Sunday, March 02, 2008

Again, What part of this is accidental?

http://www.pogowasright.org/article.php?story=20080301171958905

HP leaks personal data on Web site

Saturday, March 01 2008 @ 05:19 PM EST Contributed by: PrivacyNews News Section: Breaches

Hewlett-Packard Co.'s Japanese unit said it may have leaked the personal data [names, addresses, telephone numbers] of 139,583 people in Japan.

.... The information, from questionnaires and seminar application forms, was mistakenly posted on a Web page and publicly accessible from Feb. 13 to 20.

Source - The Japan Times (h/t, FIRST.org)



The number of incidents increase because it's good “crime business”

http://www.pogowasright.org/article.php?story=20080301103152184

Fiscal year 2007 FISMA Report to Congress on Implementation of The Federal Information Security Management Act of 2002

Saturday, March 01 2008 @ 10:31 AM EST Contributed by: PrivacyNews News Section: Fed. Govt.

Fiscal Year 2007 Report to Congress on Implementation of The Federal Information Security Management Act of 2002 is available online. From the report:

V. OMB Assessment of Agency Incident Handling Programs

[...]

Unauthorized access. During fiscal year 2007, incidents involving unauthorized access were responsible for almost 18 percent of total incidents reported. The total number of incidents involving unauthorized access has more than doubled since fiscal year 2006 and seven times more incidents then were reported in 2005 compared to 2007. A further breakdown of this category shows that 85 percent of these incidents resulted from lost or stolen equipment. This is more than a 30 percent increase from the previous fiscal year 2006, with only 50 percent of category one incidents due to stolen equipment. The increase in reporting volume for this type of incident is attributable to mandatory reporting for all cases where PII may have been revealed.

Denial of service. During fiscal year 2007, denial of service incidents decreased by 1 percent. The total number of incidents still made up less than 1 percent of all incidents reported, which is consistent with the previous year’s reporting. This category was the only category showing a decrease.

Malicious code. Incidents involving malicious code increased in fiscal year 2007 from the number reported in fiscal year 2006. Although there was about a 10 percent increase from the previous fiscal year, the incident reporting was relatively stable compared to fiscal year 2006 in terms of total volume. Although several new malware threats emerged in fiscal year 07, such as the highly polymorphic and virulent Storm Worm, they have either avoided detection or have not yet impacted the federal agencies at a large enough scale to dramatically increase the total incidents reported.

Improper Usage. During fiscal year 2007, incidents involving improper usage increased more than fivefold. Two-thirds of this total is attributable to the unintentional PII disclosure events from the Department of Veteran Affairs while the remaining one-third consisted of similar cases of PII disclosure reported by other agencies.

Scans/probes/attempted access. During fiscal year 2007, the total number of scans, probes and attempted access incidents increased by 16 percent over the previous year; however, as a percentage of total incidents, it had decreased from the previous year.

Investigation. These incidents are deemed by the reporting entity as unconfirmed and warranting further review as they are potentially malicious or anomalous. This category of incidents showed the largest increase of any category during fiscal year 2007. The total number of incidents filed increased by four fold, and comprised almost 30 percent of all incidents. The reason for this massive increase is intensive analysis of suspicious traffic picked up by the Einstein program sensors.5 This has enabled US-CERT to identify potential malicious activity and to notify federal agencies of system compromise.

Source - Fiscal Year 2007 Report to Congress on Implementation of The Federal Information Security Management Act of 2002 [pdf] (March 1, 2008)



Keeping score

http://www.bespacific.com/mt/archives/017675.html

March 02, 2008

Data Breach Notification Laws, State By State

Data Breach Notification Laws, State By State, by Scott Berinato, "More than five years after California's seminal data breach disclosure law, SB 1386, was enacted, not all states have followed suit. Eleven states still have not passed laws mandating that companies notify consumers when that company has lost the consumer's personal data. One state, Oklahoma, does have a breach notification law, but it only applies to state entities that have lost data. That leaves 38 states that have enacted some sort of breach disclosure law. This map will help you sort them out."



No one at Air Force Cyber Command will ever read how stupid I think this policy is... That may be the reason for this ban – they can't stand logical arguments that reach opposite conclusions.

http://www.bespacific.com/mt/archives/017669.html

March 01, 2008

New Air Force Policy Limits Use of Blogs on the Job

US Air Force shoots down blogs, airmen frustrated, by Ryan Paul: "The United States Air Force has stirred up controversy with a new Internet filtering policy that aims to prevent Air Force personnel from reading blogs while on the job. The ban has been implemented by the Air Force Network Operations Center (AFNOC), which houses the Air Force Cyber Command. The block is said to extend to virtually every web site that contains the word "blog" in the address, but doesn't impede access to sites that are deemed by AFNOC to be "reputable media outlet[s]". [like the “National Enquirer” web site? Bob]


Contrast with this... Perhaps its an age thing?

http://www.reuters.com/article/internetNews/idUSN2824760420080229?rpc=64

More Americans turning to Web for news

Fri Feb 29, 2008 11:48am EST

NEW YORK (Reuters) - Nearly 70 percent of Americans believe traditional journalism is out of touch, and nearly half are turning to the Internet to get their news, according to a new survey.

While most people think journalism is important to the quality of life, 64 percent are dissatisfied with the quality of journalism in their communities, a We Media/Zogby Interactive online poll showed.

... Nearly half of the 1,979 people who responded to the survey said their primary source of news and information is the Internet, up from 40 percent just a year ago. Less than one third use television to get their news, while 11 percent turn to radio and 10 percent to newspapers.

More than half of those who grew up with the Internet, those 18 to 29, get most of their news and information online, compared to 35 percent of people 65 and older. Older adults are the only group that favors a primary news source other than the Internet, with 38 percent selecting television.



You never know what you'll find...

http://www.researchbuzz.org/wp/2008/02/29/william-f-buckley-database-available-at-stanford/

William F. Buckley Database Available at Stanford

29th February 2008, 01:05 pm

William F. Buckley died this week. I knew that he hosted Firing Line, but I did not know that Stanford University had a database of Firing Line TV shows. The show ran from 1966 to 1999, and there were just over 1504 episodes of the program.

The database, at http://hoohila.stanford.edu/firingline/programList.php, appears to list something over 1200 episodes (and a couple of related specials.) They’re presented in a table which includes episode number, name, and two columns that show whether the first five minutes are available as streaming media, and whether the whole show is available and in what format (the only available format I saw was VHS.)

... The Hoover Institution on War, Revolution and Peace, which hosts the site at Stanford, is asking for suggestions on what shows to digitize and make available online. You can get more information on the database at http://hoohila.stanford.edu/firingline/index.php .

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)