Saturday, September 29, 2007

Not much info here. Looks like they learned from TJX

http://www.infoworld.com/article/07/09/28/Gap-contractor-blamed-for-data-breach_1.html

Gap contractor blamed for data breach

Two laptops containing personal data on job applicants at the clothing retailer have been stolen, which Gap blames on an unnamed contractor

By Robert McMillan, IDG News Service September 28, 2007

An unnamed contractor is being blamed for a data breach at Gap Inc. that has compromised the data of about 800,000 people who applied for jobs with the U.S. clothing retailer.

On Friday, Gap said the data had been stored on two laptop computers that were stolen from the vendor's offices. Although the job applicant information on the laptop -- which included Social Security numbers -- was supposed to be encrypted, it was not.

... Gap learned of the theft on Sept. 19, the company said in a letter sent to those affected.

... Gap has set up a Web site to assist those who may have been affected by the breach. [Hard to locate on their web site, but it is at: www.gapsecurityassistance.com. Bob]



Not so fast, TJX

http://www.eweek.com/article2/0,1759,2190263,00.asp?kc=EWRSS03119TX1K0000594

Judge Pushes Back on TJX Settlement

By Evan Schuman, Ziff Davis Internet September 28, 2007

The federal judge overseeing the consumer portion of the TJX case wants vouchers replaced by cash.

The federal judge overseeing the consumer portion of the TJX case wants to see TJX vouchers offered in the proposed settlement replaced by cash.

U.S. District Court Judge William Young told attorneys in a hearing in Boston Sept. 27 that he "had a lot of questions and concerns" about the settlement, in which wronged consumers would be given $30 TJX vouchers, according to Thomas Shapiro, an attorney representing some of the consumer plaintiffs, who was present in the courtroom.

Attorneys on both sides had asked that the judge approve the proposed settlement and that he remove the trial—currently slated for July 2008—from the court calendar. H owever, Young refused to do that and ordered that the trial date be maintained. He scheduled another hearing for October.

According to two attorneys involved in the hearing and notes filed with the clerk's office, Young had concerns about the vouchers and asked what they were truly worth. [They are worth a lot to TJX. Bob] "He expressed a preference that the class members have the option of receiving cash," Shapiro said.

Said another attorney, who did not want to be identified: "Trial dates are sacrosanct with this judge." In response to a question about having the trial suspended, the judge said, "I'm not staying anything," according to the attorney.

Young also posed some detailed legal questions involving jurisdiction and whether consumers should have 60 days to file a claim (as sought in the settlement) or 90 days. "The judge wanted 90 days," said one participant, who also didn't want to be identified.

Young also asked if there was a practical way for TJX, of Framingham, Mass., to send notices to all 46 million consumer victims; a TJX attorney said the retailer did not have those addresses. [The credit card companies do... Bob]

Court observers said that it's not unusual for a judge who is being asked to approve a class-action settlement—especially such a high-profile case as TJX—to ask for changes. Unlike a traditional civil settlement where it's assumed that the interests of both sides have been protected, many of the consumers being represented by such a case have no input. Therefore, a judge will often push back harder.

Typically, the settlement will be adjusted somewhat to try to accommodate the judge. How far TJX will bend—the judge's concerns were all in the pro-consumer direction—and whether the judge will ultimately reject the agreement are the magic questions.



It will be interesting to see how this technology expands. I could see displays at each exit saying “Okay to walk around, but wear your galoshes”

http://www.eweek.com/article2/0,1759,2190344,00.asp?kc=EWRSS03119TX1K0000594

Text Messaging Warns St. John's Students of Gunman

By Roy Mark September 28, 2007

Students at St. John's University subscribe to a text messaging alert system that warned of danger within minutes after a gunman entered the campus.

Another lone gunman approached another campus full of students on Sept. 26, but this time there was no tragedy similar to the shootings at Virginia Tech University in April that killed 32 people and wounded many more.

Just 16 minutes after Omesh Hiraman, 22, walked on to the campus of St. John's University, in Queens, New York, with a loaded rifle, students, faculty and staff received e-mail and text messages alerting them to the danger.

Campus police and an NYPD police cadet spotted Hiraman, wearing a hooded sweatshirt and a Halloween mask, almost immediately. Hiraman, a St. John's student, was quickly arrested without a single shot being fired. But rumors spread that a second gunman was loose on the campus.

"From public safety. Male was found on campus with a rifle. Please stay in your buildings until further notice. He is in custody, but please wait until the all-clear," Thomas Lawrence, St. John's vice president for public safety, sent in a text message.

University officials said only 2,100 out of 20,000 students were signed up for the alert system. Lawrence's text message, and two more that followed, were widely forwarded around the campus. By the end of the day, subscribers to the service had jumped to more than 6,500 students.



Tools & Techniques Got firewalls?

http://arstechnica.com/news.ars/post/20070927-txtor-tool-circumvents-basic-torrent-blockers.html

"txtor" tool circumvents basic torrent blockers

By Jacqui Cheng | Published: September 27, 2007 - 03:26PM CT

To the frustration of many students and other avid torrent downloaders, some universities and ISPs have been known to block the download of .torrent files in an effort to curb illegal file sharing. This quick and dirty method [Requires little thought to implement and little effort to circumvent. Bob] of filtering Internet content is usually done through the use of a proxy server that will look for a torrent mime-type in the file or, even simpler, the file extension itself. Although this method seems almost too simple to take seriously, enough admins have found it effective enough to justify its use.

That's why a group of developers launched txtor today, a site that makes it possible to download .torrent files as if they were text files.



I wonder if Steve Jobs knows about this?

http://www.tuaw.com/2007/09/27/apple-geniuses-are-reportedly-unbricking-iphones/

Apple Geniuses are reportedly unbricking iPhones

Posted Sep 27th 2007 9:40PM by Erica Sadun Filed under: Apple Corporate, Retail, Bad Apple, iPhone

Apple continues posting warning signs around their stores, cautioning customers that unlocked and modded iPhones fall outside their warranty. And at the same time, Apple Geniuses around the country quietly are reportedly accepting bricked iphones, slipping into the back and returning with functioning units.

We're not sure whether they're doing a low-level reflash or just swapping units out. We have reports of at least four customers who walked in with iBricks and walked out with iPhones. It is unclear at this time whether these customers unlocked their iPhones or not--we're also receiving reports of iBricks from people who never unlocked or modded their units.



See what you can do with a good college education?

http://www.news.com/8301-10784_3-9787549-7.html?part=rss&subj=news&tag=2547-1_3-0-5

CMU develops scam-busting online game

Posted by Stefanie Olsen September 28, 2007 1:36 PM PDT

There's no end to scams on the Internet, and it can be hard for anyone to tell the difference between a legitimate and fake Web address. (Can you pick the bogus URL between "www.express.ebay.com" and "www.ebaysale.nl"?)

That's why computer scientists at Carnegie Mellon University developed a cutesy online game to teach people how to spot a so-called phishing scam before giving up personal information like bank account passwords to a rogue operator. The 15-minute game, called Anti-Phishing Phil, features a little fish named Phil that must discern between good and bad Web addresses in order to eat worms and gain points. It was developed at CMU's Usable Privacy and Security (CUPS) Laboratory.



One way to deal with e-voting...

http://techdirt.com/articles/20070928/004959.shtml

Dutch Gov't Pulls The Plug On E-Voting (For Now)

from the did-they-vote-on-that? dept

While the US is still trying to figure out what to do about problematic e-voting machines, over in the Netherlands, they've apparently decided to ditch the machines (or, at least, ditching the regulation approving the machines), at least until they've figured out a way to make them more reliable, secure and trustworthy. Sounds like a reasonable plan, though it sounds like they may be looking to bring the machines back rather quickly, with just a paper trail -- which may not be enough. At some point people need to realize that many of these machines can't be retrofitted to fix things, but need to be rethought from the ground up.


Here's an alternative approach. (read the first comment.)

http://politics.slashdot.org/article.pl?sid=07/09/28/1942209&from=rss

Out With E-Voting, In With M-Voting

Posted by Zonk on Friday September 28, @05:22PM from the has-to-be-safer-than-diebold dept. The Internet Communications Politics

InternetVoting writes "The ever technology forward nation sometimes known as 'E-stonia' after recently performing the world's first national Internet election are already leaving e-voting behind. Estonia is now considering voting from mobile phones using SIM cards as identification, dubbed 'm-voting.' From the article: 'Mobile ID is more convenient in that one does not have to attach a special ID card reader to one's computer. A cell phone performs the functions of an ID card and card reader at one and the same time.'"



From the People's Republic of Boulder (Down the road from the home of the four word editorial)

http://digg.com/world_news/Boulder_CO_High_students_walk_out_during_Pledge_reciting_their_own

Boulder High students walk out during Pledge, recite own version

The Associated Press Article Last Updated: 09/27/2007 12:02:46 PM MDT

BOULDER, Colo.—About 50 Boulder High School students walked out of class Thursday to protest the daily reading of the Pledge of Allegiance and recited their own version, omitting "one nation, under God."

The students say the phrase violates the constitutional separation of church and state.



Not sure I get all of this, but some of the ideas are amusing...

http://www.theage.com.au/news/security/google-looking-at-privacy-protections-for-users/2007/09/28/1190486555877.html

Google looking at privacy protections for users

September 28, 2007 - 4:43PM

Google, the world's web search leader, told US Senators today the company is pursuing new technologies to protect the privacy of internet users as it seeks to acquire advertising company DoubleClick.

Google's chief legal officer, David Drummond, testified that the company was looking at the internet display advertising business with a "fresh eye and evaluating whether changes can be made to innovate on user privacy in this space".

... As a general matter, Drummond also sought to address antitrust concerns about the deal, describing it as pro-competitive.

... He cited as an example a possible new technology that Google called "crumbled cookie" in which information about an internet user would not be connected to a single piece of identifying code, [“We'll use two possibly as many as three, sent simultaneously and reassembled at our end. Aren't we benevolent?” Bob] known as a cookie.

Google was also exploring better ways of providing notice within advertisements to identify who was responsible for them, [“Some people think we could just include the name of the ad purchaser... How naive.” Bob] Drummond said.



For my Business Continuity class... Forward to your favorite geek.

http://www.securityfocus.com/infocus/1894?ref=rss

Passive Network Analysis

Stephen Barish 2007-09-28

... The first, most basic information, we need about our networks in order to defend them well is the network map.



I suppose this was inevitable...

http://science.slashdot.org/article.pl?sid=07/09/28/1644233&from=rss

Know How To Use a Slide Rule?

Posted by kdawson on Friday September 28, @12:46PM from the try-your-hand dept. Math Hardware

high_rolla writes "How many of you have actually used a slide rule? The slide rule was a simple yet powerful and important tool for engineers and scientists before the days of calculators (let alone PCs). In fact, several people I know still prefer to use them. In the interest of preserving this icon we have created a virtual slide rule for you to play with."

Wikipedia lists seven other online simulations.



Interesting resource, but not updated too often

http://www.freetechbooksonthenet.blogspot.com/

Free Technical Books on the Net



I'm trying for the role of humorous sidekick and chief food taster... Anyone out there know how to boil water?

http://www.killerstartups.com/Web20/cookshow--Visual-Recipes/

Cookshow.com - Visual Recipes

If you’ve ever picked up a copy of Julia Child’s an attempted to demystify one of her recipes, you’ll understand the need for sites like Cookshow. That is to say, sometimes, the recipe just isn’t enough for an amateur chef to be able to produce a succulent finished product, and a visual aid would be helpful. Cookshow goes beyond simple photos and brings you video recipes, so you can see exactly what you’re supposed to do, which ingredients you’re supposed to add, and when. It’s essentially a video-cooking social network for all ranges of abilities, however; anyone can join and upload videos. You can search for recipes and tips by category (for example, you can search for a recipe in French for a second-course Asian fusion dish), and you can also join groups and meet other chefs. If you like a recipe, tell the uploader by commenting on it and add them to your “Favorite chefs”. The site operates in English, French, and German currently.

http://www.cookshow.com/index.php?val=1&language=english&id_pub=2&lan=2

No comments: