Thursday, February 28, 2008

Where was the accident here? If the data was not to be posted, then who overrode the security controls to allow it to be? Why did no one notice for two months? Looks like a lot of poor management oversight...

http://www.pogowasright.org/article.php?story=20080228002743494

103,000 Doctor's Social Security Numbers Posted on Website by Accident

Thursday, February 28 2008 @ 12:27 AM EST Contributed by: PrivacyNews News Section: Breaches

The Vice President at Marshfield Clinic confirmed Wednesday afternoon that social security numbers for his doctors and thousands of others all over the midwest were posted on a website, accidently.

Dr. Doug Reding tells us the numbers were posted to a website by a company called Health Net Federal Services based in Rancho Cordova, California.

The company is a government contractor that deals with health insurance for military families and veterans.

Health Net Federal Services representatives told us Wednesday night the company notified 103-thousand doctors in eleven states that their personal information was openly posted on a company website.

The states involved include Wisconsin, Michigan, Illinois, Indiana, Ohio, Pennsylvania, Tennessee, Iowa, Missouri, Kentucky and West Virginia.

Director of Communications, Molly Tuttle, says the information was accidently posted to the website for about two months, and involved doctors who had filed a claim with the company between September of 2005, and September of 2006.

Source - weau.com



You know they expect to eat some costs due to ID Theft. Here's a look at the range in the industry.

http://www.pogowasright.org/article.php?story=20080227110323705

FEATURED: Ranking Corporate America on Identity Theft

Wednesday, February 27 2008 @ 11:03 AM EST Contributed by: PrivacyNews News Section: Breaches

This is a chart that lots of well-paid corporate executives probably do not want you to see. Based on consumer complaints to the Federal Trade Commission, it purports to rank the overall vulnerability of the world’s largest financial institutions, phone companies and retailers –- and their customers –- to identity theft.

... None of these corporations disclose internal data on the number of account takeovers or fraudulent accounts created. The new statistics are part of a provocative, though preliminary, report, “Measuring Identity Theft at Top Banks,” by Chris Hoofnagle, a senior fellow at the Berkeley Center for Law and Technology at the University of California at Berkeley.

Source - NY Times

Related - Measuring Identity Theft at Top Banks (Version 1.0) [pdf]

Abstract of Paper:

There is no reliable way for consumers, regulators, and businesses to assess the relative incidence of identity fraud at major financial institutions. This lack of information prevents more vigorous competition among institutions to protect accountholders from identity theft. As part of a multiple strategy approach to obtaining more actionable data on identity theft, the Freedom of Information Act was used to obtain complaint data submitted by victims in 2006 to the Federal Trade Commission. This complaint data identifies the institution where impostors established fraudulent accounts or affected existing accounts in the name of the victim. The data show that some institutions have a far greater incidence of identity theft than others. The data further show that the major telecommunications companies had numerous identity theft events, but a metric is lacking to compare this industry with the financial institutions.

This is a first attempt to meaningfully compare institutions on their performance in avoiding identity theft. This analysis faces several challenges that are described in the methods section. The author welcomes constructive criticism, suggestions, and comments in an effort to shine light on the identity theft problem (choofnagle@law.berkeley.edu).


...related

http://www.pogowasright.org/article.php?story=20080228051808884

Measuring identity theft at top banks: do the data correlate with known data breaches?

Thursday, February 28 2008 @ 05:18 AM EST Contributed by: PrivacyNews News Section: Breaches

Chris Hoofnagle has published a seminal study [pdf] on the rate of ID theft associated with top financial institutions.

.... After reviewing Chris’s results, I went back and looked to see what we knew about data breaches shortly before or during the relevant periods of 2006 for the banks in question. Using a search of PogoWasRight.org’s news stories, Attrition.org’s DLDOS database and documents Chris Walsh obtained under FOI requests from NYS, the following table reflects known breaches for the top 25 banks listed in the second figure above.

Source - Chronicles of Dissent



Is it me, or does this read like an exercise in circular reasoning?

http://slashdot.org/article.pl?sid=08/02/27/2310247&from=rss

Former FBI Agent Calls for a Second Internet

Posted by samzenpus on Wednesday February 27, @08:58PM from the it-became-necessary-to-destroy-the-internet-to-save-it dept. The Internet

An anonymous reader writes

"Former FBI Agent Patrick J. Dempsey warns that the Internet has become a sanctuary for cyber criminals and the only way to rectify this is to create a second, more secure Internet. Dempsey explains that, in order to successfully fight cyber crime, law enforcement officials need to move much faster than average investigators and cooperate with international law enforcement officials. The problem is various legal systems are unprepared for the fight, which is why he claims we must change the structure of the Internet."



This is a security geek thing...

http://csdl2.computer.org/persagen/DLAbsToc.jsp?resourcePath=/dl/mags/sp/&toc=comp/mags/sp/2008/01/msp01toc.xml&DOI=10.1109/MSP.2008.9

January/February 2008 (Vol. 6, No. 1) pp. 52-60

Estimating a System's Mean Time-to-Compromise

David John Leversage, British Columbia Institute of Technology Eric James Byres, BCIT Critical Infrastructure Security Center



http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9065038

Finjan uncovers database storing more than 8,700 stolen FTP credentials

Data enables cybercriminals to upload malware to compromised systems more easily

By Jaikumar Vijayan

February 27, 2008 (Computerworld) A fresh discovery by security vendor Finjan Inc. provides yet another example of how easy it is becoming for almost anyone to find the tools needed to break into, infect or steal data from corporate Web sites.

The San Jose-based vendor announced today that it has uncovered an illegal database containing more than 8,700 stolen File Transfer Protocol server credentials including usernames, passwords and server addresses. Anyone can purchase those credentials and use them to launch malicious attacks against the compromised systems.



An interesting thought. As the rate of technological change increases, shouldn't the rate of organizational change keep pace?

http://www.infoworld.com/article/08/02/28/McNealy-Telcos-falling-behind-in-Internet-race_1.html?source=rss&url=http://www.infoworld.com/article/08/02/28/McNealy-Telcos-falling-behind-in-Internet-race_1.html

McNealy: Telcos falling behind in Internet race

Sun Chairman Scott McNealy says telecom companies need to go beyond just providing bandwidth and begin acquiring Internet destination sites that are heavily trafficked

By Agam Shah, IDG News Service February 28, 2008

Telecommunication companies need to go beyond just providing bandwidth and look into acquiring Internet destination sites that are heavily trafficked, Sun Microsystems Chairman Scott McNealy said on Friday.

"I have explained to every telco that either you become a destination site, or the destination site will become a telco," McNealy said at a news conference at Sun Microsystems' Worldwide Education and Research Conference in San Francisco on Wednesday.

Internet destination sites are already gaining on telecommunication companies, McNealy said, giving as examples eBay integrating Skype's VoIP (voice over Internet Protocol) technology and Google trying to buy wireless spectrum and help build cables across the Pacific Ocean. Microsoft's attempted acquisition of Yahoo would create another behemoth that could compete with carriers, such as by combining Microsoft's technology with Yahoo's existing VoIP and messaging services.



I must have missed this earlier. It was ineveitable...

http://www.gilbertrandolph.com/about-news-64.html

Gilbert Randolph LLP Announces Class Action Lawsuit Against Comcast of the District, LLC for Misrepresentation and False Advertising

Complaint alleges that cable company misled customers about "unfettered" Internet access

Washington, DC (February 19, 2008)—Gilbert Randolph LLP announced today that it has filed a class action lawsuit against Comcast of the District, LLC in the Superior Court for the District of Columbia on behalf of its client, Dr. Sanford Sidner, and all citizens of the District of Columbia who have subscribed to Comcast's high-speed Internet service during the past three years. The Complaint alleges that Comcast advertises and represents that it provides the "fastest Internet connection" and "unfettered access to all the content, services, and applications that the Internet has to offer." These representations allegedly are false because Comcast intentionally blocks or otherwise impedes its customers' access to peer-to-peer file-sharing applications.



Good stuff...

http://www.bespacific.com/mt/archives/017646.html

February 27, 2008

New on LLRX.com



What hath Al Gore wrought?

http://www.dailytech.com/Temperature%20Monitors%20Report%20Worldwide%20Global%20Cooling/article10866.htm

Temperature Monitors Report Widescale Global Cooling

Michael Asher (Blog) - February 26, 2008 12:55 PM

Twelve-month long drop in world temperatures wipes out a century of warming

Over the past year, anecdotal evidence for a cooling planet has exploded. China has its coldest winter in 100 years. Baghdad sees its first snow in all recorded history. North America has the most snowcover in 50 years, with places like Wisconsin the highest since record-keeping began. Record levels of Antarctic sea ice, record cold in Minnesota, Texas, Florida, Mexico, Australia, Iran, Greece, South Africa, Greenland, Argentina, Chile -- the list goes on and on.

No comments: