Saturday, December 08, 2007

Read the article carefully. My take is that EDS didn't discover the data spill. And it took them a month to determine who was impacted. (Interesting that the Air Force is reporting this.)

http://www.pogowasright.org/article.php?story=20071207171706185

Tricare data breach affects 4,700 families

Friday, December 07 2007 @ 05:17 PM EST Contributed by: PrivacyNews News Section: Breaches

Letters are in the mail to about 4,700 households who submitted claims through the Tricare Europe office since 2004 about a data breach involving their personal information — a month after the breach was reported.

Most of those affected have since moved from Europe.

Electronic Data Systems notified Tricare on Nov. 7 that they had not properly secured a part of the system it maintains for Tricare, and “certain external entities” had been allowed access to a file with personal information.

That file contained full or partial Social Security numbers. For one or more members of each household, it included their name, date of birth, and a medical diagnosis code associated with a health benefits claim submitted to Tricare Management Activity.

Source - AirForceTimes



TJX strikes back! “We had poor security only in theory. In practice, we were a good as most retailers.)

http://www.boston.com/business/globe/articles/2007/12/07/tjx_subpoenas_documents_from_mastercard_on_breach/

TJX subpoenas documents from MasterCard on breach

December 7, 2007

TJX Cos. has subpoenaed security details from MasterCard Inc., court filings showed, as the Framingham retailer argued it hasn't been able to get sufficient information from the payment card network. The parent company of TJ Maxx and Marshalls faces claims in federal district court in Boston from banks that say its security was lax before a data breach through 2006 that compromised as many as 100 million account numbers. TJX has argued that the payment system as a whole faced security issues and struck a deal with Visa Inc. last week in which both sides vowed more cooperation. In its filings yesterday, TJX said MasterCard "is a central figure in this case" whose knowledge and conduct related to TJX's defenses. (Ross Kerber)



What would be the equivalent in the brick and mortar world? Your private security guards suddenly lock the doors and won't allow customers into the store?

http://www.pcmag.com/article2/0,2704,2229576,00.asp?kc=PCMS102049TX1K0100488

Symantec Screwup Is 'Worse Than Any Virus'

12.06.07 by Chloe Albanesius

A routine update from Symantec Security Response wreaked havoc on a California company's clientele this week when it inadvertently tagged a program produced by Solid Oak Software as a virus and cut off the Internet access of Solid Oak customers.

Symantec on Monday released a virus definition update that incorrectly identified Solid Oak's CyberSitter filtering program as a virus. Depending on the version of Symantec's Norton Antivirus product that Solid Oak customers were running, CyberSitter files were either deleted or banned from use by Norton, according to Solid Oak.

Customers, which include schools, libraries and personal accounts, were not provided with a recovery mechanism and subsequently lost Internet access. Solid Oak did not have an exact number of those affected, but it likely numbers in the tens of thousands, according to a spokeswoman.

Customers have had to re-install entire operating systems and software, she said. [Expensive! Bob]

Symantec contacted Solid Oak on Wednesday and "under pressure from Solid Oak," set up a technical support number for customers to call, Solid Oak said.

That number, however, is no longer in service. When PC Magazine called it on Thursday evening, it directed callers to the Norton customer service Web site, which provides standard fixes to common problems but does not address the problem facing Solid Oak customers.

This is the third time in less than a year that Symantec's Norton products have caused severe damage to computers running CYBERsitter software offerings, said Brian Milburn, president of Solid Oak Software, in a statement. "In my opinion, Norton products are worse than any virus I can think of," he said.

"We have thousands of users with no Internet access and all Symantec has done is to provide our mutual customers with a non-functioning support number that tell them to use on-line support," Milburn added. "The problem is even worse because the holiday season. Users are trying to order gifts on-line and they can't."

A Symantec spokeswoman said the company was "researching" the problem.

The situation is "embarrassing" for Solid Oak, Solid Oak's spokeswoman said. The company has been forced to pass along to customers instructions from Symantec, but nothing is working, she said. "People are upset," she said.

Solid Oak received an e-mail from Kevin Haley, Symantec's director of product management for Security Response, at 11 a.m. PST but no further instructions have been relayed, according to Solid Oak.



“...anything you say may be used against you in court.”

http://www.eweek.com/article2/0,1759,2229936,00.asp?kc=EWRSS03119TX1K0000594

Play It Isn't So

December 7, 2007 By Roy Mark

NOTE TO NYPD: Many MP3 players now have digital recording ability. While that might be old news to most, apparently N.Y. police Detective Christopher Perino didn't get the memo. It may cost Perino his badge and 84 years in prison.

Perino, 42 and a 19-year New York Police Department veteran, was indicted Dec. 6 by a Bronx grand jury for allegedly lying while under oath at the trial of a Bronx man charged with attempted murder. At the April trial, Perino repeatedly insisted he did not try to pressure the prime suspect into signing a confession.

Perino also testified he did not try to dissuade the suspect from talking with an attorney nor did he try to convince the suspect he didn't need an attorney.

Unfortunately for Perino, the suspect recorded the interview with Perino on a new MP3 player he had received for Christmas. The 75-minute MP3 interview refuted all Perino's claims. Perino was indicted for perjury.

The trial centered on a Dec. 25, 2005, shooting. Six days later, Perino conducted an interview with the prime suspect, Erik Crespo, then 17. Crespo hit the record button on the MP3 player in his pocket. After the interview, Crespo was detained but allowed to turn over his personal possessions—including the MP3 player—to his mother. [That procedure will be revised... Bob]


The cop (above) should have seen this cartoon. Might show up in a bunch of Privacy PowerPoints

http://www.pogowasright.org/article.php?story=20071207182020196

A Surveillance Society Works Both Ways (comic)

Friday, December 07 2007 @ 06:20 PM EST Contributed by: PrivacyNews News Section: Surveillance

Source - NewsTarget.com



...and the flip side. (and others)

http://www.pogowasright.org/article.php?story=20071207184300286

Taking computer in for installing new DVD drive waives expectation of privacy

Friday, December 07 2007 @ 06:43 PM EST Contributed by: PrivacyNews News Section: In the Courts

Trial court erred in finding that defendant did not waive his expectation of privacy in the child porn on the video files on his computer when he took it to Circuit City for installation of a new DVD drive. Commonwealth v. Sodomsky, 2007 PA Super 369, 2007 Pa. Super. LEXIS 4113 (December 5, 2007).

Source - FourthAmendment.com (blog)



Legal arguments are reducing to: “We don't need no stinking warrants!”

http://msn-cnet.com.com/Police-Blotter:-Verizon-forced-to-turn-over-text-messages/2100-1030_3-6221503.html?part=msn-cnet&subj=ns_2510&tag=mymsn

Police Blotter: Verizon forced to turn over text messages

By Declan McCullagh Story last modified Wed Dec 05 10:12:46 PST 2007

What: U.S. Department of Justice seeks archived SMS text messages from Verizon Wireless without obtaining a warrant first.

When: District judge rules on October 30; magistrate judge completes review of archived text messages on Friday.

Outcome: Prosecutors receive the complete contents of defendant's text messages.

What happened, according to court documents:

It may not be that well known outside of police and telecommunications circles, but odds are excellent that your mobile phone provider saves copies of your SMS text messages. In a case that Police Blotter wrote about last year, federal police obtained logs of archived text messages from two unnamed wireless providers.

In addition, a judge in the Kobe Bryant sex case ordered the phone provider to turn over archived messages. Text messages were also part of the trial involving the attempted murder of rapper 50 Cent.

(By the way, here is one way to send almost-anonymous text messages.)

The most recent case dealing with SMS text messages does not involve a celebrity, though. It involves Susan Jackson, who pleaded guilty to wire fraud involving unauthorized transfers from her employer's bank account to her own NASA Federal Credit Union account.

To buttress her request for a minimum sentence, Jackson submitted letters that she said were from friends, employers, and relatives, but the U.S. Secret Service asserts the documents were altered or doctored. If that is true, it could amount to an additional charge of obstruction of justice.

One person allegedly said that Jackson urged him, "using text messaging and e-mail," to go along with the alterations.

The U.S. Department of Justice asked for a subpoena ordering Verizon Wireless to turn over the contents of text messages for phone number (301) 325-XXXX. The request was made under 18 USC 2703(b)(1)(b)(i) and (ii), which do not require probable cause and a search warrant. Instead, all prosecutors must do is claim--and this is much easier--that the records are "relevant and material" to an investigation. (The Justice Department says this is fine because the text messages were "opened communications," meaning that they were already read by the recipient and should therefore be easier to obtain.)

Jackson's lawyer opposed the request, saying that a proper search warrant was required. On October 30, U.S. District Judge Richard Roberts sided with the prosecution and said that only a subpoena was needed.

Verizon complied. It turned over three sets of documents: information about the account holder linked to that phone number, a list of the complete contents of the text messages sent or received by cellular telephone number (301) 325-XXXX between June 6 and October 31, 2007, and a log of whom Jackson sent messages to from her Verizon e-mail address. Note that Verizon did not keep copies of the actual contents of her e-mail messages.

Because Jackson alleged that the text messages might involve sensitive attorney-client communications, the court appointed a magistrate judge to review them. Magistrate Judge Alan Kay concluded that the text messages did not involve attorney-client privilege and recommended they be turned over to prosecutors "in their entirety."

Excerpts from Justice Department's brief:

Unfortunately, the defendant's Internet services provider, Verizon Internet Services, Inc., has advised the government that it does not store the content of its subscribers' e-mail communications...

It does maintain, however, a "transactional log" for its accounts, including the defendant's account... Since the information will not contain the content of any communications, it is not believed that the defendant has any basis to contest production.



Isn't this the business model I suggested?

http://www.killerstartups.com/Video-Music-Photo/AudioSocketMusiccom---Get-Your-Indie-Music-Licensed/

AudioSocketMusic.com - Get Your Indie Music Licensed

AudioSocket wants to license your music. The terms are pretty favorable for the artist. They keep 100% of the music rights, 60% of the licensing fee, 100% of the royalty payments, and they’ll get both the attention and treatment they deserve. AudioSocket is a small, boutique-style agency which means they do the works hands on. Each artist is hand selected which means only the best from around the world are selected.

http://www.audiosocketmusic.com/

No comments: