Tuesday, July 17, 2007

This one will take some explaining... How does a hacker access a database that is not online? Did someone leave the front door open one night?

http://www.nypost.com/seven/07172007/news/nationalnews/hacker_attack_hock_nationalnews_chuck_bennett_and_c_j__sullivan.htm

HACKER ATTACK $HOCK W. UNION ID THEFT

By CHUCK BENNETT and C.J. SULLIVAN

July 17, 2007 -- Hackers raided a poorly secured Western Union database and stole the personal data of more than 20,000 customers, including 1,300 New Yorkers, the wire-transfer company admitted yesterday.

The thieves got names, addresses, phone numbers and complete credit-card information after a breach sometime in late May, according to a letter sent to customers by James Keese, Western Union's privacy officer.

The data was held in an "offline" file not accessible through westernunion.com, said company spokeswoman Sherry Johnson. [Notice that they do not say “not accessible via the Internet.” Perhaps they don't understand the word “offline?” Bob]

... The company began sending out letters warning customers of the breach on July 6.

... City Councilman Hiram Monserrate, whose Corona, Queens district is home to many Western Union customers, said the company needs to communicate better - especially since it is only sending out letters in English. [“Know thy customers!” Bob]

"From Queens, many, if not the majority, of [the customers] are Spanish speakers. It's clearly unacceptable and just demonstrates their lack of outreach to our community," he said.

Western Union said because of the diversity of its customers it only sent notices in English, but it has multilingual customer service reps.



Includes all the articles I skipped...

http://www.pogowasright.org/article.php?story=20070716070441847

Data “Dysprotection:” breaches reported last week

Monday, July 16 2007 @ 07:04 AM CDT Contributed by: PrivacyNews News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee. You'll probably need two cups to get through this week's recap....

Data “dysprotection:” breaches reported last week



Still playing catch up in England...

http://management.silicon.com/government/0,39024677,39167826,00.htm

Full Disclosure - silicon.com launches data breaches campaign

Why companies must come clean on data spills [Good phrase. Bob]

By silicon.com Published: Monday 16 July 2007

Today silicon.com launches its Full Disclosure campaign with the aim of making businesses and government take data security more seriously by improving the reporting of serious information security breaches.



The key phrase is “easy money” (There is seldom much opposition to a “sin tax” since no one wants to admit they sin too...)

http://blog.wired.com/cars/2007/07/is-big-brother-.html

Is Big Brother for the Roadways Really Such a Bad Thing?

By Marty Jerome EmailJuly 16, 2007 | 6:50:00 AMCategories: Parking & Traffic

In a "Wall Street Journal" op/ed piece, Holman Jenkins takes on Michael Bloomberg's plan to use hundreds of cameras to photograph license plates and charge cars according to "congestion pricing" for driving into Manhattan. The plan has less to do with easing traffic or helping asthmatic children, he believes, than it is for government to go "for the easy money." He points to England's network of 6,000 cameras on its roadways, making the Brits "the most monitored society on earth." In 2005 England's traffic cameras mailed out 2.2 million speeding tickets. Tens of thousands of drivers were ticketed for talking on cell phones. More than one million of 33 million drivers are now one ticket away from losing their licenses. And yet those same cameras have been enormously useful in the recent spate of terrorist investigations. They are forcing more citizens to abide by the law. And they free the police to monitor far more dangerous problems, such as drunken driving.


On the other hand...

http://www.pogowasright.org/article.php?story=20070716142250616

UK: Watchdog warns over number plate snooping

Monday, July 16 2007 @ 02:22 PM CDT Contributed by: PrivacyNews News Section: Non-U.S. News

Cameras that automatically record car number plates, a weapon in the fight against crime and terrorism, could breach human rights and privacy laws, the government's surveillance watchdog warned today. Sir Christopher Rose, the chief surveillance commissioner, said that evidence obtained by the cameras could be challenged if used in court.

Source - Guardian


The best summary of video surveillance.

http://www.unitedmedia.com/comics/dilbert/archive/images/dilbert2052374070717.gif



Making Second Class citizens. How about a (big) bounty for tipping of the government? Then we don't need the spys.

http://www.pogowasright.org/article.php?story=20070716144544962

Full Constitutional Protection for Some, but No Privacy for the Poor

Monday, July 16 2007 @ 02:45 PM CDT Contributed by: PrivacyNews News Section: Other Privacy News

In San Diego, poor people who want public benefits must give up their privacy. Investigators from the district attorney's office there make unannounced visits to the homes of people applying for welfare, poking around in garbage cans, medicine chests and laundry baskets.

Applicants are not required to let the investigators in. But they get no money if they refuse.

Lawyers who have sued on behalf of the applicants say that being poor should not mean having to give up the Fourth Amendment's protection against unreasonable government searches. So far, the courts have disagreed, saying that rooting out welfare fraud justifies the searches, but not without drawing some fierce dissents.

Source - NY Times via Truthout



Tools & Techniques: Hacking 101 Targeting firms by phishing for employees who ignore their security training?

http://www.pogowasright.org/article.php?story=20070717073020200

Hackers steal data from PCs

Tuesday, July 17 2007 @ 07:30 AM CDT Contributed by: PrivacyNews News Section: Breaches

Hackers stole information from the U.S. Department of Transportation and several U.S. corporations by seducing employees with fake job-listings on ads and e-mail, a computer security firm said on Monday.

The list of victims included several companies known for providing security services to government agencies.

They include consulting firm Booz Allen, computer services company Unisys Corp., defense contractor L-3 communications, computer maker Hewlett-Packard Co. and satellite network provider Hughes Network Systems, a unit of Hughes Communications Inc., said Mel Morris, chief executive of British Internet security provider Prevx Ltd.

Source - Reuters


Ditto Lots of “No” answers, but a few “No comment”

http://news.com.com/2100-7348_3-6196990.html?part=rss&tag=2547-1_3-0-5&subj=news

Security firms on police spyware, in their own words

By Declan McCullagh Story last modified Tue Jul 17 05:25:40 PDT 2007

In a case decided earlier this month by the 9th U.S. Circuit Court of Appeals, federal agents used spyware with a keystroke logger to record the typing of a suspect who used encryption to scramble his communications.

But would that government spyware used in that investigation actually be detected by security software? Or would security companies intentionally fail to report it?

To answer that question, CNET News.com performed the following survey. We asked three questions of 13 security companies, ranging from tiny ones to corporations like Microsoft and IBM, and the results are below.



How dare they!

http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article2087306.ece

Caught on camera – and found on Facebook

From The Times July 17, 2007 Patrick Foster

It has become as much a part of student life as hangovers and essay crises. But now Facebook, the social networking website, is being used as a disciplinary tool by university authorities.

Staff at Oxford University are searching the website, collecting photographs of students who they say have broken rules on post-examination celebrations, and handing down fines. The student union has branded the move a “disgraceful” intrusion into privacy and has e-mailed every common room advising how to prevent dons viewing the photographs.

... The move is the latest example of how information posted on social networking websites is used against users. Research suggests that one in five employers is vetting potential recruits on Facebook and similar websites.

... Those who even consider engaging in unruly behaviour have been warned off. One undergraduate was fined £40 before he had sat his exams; he had set up a Facebook event inviting people to come and trash him.

Losing face

Photographs of Amy Polumbo, Miss New Jersey, posing with pumpkins held to her chest led to an alleged blackmail, and the national Miss America organisation reviewing whether she was fit to hold her crown. The pictures, from her Facebook profile, were splashed across American newspapers

A survey of 600 British companies revealed that one in five had logged on to Facebook and other networking websites to vet potential employees. Jacqueline Thomson, from public relations firm Brands2Life, said that she had turned down one applicant after learning that he had used Facebook “to criticise previous employers and discuss company information”

In Toronto, Canada, five students were banned from a school trip after disparaging remarks about teachers were found on Facebook

Brad Karsh, a US career consultant, turned down a job applicant after reading on Facebook that his interests were “smokin’ blunts with the homies” and “shooting caps into whitie”

A university in Pennsylvania denied a 27-year-old woman a teaching degree on the grounds that she was promoting under-age drinking, after she posted a photo of herself on Facebook, titled “Drunken Pirate”

Several students at DePauw University, Indiana, were disciplined after college authorities used Facebook to trace those responsible for vandalising a sculpture of a deer



Now this is interesting!

http://techdirt.com/articles/20070716/093618.shtml

Zappos Sells More By Encouraging Returns

from the outrunning-the-competition dept

Although it may not get that much hype, Zappos has built up an impressive and successful online shoe retailer. While shipping costs are often the bane of online retailers, Zappos has thrived, not only by offering free shipping, but by offering free return shipping as welll (via Knowledge Problem). Obviously, shipping is expensive, but by subsidizing product returns, the company has removed the risk of buying shoes online. [Right and obvious. Amazon is learning this Bob] Customers don't have to worry about a pair of shoes not fitting right, because they can always send them back at no cost. In fact, the company approves of customers that buy multiple pairs, just to see which pair fits, while sending the others back. [Not so obvious, but reflects what happens in 'brick & mortar' stores. Bob Of course this cuts into its margins to some extent, but the alternative is for customers to buy shoes at traditional stores. [Again obvious. Bob] The basic lesson is one that plenty of retailers recognize: making it easier to return items will make customers more comfortable with purchasing them. But it's the application of this lesson online, to such an extreme degree, that has separated Zappos from the pack.



Shouldn't they ignore them foreign laws?

http://techdirt.com/articles/20070716/103055.shtml

Russian Court Says Visa Can't Cut Of AllofMP3 Unit

from the denied dept

Earlier in the month, Russian authorities shut down the well-known Allofmp3.com site, following complaints from the US government -- and the implication that if they didn't do so, the US would make it hard for Russia to join the World Trade Organization. Of course, the people behind Allofmp3 quickly set up shop at another URL, and went about their business selling dirt-cheap digital music. It's today been reported that Alltunes, another site owned by Allofmp3's parent company, has won a court case against Visa's Russian agent, after Visa refused to process its payments. As the company points out, it's never been convicted of illegal activity, and Visa cut it off after complaints from the IFPI, the international equivalent of the RIAA. It's not clear to what extent Visa and its agents can be forced to =offer their services to a business, however the Allofmp3 folks are correct when they assert that it's not Visa's -- nor the IFPI's -- right to decide when copyright's been violated, particularly when they don't hold any of the copyrights in question.



Those who do not study politics are doomed to be its victims.

http://news.com.com/8301-10784_3-9745760-7.html?part=rss&subj=news&tag=2547-1_3-0-5

What the Internet has wrought: prez campaign money 2008 (part II)

Posted by Donnie Fowler July 16, 2007 6:33 PM PDT

Small donors are having a significant impact on the amount of money that the Republican and Democratic candidates for president are raising. The Internet, providing the tools for grassroots activists to self organize and conduct "p-commerce" by giving political money online has clearly contributed to this. The interesting story after six months of presidential fundraising is that some candidates, notably Barack Obama, are doing much better at reaching small donors than all the others.


Ditto (I not sure what a 68% negative “tone” means for Global Warming... Is Al Gore not to be trusted?)

http://www.killerstartups.com/WebApp-Tools/politicaltrends--Gauging-a-Political-Blogosphere/

PoliticalTrends.info - Gauging a Political Blogosphere

Developed by Lexalytics, a Mass. based metrics/analysis company, PoliticalTrends tracks political sentiment around the blogosphere. The site follows 50+ political blogs and reports on their leanings by extracting recurring words and analyzing them by context. You’ll find pie charts and graphs pinpointing the frequency of topics such as the war in Iraq, or Osama Bin Laden. The site also points out the hottest candidates in the blogosphere (currently Hillary’s got the lead) and the hottest categories (Palestine’s in first place). Trends are categorized by theme, e.g. Economy, Foreign Policy, and Energy; each has series of subsets which allow you to explore the theme in depth. Graphs chart day-by-day tones (neutral, positive or negative) for each topic. Clicking on the pie charts will give you a list of related posts. The service is free.

http://www.politicaltrends.info/demo/reports/viewreport.php?report=Home



Speaking of Global Warming...

http://www.treehugger.com/files/2007/07/snow_in_buenos_aires.php

Snow in Buenos Aires: Was it Global Warming?

by Paula Alvarado, Buenos Aires on 07.16.07



Useful?

http://www.bespacific.com/mt/archives/015456.html

July 16, 2007

Chapters from Forthcoming Book on Patents As Property Rights

Innovation at Risk, a forthcoming book from Princeton University Press by James Bessen and Michael J. Meurer. The following content is currently available online:



Background

http://www.pogowasright.org/article.php?story=2007071615484040

European task force lists RFID privacy threats

Monday, July 16 2007 @ 03:48 PM CDT Contributed by: PrivacyNews News Section: Other Privacy News

The European Parliament's technology assessment task force has concluded in a study (download PDF) that the public is unaware of what it calls considerable threats posed by radio frequency identification technology to the security of their personal information. The June survey, titled "RFID and Identity Management in Everyday Life," cited a number of high-profile RFID implementations in Europe as examples of the growing prevalence of the technology on the continent, and listed actual and potential problems with each.

Source - ComputerWorld



Make sure your Legal and IT departments see this article.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=it_in_government&articleId=9027080&taxonomyId=69&intsrc=kc_feat

Log management in the age of compliance

'Bread crumbs' are key to what's happening with your network

July 16, 2007 (Computerworld)

... Organizations are turning to logs to provide a continuous trail of everything that happens with their IT systems and, more importantly, with their data.

Logs of different types are generated from different sources at an astounding rate, allowing for a detailed -- if sometimes cloudy -- picture of IT activity.

... In my previous article, I described the way in which three regulations (FISMA, HIPAA and PCI-DSS) affect incident-response processes. This triumvirate also affects log management, since they call for enabling logging as well as for log review.



Make sure IT sees this one! Imagine this when more than ½ of one percent of the students have iPhones!

http://www.networkworld.com/news/2007/071607-duke-iphone.html

IPhones flooding wireless LAN at Duke University

18,000 requests per second from iPhones knocking out dozens of access points at Duke University.

By John Cox, NetworkWorld.com, 07/16/07

The Wi-Fi connection on Apple’s recently released iPhone seems to be the source of a big headache for network administrators at Duke University.

The built-in 802.11b/g adapters on several iPhones periodically flood sections of the Durham, N.C. school’s pervasive wireless LAN with MAC address requests, temporarily knocking out anywhere from a dozen to 30 wireless access points at a time.



Very amusing comments... I had suspected that the RIAA lawyers didn't spend much on each case, relying on a “plan” (checklist) and just going through the motions – would have been interesting to see the details.

http://yro.slashdot.org/article.pl?sid=07/07/17/0119241&from=rss

RIAA Directed To Pay $68K In Attorneys Fees

Posted by kdawson on Monday July 16, @11:56PM from the not-with-impunity dept.

NewYorkCountryLawyer writes "In Capitol v. Foster, in Oklahoma, the RIAA has been directed to pay the defendant $68,685.23 in attorneys fees. This is the first instance of which I am aware of the RIAA being ordered to pay the defendant attorneys fees. The judge in this case has criticized the RIAA's lawyers' motives as 'questionable,' and their legal theories as 'marginal' (PDF). Although the judge had previously ordered the RIAA to turn over its own attorneys billing records, today's decision (PDF) made no mention of the amount that the RIAA had spent on its own lawyers."



If you aren't fully conversant with “Web 2.0” (like me) then this is going to come as a nasty surprise...

http://howtosplitanatom.com/news/how-to-define-web-30-2/

How To Define Web 3.0

... Definition: Highly specialized information silos, moderated by a cult of personality, validated by the community, and put into context with the inclusion of meta-data through widgets.

... In this future, I will start my journey through the web with one of three tasks — seeking information, seeking validation or seeking entertainment.



All they want is “every book”

http://slashdot.org/article.pl?sid=07/07/16/2123237&from=rss

Open Library Project Takes Flight

Posted by ScuttleMonkey on Monday July 16, @06:34PM from the alexandria-green-with-envy dept.

Aaron Swartz today announced the launch of the new Open Library project. The goal of the project is to produce the world's greatest library on the Internet free for anyone to use. Starting with the Internet Archive's book scanning project and organizing the insertion of new content via a wiki-type model the project seems to be off to a great start. The demo, source code, and mailing lists were all opened up today in hopes of drawing interest from the public at large.

No comments: