Unusual for BeSpacific to report incidents like this...
http://www.bespacific.com/mt/archives/015357.html
July 03, 2007
Largest Single Personal Data Breach to Date Involves Info on 2.3 Million Customers
Press release: "Fidelity National Information Services, Inc. announced today that its subsidiary, Certegy Check Services, Inc., a service provider to U.S. retail merchants, based in St. Petersburg, Fla., was victimized by a former employee who misappropriated and sold consumer information to a data broker who, in turn, sold a subset of that data to a limited number of direct marketing organizations... The misappropriated information included names, addresses and telephone numbers as well as, in many cases, dates of birth and bank account or credit card information. Approximately 2.3 million records are believed to be at issue, with approximately 2.2 million containing bank account information and 99,000 containing credit card information. The company is still investigating the time period over which the misappropriations occurred."
More...
http://www.rttnews.com/sp/breakingnews.asp?date=7/3/2007&item=101
Fidelity National Information Services Says Employee Sole Customer Data [FIS]
... As a result, the company's customers receive marketing solicitations, though there is no evidence of fraud.
Though the company did not name the worker, [see next article Bob] Certegy said it has filed a civil lawsuit against him and the marketers in a state court in Pinellas County, Florida. The company does not expect that the costs to implement this action plan will materially impact financial results.
This theft came to light when one of Certegy's retail check processing customers alerted Certegy to a correlation between a small number of check transactions and the receipt by the retailer's customers of direct telephone solicitations and mailed marketing materials. With the help of the U.S. Secret Service, the company figured that the theft was done by a senior level database administrator, who was entrusted with defining and enforcing data access rights.
More...
http://www.themoneytimes.com/news/20070704/2_3m_consumer_records_stolen-id-105819.html
2.3M consumer records stolen
by MT Bureau - July 4, 2007 - 0 comments
... The worker, William G. Sullivan, sold the information to a data broker identified as Jam Marketing, which in turn sold some of the information to direct marketing companies, said Certegy, a subsidiary of Fidelity National Information Services Inc. of Jacksonville, Fla.
... The company is still determining when the misappropriations occurred.
... It also said it believed it would be able to get the data back from the marketing companies and prevent future misuse.
Question for the legal guys: If I download from the MPAA (or its agent) could I not claim that the copyright holder made the movie available for free and since I was not offering it for download or making money on it, they have no beef with me?
http://www.zeropaid.com/news/story.php?id=8877
Gotcha! New MPAA Site Tries to Trick Users into Illegally Downloading Movies
posted by soulxtc in bittorrent // 10 hours 46 minutes ago
Also offers the ability to download video content using a custom client which also scans if the user has downloaded copyrighted files. [Installing software a la Sony... Bob]
MediaDefender Inc, the "leading provider of anti-piracy solutions in the emerging Internet-Piracy-Prevention (IPP) industry" has launched a website called "MiiVi" dedicated to busting those who both like to download copyrighted content as well as those who already have.
The site is apparently the latest ploy in the ongoing battle against illegal file-sharing and literally takes the game to new heights. It offers WHOLE DOWNLOADS of movies as well as the ability to download and install a "miraculous" new program that offers "fast and easy downloading all in one great site." There's just one problem: the site's registered to MediaDefender Inc. and it's army of prying eyes are just nipping at the bud to take down those who are unaware.
The site was apparently registered on March 11, 2007. and unfortunately who knows how many poor souls have fell victim to this latest malfeasance by an MPAA sponsored organization. Luckily however, Brokep over at the Pirate Bay gave me a heads up on the situation and I report back to you with haste to avoid the site and warn others to do so as well.
Notice how quickly we responded to this attack... We got divisions of tanks to the middle east faster!
After attacks, US government sending team to Estonia
Nearly two months after Estonia was hit with widespread DDOS attacks, the U.S. is dispatching investigators to research the incident
By Robert McMillan, IDG News Service July 03, 2007
Two months after much of Estonia's online infrastructure was targeted by an online attack, the U.S government is sending cyberinvestigators to help the Baltic state better understand what happened.
... Early press reports linked the attacks to Russia, exacerbating tensions between the two countries, but investigators now say that it is unclear who exactly was behind the incident.
"The data that we have does not speak to who's behind it. There's no smoking gun," said Jose Nazario, senior security engineer with Arbor Networks, who has studied the attacks.
... Garcia said that members of US-CERT could learn how the U.S. should respond if faced with a similar attack. "It's a little bit more complicated than conventional warfare," he said. "It's a little difficult to trace back where a particular attack is coming from, which makes it more difficult to respond."
Arbor Networks' Nazario agreed that investigators will get a much clearer picture of how the attacks evolved over time. "They can basically learn what ... technologies and what techniques worked under those attacks," he said.
Update
http://www.bespacific.com/mt/archives/015353.html
July 03, 2007
Cross-Border Privacy Law Enforcement
Cross-Border Privacy Law Enforcement Website: "On 12 June 2007, the OECD Council adopted a new Recommendation setting forth a framework for co-operation in the enforcement of privacy laws. The framework reflects a commitment by governments to improve their domestic frameworks for privacy law enforcement to better enable their authorities to co-operate with foreign authorities, as well as to provide mutual assistance to one another in the enforcement of privacy laws."
See also:
BBC: "The world's leading industrialised nations have been forced to update privacy laws made obsolete by the huge volume of data moving around the net."
Attention Virtual Lawyers
http://gigaom.com/2007/07/04/second-life-avatar-sued-for-copyright-infringement/
Second Life Avatar Sued for Copyright Infringement
Written by Wagner James Au Wednesday, July 4, 2007 at 2:10 AM PT
Right in time for the July 4th holiday week (after all, what’s more American than demanding your day in court?), businessman Kevin Alderman and his lawyer have just filed suit against someone who goes by the name Volkov Catteneo, for copyright infringement.
This would be just one IP dispute in thousands handled by US courts every day, except for two unique features: the contention is over a virtual sex bed which doesn’t exist, and the named defendant also doesn’t exist. As such, the suit will establish an enormous precedent in the new realm of virtual world law, however it shakes out.
I should back up and explain those last three sentences.
Linden Lab, the company which provides Second Life’s virtual land (i.e. server grid) and means to explore it (i.e. interface software and currency) has since late 2003 allowed its users to retain the underlying intellectual property rights to all objects and programs created in the world with its internal building and scripting tools.
This policy unleashed enormous user-created innovation, and enabled thousands of users to make a living with their virtual content creation. Alderman, known in Second Life as Stroker Serpentine (pictured) is one of SL’s leading entrepreneurs; his SL-based adult entertainment industry has become so successful, he recently sold his X-rated Amsterdam island in Second Life to a real world Dutch media firm for $50,000 very real dollars.
For the last fours years, this IP rights policy has been working more less as designed, but those who follow the virtual world business have been waiting for the other shoe to drop: what happens when one avatar tries to sue another avatar for copyright infringement in an actual court?
It finally has: Alderman/Serpentine believes Catteno is selling unauthorized copies of his SexGen bed, a piece of furniture with special embedded animations that enable players to more or less recreate an adult film with their avatars. Alderman sells his version for the L$ equivalent of USD$45, and they’ve helped make his fortune. Catteno is selling his alleged knockoff for a third that price, undercutting him.
But who does Kevin Alderman sue? Since SL users have no obligation to reveal their real life identity to other players, all the relevant data exists only on Linden’s servers and files. This is why Alderman is threatening to subpoena Linden Lab for this data, so he can bring the real person behind Catteno to trial.
... Trouble is, Catteno tells Reuters he doesn’t have any real world data on file with Linden Lab. (A plausible claim; since ‘06, it’s no longer necessary to register a credit card or other identifying data with Linden Lab.) I imagine the company could supply Alderman and his lawyer’s with Catteno’s IP address, and let them deal with it from there. Or if it goes forward in court, perhaps the judge will review the case, decide it’s fundamentally nuts, and toss it. Then again, the court might let it go to trial, as it did with another user lawsuit against Linden Lab, and what happens then is anyone’s guess.
Think this will spread?
http://technology.guardian.co.uk/news/story/0,,2115426,00.html
Police aid piracy watchdog over filesharing claims at Honeywell
Katie Allen Saturday June 30, 2007 The Guardian
The UK record industry has widened its anti-piracy net to the corporate world with an investigation into allegations of an illegal music filesharing network at a British office of the US industrial and aerospace company Honeywell.
... The BPI said: "The operation follows a two-month investigation into alleged music filesharing at Honeywell, which began after an employee of the company provided the BPI with evidence of thousands of music files being shared illegally on the company's servers."
The iPhone didn't remain mysterious for long...Even though these are not serious hacks, I suspect the “good ones” are already in play. (Also note that the hackers waited until the iPhone actually went on sale, deflecting suspicion from insiders...)
http://apple.slashdot.org/article.pl?sid=07/07/03/1622212&from=rss
iPhone Root Password Hacked in Three Days
Posted by Zonk on Tuesday July 03, @01:02PM from the not-that-it-will-do-anybody-any-good dept. Security Handhelds Communications Apple
unPlugged-2.0 writes "An Australian developer blog writes that the iPhone root password has already been cracked. The story outlines the procedure but doesn't give the actual password. According to the story: 'The information came from an an official Apple iPhone restore image. The archive contains two .dmg disk images: a password encrypted system image and an unencrypted user image. By delving into the unencrypted image inquisitive hackers were able to discover that all iPhones ship with predefined passwords to the accounts 'mobile' and 'root', the last of which being the name of the privileged administration account on UNIX based systems.' Though interesting, it doesn't seem as though the password is good for anything. The article theorizes it may be left over from development work, or could have been included to create a 'false trail' for hackers."
From DVD Jon – it is interesting the things that interest him
http://nanocr.eu/2007/07/03/iphone-without-att/
iPhone Independence Day
July 3rd, 2007
I’ve found a way to activate a brand new unactivated iPhone without giving any of your money or personal information to AT&T NSA. The iPhone does not have phone capability, but the iPod and WiFi work. Stay tuned!
Got research tools?
8 Ways for Searching the Dark Web - Beyond Google!
July 3, 2007 at 13:37 · Filed under Search Engines
No comments:
Post a Comment