Wednesday, December 12, 2007

Wishing is not a security technique.

http://www.pogowasright.org/article.php?story=20071211194829602

Iowa DNR Tells 7000: Social Security Numbers Lost

Tuesday, December 11 2007 @ 07:42 PM EST Contributed by: PrivacyNews News Section: Breaches

A contractor working for the Iowa Department of Natural Resources (DNR) lost a jump drive containing the names and social security numbers of 7000 people who work in wastewater and drinking water systems. The loss occurred on Nov. 21, but the contractor waited to report it until Dec. 5th because he thought he might find the drive. He now believes that the drive fell off his desk at DNR and into the trash.

Source - KCRG-TV



Keep swinging people, eventually you could connect.

http://www.pogowasright.org/article.php?story=20071212003554151

TJX Lawsuit Transferred

Wednesday, December 12 2007 @ 06:41 AM EST Contributed by: PrivacyNews News Section: Older News Stories

A lawsuit by a group of New England and Alabama banks against TJX Cos. over a data breach that resulted in the theft of millions of credit-card numbers was transferred to a Massachusetts state court by a federal judge.

In his order yesterday, U.S. District Judge William G. Young denied the plaintiffs' request to sue as a class and ruled that without class-action status the case would no longer fall under federal jurisdiction.

... The plaintiffs plan to continue pressing for class-action status in state court, Joseph R. Whatley Jr., an attorney representing the banks, said after the decision.

Source - Wall Street Journal



Told ya! (Video)

http://digg.com/politics/From_the_Programmer_s_Mouth%3A_How_the_2000_Election_was_Fixed

From the Programmer's Mouth: How the 2000 Election was Fixed watch!

youtube.com — Clinton E. Curtis, ex-programmer tells all during a Congressional hearing on voting fraud. In October 2000, Curtis was asked by Tom Feeney (R), then Speaker of the House in Florida, to write a computer program that would render electronic voting fraud undetectable. Curtis did just that.

http://www.youtube.com/watch?v=ky-YXvxYbck&feature=related



We promise to start using all that security stuff everyone has been telling us to use. We'll start now (should be done before the turn of the millennium)

http://it.slashdot.org/article.pl?sid=07/12/11/2144255&from=rss

Ohio Plans To Encrypt After Data Breach

Posted by kdawson on Tuesday December 11, @05:24PM from the shutting-the-barn-door-after-the-horses dept. Security IT

Lucas123 writes "After a backup tape containing sensitive information on 130,000 Ohio residents, current and former employees, and businesses was stolen from the car of a government intern in June, the state government just announced it has purchased 60,000 licenses of encryption software — McAfee's SafeBoot — for state offices to use to protect data. It's estimated that the missing backup tape will cost Ohio $3 million. In September, the state docked a government official about a week of future vacation time for not ensuring that the data would be protected."



Oh them wild 9th Circuit guys...

http://www.pogowasright.org/article.php?story=20071211142949550

9th Circuit finds parts of Patriot Act unconstitutional

Tuesday, December 11 2007 @ 02:29 PM EST Contributed by: PrivacyNews News Section: In the Courts

A federal appeals court ruled yesterday that some portions of the U.S. Patriot Act dealing with foreign terrorist organizations are unconstitutional because the language is too vague to be understood by a person of average intelligence. [“So says us smart guys!” Bob]

Source - First Amendment Center

Court Opinion - Humanitarian Law Project v. Mukasey [pdf]



As we assumed?

http://www.pogowasright.org/article.php?story=20071211142529527

Reportable and Multiple Privacy Breaches Rising at Alarming Rate

Tuesday, December 11 2007 @ 02:25 PM EST Contributed by: PrivacyNews News Section: Breaches

Personally identifiable information (PII) of customers and employees is being exposed -- frequently and repeatedly -- potentially putting hundreds of thousands of individuals at risk and exposing organizations to increased liability, according to a new survey by Deloitte & Touche LLP ("Deloitte") and the Ponemon Institute LLC.

A shocking 85 percent of privacy and security professionals in North America surveyed acknowledged having at least one reportable data breach of PII within their organizations during the last 12 months, according to the "Enterprise@Risk: 2007 Privacy & Data Protection Survey." More alarming is the fact that 63 percent acknowledged multiple reportable data breaches occurred within their organizations during the same period.

Source - EarthTimes.org (press release)

"Enterprise@Risk: 2007 Privacy & Data Protection Survey" is available, at no charge, via the Deloitte web site at http://www.deloitte.com/us/privacyfunction.



“...'cause if we knew this was on the record, we would have lied better”

http://www.pogowasright.org/article.php?story=20071211111145983

Judge tosses privacy case against rapper

Tuesday, December 11 2007 @ 11:11 AM EST Contributed by: PrivacyNews News Section: In the Courts

A lawsuit in which three former City of Detroit employees claimed rapper Dr. Dre invaded their privacy by videotaping a conversation without their knowledge has been dismissed.

Wayne County Circuit Judge John A. Murphy, in a ruling issued Dec. 4 but released Monday, held that the city workers had no reason to believe the conversation was private.

[...]Murphy ruled that the conversation took place in a room with an open door and that at least one of the city employees entered and exited without difficulty. "Under the circumstances," the judge wrote, "the plaintiffs could not have a reasonable expectation of privacy."

Source - Detroit Free Press

[From the article:

Dr. Dre's attorney, Herschel Fink, who also represents the Free Press in editorial matters, said Monday this is the third time a judge has dismissed litigation by city employees against the rapper over the incident.



Detection by results...

http://www.infoworld.com/article/07/12/11/DNS-attack-could-signal-Phishing-2.0_1.html

DNS attack could signal Phishing 2.0

Only recently have hackers lined up the technology and technique to reap open-recursive DNS servers' weaknesses

By Robert McMillan, IDG News Service December 11, 2007

Researchers at Google and the Georgia Institute of Technology are studying a virtually undetectable form of attack that quietly controls where victims go on the Internet.

... Georgia Tech's and Google's researchers estimate that as many as 0.4 percent, or 68,000, open-recursive DNS servers are behaving maliciously, returning false answers to DNS queries. They also estimate that another 2 percent of them provide questionable results. Collectively, these servers are beginning to form a "second secret authority" for DNS that is undermining the trustworthiness of the Internet, the researchers warned.

"This is a crime with few witnesses," said David Dagon, a researcher at Georgia Tech who co-authored the paper. "These hosts are like carnival barkers. No matter what you ask them, they'll happily direct you to the red light store, or to a Web server that does nothing more than spray your eyeballs with ads."



If my computer make the discovery, do I get to share the Nobel? Legal questions?

http://science.slashdot.org/article.pl?sid=07/12/11/210246&from=rss

Citizen Science and Grid Computing

Posted by kdawson on Tuesday December 11, @04:06PM from the greyware-network dept. Social Networks Science

japonicus writes "The Economist has an article summarizing the current state of distributed computing (think SETI@home and its ilk), which suggests that distributed-human projects are going to be the next big thing. (We discussed one such project, the Galaxy Zoo, a few months back.) T he distributed-computing platform BOINC is about to expand to human processing. Distributed proofreaders have been a longstanding success (yet inexplicably failed to get even a mention in the article); but there are a lot of other projects waiting in the wings."



Ignorance of the technology is no excuse! (I've always wanted to say that.)

http://ralphlosey.wordpress.com/2007/12/08/dumb-and-dumber-sequel-another-attempt-by-attorneys-to-try-and-excuse-non-production-of-esi-with-computer-illiteracy/

Court Rejects Attorney’s Computer Illiteracy As Excuse For Non-Production

Plaintiff’s counsel in a district court case in Colorado lacked the technical ability to open and read most of his client’s emails. He figured that since he could not read them, he did not have to produce them. Instead of producing the thousands of emails on a DVD containing his client’s college email, he just produced the ten he could read, and ignored the rest. Garcia v. Berkshire Life Ins. Co. of America, 2007 U.S. Dist. LEXIS 86639 (D. Colo. Nov. 13, 2007).



I recently bought a teddybear for $10 and called it Mohammed...

I have now sold it on eBay for $30...

My question is, have I made a prophet ?????

No comments: