Wednesday, November 07, 2007

Going for the record! Call Guinness!

http://www.pogowasright.org/article.php?story=20071106152629475

MSU notifies students, staff of security breaches

Tuesday, November 06 2007 @ 03:26 PM EST Contributed by: PrivacyNews News Section: Breaches

Montana State University is informing 271 people that their Social Security numbers may have been exposed in one of three separate data security breaches.

On Nov. 2, it was determined that a stolen data storage device contained the Social Security numbers of 216 students and employees who lived in on-campus housing from 1998 to the spring of 2007.

In a separate incident that also occurred on Nov. 2, an independent security analyst informed university data security staff that an Excel spreadsheet with the names and Social Security numbers of 42 people - mostly new hires during the summer of 2006 - was available on the MSU Web site. The spreadsheet was immediately removed.

While investigating the Excel spreadsheet incident, MSU data-security staff discovered another Excel spreadsheet with the Social Security numbers of 13 people affiliated with the Department of Computer Science on the university's Web site. It, too, was immediately removed.

Source - Billings Gazette



Lack of Security Training, good (quick and thorough) response?

http://www.infoworld.com/article/07/11/06/Salesforce-falls-for-phishing-scam-warns-customers_1.html?source=rss&url=http://www.infoworld.com/article/07/11/06/Salesforce-falls-for-phishing-scam-warns-customers_1.html

Update: Salesforce.com falls for phishing scam, warns customers

After a phisher managed to get a corporate password, online criminals have been sending fake invoices as well as malware to Salesforce customers

By Robert McMillan, IDG News Service November 06, 2007

Salesforce.com is warning customers that they may be the targets of malicious software or phishing scams, after one of its employees was tricked into divulging a corporate password.

In a note to customers, Salesforce said that online criminals have been sending customers fake invoices and, starting just a few days ago, viruses and key logging software. The e-mails were sent using information that was illegally obtained from Salesforce.com.

Salesforce.com bills its Web-based CRM (customer relationship management) products as easier to use and maintain than traditional CRM software, but this latest development underlines the security risks that come with this more open model.

The problems began a few months ago, when a Salesforce.com employee fell for a phishing scam and divulged a company password that gave attackers access to a customer contact list. With this password, the criminals were able to obtain first and last names, company names, e-mail addresses, and telephone numbers of Salesforce.com customers.

"As a result of this, a small number of our customers began receiving bogus e-mails that looked like Salesforce.com invoices," Salesforce.com said.

Some of those customers then fell victim to the scam and gave up their passwords to the criminals, too. When Salesforce.com started seeing malicious software being attached to these e-mails, the company decided to issue a general alert to its nearly 1 million subscribers.

According to the Washington Post, Suntrust Banks was one of the customers victimized by this scam.

Jan Sabelstrom noticed that something was amiss when an e-mail purporting to be from the U.S. Federal Trade Commission landed in his inbox. This phishing attempt contained information about one of his company's customers that would have been available to Salesforce.com, but not the public at large, he said.

Sabelstrom, managing director of CaSa Customer Solutions, a Chicago-based CRM consultancy, said he emailed Salesforce employees, including CEO Marc Benioff, about the message on Oct. 30 -- the same day that Salesforce.com notified its customers of the problem.

"I basically shot them an e-mail saying... I would like to understand how this came to be," he said. "It seems a little bit dubious to me that there's this connection between me and my customers."

Salesforce.com's response showed him that the company was taking the issue seriously, Sabelstrom said. Within two hours he heard back from Benioff, and soon the company's security team was walking him through what had happened, and assuring him that his customer's data had not been breached. "I was impressed," he said. "You can call it damage control but it was attentiveness."

Salesforce.com is working with law enforcement to resolve the problem, but in the meantime it is recommending that customers implement a number of security measures in order to cut down on the phisher's chance of succeeding.

Suggested actions include restricting Salesforce.com account access to users who are within the corporate network, [...as opposed to “everyone?” Bob] phishing education or the use of stronger authentication techniques to log on to the Salesforce.com servers.

On Tuesday, Salesforce.com declined to comment further on the matter. "Everything that they have to say about it is in this note," a spokesman with the company's public-relations agency said.



New insights?

http://www.pogowasright.org/article.php?story=20071106084648466

Book: Privacy at Risk (by Christopher Slobogin)

Tuesday, November 06 2007 @ 08:46 AM EST Contributed by: PrivacyNews News Section: Surveillance

Professor Christopher Slobogin (University of Florida College of Law) has just published Privacy at Risk: The New Government Surveillance and the Fourth Amendment (U. Chicago Press, Nov. 1, 2007). According to the book description:

Without our consent and often without our knowledge, the government can constantly monitor many of our daily activities, using closed circuit TV, global positioning systems, and a wide array of other sophisticated technologies. With just a few keystrokes, records containing our financial information, phone and e-mail logs, and sometimes even our medical histories can be readily accessed by law enforcement officials. As Christopher Slobogin explains in Privacy at Risk, these intrusive acts of surveillance are subject to very little regulation.

Applying the Fourth Amendment’s prohibition on unreasonable searches and seizures, Slobogin argues that courts should prod legislatures into enacting more meaningful protection against government overreaching. In setting forth a comprehensive framework meant to preserve rights guaranteed by the Constitution without compromising the government’s ability to investigate criminal acts, Slobogin offers a balanced regulatory regime that should intrigue everyone concerned about privacy rights in the digital age.

Source - Concurring Opinions



Anything new or novel? Perhaps just a sales tool...

http://www.pogowasright.org/article.php?story=200711070738408

Data Breach Harm Analysis From ID Analytics Uncovers New Patterns of Misuse Arising From Breaches of Identity Data

Wednesday, November 07 2007 @ 07:38 AM EST Contributed by: PrivacyNews News Section: Breaches

ID Analytics, Inc., the leader in Identity Risk Management, today announced the results of a new study on the harm resulting from data breaches. The study analyzed more than ten million identities spanning over a dozen data breaches. ID Analytics found five separate cases where breached identity data was misused by fraudsters, with two of those cases resulting from employee theft of data.

.... Webinar and White Paper on Findings
Today at 11:00 am PT / 2:00 pm ET, Thomas Oscherwitz will present these findings in a free, live, one-hour webinar. To register, go to http://www.idanalytics.com/databreachharmanalysis/.
To request a white paper with more detailed findings on the research, email marketinginfo@idanalytics.com.

Source - PRNewswire



How NOT to keep things quiet. This might be amusing if it goes far enough... (If they lose, will they be required to reimburse the district?)

http://yro.slashdot.org/article.pl?sid=07/11/07/0226224&from=rss

School District Threatens Suit Over Parent's Blog

Posted by kdawson on Wednesday November 07, @06:06AM from the speech-in-a-deep-freeze dept. The Internet Education The Courts

penguin_dance writes "A Texas School District is threatening to sue a parent over what it terms 'libelous material' or other 'legally offensive' postings on her web site and are demanding their removal. Web site owner Sandra Tetley says they're just opinions. The legal firm sending the demand cited 16 items, half posted by Tetley, the rest by anonymous commentators to her blog. The alleged libelous postings 'accuse Superintendent Lynne Cleveland, trustees and administrators of lying, manipulation, falsifying budget numbers, using their positions for "personal gain," violating the Open Meetings Act and spying on employees, among other things.' The problem for the district is that previous courts have ruled that governments can't sue for libel. So now, in a follow-up story, the lawyers say the firm 'would file a suit on behalf of administrators in their official capacities and individual board members. The suit, however, would be funded from the district's budget.' So far, Tetley hasn't backed down, although she said she'll 'consult with her attorneys before deciding what, if anything, to delete.'"



Amusing and worth listening to... Democratizing technology. (Downloadable)

http://lessig.org/blog/2007/11/my_ted_talk_is_up.html

My TED talk is up

November 7, 2007 12:30 AM

Somethings old, somethings new, lots that's borrowed, none that's blue. Watch it at the TED site here.


...and what might students do with technology?

http://www.wral.com/news/local/story/2005911/

Students Accused of Sending Porn Via School-Issued Laptops

Posted: Nov. 5, 2007

Snow Hill — The State Bureau of Investigation is looking into three Greene County Central High School students accused of creating and sending pornographic material with their school-issued computers.

In one case, a 16-year-old student reportedly sent video of himself with his 15-year-old girlfriend to a teacher by mistake.

... "So, there are probably more opportunities for them to record things and to do things with the computers that they haven't had before, unfortunately" Mazingo said. "It also greatly enhances the educational opportunities."

... Mazingo said the school system does not plan to cancel the laptop program. Administrators, however, are working with the district attorney's office on a video to teach students about how serious charges can be for using the cameras inappropriately.

He said administrators would also continue to monitor closely all activity on every issued computer. [“We'll be looking at each of these video countless times...” Bob]


How schools will respond?

http://www.pogowasright.org/article.php?story=20071106075100527

HI: School searches are reasonable (editorial)

Tuesday, November 06 2007 @ 07:51 AM EST Contributed by: PrivacyNews News Section: Minors & Students

When it comes to keeping track of what students are doing, schoolteachers and administrators should have the same rights as parents. [Does that mean they should face the same liability if they neglect the children? Bob] Children know, or should know, parents are liable to check their belongings, despite crying: “Don’t I have any privacy?” In most homes, the answer is, “No, you don’t.”

The state Board of Education, including Maui representative Mary Cochran, has voted in favor of allowing officials to search student lockers “with or without cause.” The policy includes the use of drug-sniffing dogs on school campuses.

Source - The Maui News



Will you need a drivers license to ride the subway?

http://www.pogowasright.org/article.php?story=20071107065348787

D.C.: DMV explores SmarTrip chips

Wednesday, November 07 2007 @ 06:53 AM EST Contributed by: PrivacyNews News Section: REAL ID

Privacy advocates are alarmed by a D.C. Department of Motor Vehicles initiative to embed SmarTrip computer chips inside every new D.C. driver’s license, making it easier than ever to track D.C. residents on their travels through the transit system.

The DMV will spend $830,000 a year to install SmarTrip chips in all driver’s licenses and identification cards starting in October 2008.

Source - Examiner.com



Huh. I don't think so...

http://www.bespacific.com/mt/archives/016445.html

November 06, 2007

Commentary on Digitization of the World's Libraries

The New Yorker: Digitization and its discontents, by Anthony Grafton, November 5, 2007

  • "...the Internet will not bring us a universal library, much less an encyclopedic record of human experience. None of the firms now engaged in digitization projects claim that it will create anything of the kind. The hype and rhetoric make it hard to grasp what Google and Microsoft and their partner libraries are actually doing. We have clearly reached a new point in the history of text production. On many fronts, traditional periodicals and books are making way for blogs and other electronic formats. But magazines and books still sell a lot of copies. The rush to digitize the written record is one of a number of critical moments in the long saga of our drive to accumulate, store, and retrieve information efficiently. It will result not in the infotopia that the prophets conjure up but in one in a long series of new information ecologies, all of them challenging, in which readers, writers, and producers of text have learned to survive...the narrow path still leads, as it must, to crowded public rooms where the sunlight gleams on varnished tables, and knowledge is embodied in millions of dusty, crumbling, smelly, irreplaceable documents and books."



First question (also first in the comments) Do they make more money this way? Anyone know how many albums they sold the RIAA way? How much does a band make per album?

http://yro.slashdot.org/article.pl?sid=07/11/06/2035244&from=rss

38% of Downloaders Paid For Radiohead Album

Posted by kdawson on Tuesday November 06, @05:09PM from the fanatical-fan-base dept.

brajesh sends us to Comscore for a followup on the earlier discussion of Radiohead making $6-$10 million on their name-your-own-cost album "In Rainbows" — with the average price paid being between $5 and $8. Comscore analyzes the numbers: "During the first 29 days of October, 1.2 million people worldwide visited the 'In Rainbows' site, with a significant percentage of visitors ultimately downloading the album. The study showed that 38 percent of global downloaders of the album willingly paid to do so, [Does that match the RIAA estimates? Bob] with the remaining 62 percent choosing to pay nothing... Of those who were willing to pay, the largest percentage (17 percent) paid less than $4. However, a significant percentage (12 percent) were willing to pay between $8-$12, or approximately the cost to download a typical album via iTunes, and these consumers accounted for more than half (52 percent) of all sales in dollars."



email these to your competitors, let them waste time. (Lots more in the comments)

http://ask.slashdot.org/article.pl?sid=07/11/06/1558234&from=rss

What Are The Best Free Games Online?

Posted by Zonk on Tuesday November 06, @02:23PM from the big-fan-of-line-rider dept. Games

almostdead writes “CNET has just put up a story about what it thinks are the best online flash games of all time. These include titles like Line Rider, Bejeweled, Desktop Tower Defense and Portal, all of which I enjoy playing a lot. But my thirst for free games is peaking at the moment, probably due to an incredibly boring job and lack of imagination. Can you suggest any more good free games online?"



A hobby site. Make money, have fun – my kind of business model! (Tupperware for winos?)

http://www.killerstartups.com/Social-Networking/tastoria--Viritual-Wine-World/

Tastoria.com - Viritual Wine World

Are you a wine connoisseur who is looking for an open door to the wine tasting realm? If so, Tastoria.com might just be able to whet your whistle. Tastoria.com is an online wine tasting site that has both online and offline activities!

http://www.tastoria.com/winetastingclips.cfm

No comments: