Friday, November 16, 2007

Isn't it nice to know that the VA has implemented all the security measures they promised?

http://www.pogowasright.org/article.php?story=20071115072715438

VA Hospital Records Compromised In Security Breach

Thursday, November 15 2007 @ 07:27 AM EST Contributed by: PrivacyNews News Section: Breaches

A major security breach at the Indianapolis Veterans Administration hospital compromised files on about 12,000 patients, officials said late Thursday.

The VA said three computers were taken from locked offices at the Roudebush VA Medical Center on Saturday, but the theft was not discovered until Monday.

Source - The Indy Channel

Related - Committee on Veterans' Affairs Press Release via Inside Indiana Business.



No need to look far for the next TJX...

http://hosted.ap.org/dynamic/stories/W/WI_FI_SECURITY_RETAIL?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Many Retailers Easy to Hack, Study Finds

By MARK JEWELL AP Business Writer Nov 16, 1:27 AM EST

BOSTON (AP) -- Half of more than 3,000 retail stores that a wireless security company secretly monitored at major shopping areas in the U.S. and Europe use wireless data systems vulnerable to hacking, the company said Thursday.

The data that stores routinely transmit on wireless networks include credit card and Social Security numbers and other sensitive customer information.

AirDefense Inc., an Atlanta-based maker of security products for wireless data systems, found that about 25 percent of the stores' 4,748 wireless access points were exchanging data with no encryption at all to foil electronic eavesdroppers.

Another 25 percent were using an outdated encryption method called Wireless Equivalent Privacy that is easily cracked by thieves using widely available tools.



Now here's an idea that needs work.

http://www.pogowasright.org/article.php?story=20071115072522995

UK: Doctors may be prosecuted if their laptops are stolen

Thursday, November 15 2007 @ 07:25 AM EST Contributed by: PrivacyNews News Section: Breaches

Doctors who have laptops containing patients’ records stolen from their cars could end up in court.

Richard Thomas, the Information Commissioner, said a “blatant breach of fundamental observation” should attract criminal penalties. He told the Lords’ Constitution Committee that this was a new criminal offence being sought to enforce compliance with data protection laws.

The offence would be for knowingly or recklessly flouting data protection principles. [Keep the title, rework the rest. Bob] Offenders could be fined up to £5,000 in a magistrates’ court or unlimited sums in the Crown Court.

Source - TimesOnline>


Related... (and we haven't talked about thumbdrives or IM yet.)

http://mobile.slashdot.org/article.pl?sid=07/11/15/2355217&from=rss

IT's Love-Hate Relationship With Laptops

Posted by CowboyNeal on Thursday November 15, @11:11PM from the caucophony-of-pleasure-and-pain dept. Portables Hardware

Ian Lamont writes "Are laptops really as great as they're cracked up to be? We love their portability, and we've been charting the steady rise of laptop sales for years. Yet while many of us depend on them for work, our IT departments view them with mixed feelings. IT managers point to wi-fi configuration, complicated authentication procedures, and eight other issues as making their jobs a lot harder. What else is missing from the list of laptop limitations? What would you like to see in the next generation of laptop computers?"



Well, that's one way to handle things – push communication off of email to IM or even phones...

http://www.ktvotv3.com/News/news_story.aspx?id=66201

Blunt creates permanent e-mail retention system

Posted: Thursday, November 15, 2007 at 9:49 a.m.

(AP) -- JEFFERSON CITY, Mo - Under fire over how his office handles electronic records, Governor Blunt is creating a permanent e-mail retention system.

Blunt announced today that every e-mail in all of state government will be retained automatically and permanently. And he said it will be open for public inspection, except where "legal and privacy concerns apply."

Blunt has come under scrutiny in recent weeks after disclosing the administration was deleting certain internal office e-mails.

Former Blunt staff attorney Scott Eckersley has said he was fired for offering legal advice on e-mail retention that contradicted actions by the governor and senior advisers.

Democratic Attorney General Jay Nixon hinted yesterday that he will soon open an investigation into how the governor's office handles public records.

Nixon plans to challenge Blunt in the 2008 election.



What information should you collect, how should you collect it, how long do you keep it, how much reliance can you place on it...

http://www.bespacific.com/mt/archives/016546.html

November 15, 2007

Minimum Criminal Intelligence Training Standards For Law Enforcement and Other Criminal Justice Agencies in the US

Minimum Criminal Intelligence Training Standards, For Law Enforcement and Other Criminal Justice Agencies in the United States, Findings and Recommendations, Version 2, October 2007. Prepared by the Intelligence Training Coordination Working Group, Presented to the Counter-Terrorism Training Coordination Working Group, the Global Intelligence Working Group, and the Criminal Intelligence Coordinating Council (64 pages, PDF).

  • "The intent of this document is to provide perspective and guidance for the development and delivery of law enforcement intelligence training. It is recognized that any type of “standard” can be debated based on an individual’s personal philosophy, professional priorities, and life experiences. In order to minimize bias or atypical context, the development process for these standards used a consensual approach reflecting the cumulative judgment of law enforcement intelligence practitioners, managers, executives, trainers, and scholars from all levels of government."


Related?

http://www.pogowasright.org/article.php?story=20071116074413699

Boeing bosses spy on workers

Friday, November 16 2007 @ 07:44 AM EST Contributed by: PrivacyNews News Section: Workplace Privacy

Within its bowels, The Boeing Co. holds volumes of proprietary information deemed so valuable that the company has entire teams dedicated to making sure that private information stays private.

One such team, dubbed "enterprise" investigators, has permission to read the private e-mails of employees, follow them and collect video footage or photos of them. Investigators can also secretly watch employee computer screens in real time and reproduce every keystroke a worker makes, the Seattle P-I has learned.

[...]

Recently, a Boeing investigator told a Puget Sound-area employee that he was followed off company property to a lunch spot, that investigators had footage of him "coming and going" and that investigators had accessed his personal Gmail account.

The primary reason for the 2007 investigation, the employee said, was Boeing's suspicion that he had spoken with a member of the media. The employee learned the details of the investigation during a three-hour meeting, in which investigators laid out some of their findings. He has since been fired.

Source - Seattle Post-Intelligencer


Related.

http://hosted.ap.org/dynamic/stories/G/GPS_SAVINGS?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

GPS Helps Cities Catch Goof-Offs

By FRANK ELTMAN Associated Press Writer Nov 16, 2:26 AM EST

ISLIP, N.Y. (AP) -- GPS tracking devices installed on government-issue vehicles are helping communities around the country reduce waste and abuse, in part by catching employees shopping, working out at the gym or otherwise loafing while on the clock.

The use of GPS has led to firings, stoking complaints from employees and unions that the devices are intrusive, Big Brother technology. But city officials say that monitoring employees' movements has deterred abuses, saving the taxpayers money in gasoline and lost productivity.

... Still, in Indiana, six employees of the Fort Wayne-Allen County Health Department lost their jobs last year after an administrator bought three Global Positioning Satellite devices out of her own pocket and switched them in and out of 12 department vehicles to nail health inspectors running personal errands on the job. [Isn't there a question about motive here? Bob]



What were you expecting?

http://it.slashdot.org/article.pl?sid=07/11/15/184204&from=rss

New NSA-Approved Encryption Standard May Contain Backdoor

Posted by Zonk on Thursday November 15, @01:21PM from the find-out-by-knocking dept. Security Encryption United States Government

Hugh Pickens writes "Bruce Schneier has a story on Wired about the new official standard for random-number generators the NIST released this year that will likely be followed by software and hardware developers around the world. There are four different approved techniques (pdf), called DRBGs, or 'Deterministic Random Bit Generators' based on existing cryptographic primitives. One is based on hash functions, one on HMAC, one on block ciphers and one on elliptic curves. The generator based on elliptic curves called Dual_EC_DRBG has been championed by the NSA and contains a weakness that can only be described as a backdoor. In a presentation at the CRYPTO 2007 conference (pdf) in August, Dan Shumow and Niels Ferguson showed that there are constants in the standard used to define the algorithm's elliptic curve that have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG."



Just a small question. Who gets to authorize something like this? I doubt the Board of Directors debates for hours – does some entry level manager have the authority to put the organization at risk?

http://www.pogowasright.org/article.php?story=20071115173001285

Employees suing over bathroom surveillance

Thursday, November 15 2007 @ 05:30 PM EST Contributed by: PrivacyNews News Section: Workplace Privacy

Kroger Co. is being sued by its employees for allegedly putting the bathroom of one of its U.S. grocery distribution centers under hidden video surveillance.

A total of 138 current and former employees in Kentucky and Indiana allege in their lawsuit filed in Jefferson (Ky.) Circuit Court, that using hidden video equipment at the Kroger distribution center in Louisville violated their privacy and harmed them, The (Louisville) Courier-Journal said Wednesday.

Source - UPI



Darwin never saw this...

http://www.technewsworld.com/rsstory/60344.html

The Evolution of Spam, Part 2: New Defenses

By Andrew K. Burger E-Commerce Times Part of the ECT News Network 11/16/07 4:00 AM PT

"There is no single head to cut off, no centralized command structure to attack. These aren't the Red Coats standing in a neat formation; these are guerrillas scattered across the landscape with known objectives and infrequent need for direction," said Randy Abrams, ESET's director of technical education.

... Part 1

No comments: