-6191184.html?part=rss&tag=2547-1_3-0-5&subj=news

Coming attractions for history's first cyber-war

By Charles Cooper Story last modified Fri Jun 15 04:00:04 PDT 2007

... Another fascinating whodunit novella is playing out a few time zones away from here in the nation of Estonia--but this one is for real. In case you missed the news, here's the headline version: in late April, Estonia's government moved a Soviet-era war memorial commemorating an unknown Russian killed fighting the Germans.

... So it was that Estonia's decision triggered rioting among that same population. One man was killed, and 153 people were injured. In Moscow, President Vladimir Putin very publicly criticized Estonia and demonstrators blockaded the Estonian Embassy.

Up until that point, the storyline played out with few surprises. Eastern Europe is still a cauldron of conflicting nationalistic passions where there's not always a shared, agreed-upon narrative of the post-War era.

Then things got squirrelly.

Despite their nation's small size, Estonia's 1.4 million people represent one of the most wired populations in the entire world. The Parliament actually declared Internet access to be a basic human right. Unlike the U.S., which seems congenitally unable to resolve the mystery of e-voting, Estonia has been using the Internet to elect representatives since 2005.

So if some group wanted to really wreak havoc, how better than to strike at Estonia's Internet infrastructure? And that's what happened. Shortly after the government announced its decision, Estonia's Web sites--including those of government ministries and the prime minister's Reform Party--came under attack in a distributed denial of service attack that lasted for weeks.

Russia rejected accusations that the government had anything to do with the cyber barrage. In an earlier interview with CNET News.com, Jose Nazario, a security researcher from Arbor Networks, suggested that the 100 to 200 megabit per second size of the attack waves was on the low side of the average DOS attack. Whoever it was, though, knew what they were doing. Things got so bad that NATO was invited to provide technical assistance to help shore up Estonia's defenses. A NATO spokesman had it right when he said that in the 21st century, it's not just going to be about tanks and planes. What he didn't say was whether this represented the opening shots of history's first cyber war.

... "It's taken cyber protest to the next level," Denning said. "It can happen here or to any country where people are unhappy. These were serious attacks which lasted long time. And it proves you need defenses."



How to encourage sex offenders to use anonymity tools?

http://hosted.ap.org/dynamic/stories/S/SEX_OFFENDER_CRACKDOWN?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

7 Sex Offenders Who Use MySpace Arrested

By MONICA RHOR Associated Press Writer Jun 15, 7:36 AM EDT

HOUSTON (AP) -- Seven convicted sex offenders with profiles on MySpace.com have been arrested in what Texas officials said was the country's first large-scale crackdown of registered offenders who use the social networking Web site.

... They were picked up after MySpace.com released the names of offenders with online profiles to the state Attorney General's Office, which had issued a subpoena for the site's subscriber information.


Related?

http://techdirt.com/articles/20070614/182522.shtml

Are Social Network Private Messages More Private Than Email Under The Law?

from the courts-and-technology dept

It's always interesting to see how courts deal with changing technology. For example, it's pretty common for courts to order emails to be handed over in certain lawsuits as part of the discovery process. However, for many younger people, email has taken a backseat to more popular private messaging features on social networks like MySpace and Facebook. In a recent court case, one side requested access to the private messages in the same manner that they would normally request access to email. However, both MySpace and Facebook have privacy policies saying they won't share the info (though, both say that they will under a court order). In this case, the court decided that it was too early to hand over access to such private messages, saying that the defendant's lawyer needed to first use other routes to try to find the information he was looking for before the court would blindly hand over access to social network private messages. It's likely that this type of request will start to become more popular in court cases -- and it may be difficult for judges to believe that social networking private messages are effectively any different than email. [Agree. Bob]



From the CPO. In brief, it says “do no evil,” but it nicely summarizes the major points.

http://www.bespacific.com/mt/archives/015133.html

June 14, 2007

DHS OIG Privacy Policy Guidance Memo Regarding Use of Social Security Numbers

Privacy Policy Guidance Memorandum 2007-02 Regarding Use of Social Security Numbers at the Department of Homeland Security, June 4, 2007 (PDF, 4 pages)



Attention graphics people! Imagine this as a way to tour the neighborhood when you are looking to buy a house. Lots of potential! (Can Google be far behind?)

http://radar.oreilly.com/archives/2007/06/everyscape_a_3d.html

Everyscape: A 3D Worldviewer Made From 2D Photos

Everyscape aims to be able to show you the whole world -- both inside and out -- from its website. It plans to do this with normal 2D photos. Using proprietary technology Everyscape will stitch these photos together and 3D-ify them. The result is a pan-n-scan world accessible through a Flash viewer.


Coincidence?

http://www.mercurynews.com/businessheadlines/ci_6128593?nclick_check=1

Google to use YouTube to amass video database

SEARCH FIRM WILL TEST ABILITY TO FILTER ILLEGAL CONTENT

By Elise Ackerman Mercury News Article Launched: 06/13/2007 01:37:35 AM PDT

It is commonly believed that Google bought YouTube for $1.6 billion because the wildly popular video-sharing site represented a great way for the search giant to expand into video advertising.

It turns out the site could bring an even bigger benefit to the Mountain View company: It may provide a way for Google to easily and legally amass the world's biggest database of video, helping it figure out better ways to search that kind of material.


This is amusing, but not very likely (in my humble opinion...)

http://www.readwriteweb.com/archives/future_of_media_video_prometeus.php

Future of Media Video: Google Takes Over the World by 2050

Written by Richard MacManus / June 14, 2007 / 15 comments


Davide Casaleggio sent a tip to Read/WriteWeb about a video his company produced exploring the future of media. It is a very cool 6-minute video, which takes some educated (and imaginative) guesses at how the Web and media will evolve over the next 40-50 years.



Turning education into entertainment?

http://www.nytimes.com/2007/06/14/arts/television/14nbc.html?ex=1339473600&en=7e87ca5c74a83a1f&ei=5088&partner=rssnyt&emc=rss

NBC Developing Web Site for Students

By JACQUES STEINBERG June 14, 2007

Imagine Tim Russert introducing a classroom history lesson about the Articles of Confederation, or Brian Williams describing the reverberations of the Stamp Act.

NBC News actually has, and in a formal presentation to broadcast industry analysts today, the network is to announce an online venture intended as a supplement to Advanced Placement high school courses in three subjects: American history, government and English. The effort, which the network is spending nearly $10 million to develop, draws heavily on its exhaustive film and video archives chronicling the most important events of the last half century, as well as on its best-known journalists, who will have a chance to report on stories that occurred long before they were born.

... In turning to the classroom as a potential pool of new viewers, NBC is following in the footsteps of other mainstream media organizations, including newspapers like The New York Times, which has long had a newspaper-in-education program, and Time magazine, which repackages some of its articles for use in classrooms as early as the first grade.

No comments: