Thursday, September 20, 2007

Still want to let ISPs handle your security?

http://www.theregister.co.uk/2007/09/19/layered_technologies_breach_disclosure/

Web host breach may have exposed passwords for 6,000 clients

Names, addresses and phone numbers also at risk

By Dan Goodin in San Francisco Published Wednesday 19th September 2007 19:06 GMT

Layered Technologies has been targeted by malicious hackers who may have stolen passwords and other personal details on as many as 6,000 of its clients, the Texas-based web host provider warned. It is advising customers to change login credentials for all host details submitted in the past two years.

The Monday evening breach was executed by attacking an off-the-shelf application integrated into the company's support desk that manages help tickets submitted by customers, according to Layered Technologies President Todd Abrams. It remains unclear if the intruders actually took the information, but the attack had the potential to expose names, addresses, phone numbers, email addresses and server login details for five to 6,000 clients.

"Based on the log entries I'd say it's very unlikely they took a copy of the database," Abrams said. "It's not like a two-second download." He said the company wanted to err on the side of caution by asking all customers to change all passwords.

... The perpetrators accessed the database by attacking an application known as Cerberus. According to this page on Secunia, at least 11 vulnerabilities have been documented in various Cerberus tools, only one of which carried a "highly critical" severity rating. It was unclear what version of Cerberus Layered Technologies Layered Technologies uses.



Why was this data connected to the Internet?

http://www.pogowasright.org/article.php?story=20070919130032588

'Coordinated' Hackers Steal Internet Retailer Customer Credit Cards

Wednesday, September 19 2007 @ 01:00 PM EDT Contributed by: PrivacyNews News Section: Breaches

Despite running what he thought was a well-secured network, the president of a publishing company has disclosed that a "coordinated and sophisticated" group of hackers broke in and stole customers' credit card information.

Vertical Web Media said its network was breached in August and hackers made off with customers' names, addresses, phone numbers and e-mail addresses, along with credit card numbers and expiration dates. Jack Love, president of the Chicago-based publisher of Internet Retailer magazine added that only a portion of the company's customers were compromised because the data was pulled offline as soon as the publisher was alerted by a customer that there was a problem. [I wonder if they know what was taken? NOTE: They didn't detect the hack, a customer did! Bob]

Source - InformationWeek



Another alert from an outsider, but they seem to have ignored it!

http://www.pogowasright.org/article.php?story=20070919185548359

(update) Ameritrade leak looks to have started in late '05, much earlier than reported

Wednesday, September 19 2007 @ 06:55 PM EDT Contributed by: PrivacyNews News Section: Breaches

E-mails obtained by Network World show that Ameritrade received explicit and repeated warnings from an IT security expert starting Jan. 9, 2006 that its customer data had apparently been compromised, placing the start of the breach much earlier than previously reported and likely pushing it into 2005. Nevertheless, the company insisted for the next 20 months that a flood of stock-related spam being received by numerous clients was not indicative of a more serious problem.

Source - NetworkWorld



I wonder what their contracts say?

http://www.pogowasright.org/article.php?story=20070920075355813

(update) Affiliated Computer Services loses or destroys data on 32,000 Kraft employees

Thursday, September 20 2007 @ 08:04 AM EDT Contributed by: PrivacyNews News Section: Breaches

In response to a request to Kraft to provide more details on a tape lost by Affiliated Computer Services (see original story), Elisabeth Wenner, Associate Director, Communications of Kraft Foods sent the following statement to PogoWasRight.org:

"I am following up on your inquiry to Kraft and wanted to provide you with some background. As you may know, in early August, Caremark, the company that administers Kraft’s prescription drug benefits program, let us know that a computer tape with the names and other personal information of approximately 32,000 current and former employees and a small number of fewer than 500 of their dependents, was missing. Kraft sent the tape to Affiliated Computer Services (ACS), a company that processes data for Caremark. No prescription records were included and the information can only be opened with special hardware.

We do not think anyone will access the information and believe the tape was accidentally destroyed. Even so, out of an abundance of caution, we notified employees and through Caremark have arranged for two years of free credit monitoring from Trans Union.

We want to emphasize that we do not believe that the information has been accessed. However, we take our obligation to safeguard the personal information of our employees very seriously and we have improved our processes and systems.

I hope this has been helpful and please do not hesitate to reach out again."



The deliberate Data Spill...

http://www.boston.com/news/local/new_hampshire/articles/2007/09/19/edwards_campaign_says_e_mail_violated_aide_resigns_for_messages/?rss_id=Boston.com+%2F+News

Edwards campaign says e-mail violated; aide resigns for messages

By Philip Elliott, Associated Press Writer | September 19, 2007

CONCORD, N.H. --John Edwards' presidential campaign is asking for a criminal investigation after an aide's internal e-mail messages were copied and mailed to some people he disparaged in them.

Matt Spence, Edwards' deputy New Hampshire political director, apologized and resigned after being confronted with the e-mails, campaign spokeswoman Kate Bedingfield said Wednesday.

... "We will not tolerate that kind of language on the Edwards campaign," Bedingfield said. "The campaign [“The campaign” is a person? Bob] has personally apologized to everyone referenced in the e-mails."



More Ohio related fallout

http://www.pogowasright.org/article.php?story=20070919125718603

(update) CT: State to sue company linked to lost data

Wednesday, September 19 2007 @ 12:57 PM EDT Contributed by: PrivacyNews News Section: Breaches

State officials are planning to sue Accenture, the Bermuda-based company hired to implement Connecticut's controversial computerized financial accounting system, over its role in providing confidential state data to a similar system in Ohio.

The civil complaint is expected to charge Accenture with breach of contract and negligence, according to Attorney General Richard Blumenthal, who said it would be lodged after he confers with state Comptroller Nancy Wyman, who was to return to Connecticut this afternoon after spending several days in Florida handling the estate of her late mother.

Source - Journal Inquirer



Guideline for Data Spills?

http://knowledge.wharton.upenn.edu/article.cfm?articleid=1807

Can't Run, Can't Hide: New Rules of Engagement for Crisis Management

Published: September 19, 2007 in Knowledge@Wharton

The corporate apologies are piling up. Mattel CEO Robert Eckert apologized before a Senate subcommittee on September 12 for lead paint found in millions of the company's toys. On September 14, TD Ameritrade CEO Joe Moglia apologized for a database breach that compromised customer addresses, phone numbers and email addresses. Apple CEO Steve Jobs apologized on September 6 for cutting the price of the high-end iPhone to $399 just weeks after die-hard customers waited in long lines to pay $599. Dell executives apologized in August on the company's corporate blog for delayed deliveries of certain laptop and desktop models. And in February, JetBlue apologized for canceling 250 flights during an ice storm and leaving some passengers on the tarmac for as long as 11 hours.

The common thread linking these apologies: Executives were moving quickly to stem damage to their companies' reputations. And while not all corporate crises are created equal, there is a playbook to handle these events, according to professors at Wharton. First, a corporate response should take hours, not days. It should include a well-thought out apology delivered through multiple mediums and it should feature some remediation so that the event won't happen again.



The government view?

http://www.pogowasright.org/article.php?story=2007091909114984

Combating Identity Theft: Implementing a Coordinated Plan

Wednesday, September 19 2007 @ 09:11 AM EDT Contributed by: PrivacyNews News Section: Breaches

Prepared statement of the FTC before the Maryland Task Force to Study Identity Theft, Sept. 18th.

Source - Statement (pdf)

(Props, Realtime IT Compliance)



To be expected. Bureaucracies move slowly (news?)

http://www.pogowasright.org/article.php?story=20070919095521958

Study says veterans' data are at risk

Wednesday, September 19 2007 @ 09:55 AM EDT Contributed by: PrivacyNews News Section: Breaches

Veterans' personal data and health information remain at risk of identity theft because the Veterans Affairs Department has yet to implement several safety measures, government investigators say. The report by the Government Accountability Office, released Wednesday, comes more than one year after the VA pledged renewed security efforts after the loss of personal information for 26.5 million veterans and active-duty personnel. It found that the VA had not yet fully secured access to its computer network and department facilities nor worked to ensure that only authorized changes and updates to VA computer programs were made.

Source - Associated Press



Who do you believe?

http://techdirt.com/articles/20070919/123308.shtml

Think Tank Bashes Paper Trails For E-Voting

from the missing-the-point dept

A think tank has released a report bashing the idea of requiring paper trails for e-voting systems. The logic behind this uses some sleight of hand and some misdirection to make such a statement actually try to sound sensible. The key argument the group makes is that a paper trail would not increase security while increasing cost. That's actually true -- but that's not the point. People aren't asking for a paper trail to increase security. They're asking for a paper trail to make the machines auditable so the machine's ability to count accurately can be checked. In response to this, the think tank notes that the paper trail might not be perfect, so it's a waste. They point out that printers jam and the hand counts of paper trails may not be accurate either. That's nice, but again it's missing the point. Without those things, there's simply no way of knowing whether or not the computer count was accurate or whether the votes were tampered with. No one has suggested that a paper trail is the perfect solution to all of e-voting's problems. No one denies that paper trails potentially add other problems to the process. But the concern here is not in making e-voting cheaper -- but in making it better. Adding additional mechanisms to make the machines more reliable and more trustworthy seems like a reasonable step, though certainly not the only one that should be taken.


Related

http://www.news.com/8301-10784_3-9781576-7.html?part=rss&subj=news&tag=2547-1_3-0-5

Report: E-voting woes could stall S.F. election tally

Posted by Anne Broache September 19, 2007 2:33 PM PDT

Glitches in touch-screen electronic voting machines without paper trails tend to rack up the most attention these days. But an irregularity over ballots marked by hand and scanned by a computer like standardized tests--known as the "optical-scan" approach--is poised to create a snafu in upcoming mayoral elections in San Francisco.

According to a San Francisco Chronicle report on Wednesday, there's concern among state officials that "less-sensitive" scanning machines at polling places across the California city won't be able to pick up ballots marked with anything other than a No. 2 pencil or a special pen provided by the voting machine manufacturer, Election Systems & Software (ES&S).



Soon at a cell phone company near you?

http://yro.slashdot.org/article.pl?sid=07/09/19/1858209&from=rss

Massive Canadian Class-Action Cellphone Suit Is Approved

Posted by ScuttleMonkey on Wednesday September 19, @05:01PM from the war-on-big-business dept. Communications The Courts

BeanBunny writes "A Saskatchewan, Canada court has ruled that a $12 billion class-action suit can proceed. The suit alleges that 'system access fees' that the cellphone companies have charged ($7-9 per month) are unfair and constitute price gouging. 'It is described as the largest class-action in Canadian history, potentially affecting every cellphone user in the country. Currently, there are 7,500 complainants signed onto the suit.'"



How to gain competitive advantage?

http://it.slashdot.org/article.pl?sid=07/09/19/2233234&from=rss

TransUnion to Offer Credit Freezes Nationwide

Posted by samzenpus on Wednesday September 19, @09:50PM from the invisible-credit-score dept. Security

An anonymous reader writes "In a little-noticed press release issued Tuesday, credit reporting bureau TransUnion said it would begin offering credit freezes to all Americans, a change the belies the credit industry's oft-uttered claim that doing so would be too expensive and burdensome. The program takes effect Oct. 15, 2007, will cost $10 each to place and to remove, and request and must be filed by certified mail. As The Washington Post reports, the move comes as some 39 states and the District of Columbia have passed laws entitling their residents to credit freeze rights. The new right may have little benefit unless the other two major credit reporting bureaus follow suit, and both companies are staying mum about any plans to do so. In May, Slashdot examined a related story on the credit bureaus' traditional resistance to freeze laws."



Someone at Harvard needs an education.

http://techdirt.com/articles/20070919/102717.shtml

Harvard Bookstore Claims Book Prices Are Copyrighted

from the you-can-claim-it,-doesn't-mean-it's-true dept

A few years ago, we had a story about a store that was kicking people out if they caught them comparison shopping via a mobile device. Obviously, a store can kick out anyone they want to, but perhaps a better approach is to actually focus on better serving the customer so that when they're done comparison shopping, they still want to buy from you (either because you have the best price, or you offer some additional convenience or service they can't get elsewhere). This issue seems to be coming up again, but with a new twist. alex writes in to let us know that the bookstore at Harvard is kicking people out for taking too many notes about pricing (via Boing Boing). When confronted about this, the store's president actually claimed that book prices were the store's "intellectual property." Of course, just because you say something is your intellectual property, it doesn't mean it is. Unfortunately for the bookstore, the law is pretty clear that you can't copyright facts -- and whether the bookstore likes it or not, prices are facts. The store certainly has the right to refuse service to anyone, but that doesn't mean that it's smart for business or that copying down prices infringes on any kind of intellectual property.



Gartner speaks, CIOs listen – do CEOs?

http://www.eweek.com/article2/0,1759,2185384,00.asp?kc=EWRSS03119TX1K0000594

Commercial Software Will Include Open Source, Gartner Says

By Peter Galli September 19, 2007

IT organizations will have to manage open-source software along with commercial software, Gartner says.

LAS VEGAS—At least 80 percent of all commercial software products will include elements of open-source code by 2010, according to Mark Driver, vice president of research at Gartner.


http://www.eweek.com/article2/0,1759,2185432,00.asp?kc=EWRSS03119TX1K0000594

Five Forces that Can Make Your Business Sink or Swim

September 19, 2007 By Clint Boulton

LAS VEGAS—Web 2.0, SAAS (software as a service), global class, consumerization and open source are facilitating disruptions in the high-tech market even as they are becoming vital forces that help businesses compete for new revenue opportunities.

Such was the position taken by three analysts in the opening keynote of the Gartner Web Innovations conference here Sept. 19.



This could be interesting... Now let's make an open source application for citations.

http://www.bespacific.com/mt/archives/016033.html

September 19, 2007

Transcripts of Federal Court Proceedings Nationwide To Be Available Online

U.S. Courts release: "The Judicial Conference of the United States today voted to make transcripts of federal district and bankruptcy court proceedings available online through the Judiciary's Public Access to Court Electronic Records (PACER) system. Under the new policy, transcripts created by court reporters or transcribers will be available for inspection and copying in a clerk of court’s office and for download from PACER 90 days after they are delivered to the clerk. Individuals will be able to view, download, or print a copy of a transcript from PACER for eight cents per page."



Why you should ed-u-ma-kate your children

http://games.slashdot.org/article.pl?sid=07/09/20/052223&from=rss

12 Year Old Gets $6.5M for Gaming Company

Posted by samzenpus on Thursday September 20, @05:39AM from the that's-a-lot-of-candy dept. Businesses Games

Bayscribe writes "A Silicon Valley company co-founded by a 12-year-old has just raised $6.5 million in venture capital. PlaySpan, based in Santa Clara, Calif. says it offers game publishers a technology that lets users make payments and shop for other items. It calls itself the first "publisher-sponsored in-game commerce network." Arjun Mehta, a 6th grader, says on his Web site that he is passionate about software that can make the game experience more "rewarding," and that he started the company last year in his garage. He paid for it from earnings made from selling online game items he won."



Free is good – and IBM agrees!

http://www.joelonsoftware.com/items/2007/09/18.html

Strategy Letter VI

This item ran on the Joel on Software homepage on Tuesday, September 18, 2007

IBM just released an open-source office suite called IBM Lotus Symphony. Sounds like Yet Another StarOffice distribution. But I suspect they’re probably trying to wipe out the memory of the original Lotus Symphony, which had been hyped as the Second Coming and which fell totally flat. It was the software equivalent of Gigli.



Does this seem right to you?

http://venturebeat.com/2007/09/18/mint-the-easiest-way-to-manage-your-personal-finances/

Mint: The easiest way to manage your personal finances

By Eric Eldon 09.18.07

[Update: Mint has won the TechCrunch 40 conference’s competition, which goes to the most impressive presenting company from among the 40 participants. Mint will receive a $50,000 cash award and other services and awards from corporate sponsors.]

Mint, a long-awaited online tool for managing your personal finances, has launched today.

For those who have used Quicken or other traditional personal accounting software to manage your checking, savings and credit card accounts, Mint will be a relief.

Once you sign up, you provide Mint with access to all of your accounts. Mint automatically categorizes each paycheck and each expenditure, then provides visual graphs and pie charts showing exactly how you’re spending your money. The entire process takes a matter of minutes.



I'm gonna start recording my classes... What kind of ads should I put on “College Algebra?”

http://www.killerstartups.com/Video-Music-Photo/plugadplay--Insert-Ads-Into-Your-Videos-Make-Cash/

PlugAdPlay.com - Insert Ads Into Your Videos, Make Cash

PlugAdPlay is a video advertising site which gives any video producer the chance to earn money with video clips. Users can ad PlugAdPlay adverts to the beginning and end of their videos, or they can opt for a streaming banner. There are three different ways to actually earn money once the PlugAdPlay ads have been appended. First, you’ve got to upload your video on any site like Youtube, or Google Video; you’ll automatically earn up to a dollar for each video uploaded. Plug will pay you an extra bonus for each person watching your video wherever you’ve uploaded it. If your video becomes the most viewed on any video sharing site, you’ll reap in an extra extra bonus. PluAdPlay also pays for clicks and impressions generated by your video. Additionally, you can publish the site’s video player on your blog or website to generate even more money (each time someone watches, of course, means you’re making revenue). The potential profits are high (Plug estimates as much as $960 a month). To receive your money, you’ll need to have earned a minimum of $50.

http://www.plugadplay.com/

No comments: