Tuesday, March 04, 2008

Give credit when due...

http://www.pogowasright.org/article.php?story=20080303124915449

Stolen VA laptop caught in safety net

Monday, March 03 2008 @ 12:49 PM EST Contributed by: PrivacyNews News Section: Breaches

The Veterans Affairs Department lost another laptop PC, but the department was better prepared this time.

When an employee at VA’s Austin Corporate Data Center in Texas had his laptop stolen from his apartment last month, the department’s revamped security policies and new security technologies were put to the test. Unlike what happened when a VA laptop was stolen in 2006, data on the newly missing laptop was protected by encryption, and VA officials knew exactly what equipment was missing.

... VA protected the laptop with GuardianEdge full-disk encryption. No one lacking proper authentication could do more than turn on the computer. The encryption software would block unauthorized users from accessing the data, Martinez said.

In the latest incident, the employee immediately reported the theft to VA and the Austin police department. Because VA followed information technology security policies and procedures, officials could determine that no sensitive data resided on the laptop.

... On the evening of the theft, Austin police recovered the laptop in a raid on a convenience store suspected of involvement in drug activity.

Source - FCW



Not every organization got the memo...

http://www.pogowasright.org/article.php?story=20080303174231229

Missing laptop, data could affect Q-C Oscar Mayer employees

Monday, March 03 2008 @ 05:42 PM EST Contributed by: PrivacyNews News Section: Breaches

A company-owned laptop computer was stolen from an employee of Kraft Foods traveling on company business.

And now 20,000 employees nationwide have received letters telling them that their personal information was stored on the missing laptop and they could be vulnerable to some type of identity theft.

That group of 20,000 includes employees from Davenport’s Kraft Oscar Mayer plant. It is unknown how many employees of the Davenport facility were affected. The plant employs about 1,700 people.

Source - Quad-City Times



http://www.pogowasright.org/article.php?story=20080304065402400

OH: 25,000 student photos had no login protection

Tuesday, March 04 2008 @ 06:54 AM EST Contributed by: PrivacyNews News Section: Breaches

More than 25,000 pictures, apparently of Ohio University students, were inadvertently left without password protection on an otherwise secure OU Web site [What are they suggesting? The rest of the site had a password? (password) the security system worked every time except this time? Bob] in what state and federal officials said might be a violation of federal privacy law.

OU restricted access to the pictures, which appeared to be headshots taken for OU identification cards, hours after a Post reporter called to inquire about them last Tuesday. Brice Bible, the university’s chief information officer, said in an interview yesterday that the only way someone could have located the Residence Life Web site containing the pictures was to abuse their access privileges. [Bull! See next sentence... Bob]

The pictures, housed on a Web site used by OU resident assistants to file incident reports, were available to anyone who typed in the appropriate Web address.

Source - The Post


(Just a reminder that password security is trivial at best...)

http://it.slashdot.org/article.pl?sid=08/03/04/1258210&from=rss

Aging Security Vulnerability Still Allows PC Takeover

Posted by Zonk on Tuesday March 04, @08:44AM from the there-are-issues-here-and-perhaps-they-should-be-investigated dept. Microsoft Security

Jackson writes "Adam Boileau, a security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password. By connecting a Linux machine to a Firewire port on the target machine, the tool can then modify Windows' password protection code and render it ineffective. Boileau said he did not release the tool publicly in 2006 because 'Microsoft was a little cagey about exactly whether Firewire memory access was a real security issue or not and we didn't want to cause any real trouble'. But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website."



What would you do with military ID that you can't do any other way? Shop at the PX?

http://www.pogowasright.org/article.php?story=2008030314490384

Military IDs, Equipment Stolen Over Weekend

Monday, March 03 2008 @ 02:49 PM EST Contributed by: PrivacyNews News Section: Breaches

More than 200 military identification cards, and equipment that can be used to make more, was stolen during a burglary at a U.S. Army Reserve Center on Milwaukee's northwest side over the weekend, police said Monday.

Source - WISN.com



Just 'cause it's local...

http://www.pogowasright.org/article.php?story=2008030316595561

CO: Identity theft ring members indicted

Monday, March 03 2008 @ 04:59 PM EST Contributed by: PrivacyNews News Section: Breaches

Eight members of an identity theft ring operating across the metro area were indicted today on 89 felony counts.

The gang is accused of stealing mail, breaking into cars and burglarizing homes and businesses to steal personal information, according to Scott W. Storey, district attorney for Jefferson and Gilpin counties.

...Investigators believe there were more than 20 victims, including businesses and individuals. Among the businesses hit by the group were Safeway and Home Depot.

Source - Rocky Mountain News



Comcast digs themselves deeper? Organizations need to consider that when they publish data the entire world has the opportunity to review and comment.

http://arstechnica.com/news.ars/post/20080303-advocacy-groups-bash-comcasts-technical-sounding-nonsense-fcc.html

Advocacy groups bash Comcast's "technical-sounding nonsense"

By Nate Anderson | Published: March 03, 2008 - 08:11AM CT

The Electronic Frontier Foundation and Free Press, two of the biggest backers of the FCC's investigation into Comcast's traffic management practices, late last week filed reply comments with the Commission. The goal of both was to undermine the arguments trotted out by Comcast in defense of its BitTorrent "delaying" practices.

While the EFF turned in a dense and thoughtful discussion of the importance of corporate transparency (PDF), Free Press ranged much wider (PDF), seeking to undermine the whole edifice of "technical-sounding nonsense" coming from Comcast HQ. Taken together, both sets of comments make a strong case that Comcast's decision to block "pure seeding" during periods of network congestion was both poorly handled and is technically unnecessary.



...because...

http://www.pogowasright.org/article.php?story=20080303065330280

Data “Dysprotection:” breaches reported last week

Monday, March 03 2008 @ 07:12 AM EST Contributed by: PrivacyNews News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent



Always amusing...

http://jurist.law.pitt.edu/monitor/2008/02/constitutionality-of-fisa-duke-law.php

The Constitutionality of FISA [Duke Law School]

9:43 PM ET

The Constitutionality of FISA, Duke Law School, February 18, 2008 [Professor Robert Turner, University of Virginia]. RealPlayer, 58 minutes. Watch recorded video.



I suspect more politicians will find this an easy subject for “We gotta do something” politics.

http://www.pogowasright.org/article.php?story=20080303124811471

(follow-up) O’Toole Renews Call For Immediate Investigation Of Horizon Blue Cross/Blue Shield Data Breach

Monday, March 03 2008 @ 12:48 PM EST Contributed by: PrivacyNews News Section: Breaches

Senator Kevin O’Toole (R-40) called today for immediate hearings on the loss of a laptop containing the personal data of more than 300, 000 customers of Horizon Blue Cross/Blue Shield of New Jersey. The computer was stolen in early January. It was reported that the laptop was taken home by an employee who regularly worked with customer data outside of Horizon offices.

"An immediate investigation into the loss of this information must be launched immediately," O’Toole stated. [redundantly... Bob] "How many other Horizon laptops are out there, filled with unencrypted and easily retrievable customer data, just waiting to be lost or stolen?"

Source - PolitickerNJ.com



Anyone can spy on their neighbor...

http://www.webupon.com/Web-Talk/Top-10-Barely-legal-Gadgets-for-the-Modern-Spy.89197

Top 10 Barely-Legal Gadgets for the Modern Spy

by Alex Santeria, Mar 3, 2008

This is a guide I wrote for people who have a desire to obtain gadgets like James Bond without being enrolled in the military or secret service.

Here are listed 10 categories of devices you can buy to make you feel like a James Bond, from laser beams that cut things to x-ray goggles that see through clothes to CSI grade forensic lab hardware.



Another Home-Surveillance tool. Eventually all security types will be required to wear these and record everything that second class cotizens do,,,

http://hardware.slashdot.org/article.pl?sid=08/03/03/2117250&from=rss

Cyber-Goggles Record and Identify Every Object You See

Posted by Zonk on Monday March 03, @05:51PM from the partially-sapient-ai-additional-charge dept. Robotics Hardware

RemyBR writes "Researchers at the University of Tokyo have developed a smart video goggle system that records everything the wearer looks at, recognizes and assigns names to objects that appear in the video. Advanced programs then go back and create an easily searchable database of the recorded footage. Designed to function as a high-tech memory aid, these 'Cyber Goggles' promise to make the act of losing your keys a thing of the past, according to head researcher professor Tatsuya Harada. 'In a demonstration at the University of Tokyo last week, 60 everyday items -- including a potted begonia, CD, hammer and cellphone -- were programmed into the Cyber Goggle memory. As the demonstrator walked around the room viewing and recording the various objects, the names of the items appeared on the goggle screen. The demonstrator was then able to do a search for the various items and retrieve the corresponding video.'"

Add in facial recognition technology and this would make for a great aid at conferences and family reunions.



“We are French! This makes perfect sense to us!”

http://techdirt.com/articles/20080304/005526425.shtml

France Decides That Expressing An Opinion About Your Teachers Should Be Illegal

from the please-explain? dept

Sites like RateMyTeacher.com and RateMyProfessor.com have been around in the US for ages, but it appears that some other countries aren't too thrilled with the concept. Last year, a teachers' union in the UK demanded that the sites be banned which seemed a bit extreme. However, in France things have gone even further, as a court has banned such sites from naming teachers entirely, and is threatening huge fines if the site continues to do so. It makes you wonder what good the site is if it can't actually name teachers.

Either way, it does raise a larger issue: what is wrong with a site that allows students to rate their teachers, and allows students, parents and the schools themselves to see what the students feel about various teachers? In France, they're saying it's a violation of privacy, but it's not clear what privacy is being violated. [We have the right to be bad teachers without anyone knowing! Bob] It seems the only violation is in preventing students from giving feedback and their honest opinions. Even the article notes that the average rating was quite favorable for teachers. This seems like the type of site that could only be useful. Yes, there will occasionally be an angry student who posts a bad review, but on the whole, you'd imagine that the ratings will even out and be accurate over time. If a teacher is really worried that their ratings are poor, perhaps that says more about their teaching ability than it does about this particular site.

No comments: