Not timely, but honest!
http://www.pogowasright.org/article.php?story=20071024035954837
Restaurant chain customers' credit card data stolen
Wednesday, October 24 2007 @ 03:59 AM EDT Contributed by: PrivacyNews News Section: Breaches
Not Your Average Joe's, a Massachusetts restaurant chain, said yesterday that thieves have stolen credit card data belonging to its customers.
The Dartmouth-based chain estimated less than 3,500 of the 350,000 customers it served in August and September had their credit card information stolen. The 14-restaurant chain said it is working with the US Secret Service and major credit card companies to determine how the data theft occurred and precisely how many customers were affected.
Source - Boston Globe
[From the article:
... Today, the chain plans to post on its website a notice to customers about the security breach.
http://www.notyouraveragejoes.com/news/
... The breach at Not Your Average Joe's first surfaced on Cape Cod. Officials at Cape Cod Five Cents Savings Bank reported to local police that a handful of customers were seeing unauthorized charges showing up on their credit card statements.
... Scipione said the Cape Cod Five customers reported nearly $20,000 in unauthorized charges, nearly all of them rung up abroad. He said it appeared the thieves were using the stolen credit card information in conjunction with counterfeit credit cards.
[From their web site:
... The only data our company has access to are the credit card number, expiration date and name associated with the card. Not Your Average Joe’s does not have any other identifying data; therefore, no risk of identity theft associated with this issue exists. [Now that is how to say it! Bob]
... based on what we have learned to date the activity occurred largely between early August and late September; there has been no evidence of any fraudulent activity subsequent to September 29. [In and out before the credit card statements arrive... Bob]
You can state why you think Identity Theft is unlikely, or you can talk about how the Tooth Fairy will make it all better...
http://www.pogowasright.org/article.php?story=20071023080255459
200,000 notified of missing tape containing personal information
Tuesday, October 23 2007 @ 08:02 AM EDT Contributed by: PrivacyNews News Section: Breaches
A computer tape containing personal information such as names, addresses and Social Security numbers on 200,000 past and current members of three health insurance programs is missing after it reportedly slipped out of a package during shipment. The information comes from the West Virginia Public Employees Insurance Agency (PEIA), the Children's Health Insurance Program and the AccessWV high risk insurance pool.
Source - Associated Press
[In the article, “Some state employees say they expect officials to recover a missing computer tape...” even though the tape went missing on Oct. 12 and “The third-party shipper reported it missing Oct. 16. After an exhaustive weekend search” Perhaps they are calling in Harry Potter? Bob]
Not your typical “they were only after the laptops” break-in – in fact no computers involved...
http://www.pogowasright.org/article.php?story=20071024040138844
School Burglars Target Students' Information
Wednesday, October 24 2007 @ 04:01 AM EDT Contributed by: PrivacyNews News Section: Breaches
Four East Texas school districts had campuses burglarized within the past week, and one district has reason to believe the burglars' target may have been their students' Social Security information.
Source - Tyler Morning Telegraph
This happened September 11th – life moves at a slower pace in Utah. And they don't seem to keep logs, since they can't tell if anything was accessed or copied!
http://www.pogowasright.org/article.php?story=20071023133323248
Personal information compromised on Dixie State computer system
Tuesday, October 23 2007 @ 01:33 PM EDT Contributed by: PrivacyNews News Section: Breaches
An unauthorized person reportedly gained access to Dixie State College's computer system and gained access to confidential files, including Social Security numbers, birth date information and addresses for some alumni and current DSC employees.
... Once DSC officials became aware of the incident, the compromised files, which contained approximately 11,000 names of those who graduated or worked at DSC from 1986 to 2005, were immediately deleted from the server. [Suggesting that they shouldn't have been there in the first place? Bob] In addition, law enforcement officials, the Utah State Attorney General’s Office and the Utah Higher Education Commissioner’s office were notified.
Source - The Spectrum
Ah! Someone finally noticed!
http://www.pogowasright.org/article.php?story=20071024040301889
(update) Court filing in TJX breach doubles toll
Wednesday, October 24 2007 @ 04:03 AM EDT Contributed by: PrivacyNews News Section: Breaches
More than 94 million accounts were affected in the theft of personal data from TJX Cos., a banking group alleged in court filings, more than twice as many accounts as the Framingham retailer has said were affected in what was already the largest data breach in history.
The data breach affected about 65 million Visa account numbers and about 29 million MasterCard numbers, according to the court filing, which was made late yesterday by a group of banks suing TJX over the costs associated with the breach.
Source - Boston Globe
Have we lost something in the translation?
http://www.pogowasright.org/article.php?story=20071023191039116
Privacy's Other Path: Recovering the Law of Confidentiality
Tuesday, October 23 2007 @ 07:10 PM EDT Contributed by: PrivacyNews News Section: Other Privacy News
Dan Solove and Neil Richards have uploaded the final version of their paper, Privacy's Other Path: Recovering the Law of Confidentiality up on SSRN. The abstract:
The familiar legend of privacy law holds that Samuel Warren and Louis Brandeis invented the right to privacy in 1890, and that William Prosser aided its development by recognizing four privacy torts in 1960. In this article, Professors Richards and Solove contend that Warren, Brandeis, and Prosser did not invent privacy law, but took it down a new path. Well before 1890, a considerable body of Anglo-American law protected confidentiality, which safeguards the information people share with others. Warren, Brandeis, and later Prosser turned away from the law of confidentiality to create a new conception of privacy based on the individual's inviolate personality. English law, however, rejected Warren and Brandeis's conception of privacy and developed a conception of privacy as confidentiality from the same sources used by Warren and Brandeis. Today, in contrast to the individualistic conception of privacy in American law, the English law of confidence recognizes and enforces expectations of trust within relationships. [Is there trust in a TJX-customer relationship? Bob] Richards and Solove explore how and why privacy law developed so differently in America and England. Understanding the origins and developments of privacy law's divergent paths reveals that each body of law's conception of privacy has much to teach the other.
Source - Concurring Opinions
We're your government. Trust us!
http://www.pogowasright.org/article.php?story=20071023132750494
Federal security breaches double in four months
Tuesday, October 23 2007 @ 01:31 PM EDT Contributed by: PrivacyNews News Section: Breaches
Federal agencies report an average of 30 incidents a day in which Americans' personally identifiable information is exposed, double the incidents reported early this summer, according to the top information technology executive in the Bush administration.
The Office of Management and Budget issued a memo in July 2006 requiring agencies to report security incidents that expose personally identifiable information to the U.S. Computer Emergency Readiness Team within one hour of the security incident. In June 2007, 40 agencies reported almost 4,000 such security incidents, an average of about 14 per day. As of this week, the average had increased to 30 a day, said Karen Evans, administrator of the Office of Electronic Government and Information Technology at OMB.
Source - Government Executive
That's Comcastic! (Attention Class Action Lawyers!)
http://techdirt.com/articles/20071023/130226.shtml
Comcast's Rootkit Moment
from the expected-filing-in-3...2...1... dept
With all the fuss over Comcast's decision to jam certain types of traffic without being even remotely transparent about it, people are starting the countdown to the inevitable lawsuits. This is beginning to take on some similarities to Sony's rootkit debacle, which started to spread in a similar matter. And, just like Sony responded initially by saying rootkits were okay because no one knows what they are, Comcast has said that people shouldn't worry about this because most people won't be able to detect it. In other words, just like Sony, Comcast is seriously underestimating what this is doing for the company's brand. As the link above notes, someone could make a pretty good case that Comcast's method of jamming traffic violates certain state laws forbidding impersonating others -- since, technically, that's exactly what Comcast is doing to jam the traffic. There's also the question of whether or not it becomes an FTC issue for misleading customers into believing they could do certain things with their connection that they could not. If Comcast wants to avoid a full Sony rootkit style mess, it would be good for the company to come right out and make it clear what they do and what that means for its customers.
Related In fact, almost exactly what Comcast is doing (above)
http://techdirt.com/articles/20071023/153522.shtml
Verizon Fined For Pretending That Limited Service Was Unlimited
from the watch-out-comcast... dept
Back in 2005, we noted that Verizon Wireless was following the tactics of others in advertising "unlimited" wireless broadband services, while the truth was they were quite limited. As people later worked out, despite the claim of "unlimited," VZW was cutting off anyone who used more than 5 gigs of data per month. That's pretty limited, actually. When confronted about this, the company tried to argue that by "unlimited" it really meant "It's unlimited amounts of data for certain types of data." And they followed it up with this gem: "It's very clear in all the legal materials we put out." Right, see, that's the legal materials -- the stuff you know no one reads. Yet in the marketing materials it's quite clear that you're claiming "unlimited" and that has a pretty clear meaning. After many such complaints, Verizon Wireless finally started to back down from the false claim of "unlimited" earlier this year. Turns out that it wasn't because of any realization that lying to your customers is a bad idea, but because NY State was investigating the practice. NY has now fined Verizon Wirelss $1 million to be given out to customers who had their service unfairly terminated for actually believing that "unlimited" meant "unlimited." Of course, Comcast might want to start paying attention right about now. While lawyers everywhere are rushing to file lawsuits over its decision to jam broadband user accounts, before that happened Comcast was famous for many, many years for being one of the biggest ISPs to lie about offering unlimited service. It's a story that comes up in the press every year or so, and every year Comcast gives its own doublespeak about how it only cuts off the worst "abusers." However, it's still false advertising to claim unlimited service when that's not what you supply -- and it's hardly "abuse" if people are merely doing what you told them they could do.
Free to porn! (Porn free?) Now I can start my online hosting service for Amateur Pimps! (Porn Hobbyists?)
http://techdirt.com/articles/20071023/230307.shtml
Court Throws Out Rule Requiring Adult Sites To Keep Records And Proof Of Age For All Performers
from the that-first-amendment-thing dept
Just last week, Wired had an article looking at how a particular section of law regulating adult content could potentially hurt the growth of "user generated" porn sites. The law in question required any "publisher" of adult content to obtain and permanently keep records proving that the "performers" in question were of legal age. Obviously, the goal here is to prevent child porn -- but many felt that such a rule was incredibly burdensome on those who were producing legitimate adult content, and it was even worse for "user generated" sites that would now require such information from every participant. Now, Slashdot points out that the Sixth Circuit Court of Appeals has found the law to be unconstitutional, as it violates the First Amendment. The Slashdot post is a little misleading, implying that the case was about age verification for viewers. It's actually about the performers. The full ruling (pdf) is an interesting read, but the crux of the argument is that while preventing child porn is a noble goal, if it ends up putting a burden on plenty of legitimate expression, then it's a clear First Amendment violation. Many people may not think this is a big deal, as they don't care for adult content or don't have any problem with having it heavily regulated -- but as the court notes, the right for people to remain anonymous is an important part of the First Amendment. [...even for people who videotape themselves having sex. Bob] Weakening that right -- even if for a reasonable end goal -- starts you down a slippery slope.
Using Virtuality for security
http://www.technewsworld.com/rsstory/59949.html
Virtual Browsers: Disposable Security
By Frank Hayes Computerworld 10/23/07 8:00 AM PT
If users are working on a virtualized PC, or at least a virtualized Web browser, then throwing it out is trivial. So is replacing it with a fresh, uncluttered, uninfected version. Virtual IT is built to be disposable. OK, you've heard about this virtualization magic before. However, it seems too good to be true, and it sounds complicated and expensive.
... Firewalls and antivirus software can block or kill some of it. But the bad guys keep getting more clever and more subtle. And more prolific -- for example, antivirus vendor Symantec (Nasdaq: SYMC) Latest News about Symantec says it now identifies new malware variations at the rate of nearly 1,200 per day.
Worse still, all that junk can hang around in the browser or PC until it's forcibly removed. That's if it can be removed.
There's one sure way to get rid of it: Throw away the PC. That's expensive -- at least, if you're actually throwing away the hardware. Or you can throw away just the software by reimaging the hard drive; no hardware cost there, but it still chews up time and manpower.
Toward the universal university...
http://techdirt.com/articles/20071022/181452.shtml
Universities Figuring Out The Value Of Giving Away Content For Free
from the economics-lessons dept
It started with universities giving away all their courseware online for free, but recently some universities have started posting videos of all lectures for free on YouTube as well. This has some folks wondering what that means about the value of a university education. Andy Kessler does a nice job breaking down the details of what he calls "YouTube U.", noting that it plays directly into the economics of free content. The content itself, once recorded, is the infinite good -- but the scarce good remains the actual diploma of having successfully made it through the courses and the tests to prove that you had an acceptable level of understanding. While he then jokingly (right, Andy?) suggests that a more conspiratorial answer is that it's a professor's way of being lazy and focusing on the parts of being a professor that bring in money (research, consulting) he may not be that far off. Professors will embrace such things because if they really are good professors it does help build their own brand, which can help them in many ways, from getting grant money to getting better grad student researchers to many other things. And the fact that it can do all that while also helping many people who aren't attending the school learn about whatever topic is being taught seems like a pretty good deal.
I'm going to make a guess that this could be useful when coordinating a project outside a normal organization structure. Perhaps in a classroom (where students are global) or when writing a legal/technical paper (with input from a variety of sources)
http://www.killerstartups.com/Web-App-Tools/projectoffice--For-Efficient-Project-Management/
ProjectOffice.net - For Efficient Project Management
Do you want to finish projects more efficiently? Does your company want more fluid communication between team members?
... The application has different roles for the members of the project. There are three different roles; guest, team member, and project manager. The guest can view the information but can not edit or add any new information. The team member can edit his/her tasks along with editing and commenting of the wiki page. The project manager has all of the privileges of the other roles and in addition can create and edit projects and approve time off requests.
... The dashboard is where all of your projects and tasks are listed there is even a personal to do section. The editor allows you to create new projects and tasks, along with invite new members to ProjectOffice.net. The wiki allows project members to communicate and give each others updates and additional information. The issues tracking system is for project managers to use to assign issues to team members and track the status of the issue until it is fixed.
No comments:
Post a Comment