Sunday, January 27, 2008

You'd think a large defense contractor would be a little better at security... They didn't notice a program being installed on their computers, nor did they detect any outbound transmissions of data.

http://www.pogowasright.org/article.php?story=20080126172618166

SAIC computer compromised by malware; corporate cc data at risk

Saturday, January 26 2008 @ 05:26 PM EST Contributed by: PrivacyNews News Section: Breaches

On Jan. 18, the Science Applications International Corporation (SAIC) notified [pdf] the New Hampshire DOJ that one of their computers was compromised by malware that went undetected until a "regularly scheduled inventory of software." The presence of malware was reportedly not detected because the malware "intercepted keystrokes" and evaded their security precautions. [[Intercepting keystrokes (reading them as they pass by) isn't a method to avoid detection. No detail on the “security precautions” evaded. Bob The infected computer was used in corporate customer transactions involving lease or purchase of equipment from the Environmental Equipment and Supply Division.

SAIC's report noted that they were searching for evidence as to what information the software may have captured and transmitted outside of the network, but information may have included credit card name, billing and shipping address, telephone and fax number, and credit card number and security code.

The notification provides an interesting glimpse into SAIC's cybersecurity, as they also note that although they have "a wide number" of IPs blocked for outbound transmissions, the malware may have been able to transmit to unblocked IPs.



How soon is too soon?

http://www.pogowasright.org/article.php?story=20080126174716883

PA: Three months after data loss, Centocor notifies those affected

Saturday, January 26 2008 @ 05:47 PM EST Contributed by: PrivacyNews News Section: Breaches

On Jan. 3, Centocor, Inc. notified [pdf] the New Hampshire DOJ that a number of computers were missing, and presumed to be stolen from Centocor's Horsham campus.

According to the notification letter, Centocor was initially notified by its IT vendor of the incident in early October 2007 and was provided specific details on Nov. 29, 2007. Centocor then determined that one of the computers "likely contained" a file with the name, city/state and Social Security/tax identification numbers of a number of speaker-consultants engaged by Centocor. Centocor sent notification letters to those affected on January 2nd.

Centocor is a biomedical company and a division of Johnson & Johnson.



“The Emperor has no clothes!”

http://www.pogowasright.org/article.php?story=20080127080427977

Hackers hit Swedish student discount card sites

Sunday, January 27 2008 @ 08:04 AM EST Contributed by: PrivacyNews News Section: Breaches

Over the weekend hackers penetrated two websites featuring discount programs for university students in Sweden.

The hackers could have accessed information on nearly one million students through the Mercenat-card and CSN-card sites.

What information they actually accessed remains unclear.

In messages left on the homepages, the hackers wrote that they carried out the attack simply to demonstrate the sites’ weak security.

They added that they didn’t intend to use any of the information they had accessed.

Source - The Local

[A couple of interesting bits from the article:

The breach was discovered around 6 o’clock on Saturday evening and within half an hour both websites and their related databases were shut down. [Quick action! Bob]

“We’re taking the incident extremely seriously and will report it to the police as soon as have collected all relevant information,” [Are they afraid the police will screw things up? Do they have something to hide? Bob] said Mercenat managing director Jonas Levin.



“Only second-class citizens may use this 'Government Secured' web site! Important people are to... important!”

http://www.pogowasright.org/article.php?story=20080127001116865

UK: 'Double standard' on data safety

Sunday, January 27 2008 @ 12:11 AM EST Contributed by: PrivacyNews News Section: Non-U.S. News

Concerns about data security have been raised after it emerged celebrities, Royals and MPs are blocked from submitting income tax returns online.

HM Revenue and Customs (HMRC) admitted "high profile" individuals must submit forms by post because they are judged to require extra protection.

But critics said equal treatment should apply to all 3m self-assessment users.

Source - BBC



Why didn't I patent this idea! (Tell me the guy in the suit hasn't been testing his product...)

http://digg.com/arts_culture/Los_Angeles_First_City_to_Offer_Weed_Vending_Machines

Los Angeles First City to Offer Weed Vending Machines

cnn.com — Think what you may, but marijuana is definitely not an issue that is going away anytime soon. People on the west coast can now buy their medicinal from a vending machine.

http://www.cnn.com/video/#/video/us/2008/01/26/sahib.ca.marijuana.vending.kcal



Who says there aren't innovative web sites out there? (Feel free to point this site to http://centennial-man.blogspot.com/ )

http://digg.com/playable_web_games/Got_a_Website_You_Love_to_Hate_DESTROY_IT

Got a Website You Love to Hate?! DESTROY IT!

netdisaster.com — This is just friggin brilliant. There are some spam, scam and other sucky websites I've been itching to destroy.

http://www.netdisaster.com/



I'll pass this along so my students can “larn to rite gud!” (...and because I'm increasingly writing about farm animals.)

http://www.pickthebrain.com/blog/george-orwells-5-rules-for-effective-writing/

George Orwell’s 5 Rules for Effective Writing

March 21st, 2007 by John Wesley

No comments: