For those who “...have no reports the information was used inappropriately...”
http://www.pogowasright.org/article.php?story=20070711055951859
(follow-up) TJX, Polo Data Surfaces in Credit Card Bust
Wednesday, July 11 2007 @ 05:59 AM CDT Contributed by: PrivacyNews News Section: Breaches
After more than $75 million in bogus credit card charges, several Cuban nationals in Florida have been arrested with more than 200,000 credit card account numbers, many of which came from the TJX and Polo Ralph Lauren data breaches, according to U.S. Secret Service officials, commenting on the July 9 announced arrests
The numbers were sent to the Florida defendants, who specialize in manufacturing bogus credit cards complete with embossing, logos, holograms and properly encoded magnetic strips, from a group of Eastern European residents who specialize in collecting the stolen credit card numbers, the Secret Service said.
That Eastern European group of fiduciary Fagans obtained those numbers from many different sources, but many of the numbers were traced back to two specific major retail data breaches: the 2006 TJX breach and a 2005 Polo Ralph Lauren breach, said a Secret Service case agent involved in the investigation and who asked that his name not be used.
Source - eWeek
Is this an indication that the cost of the security breach is already factored into the share price?
TJX call-option trades jump on takeover speculation
Trading in options to buy shares of TJX Cos. jumped to the highest since 1998 on expectations that the owner of the T.J. Maxx and Marshalls discount retailers may be acquired in a leveraged buyout. The number of call options traded jumped to 29,138 in New York, the most since July 1998, according to Bloomberg data. Each call gives investors the right to buy 100 TJX shares at a specified price by a given date. The most active option, July $30 calls, rose sevenfold in price to 75 cents. A spokeswoman for Framingham-based TJX, didn't immediately return a call. (Bloomberg)
Free money?
http://www.pogowasright.org/article.php?story=20070711055510812
(follow-up) Hurry if you want BofA cash
Wednesday, July 11 2007 @ 05:55 AM CDT Contributed by: PrivacyNews News Section: Breaches
About 35 million current and former Bank of America customers are eligible for a $14 million settlement of a class-action lawsuit involving alleged privacy violations. But you better move fast if you want your piece of the pie.
The case involves allegations that, for years, BofA made customers' confidential info available to marketers and other third parties without letting people know and in violation of the bank's own privacy policies.
Source - San Francisco Chronicle
Earlier Coverage - Chronicles of Dissent (blog)
Police can use social engineering too.
http://www.pogowasright.org/article.php?story=20070710094024925
AU: Uni lets police see personal records
Tuesday, July 10 2007 @ 09:40 AM CDT Contributed by: PrivacyNews News Section: Minors & Students
THE University of Technology, Sydney, has given police access to student and staff information during the past two years without the knowledge or consent of those involved.
On 22 occasions since 2005 it has given information to the Australian Federal Police, the NSW Police Force and the Australian Tax Office.
Source - Sydney Morning Herald
How we do it in the USA
http://www.pogowasright.org/article.php?story=20070711060119953
Feds use key logger to thwart PGP, Hushmail
Wednesday, July 11 2007 @ 06:01 AM CDT Contributed by: PrivacyNews News Section: Surveillance
A recent court case provides a rare glimpse into how some federal agents deal with encryption: by breaking into a suspect's home or office, implanting keystroke-logging software, and spying on what happens from afar.
An agent with the Drug Enforcement Administration persuaded a federal judge to authorize him to sneak into an Escondido, Calif., office believed to be a front for manufacturing the drug MDMA, or Ecstasy. The DEA received permission to copy the hard drives' contents and inject a keystroke logger into the computers.
Source - C|net
Somehow I doubt it...
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1263683,00.html
Data breaches, compliance drive intellectual property protection
By Robert Westervelt, News Editor 10 Jul 2007 | SearchSecurity.com
Companies are bracing themselves for the next data breach, implementing technology and processes to protect intellectual property and other sensitive information in the wake of high profile data breaches.
Compliance is also driving adoption of data protection technologies, according to a study, conducted by the Milford, Mass.-based Enterprise Strategy Group (ESG), a research analyst firm with a specialty in IT security.
The study found that more than one-third of organizations not using data loss prevention technology had information stolen from their databases within the last 12 months and that 30% of those data breaches impacted bottom-line revenues.
... The research report, "The Case for Data Leakage Prevention," concluded that enterprises need to take proactive steps to prevent data leakage and avoid a high profile data breach.
[Report available at:
It just occurred to me that I don't understand how the FTC determines who to fine and how much to fine them. My suspicion: It's all politics.
http://blog.wired.com/27bstroke6/2007/07/security-resear.html
Security Researcher Wants Lube Maker Fined For Privacy Slip
By Ryan Singel Email July 10, 2007 | 7:35:28 PM
Security researcher Christopher Soghoian is petitioning the Federal Trade Commission and state attorneys general to slap millions in fines on Biofilm, Inc., the maker of the popular sexual lubricant Astroglide, following the company's accidental release of more than 250,000 customer names and addresses onto the internet in April. Using a $90 fine per person levied on Victoria's Secret by New York for a similar leak in 2002, Soghoian estimates the company is liable for an $18 million fine.
... The Astroglide incident is bigger than just the issue of embarrassment. The smallest bit of information about an individual can serve as a vehicle for targeted phishing and other kinds of fraud. I discussed this with Prof. Markus Jakobsson and he came up with two fantastic examples of scams that could use this data.
A version of the Spanish lottery scam with a spear phishing touch: A would-be phisher could send a postcard to each name on the list, advising them that since they are fans of the product, they were enrolled in an online lottery - and that they have won. All that they need to do is to go online to claim their winnings.
A class action version of the Nigerian 419 scam: A swindler could send a postcard to victims, notifying them of the data loss, and stating that they have been invited to join a class action lawsuit against Biofilm/Astrolide. The victim would be told that they will receive several hundred dollars as part of the settlement, and all that they need to do to claim their share is to fill out the postcard with their banking details and send it off.
Oh... That's why!
http://science.slashdot.org/article.pl?sid=07/07/10/1517215&from=rss
The Psychology of Facebook Examined
Posted by Zonk on Tuesday July 10, @12:12PM from the what-goes-on-in-a-websites-head dept. The Internet Science
jg21 writes In this analysis of the psychology of Facebook, a British FB user makes some telling points about how simple the reasons behind its success are. Among them, fear of 'online social failure' features prominently. From the article: 'Facebook also digs away at the insecurities in people...your peers can see your profile on Facebook, and while they may have 50, 100, 200 friends they will mockingly see that you have a pathetically small number, confirming your worst fears about the low opinion they have probably held of you over all those years etc.'"
Video worth watching? Worth noting that you can use the Internet to promote your business...
http://www.f-secure.com/weblog/#00001227
Video - Re:Solution
Posted by Sean @ 13:37 GMT
There's a new video uploaded to our YouTube Channel. Subscribers may have already noticed since yesterday. The video is a brief history on the evolution of malware and the current characteristics of crimeware.
Tools & Techniques
http://news.com.com/8301-10784_3-9742137-7.html?part=rss&subj=news&tag=2547-1_3-0-5
July 10, 2007 5:25 PM PDT
Google hack creates peer-to-peer network
Posted by Greg Sandoval
A video posted to YouTube in April offers a primer on how to use Google to pilfer music and video files in less time than it takes to download them from a peer-to-peer service.
... Ruska's formula also worked at Yahoo and other search engines, according to the FT.
Worth checking out.
http://www.bespacific.com/mt/archives/015416.html
July 10, 2007
International Journal of Electronic Governance
"International publisher Inderscience is pleased to announce the publication of the first issue of International Journal of Electronic Governance. The journal focuses on the use of electronic and information technologies in deliberation over democratic policy and decision making processes, community governance as well as governance in non-political domains such as corporate, open project, online community and social network contexts. It also explores the relations between electronic governance, digital communication and digital inclusion, novel technologies for electronic governance such as governance games and simulations, and the political, organisational, social, psychological and cognitive aspects of electronic governance. A free download of the papers from this first issue is available here." [thanks to Peggy Garvin]
[Some Content items:
Surveillance technology and law: the social impact
Privacy concerns pertaining to location-based services
I need a lawyer! This is a great idea and I want it translated from the German!
http://alan.blog-city.com/email_signatures.htm
Legal Email Signatures - Fight back
« H E » General :: Commentary :: Blogging :: email
posted Tuesday, 10 July 2007
... However the humble email signature has evolved into something more elaborate and much more annoying. In many instances, the signature can be many times larger than the email it is representing.
... I came across another person's frustration with this increasing trend and I thought he put it rather beautifully. So, I hope he doesn't mind, I have reproduced it here.
As of 20 August 2005, if you send me an email with a contained or attached disclaimer that includes one or more of the following items:
* legal notice or threat(s)
* disclosure restriction(s)
* forward restriction(s)
* "intended recipient" nonsense
Then you automatically agree to pay me a license fee of DKK 1000,- for using my email address and a DKK 250,- fee for wasting my time on reading it.
Another list to love...
http://digg.com/tech_news/Top_5_Worst_Websites_EVER
Top 5 Worst Websites EVER
As selected by TIME Magazine, these five websites suffer marketing infestation, are in need of an overhaul, are notoriously slow to load, are discriminatory, and are just plain annoying.
http://www.time.com/time/specials/2007/article/0,28804,1638344_1638341_1638336,00.html
No comments:
Post a Comment