Sunday, July 01, 2007

Interesting at several levels. This breach impacts more than one organization (probably not uncommon except that here, both were impacted in large numbers) File sharing software was involved. A virus took control of that software (see next article)

http://www.pogowasright.org/article.php?story=20070630193227906

JP: Students' information leaked onto Internet from teacher's PC

Saturday, June 30 2007 @ 07:32 PM CDT Contributed by: PrivacyNews News Section: Breaches

Personal information on possibly more than 10,000 [I count 14,500+, but then I can add... Bob]students was leaked onto the Internet from a high school teacher's computer in Ichinomiya, Aichi Prefecture, via file-sharing software, the prefecture's board of education said Saturday.

At the same time, a list of officers who have retired from the Air Self-Defense Force's base in Kagamihara, Gifu Prefecture, was also leaked from the 43-year-old teacher's computer, the board said.

The leak appears to have occurred because Share software on the computer was infected by a virus.

Source - Japan Times



Cyberwar You gotta practice somewhere. (Phase one was Estonia). I hope the security fashionistas are paying attention.

http://news.yahoo.com/s/ap/20070701/ap_on_hi_te/russia_cyber_war

Cyber attacks engulf Kremlin's critics

By MANSUR MIROVALEV, Associated Press Writer Sun Jul 1, 12:13 AM ET

A political battle is raging in Russian cyberspace. Opposition parties and independent media say murky forces have committed vast resources to hacking and crippling their Web sites in attacks similar to those that hit tech-savvy Estonia as the Baltic nation sparred with Russia over a Soviet war memorial.

While they offer no proof, the groups all point the finger at the Kremlin, calling the electronic siege an attempt to stifle Russia's last source of free, unfiltered information.

... The groups claim the attackers use vast, online networks of computers infected with malicious software — whose owners probably aren't aware they are involved — to paralyze or erase targeted Web sites.

Stanislav Belkovsky, a political analyst believed to have close ties to Kremlin insiders, said a senior associate of President Vladimir Putin is leading the cyber assault. The government denies it and insists it has nothing to do with the onslaught. The Kremlin said hackers could easily forge Internet Protocol addresses registered to government offices.

... The attacks are similar to assaults — sometimes a million computers-strong — unleashed in April and early May against Web sites in Estonia. Officials there say waves of attacks crashed dozens of government, corporate and media Web sites in one of Europe's most wired societies.

... "It doesn't matter if the Web site itself has a lot of protection," said Hari Balakrishnan, a computer science professor at the Massachusetts Institute of Technology. "People are not breaking into it. People are just making requests of it."

Government security services have long been suspected of engaging in hacking. In 1999, an unidentified hacker in Moscow penetrated U.S. Defense Department computers for more than a year, copying classified naval codes and data on missile guidance systems. The Kremlin denied involvement.

The Chinese government is suspected of using the Web to break into computers at the Defense Department and other U.S. agencies between 2003 and 2005, in what was dubbed Operation Titan Rain. Since 2001, Chinese "hacktivists" have organized attacks on and defaced U.S. Web sites to oppose what they call the imperialism of the United States and Japan.

... The outlawed National Bolshevik party says its Web sites were repeatedly hacked between February and April, as the nationalist group used the Internet to marshal "Dissenters' Marches" in Moscow, St. Petersburg and elsewhere.

The attacks were sophisticated as well as massive, said Alexei Sochnev, who is in charge of the National Bolsheviks' online network.

"They killed the entire U.S. server that hosted us," he said. [Note that geography/jurisdiction is irrelevant. Bob]

... Similar tactics have frequently been used by Western hackers — in 2000, the Web sites of CNN, Yahoo! and eBay were paralyzed by online blackmailers. Massive attacks in 2002 and February 2007 attempted to disable the Internet itself.



Surveillance as a sales tool.

http://hardware.slashdot.org/article.pl?sid=07/06/30/1421209&from=rss

Recovering a Lost or Stolen Gadget

Posted by CowboyNeal on Saturday June 30, @11:16AM from the devices-that-phone-home dept. Handhelds Portables Security

gurps_npc writes "The explosion of portable electronic devices, can really weigh you down. Carrying a pager, phone, iPod, camera, and game is quite a lot. Worse, it gives you many more such things to misplace or get stolen. This CNN story discusses some of the retrieval services that help you keep what belongs to you. I particularly like the first one, about a new Singapore-based software that when you download it to your phone, messages everyone in your phone's database whenever a new chip with a new phone number is installed in the phone. This makes it very hard for someone to steal your phone as all your friends get their new phone number."

[From the comments:

iAlertU is definitely the coolest way to keep your MacBook (Pro) from being stolen. You can turn it on with your remote control like you do with your car keys. It even features the familiar car locking and unlocking sound. When someone grabs your notebook the fall sensor normally used to shut down your hard disk when a fall is detected activates, the screen starts flashing and an alarm siren goes off. It even snaps a photo of the thief with the built-in iSight webcam and emails it to a predefined address.

Be sure to check out the YouTube video of the software in action [youtube.com].

... Is Someone Keeping Secrets from You? Reveal All with the Worlds Most Powerful Spyphone Download FlexiSPY spyphone software directly onto a mobile phone and receive copies of SMS, Call Logs, Emails, Locations and listen to conversations within minutes of purchase.

... The British police could catch many more car thieves than they do now by using the cellular phone networks to trace cellphones installed in stolen cars. But the police rarely take advantage of this and most officers seem unaware that the facility even exists - even though more than a million people in Britain now have cellular phones. [Are cell phone still built into cars in the US? Bob]



Is this a problem? Surely the legal effort could be structured to avoid conflict with the law. Perhaps they didn't bother to do this?

http://yro.slashdot.org/article.pl?sid=07/06/30/1259258&from=rss

RIAA Wants Agreements to Stay Secret

Posted by CowboyNeal on Saturday June 30, @10:21AM from the don't-share-that-either dept. The Courts Music

NewYorkCountryLawyer writes "The RIAA is opposing Ms. Lindor's request for discovery into the agreements among the record company competitors by which they have agreed to settle and prosecute their cases together, by which she seeks to support her Fourth Affirmative Defense (pdf) alleging that 'The plaintiffs, who are competitors, are a cartel acting collusively in violation of the antitrust laws and of public policy, by tying their copyrights to each other, collusively litigating and settling all cases together, and by entering into an unlawful agreement among themselves to prosecute and to dispose of all cases in accordance with a uniform agreement, and through common lawyers, thus overreaching the bounds and scope of whatever copyrights they might have. ...As such, they are guilty of misuse of their copyrights.'"



I wonder where this will go. Sure to be an interesting summary of “marketing practices” if nothing else...

http://blog.wired.com/27bstroke6/2007/06/request-for-cor.html

Request For Corporate Privacy Villians: Help Wired News Rank and Shame Them

By Ryan Singel EmailJune 29, 2007 | 3:44:19 PM

Heading into freedom weekend, THREAT LEVEL decided to ask readers to indulge in some free speech, whistle blowing, corporate bashing by submitting and voting on which companies have the worst privacy practices. Spammers, squealers and slimy data sellers are all fair game.

... While you can submit as many corporate privacy villains as you want, you can only submit one every 30 minutes. [Do they expect a flood? Bob]



Why? Because we will do the same thing?”

http://infowars.net/articles/june2007/300607tapping.htm

Bush's wire tapping is illegal, but let it be - Democrats

Saturday June 30, 2007

All the Democratic presidential candidates agree President George W. Bush acted unconstitutionally and a violation of the Foreign Intelligence Surveillance Act of 1978 (FISA) by authorising NSA to eavesdrop on US citizens without a warrant, but not one of them supported Sen. Russ Feingold's move to censure the President for it, analysis by Council on Foreign Relations shows.



http://michaelzimmer.org/2007/06/30/scholarship-on-privacy-and-search-engines/

Scholarship on Privacy and Search Engines

Posted on Saturday, June 30th, 2007 at 11:32 pm

I recently had the pleasure of attending an excellent workshop on “privacy advocacy” hosted by the Boalt Hall School of Law at Berkeley. The goal was to get privacy advocates in the room with academics who work on privacy in order to encourage “cross-pollination” and - from my perspective - help illuminate the kind of scholarship that would benefit advocacy most.

... I promised to post a brief bibliography, so here is what I came up with off the top of my head (mostly legal and philosophical perspectives). Please, tell me what I’m missing.

Chopra, S., & White, L. (2007). Privacy and Artificial Agents, or, Is Google Reading My Email? Paper presented at the IJCAI 2007.

Goldberg, M. (2005). The googling of online privacy: Gmail, search-engine histories, and the new frontier of protecting private information on the web. Lewis & Clark Law Review, 9, 249-272.

Grimmelmann, J. (forthcoming) The structure of search engine law. Iowa Law Review, 93.

Hinman, L. (2005). Esse est indicato in google: Ethical and political issues in search engines. International Review of Information Ethics, 3, 19-25.

Miller, J. (2005). “Don’t be evil”: Gmail’s relevant text advertisements violate google’s own motto and your e-mail privacy rights. Hofstra Law Review, 33(4), 1607-1641.

Norvig, P., Winograd, T., & Bowker, G. (2006, February 27). The Ethics and Politics of Search Engines. Panel at Santa Clara University Markkula Center for Applied Ethics.

Tavani, H. T. (2005). Search engines, personal information and the problem of privacy in public. International Review of Information Ethics, 3, 39-45.

Zimmer, M. (2006, January). The value implications of the practice of paid search. Bulletin of the American Society for Information Science and Technology.

Zimmer, M. (2007). The Quest for the Perfect Search Engine: Values, Technical Design, and the Flow of Personal Information in Spheres of Mobility. Unpublished Dissertation, New York University.



This seems a common complaint, and should have been easy to avoid. Apparently they don't manage change well (perhaps they didn't recognize the need to change?)

http://apple.slashdot.org/article.pl?sid=07/06/30/2232212&from=rss

AT&T Vs. Apple Store At the iPhone Launch

Posted by kdawson on Saturday June 30, @07:47PM from the doctor-jeckyll-and-mister-who dept.

MBCook tips an article at Gizmodo that begins with a reader's experiences trying to buy an iPhone yesterday at an AT&T store and an Apple store. Many, but not all, of the comments on the post echo this reader's experience: Apple good, AT&T bad. "Day one revealed what all Apple aficionados fear. That AT&T, through the depths of its incompetence, could derail the iPhone." [I suspect this is addresses in the Apple—AT&T contract. Watch for Apple to buy control of AT&T... Bob]


...and when your elaborate “Customer Service” system fails, ask your customers for a hack!

http://digg.com/apple/How_to_port_ineligible_mobile_numbers_to_AT_T_and_iPhone

How to port 'ineligible' mobile numbers to AT&T and iPhone

Some iPhone customers trying to port their mobile numbers from carriers such as Verizon are being told by iTunes that their current mobile number 'cannot be transfered,' etc. Fortunately, we've figured out a workaround to this nonsense.

http://www.appleinsider.com/articles/07/06/30/how_to_port_ineligible_mobile_numbers_to_att_and_iphone.html

No comments: