“We didn't know...”
http://www.pogowasright.org/article.php?story=20070906191236314
USC investigates student information found on the Web
Thursday, September 06 2007 @ 07:12 PM CDT Contributed by: PrivacyNews News Section: Breaches
The University of South Carolina is looking into what it called an "accidental disclosure" of private student information on the Internet, school spokesman Russ McKinney said Thursday.
The information wasn't on the Web long before the school realized what happened and took immediate steps to remove it, McKinney said.
The university is trying to determine exactly what type of information was released, the length of time it was on the Internet and who might have accessed it. McKinney said.
The breach involved 1,482 students, he said.
Source - Associated Press
[From the article:
The student files were found Aug. 31 by the Washington-D.C.-based nonprofit group Liberty Coalition, said Aaron Titus, director of information privacy for the group.
... It appears the person responsible [Isn't the CIO responsible for Information? Bob] for the breach may not have known enough about computers to realize the information could be accessed outside the university system, Titus said.
"But once that information gets out there, it's nearly impossible to tell how many copies of it might have been made," [This is what auditors refer to as a Big Fat Lie... Bob] Titus said.
The disclosure was first reported by The Daily Gamecock, the independent student newspaper at the university.
Another attempt to calm the victims by declaring that passwords are adequate to prevent Identity Theft. Just go to digg.com and enter a search for “password” -- they'll provide dozens of techniques for bypassing or cracking passwords. Most of the computer forensic companies will show you how to access data on a hard drive without ever being asked for a password. (sorry for the rant, but I worry that someone actually believes this nonsense!)
http://www.pogowasright.org/article.php?story=20070907061312281
Stolen laptop contained data on De Anza students
Friday, September 07 2007 @ 06:13 AM CDT Contributed by: PrivacyNews News Section: Breaches
De Anza College warned Thursday that a laptop swiped from a math teacher's home contained personal information - including many Social Security numbers - of about 4,375 students.
But the laptop and its personal information were password protected, according to a district spokeswoman, and there was no evidence that any of the information has been used.
Source - Mercury News
This article is worth reading...
http://seattletimes.nwsource.com/html/localnews/2003873008_mailfraud07m.html
Indictment here marks "new age" of ID theft
By David Bowermaster Seattle Times staff reporter
Like millions of computer users, Gregory Kopiloff used the file-sharing program known as LimeWire to swap digital content with people all over the world.
But federal prosecutors say Kopiloff, 35, was not only using LimeWire to download music, movies or video games.
The Seattle resident allegedly used the peer-to-peer network to infiltrate hundreds of people's hard drives and steal tax returns, student financial-aid forms and other sensitive personal data. According to a federal indictment, Kopiloff then used that information to create bogus credit-card and bank accounts and illegally purchased thousands of dollars in merchandise.
Authorities said they have identified at least 83 victims — most of whom have teenage children and did not know the file-sharing software was on their computer. But investigators also said they believe the number of people affected was in the hundreds.
... "We are entering a new age of identity theft," said Robert Boback, chief executive of Tiversa, a computer-security firm based in Pittsburgh that has conducted extensive research on peer-to-peer networks. "Tens of thousands of individuals make a living doing this."
Kopiloff was charged Thursday in U.S. District Court in Seattle with mail fraud, accessing a protected computer without authorization in order to further fraud, and two counts of aggravated identity theft.
... Also, early versions of LimeWire automatically exposed a user's entire hard drive to other users on the peer-to-peer network.
More recent versions create a "shared" folder where users can isolate music or video files they want to swap, but many viruses "effectively expand access to [other] areas of the disk drive," according to a search warrant.
To illustrate how criminals try to exploit such security holes, Boback conducted a demonstration during Thursday's news conference at the U.S. Attorney's Office in Seattle. Using his company's technology, he showed — in real time — searches being conducted on peer-to-peer networks. As the searches were entered, they scrolled rapidly along the screen of his laptop. Many clearly concerned music files and pornography, but interspersed were scores looking for files that contained terms such as "password" and "medical billing."
Follow-up
http://hosted.ap.org/dynamic/stories/C/COLLEGE_HACKING?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT
Alum Charged With Hacking Into Texas A&M
By MONICA RHOR Associated Press Writer Sep 7, 7:55 AM EDT
HOUSTON (AP) -- A recent graduate of Texas A&M University is charged with hacking into the school's computer system and illegally accessing information on 88,000 current and former students, faculty and staff members.
Luis Castillo must appear before a magistrate judge Wednesday.
Federal prosecutors said Castillo, who graduated in December with a computer science degree, accessed the system in February and caused more than $5,000 in losses to the university. The school had to hire extra staff to minimize damage.
Castillo was charged with felony reckless damage to a protected computer [I wonder if there is a tool (software) that helps you select the charge? Should be simple to program... Bob] and could face as many as five years in prison if convicted.
... Social Security numbers and bank account numbers were not accessed, and the breach did not allow entry into the school's financial system or payroll, officials said. No unauthorized changes to the records have been found.
Another follow-up..
http://www.pogowasright.org/article.php?story=20070906191359962
(follow-up) SAIC Second Quarter Profits Rise on Higher National Security Sales
Thursday, September 06 2007 @ 07:13 PM CDT Contributed by: PrivacyNews News Section: Breaches
Defense and national security contractor SAIC Inc. Thursday reported higher profit in the second quarter on sales of border patrol and port security technology and cost cutting measures. The San Diego-based company also said it spent $8 million in the quarter to deal with a security breach in July when it compromised personal information about more than half a million military personnel and their relatives when it transmitted information unencrypted.
Source - Associated Press Previous Coverage
Winning Customer loyalty?
http://slashdot.org/article.pl?sid=07/09/06/1935240&from=rss
1300 Unopened Fry's Rebate Forms Found In Dumpster
Posted by samzenpus on Thursday September 06, @05:22PM from the put-it-in-the-circular-file dept. Businesses It's funny. Laugh.
blackmonday writes "The Consumerist is reporting a find of 1,300 unopened rebate submissions in a dumpster belonging to Vastech, a rebate processor hired by Fry's Electronics. Vastech's management blames it on a bad employee."
Their PR Dept. deserves lots of credit for keeping their name in the news...
http://www.pogowasright.org/article.php?story=20070906134835120
Pfizer victim of spambots, says security company
Thursday, September 06 2007 @ 01:48 PM CDT Contributed by: PrivacyNews News Section: Businesses & Privacy
Home PCs aren't the only ones vulnerable to compromise. After all, the same people using machines at home are using them at work – and often lax security policies (or bad software) make it difficult or impossible to fully protect hundreds of workstations.
A humorous and glowing example of this is Pfizer, who has found themselves victim of spambots. The company, better known as the manufacturer of Viagra, has found their own inboxes flooded with spam for their own products. The reason is that machines on their internal network have become compromised by hackers on the outside and turned into spambots, churning out tons of email.
Source - TechSpot
About time! (Will it stick?)
http://www.bespacific.com/mt/archives/015896.html
September 06, 2007
Federal Court Strikes Down National Security Letter Provision of Patriot Act
ACLU press release: "A federal court today struck down the amended Patriot Act's National Security Letter (NSL) provision. The law has permitted the FBI to issue NSLs demanding private information about people within the United States without court approval, and to gag those who receive NSLs from discussing them. The court found that the gag power was unconstitutional and that because the statute prevented courts from engaging in meaningful judicial review of gags, it violated the First Amendment and the principle of separation of powers."
Another source for a Universal Guideline... Anyone want to do a paper or journal article?
http://www.bespacific.com/mt/archives/015906.html
September 06, 2007
DOT OIG Analysis of Loss of Control Over Sensitive Personally Identifiable Information
Analysis of Loss of Control Over Sensitive Personally Identifiable Information and Follow-up Actions to Strengthen its Protection, August 28, 2007. Correspondence (23 pages, PDF)
Summary: "On August, 28, 2007 we issued a memorandum on our analysis of the circumstances surrounding the July 27, 2006 theft of an OIG laptop from a government vehicle in Doral, Florida and a prior theft that had occurred on April 24, 2006 from a hotel conference room in Orlando, Florida. Both laptops contained Sensitive Personally Identifiable Information (SPII) information on 138,000 individuals that heightened their potential risk of identity theft. Following our notification of the July theft, Members of the Florida congressional delegation requested that we examine our procedures for handling and storing such information and identify steps we have taken to ensure that such a breach would not happen again...We identified three interrelated factors that contributed to the loss of our control over the sensitive personal information stored on the laptops:(1) measures taken to protect the physical security of the laptops were insufficient; (2) the data on the laptops had been decrypted to preserve the data during an upgrade to the OIG's information technology (IT) system; and (3) SPII databases were stored on laptop computers, which are inherently less secure than computers that operate in a centralized environment. The memorandum also sets forth the steps we have taken to improve the physical security of our laptops and improve how sensitive personal information is handled and stored."
It should be possible to structure your discovery request to be both reasonable and impossible to comply with...
http://www.bespacific.com/mt/archives/015894.html
September 06, 2007
Seek and Ye Shall Find? State CIOs Must Prepare Now for E-Discovery
NASCIO - Seek and Ye Shall Find? State CIOs Must Prepare Now for E-Discovery, September 2007: "In increasingly consolidated state technology environments, State CIOs may have heightened responsibility for the storage, preservation and retrieval of electronic information in response to e-discovery requests. Since government information is a knowledge asset, State CIOs must ensure the proper management of state information assets in addition to the technological infrastructure for locating and retrieving that information. This issue brief explains the impact for State CIOs of e-discovery requests and encourages State CIOs to pursue a holistic approach to enterprise records management as part of a team of state government stakeholders, including state legal counsel, archivists, records managers, and agency business leaders."
What would you expect them to say?
http://yro.slashdot.org/article.pl?sid=07/09/07/0047225&from=rss
Copyright Alliance Says Fair Use Not a Consumer Right
Posted by CowboyNeal on Thursday September 06, @11:12PM from the no-rights-make-a-wrong dept. Media Movies Music Television
KingSkippus writes "In response to a complaint to the FCC filed by the Computer and Communications Industry Association (CCIA) to change copyright warnings before movies and sporting events, Executive Director Patrick Ross of the Copyright Alliance tells us in an editorial that "fair use is not a consumer right." The Copyright Alliance is backed by such heavy-hitters as the MPAA, RIAA, Disney, Business Software Alliance, and perhaps most interestingly, Microsoft, who is also backing the CCIA's complaint."
What possible basis would Justice have for making these comments? Perhaps they could come back to this arguement when the US ranks in the top 100 countries for Internet speed?
http://www.washingtonpost.com/wp-dyn/content/article/2007/09/06/AR2007090601262.html
Feds OK Fee for Priority Web Traffic
The Associated Press Thursday, September 6, 2007; 12:22 PM
WASHINGTON -- The Justice Department on Thursday said Internet service providers should be allowed to charge a fee for priority Web traffic.
The agency told the Federal Communications Commission, which is reviewing high-speed Internet practices, that it is opposed to "Net neutrality," the principle that all Internet sites should be equally accessible to any Web user.
... The Justice Department said imposing a Net neutrality regulation could hamper development of the Internet and prevent service providers from upgrading or expanding their networks. It could also shift the "entire burden of implementing costly network expansions and improvements onto consumers," [Who pays for it now? The Tooth Fairy? Bob] the agency said in its filing.
... However, the agency said it will continue to monitor and enforce any anticompetitive conduct to ensure a competitive broadband marketplace.
Interesting, but I doubt I'd create such a fuss unless I was traveling with my lawyer... (I like their version of the DHS Security Levels. Perhaps we could make similar posters?)
http://www.cnet.com/8301-13739_1-9769089-46.html?part=rss&subj=news&tag=2547-1_3-0-5
Skip to the front of the airport security line
Posted by Chris Soghoian September 6, 2007 3:49 AM PDT Airport security
Attempts to assert your right to fly without ID can often be very frustrating, due to Transportation Security Administration and airport officials not knowing their own rules.
I'm teaching all of my classes at least partly (50%) online. What will life be like when these kids hit college?
http://hosted.ap.org/dynamic/stories/V/VIRTUAL_SCHOOLS?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT
Virtual Schooling Growing at K-12 Level
By BILL KACZOR Associated Press Writer Sep 7, 8:03 AM EDT
TALLAHASSEE, Fla. (AP) -- As a seventh-grader, Kelsey-Anne Hizer was getting mostly D's and F's and felt the teachers at her Ocala middle school were not giving her the help she needed. But after switching to a virtual school for eighth grade, Kelsey-Anne is receiving more individual attention and making A's and B's. She's also enthusiastic about learning, even though she has never been in the same room as her teachers.
Kelsey-Anne became part of a growing national trend when she transferred to Orlando-based Florida Virtual School. Students get their lessons online and communicate with their teachers and each other through chat rooms, e-mail, telephone and instant messaging.
"It's more one-on-one than regular school," Kelsey-Anne said.
... Virtual learning is becoming ubiquitous at colleges and universities but remains in its infancy at the elementary and secondary level, where skeptics have questioned its cost and effect on children's socialization.
However, virtual schools are growing fast - at an annual rate of about 25 percent. There are 25 statewide or state-led programs and more than 170 virtual charter schools across the nation, according to the North American Council for Online Learning.
Estimates of elementary and secondary students taking virtual classes range from 500,000 to 1 million nationally compared to total public school enrollment of about 50 million.
... Many policymakers approach virtual learning with dollar signs in their eyes, expecting big savings from schools that do not need buildings, buses and other traditional infrastructure.
"We should not, as stewards of public money, be automatically paying the same or even close to the same amount of money for a virtual school day as we pay for a conventional school day," said Florida Senate Education Committee Chairman Don Gaetz.
On the Net: Florida Virtual School: http://www.flvs.net
Education Sector: http://www.educationsector.org
North American Council for Online Learning: http://www.nacol.org
Geek stuff...
http://developers.slashdot.org/article.pl?sid=07/09/06/1527258&from=rss
Are Relational Databases Obsolete?
Posted by kdawson on Thursday September 06, @12:27PM from the long-in-the-tooth dept.
jpkunst sends us to Computerworld for a look at Michael Stonebraker's opinion that RDBMSs "should be considered legacy technology." Computerworld adds some background and analysis to Stonebraker's comments, which appear in a new blog, The Database Column. Stonebraker co-created the Ingres and Postgres technology while a researcher at UC Berkeley in the early 1970s. He predicts that "column stores will take over the [data] warehouse market over time, completely displacing row stores."
There are 44 vineyards and wineries in Colorado? Whod'a thunk it! I can see this type of site as a model for many “hobbies” or interests... (Bike trails, professional seminars, chili cook-offs, soccer games, even yard sales)
http://www.killerstartups.com/User-Gen-Content/winesandtimes--Find-A-Vineyard-Near-You/
WinesAndTimes.com - Find A Vineyard Near You
Planing on doing some wine tasting? Or are you curious to see if there are any vineyards in your area? Go to WinesAndTimes.com where you can search by state and see what type of wine events are going on in your area. WinesAndTimes.com uses the google map function to give you a visual image of where these wine events are. The map marks where; vineyards, wine festivals, wine associations and wine trails are located. Plan your trip and get directions from your home to the vineyards.
... Look through the calendar to see what events are happening this week. If you know of a vineyard that is not listed go to the feedback section and add it to the list. The information is updated regularly so you know when future events will take place. Search for vineyards and plan your trip with WinesAndTimes.com.
http://www.winesandtimes.com/wnt/index.php
Just because we can...
http://digg.com/videos/comedy/Video_Hundreds_of_Dogs_in_a_Public_Pool
Video - Hundreds of Dogs in a Public Pool! watch!
intheory.tv — Dogs take over the pool at the 4th annual Pooch Plunge held in Fort Collins, Colorado. City Park pool is open for the summer season and then closes for the rest of the season. Before the pool is drained our four-legged friends get to enjoy the pool. This August 19th - 20th, from 4pm to 5:30pm you could bring your pooch to the pool.
No comments:
Post a Comment