Saturday, March 29, 2008

Friday is the 'traditional' day to report bad news.

http://www.pogowasright.org/article.php?story=20080328162546255

University Reports Data Breach

Friday, March 28 2008 @ 04:25 PM EDT Contributed by: PrivacyNews News Section: Breaches

Antioch University says one of its computer systems that contained personal information on about 70,000 people was breached by an unauthorized intruder three times last year.

... The breached system contains names, Social Security numbers, academic records and payroll documents for current and former students, applicants and employees going back to 1996.

Source - Washington Post

[The article does not indicate why the computers were not secured after the first (or the second) break in, and there is no indication the data was encrypted. Perhaps Antioch does not have a Computer Science Department? Bob]



First a minor hack. Then find someone with good credit. Then do the normal identity theft stuff...

http://www.pogowasright.org/article.php?story=20080328162355702

6 are charged in idenitity theft scheme

Friday, March 28 2008 @ 04:23 PM EDT Contributed by: PrivacyNews News Section: Breaches

Six Maryland residents have been indicted in an identity theft scheme that federal prosecutors say netted more than $184,000 in goods and services and more than $1.1 million in credit.

Federal prosecutors said the scam artists gained unauthorized access to an instant credit scoring system used by a cell phone provider. They would enter random Social Security numbers [unclear if this was from a list of SSANs or just random 9-digit numbers... Either way, should someone have noticed? Bob] into the service and find out the credit scores associated with those numbers, then apply for Citibank credit cards.

Source - Baltimore Sun



Follow-up No one is in charge?

http://www.pogowasright.org/article.php?story=20080328130525369

Companies Avoid Financial Penalties After Massive Computer Data Breaches

Friday, March 28 2008 @ 01:05 PM EDT Contributed by: PrivacyNews News Section: Breaches

More than a year after millions of T.J. Maxx and Marshalls customers found out their credit card information had been hacked into, the discount stores' operator agreed to have its information audited but avoided paying federal fines.

TJX was one of three firms that agreed to settle charges that it "failed to provide reasonable and appropriate security for sensitive consumer information," federal regulators said yesterday in two unrelated data-breach decisions.

Data broker Reed Elsevier and its Seisint subsidiary also avoided fines but have agreed to obtain third-party audits biennially for 20 years under a separate settlement with the Federal Trade Commission.

... The FTC did not impose financial penalties against the companies because it lacks the authority to do so. The commission has asked Congress for such authority since 2005.

Source - Washington Post



Follow-up This suggests they do not log changes to their computers, let alone prevent them.

http://www.pogowasright.org/article.php?story=20080328115159876

Malware Cited in Hannaford Breach

Friday, March 28 2008 @ 11:51 AM EDT Contributed by: PrivacyNews News Section: Breaches

The Associated Press is reporting that Hannaford has confirmed that unauthorized software - malware - installed on internal servers enabled the data breach that compromised up to 4.2 million credit and debit cards. The company does not yet know how the malware got on the servers.

Source - Forbes


Related, but not much more data... I wonder how many more companies have similar problems and haven't detected them yet?

http://www.infoworld.com/article/08/03/28/Hannaford-Malware-planted-on-store-servers-stole-card-data_1.html?source=rss&url=http://www.infoworld.com/article/08/03/28/Hannaford-Malware-planted-on-store-servers-stole-card-data_1.html

Hannaford: Malware planted on store servers stole card data

The malware intercepted payment card data as the information was being transmitted from Hannaford's point-of-sale systems and sent overseas

By Jaikumar Vijayan, Computerworld March 28, 2008

... The malware then forwarded the stolen card numbers as well as their expiration dates to an overseas destination, according to the letter, which was signed by Emily Dickinson, Hannaford's general counsel.



Now this is plainly dangerous. Battery via computer?

http://www.wired.com/politics/security/news/2008/03/epilepsy

Hackers Assault Epilepsy Patients via Computer

By Kevin Poulsen 03.28.08 | 8:00 PM

Internet griefers descended on an epilepsy support message board last weekend and used JavaScript code and flashing computer animation to trigger migraine headaches and seizures in some users.

... The incident, possibly the first computer attack to inflict physical harm on the victims, began Saturday, March 22, when attackers used a script to post hundreds of messages embedded with flashing animated gifs.

The attackers turned to a more effective tactic on Sunday, injecting JavaScript into some posts that redirected users' browsers to a page with a more complex image designed to trigger seizures in both photosensitive and pattern-sensitive epileptics.


Related? Using technology to... what exactly? Doesn't this increase the schools liability?

http://www.guardian.co.uk/world/feedarticle/7419434

Colleges Are Watching Troubled Students

By JEFFREY McMURRAY Associated Press Writer AP foreign , Friday March 28 2008

LEXINGTON, Ky. (AP) - On the agenda: A student who got into a shouting match with a faculty member. Another who harassed a female classmate. Someone found sleeping in a car. And a student who posted a threat against a professor on Facebook.

In a practice adopted at one college after another since the massacre at Virginia Tech, a University of Kentucky committee of deans, administrators, campus police and mental health officials has begun meeting regularly to discuss a watch list of troubled students and decide whether they need professional help or should be sent packing.

... ``If a student is a danger to himself or others, all the privacy concerns go out the window,'' said Patricia Terrell, vice president of student affairs, who created the panel. [...and this is determined how? Bob]

... Virginia Tech has added a threat assessment team since the massacre there. Boston University, the University of Utah, the University of Illinois-Chicago and numerous others also have such groups, said Gwendolyn Dungy, executive director of the National Association of Student Personnel Administrators.



Raises several questions about warrants, satellites, and broad use of surveillance equipment...

http://www.pogowasright.org/article.php?story=20080329044628658

'Copter flyover violated privacy, Vt. Supreme Court finds

Saturday, March 29 2008 @ 04:46 AM EDT Contributed by: PrivacyNews News Section: In the Courts

The Vermont Supreme Court held Friday that "Vermont citizens have a constitutional right to privacy that ascends into the airspace above their homes and property," overturning the conviction of a Goshen man on marijuana charges.

The court ruled 4-1 that the aerial surveillance of Stephen Bryant's land constituted a search under Article 11 of the Vermont Constitution and, as such, required a warrant.

Source - Times Argus

[From the article:

The decision held that under the Vermont constitution a person can have a reasonable expectation of privacy by showing that he wants an area to be private — a different standard from the federal one, which follows a doctrine referred to as "open fields."

... The decision held that under the Vermont constitution a person can have a reasonable expectation of privacy by showing that he wants an area to be private — a different standard from the federal one, which follows a doctrine referred to as "open fields."

... "We find the air travel in this case — fifteen to thirty minutes of hovering over defendant's property at altitudes as low as 100 feet — to be distinctly unlike 'passing by a home on public thoroughfares,'" the decision read.



This could be interesting...

http://www.pogowasright.org/article.php?story=20080328132200317

EU bankrolls PrimeLife privacy project

Friday, March 28 2008 @ 01:22 PM EDT Contributed by: PrivacyNews News Section: Internet & Computers

The European Union is to invest €10m in a project to develop open source privacy tools so that European citizens can safeguard personal information at online communities like Facebook.

The long-term aim of the PrimeLife project is to provide tools which can manage an individual's private data throughout their lifetime of online activity.

PrimeLife is being coordinated by IBM's research laboratory in Zurich and has 14 other partners, including industry bodies such as the World Wide Web Consortium's Pling, Liberty Alliance, ISO/IEC JTC 1 and the International Telecommunication Union.

Source - Personal Computer World



What that stuff in the fan? Interesting list of claims...

http://blog.wired.com/27bstroke6/2008/03/whistleblower-v.html

Whistleblower: Voting Machine Company Lied to Election Officials About Reliability of Machines

By Kim Zetter EmailMarch 27, 2008 | 6:20:00 PM

A former technician who worked for Hart InterCivic -- a voting machine company based in Texas -- has alleged that his company lied to election officials about the accuracy, testing, reliability and security of its voting machines. The whistleblower says the company did so because it was eager to obtain some of the approximately $4 billion in federal funds that Congress allocated to states in 2002 to purchase new voting equipment under the Help America Vote Act (aka HAVA).

The technician, William Singer, filed a qui tam lawsuit on the federal government's behalf last year but the lawsuit remained sealed until today, according to the Associated Press, when the U.S. Attorney's office decided it would not join Singer in the litigation



It doesn't take a degree in Computer Science to hack...

http://www.sheboygan-press.com/apps/pbcs.dll/article?AID=/20080327/SHE0101/80327081/1973

Police: Little Chute teen used 'Dummies' book to hack school computers

Teen admits to breach

Gannett Wisconsin Media Posted March 27, 2008

LITTLE CHUTE — Police searching the residence of a 15-year-old boy who admitted hacking into the Little Chute School District's computers found a copy of the book "Internet for Dummies."

"He was self-taught and self-motivated in that regard," said Lt. Ray Lee of the Fox Valley Metro Police Department.

Lee said the boy, a Little Chute High School student, faces a juvenile criminal charge and school discipline.

"He was questioned and he confessed to hacking into the computers so he has been referred to juvenile intake on one count of violating the Wisconsin computer crimes statute," Lee said.

According to search warrant documents filed Feb. 26 in Outagamie County Circuit Court, the district called in a vendor to make repairs and they were able to determine the district's computers were accessed from an outside computer and traced the source to the 15-year-old's home.

Also, a subpoena of internet provider Time Warner Cable records traced IP address to the same Holland Road residence. [See? You can't learn all the tricks from a book. Bob]

Police armed with a search warrant went to the home March 19 and seized the boy's computer equipment along with a copy of "Internet for Dummies."

The school district took its entire computer system down to make repairs, according to the search warrant affidavit.

"It cost the district several thousand dollars and a lot of time to do the fixes," Lee said.


Related – if only to show the flip side.

http://www.networkworld.com/news/2008/032708-netkid.html

11-year-old takes school network by the horns

By Ellen Messmer , Network World , 03/27/2008

When Victory Baptist School, a small private school in Millbrook, Ala., was struggling to keep its computer network together last year, an 11-year-old student named Jon Penn stepped in as network manager.

Slideshow: He's 11...and it's his network!



Towards ubiquitous surveillance... No doubt this will be sold as a way to track your teenagers location.

http://www.techcrunch.com/2008/03/28/loopt-embraced-by-verizon-starts-to-spread-its-wings/

Loopt Embraced by Verizon; Starts to Spread Its Mobile Wings

Mark Hendrickson March 28 2008

Loopt, a mobile social network that can be used to see where your friends are currently located, has partnered with Verizon to put its software on that carrier’s phones. It’s a big win for Loopt since Verizon has more location-aware handsets than any other carrier.



Interesting use of “Computers as a commodity”

http://science.slashdot.org/article.pl?sid=08/03/28/233215&from=rss

Quake-Catcher Aims to be Largest Distributed Seismometer Network

Posted by ScuttleMonkey on Friday March 28, @11:22PM

from the shake-rattle-and-roll dept.

Nature is reporting that a new distributed computing application is looking to monitor earthquake data using the accelerometer in many computing devices. In the long run, "Quake-Catcher" will hopefully be fast enough to give warning before major earthquakes. "If it works, it will be the cheapest seismic network on the planet and could operate in any country. It wouldn't be as sensitive as traditional networks of seismometers, but Lawrence says that's not the point. 'If you have only two sensors in an area, you have to have a perfect system. If you have 15 sensors in a system it [can] be less perfect. One hundred, one thousand, ten thousand -- your need for the system to be perfect becomes much smaller,' he says. 'That's really our approach -- just to have massive numbers.'"



I just like the headline. Article is a simple overview of phishing.

http://www.technewsworld.com/rsstory/62357.html

Teach a Man to Phish and He'll Feed on Fools for a Lifetime

By Jack M. Germain TechNewsWorld 03/29/08 1:30 AM PT



Slick (simple) web site hack!

http://www.infoworld.com/article/08/03/28/Major-Web-sites-hit-with-growing-Web-attack_1.html

Major Web sites hit with growing Web attack

USAToday.com, Target.com, and Walmart.com among those affected by hackers using Web programming errors to inject malicious code into sites' search results pages

By Robert McMillan, IDG News Service March 28, 2008

A blossoming Web attack, first reported by security researcher Dancho Danchev earlier this month, has expanded to hit more than a million Web pages, including many well-known sites.

"The number and importance of the sites has increased," wrote Danchev in a Friday blog posting where he reported that trusted Web sites such as USAToday.com, Target.com, and Walmart.com have been hit with the attack.

The criminals behind this have not actually hacked into servers, but they are taking advantage of Web programming errors to inject malicious code into search results pages created by the Web sites' internal search engines

Here's how an attack would work: The attacker searches for popular keywords, such as "Paris Hilton," on the Web site's internal search engine. But instead of conducting a normal search, the bad guy tacks an HTML command to the end of his search. This command that opens up an invisible iframe window in the victim's browser that then redirects it to a malicious Web site, which then tries to install fake antispyware or a version of the Zlob Trojan Horse malware on the victim's PC.

In order to boost their Google rankings, Web sites often save a copy of these search results and submit them to Google. When a victim searches Google for the keyword, these cached search results then pop up, with the malicious code now inside them.



More intersting business models...

http://techdirt.com/articles/20080321/183748624.shtml

Another 'Free' Business Model Experiment

from the they're-all-over dept

When we discuss the basic economics having to do with infinite goods, sometimes the debates in the comments accuse me of promoting one "business model" over all others. The truth is quite different. The economics at work are fundamental. Price gets driven to marginal cost. The business models that then result, however, are numerous and varied. The key is simply recognizing that the infinite good works as a resource, increasing the value of all sorts of scarce goods. Thus, you release the infinite goods widely, and sell scarce goods that are made more valuable. How you do that can take all different concepts into account. Just in the music space alone we see so many varied models, from Radiohead's name your own price to Trent Reznor's tiered premium model to Jill Sobule's tiered support model to Maria Schneider's fan-supported production model all the way to things like The String Cheese Incident setting up their own travel agency to help fans follow them around for gigs. The key isn't a single business model. In fact, each of these individual business models might not work for any other artist. But all recognize the promotional power of the music in making something else much more valuable.

And we're seeing that show up in totally unexpected places as well. Take, for example, this recent post on Boing Boing about what's happened with a bunch of experimental video games, developed originally as part of a Carnegie Mellon project. Each game was developed in 7 days and many are given away for free. However, now a company has taken those games and made t-shirts (yes, t-shirts) using images from some of the games. Even better, though, is that with each t-shirt, you get a copy of the video game itself, and the shirts are now for sale at Target. In other words, these games are helping to make the t-shirts more valuable, even though the games themselves are free. It's yet another example of understanding the difference between infinite and scarce goods and how to use one to make money from the other.



Another business model. I wonder if the US rights are available?

http://www.wired.com/techbiz/it/magazine/16-04/bz_instapreneur

Manufacture and Sell Anything — in Minutes

By Ian Mount 03.24.08 | 6:00 PM

Jeffrey Wegesin is a furniture maker. His most popular creation is a curvaceous side table, and even though he has sold only two copies of it, he has already turned a profit. He did it without so much as setting foot in a wood shop. And he is not alone. Wegesin is one of 5,000 merchants who have established accounts with Ponoko, a year-old on-demand manufacturing service in New Zealand. Designers upload their blueprints to Ponoko's servers; when a customer places an order, Ponoko's laser cutters automatically trim wood and plastic to create the product on the spot. Wegesin, a Web designer, sells the tables through the site for $250, not including shipping. He then pays Ponoko $124 for each table to cover the cost of materials and cutting fees. The $252 he's brought in so far may not be much, but because he incurred no up-front costs it comes as pure profit.

Welcome to the age of the instapreneur.

... Zazzle, of Redwood City, California, offers a dizzying array of user-designed products from posters to tennis shoes. StyleShake, a custom-clothing site in London, received 25,000 dress designs in its first three months. Spreadshirt, founded in Leipzig, Germany, hosts 500,000 individual T-shirt shops. "

... Large brands are starting to see the appeal of manufacturing-as-a-service, too. Lexus recently used Blurb, an on-demand publisher, to print 1,800 copies of a book promoting the automaker's green practices. Franchises from Dilbert to the Discovery Channel sell licensed merchandise on CaféPress. Disney has uploaded more than 3,500 of its designs to Zazzle, allowing the company to sell a wider range of products than just the blockbuster Mickey Mouse T-shirts favored by conventional retailers.

... As everyone gains the ability to create and sell anything, the long tail will apply to making things as well as to selling them. Amazon.com may be able to offer near-infinite inventory, but only as long as the products exist. On-demand manufacturing could eliminate that constraint, leading to a world where products are always available, nothing ever gets discontinued, and the virtual shelves are always stocked.



I wonder if this will help with the free version, too? Can't hurt.

http://digg.com/design/80_Excellent_Adobe_Photoshop_Video_Tutorials

80 Excellent Adobe Photoshop Video Tutorials

smashingmagazine.com — 80 excellent Adobe Photoshop video tutorials which you can use as a starting point to improve your skills or observe how other professional do their job. This posts present Photoshop video tutorials about speed painting, design of buttons and interfaces, beauty retouching, digital matte painting, photo manipulation, effects and much more.

http://www.smashingmagazine.com/2008/03/28/adobe-photoshop-video-tutorials-best-of/

No comments: