Monday, October 01, 2007

The hack was on Sept. 12th

http://www.pogowasright.org/article.php?story=20070930165447388

Nature Conservancy Human Resources database hacked

Sunday, September 30 2007 @ 04:54 PM EDT Contributed by: PrivacyNews News Section: Breaches

The Nature Conservancy has notified New Hampshire that it discovered a hack of one its servers that contained names, addresses, social security numbers, and perhaps financial account information on its employees. The Nature Conservancy has 3,500 employees in the U.S. who are being notified. At the present time, the Nature Conservancy does not believe that international employees' data are involved.

Source - Notification Letter to NH [pdf]



Interesting because the “memo” to employees was “intentionally vague”

http://www.pogowasright.org/article.php?story=20071001054952747

NJ: Stolen disc has data on personnel

Monday, October 01 2007 @ 05:49 AM EDT Contributed by: PrivacyNews News Section: Breaches

A computer disc with township personnel records was among the items taken Sept. 19 from a home of a township employee, Capt. John Rein said Sunday.

... Business Administrator Scott Pezarras sent a letter out to all employees Sept. 21 titled "unusual activity." The memo only stated: "I wanted to let you know that personnel information may have been compromised, therefore, please monitor your personnel affairs and report any unusual activity to your local law enforcement agency."

Source - Asbury Park Press



Legal, but unethical?

http://www.pogowasright.org/article.php?story=20071001055636274

St. Pete Times: Student's personal data given to lender

Monday, October 01 2007 @ 05:56 AM EDT Contributed by: PrivacyNews News Section: Minors & Students

Several University of Miami students received unsolicited letters over the summer that contained personal information such as Social Security Numbers, driver's license numbers and birth dates, the St. Petersburg Times reported Thursday. Letters were sent from the loan company Sallie Mae, which offered Federal Stafford loans to students.

... Normally, the Federal Educational Rights Privacy Act protects students' information from being sent to lenders without authorization. However, there is a loophole in the law.

. Barmak Nassirian, deputy director of the American Association of Collegiate Registrars and Admission Officers, told the Times that schools can skirt the law on a technicality if they send the private information to lenders after students are accepted to the university but before they enroll and the federal privacy rules take effect.

Source - The Miami Hurricane



Interesting reaction. The university also searched (covertly?) the newspaper's computers.

http://www.pogowasright.org/article.php?story=20071001055813678

(update) University Allows Student Journalist Who Discovered Data-Security Flaw to Remain

Monday, October 01 2007 @ 05:58 AM EDT Contributed by: PrivacyNews News Section: Breaches

A student at Western Oregon University, who discovered while working at the campus newspaper that the institution had left private information about some applicants out in the open, on an unsecured computer network, will not be kicked out of the university. A disciplinary committee, which met on Friday to determine the student’s fate, decided that he could stay.

Blair W. Loving, a 29-year-old senior English major and copy editor for the student paper, had been accused of violating the university code of conduct because he accessed sensitive material on a university computer, The Oregonian reported. The incident, which occurred in June, had already cost the job of the newspaper’s faculty adviser, Susan Wickstrom.

Source - Chronicle of Higher Education

Related - Stumbling Upon Secure Data



The rest...

http://www.pogowasright.org/article.php?story=20070930185902317

Data “Dysprotection:” breaches reported last week

Monday, October 01 2007 @ 06:15 AM EDT Contributed by: PrivacyNews News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent



If it can be done (and the comments raise some questions), why would you choose not to do it?

http://it.slashdot.org/article.pl?sid=07/09/30/1339248&from=rss

Novel Method for Universal Email Authentication

Posted by CmdrTaco on Sunday September 30, @11:48AM from the well-kinda-novell-anyway dept. Spam

MKaplan writes "Most spam is sent using spoofed domains. Email authentication schemes such as SPF attempt to foil spoofing by having domain administrators publish a list of their approved outgoing mail servers. SPF is sharply limited by incomplete domain participation and failure to authenticate forwarded email. A paper describes a novel method to rapidly generate a near-perfect global SPF database independent of the participation of domain administrators. A single email from an unauthenticated domain is bounced and then resent — this previously unauthenticated domain and the server listed in the return path of the resent bounce are entered into a globally accessible database. All future emails sent from this domain via this server will be authenticated after checking this new database. Mechanisms to authenticate forwarded email and to nullify subversion of this anti-spam system are also described."



“Yeah, we know it doesn't prevent crime – but it's so cool!”

http://www.bespacific.com/mt/archives/016134.html

September 30, 2007

Chicago Plans Extensive Video Surveillance Plan

Government Technology: "Chicago's Office of Emergency Management and Communications (OEMC) will implement an advanced citywide intelligent security system as part of Chicago's Operation Virtual Shield, a project that encompasses one of the world's largest video security deployments."


Here is another use for surveillance video...

http://www.we-make-money-not-art.com/archives/009757.php

Using CCTV for low-budget filmmaking

One of the highlights of the Goodbye Privacy symposium at ars electronica was a talk given by Graham Harwood. The Mongrel artist demonstrated several strategies developed by Mediashed in reaction to surveillance.

... For example, Mediashed involved a group of kids who usually hang around in the streets to engage in Video sniffin' activities and turn CCTV into a free broadcasting system for their own use. "Why would you want to buy some video equipment when there are already so many cameras around for you to use?" They bought in a high street store some relatively cheap and small devices which can sniff out the street for signals broadcast by wireless CCTV networks. Using the surveillance images captured, the kids then created their own movie.

... The project was the first official UK implementation of GEARBOX the free-media video toolkit developed by MediaShed with the Eyebeam Studios in New York. Comprised of “how to” step by step examples, Gearbox shows people how to record footage using combinations of found resources (such as CCTV Video Sniffin’ or Spy Kiting which allows you to get images that -sort of- look like they were taken from helicoptor but using cheap wireless cctv technology and a kite instead) and low-budget methods of reproducing professional film making techniques (for example, achieving a crane shot using a fishing pole).



Neither new or innovative, but it is interesting that the victim didn't keep the confession message

http://www.news.com/8301-10784_3-9787747-7.html?part=rss&subj=news&tag=2547-1_3-0-5

Rape conviction rests in part on AOL instant message

Posted by Declan McCullagh October 1, 2007 3:00 AM PDT

A Virginia appeals court has upheld a defendant's rape conviction based in part on an AOL instant message.

The Virginia Court of Appeals ruled on Tuesday that instant messages were properly used as evidence against Myron J. Turman, who was convicted of raping his friend, a woman called S.J. in court documents. Her real name is not listed.

The incident took place on the evening of October 5, 2002, when S.J. arrived home in Fairfax County around 3 a.m. from a nightclub in Washington, D.C. Turman met her in the parking lot and followed her inside.

S.J. and Turman had had consensual sex at least one time before. This time, according to S.J., she asked Turman to leave and he refused. Instead, he raped her and only left when she called the police.

A few months later, S.J. claims to have received an instant message from "Myron109" saying that he was high on the drug ecstasy and "I just wanted to apologize." Turman had previously used the Myron109 screen name when communicating with her.

What's a little unusual is that S.J. never actually kept the alleged electronic confession. She later testified that it simply never occurred to her to print or save the conversation. So it amounted to her word against his--neither the defense nor the prosecution seems to have thought of sending a subpoena to AOL to see if any server logs existed.

It's true that Turman could have landed in prison even without the alleged IM confession--but we'll never know for sure.

This is not the first time that IMs have been used in court, of course. I wrote in June about how teenage murderers were convicted through their IM logs. In April, I wrote about a case involving a sensual masseuse who was allegedly paid for sex--and cited IM transcripts in an unsuccessful lawsuit against an ex-customer for $1.5 million.

For his part, Turman admitted that he had sex with S.J. on the evening of October 5 but claimed it was consensual. He said that his screen name was indeed Myron109 but that he did not send a subsequent apology to S.J. Two of his friends and his estranged wife had access to that AOL account and likely sent the message, he said.

The trial judge ruled, however, that S.J.'s recollection of the message was admissible--based on the exception to the hearsay rule permitting admissions of guilt. "It is clear that an original printed message was unavailable, and the trial court properly allowed S.J. to testify as to the content of the messages that appeared on her computer screen," the appeals court said. "The trial court did not abuse its discretion in allowing S.J. to testify as to the messages she received on her computer."



The math is no problem, but look at the English exam...

http://digg.com/general_sciences/MIT_Entrance_Exams_From_1869_1870

MIT Entrance Exams From 1869 - 1870

The MIT libraries has a nice page up of an old entrance exam as required for freshman to enter the institute. subjects include english, geometry, algebra, and arithmetic.

http://libraries.mit.edu/archives/exhibits/exam/



Probably not as stupid as it sounds... Unfortunate yes, stupid no.

http://www.killerstartups.com/Web20/wealthymen--Girls-Get-Your-Gold-Dig-On/

WealthyMen.com - Girls, Get Your Gold-Dig On

Are you a gold digger? Do you want to be gold-dug? WealthyMen is a new online dating service for women interested in hunting down a sugar daddy, and for sugar daddies who want to find someone to wife up. If you make less than 100 grand a year, forget about signing up; WealthyMen only verifies that the male subscribers that rake in over that amount annually. If you’re a woman, you can sign up regardless of your income bracket. Apart from the financial stipulations, the site functions like any other online dating site; you create a personal profile and describer your personal and professional interests. You can search for people by US city, country, or by verification level (there are several levels of verification, including photo verification, financial verification, and professional verification). Communication between members is done through email and on-site messaging.

http://www.wealthymen.com/



Can't wait for this lawsuit to be broadcast by the Comedy Channel...

http://digg.com/offbeat_news/Woman_Runs_Over_Own_Legs_at_McDonald_s_Drive_thru

Woman Runs Over Own Legs at McDonald's Drive-thru

http://www.phoenixvillenews.com/WebApp/appmanager/JRC/Daily?_nfpb=true&_pageLabel=pg_article&r21.pgpath=%2FPVN%2FHome&r21.content=%2FPVN%2FHome%2FTopStoryList_Story_715762

No comments: