Sunday, March 30, 2008

No network? No encryption? No security! (Do they really get 3500 visitors a day?) Another interesting tidbit: The drive was last used on Monday (March 3rd) –but there are no visiting hours on Mondays... http://www.cdcr.ca.gov/Visitors/Facilities/SQ.html

http://www.pogowasright.org/article.php?story=20080329170230439

San Quentin loses data on 3,500 visitors

Saturday, March 29 2008 @ 05:02 PM EDT Contributed by: PrivacyNews News Section: Breaches

A flash memory drive containing names, birth dates and driver's license numbers of more than 3,500 people who either volunteered or visited San Quentin State Prison in a group tour has been lost, a prison official said Friday.

The flash drive was used to move the data each evening from the prison's administrative office near the parking lot to computers at the two entrance gates to the facility to allow guards to identify volunteers or groups, such as college students, that tour the prison, said Samuel Robinson, a San Quentin spokesman.

Source - San Francisco Chronicle

[From the article:

"It's our security measure to walk the flash drive."

The flash drive did not contain Social Security numbers, but the personal information on visitors was not encrypted, he said, adding that the prison has since decided to encrypt the data.



Bad law or just the “TJX Strategy?”

http://www.pogowasright.org/article.php?story=20080330072906612

Hannaford case exposes holes in law, some say

Sunday, March 30 2008 @ 07:29 AM EDT Contributed by: PrivacyNews News Section: Breaches

A security breach at grocery chain Hannaford Brothers Cos. is testing the teeth in Massachusetts' new data-privacy law. more stories like this

The law, passed last year, requires companies to notify officials and residents when they lose control of records that could lead to the theft of such information as a person's name and credit card number. State officials say the law applied in the case of Hannaford, which disclosed on March 17 that 4.2 million credit and debit card numbers were potentially exposed to fraud.

... In a letter sent last week to Massachusetts officials after they asked about the incident, Hannaford's general counsel Emily D. Dickinson wrote that the loss of card numbers alone did not amount to the loss of "personal information" as defined in the Massachusetts law. "We provide this notice as a form of voluntary cooperation," she wrote, adding that company officials believed "notice of this event is not required."

Source - Boston Globe

[From the article:

Some outside legal and security specialists say Hannaford has a point. Thirty-nine states have laws requiring some form of disclosure after a data breach; most of those laws, such as the one in Massachusetts, say companies must file reports when they lose payment card data connected with customers' names or other personal details. Many of the laws don't address what happens when only payment card numbers and expiration dates - with no names - are lost, as in the Hannaford case.

... Hannaford says it knows of around 2,000 cases of fraud tied to the breach. [So you don't always need the “customers' names or other personal details” I guess... Bob]



Makes you wonder what other “problems” there will be with surveillance videos...

http://news.yahoo.com/s/ap/20080329/ap_on_fe_st/odd_red_faced_cops;_ylt=AjcEZEoo1dgSW94Rn8ID1QOs0NUE

Police sorry for using wrong camera pics

Sat Mar 29, 10:59 AM ET

Police in La Crosse are a little red-faced right now.

They're apologizing after issuing an alert about a woman suspected of using a stolen credit card at a convenience store. They also helpfully issued surveillance video images of her.

Someone who works with the woman saw it and recognized her.

"The woman said her co-worker was kind of joking around and said, 'I thought I saw you on Crime Stoppers,'" said Officer Drew Gavrilos. "The woman hopped online and watched the video and found it was her."

But she hadn't done the crime.

Gavrilos said the mistake happened when police matched surveillance video with cash register information, trying to identify whoever used the stolen card.

They didn't realize there were two similar transactions about the same time. [Do you think there might have been three? 6? 92? Bob]

"We had two very similar looking people come to the register about 10 to 20 seconds apart," each buying similar things, Gavrilos said. "It was a one-in-a-million type of thing." [Speaking statistically, that would be a two-in-a-million kind of thing... Bob]

They picked the wrong one [I doubt they knew they had two to pick between... Bob] for the Crime Stoppers information, and the public service announcement ran for three days before the mix up caused it to be pulled.



Makes you wonder what other “problems” there will be with biometric data...

http://www.pogowasright.org/article.php?story=20080329170519858

Hacker Club Publishes German Official's Fingerprint

Saturday, March 29 2008 @ 05:05 PM EDT
Contributed by: PrivacyNews
News Section: Breaches

A number of readers let us know about the Chaos Computer Club's latest caper: they published the fingerprint of German Secretary of the Interior Wolfgang Schäuble (link is to a Google translation of the German original). The club has been active in opposition to Germany's increasing push to use biometrics in, for example, e-passports. Someone friendly to the club's aims captured Schäuble's fingerprint from a glass he drank from at a panel discussion.

Source - slashdot

[From the article:

The club published 4,000 copies of their magazine Die Datenschleuder including a plastic foil reproducing the minister's fingerprint — ready to glue to someone else's finger to provide a false biometric reading. The CCC has a page on their site detailing how to make such a fake fingerprint.



Makes you wonder what other “problems” there will be with text messages...

http://www.news.com/8301-10784_3-9906026-7.html?part=rss&subj=news&tag=2547-1_3-0-5

March 29, 2008 12:18 PM PDT

Finnish minister the latest politician sunk by texting

Posted by Michelle Meyers

Following a recent trend of politicians embroiled in text message-related sex scandals, Finland's foreign minister is facing calls for his resignation Saturday after a tabloid published a suggestive text message he had sent to an erotic dancer, Reuters is reporting.



Logical from a “go where it is cheapest” philosophy... If they also tweak their laws to be “provider friendly” they may succeed.

http://hardware.slashdot.org/article.pl?sid=08/03/29/2331218&from=rss

Iceland Woos Data Centers As Power Costs Soar

Posted by kdawson on Sunday March 30, @12:17AM from the where-cool-meets-hot dept. Power IT

call-me-kenneth writes

"Business Week covers the soaring demand for power and cooling capacity in data centers. Electricity consumption for US data centers more than doubled between 2000 and 2006. Among the other stats: for every dollar spent on computing equipment in data centers, an additional half dollar is spent each year to power and cool them; and half the electricity used goes for cooling. Iceland, with its cool climate and abundant cheap power, is courting big users like Google and Microsoft as a future data center location. (Can't help thinking they're gonna need a bigger cable first, though.)"



A case of the lawyers trumping common sense?

http://www.news.com/8301-10784_3-9906064-7.html?part=rss&subj=news&tag=2547-1_3-0-5

Report: Complaints trigger rewrite of Photoshop Express terms

Posted by Michelle Meyers March 29, 2008 3:54 PM PDT

It appears Adobe is quickly responding to concerns about a surprising clause in its terms of service for Photoshop Express, the free Web-based software launched Wednesday that has otherwise been well-received.

Users were taken aback by a clause that basically gives Adobe the right to do anything it wants with their photos. As CNET's Lori Grunin first pointed out in her review on Webware, the clause in question goes like this:

Adobe does not claim ownership of Your Content. However, with respect to Your Content that you submit or make available for inclusion on publicly accessible areas of the Services, you grant Adobe a worldwide, royalty-free, nonexclusive, perpetual, irrevocable, and fully sublicensable license to use, distribute, derive revenue or other remuneration from, reproduce, modify, adapt, publish, translate, publicly perform and publicly display such Content and to incorporate such Content into other Materials or works in any format or medium now known or later developed.

Grunin's response: "I'm going to give Adobe the benefit of the doubt and assume someone forgot to put the choke collar on the lawyers, letting something this undesirable slip through." And she was right on the money, at least according to a report from Adobe blogger John Nack, who contacted Adobe with concerns about the terms of service.

Nack wrote that he got a note back from the Photoshop Express team Friday stating that it agrees the clause "implies things we would never do with content," and therefore the legal team is making it a priority to post revised terms.



For my Hackers-in-Training...

http://www.technewsworld.com/rsstory/62362.html

Laptop Lockdown: How to Secure the Data Vaults

By Sven Appel Deutsche Presse-Agentur 03/30/08 4:00 AM PT

When a laptop is lost or stolen, sometimes losing the computer itself isn't so bad as losing the data that was on that computer and wondering what someone might do with it. Whether your laptop is carrying state secrets or just a personal diary, here are some ways to keep your computer's data locked up tight.


Ditto (Video) Illustrates how simple a hack can be...

http://digg.com/educational/How_To_Hack_Facebook_In_less_than_1_Minute

How To Hack Facebook In less than 1 Minute watch!

youtube.com — Change the mood of any user on Facebook who has the Moods application installed... all you need is their user id and a few tools. No, it shouldn't be this easy. That's why I uploaded this. Hopefully it won't work for long.

http://www.youtube.com/watch?v=w65s1iyXqLo



I often fail to understand corporate logic(?) -- this is one of those times...

http://mobile.slashdot.org/article.pl?sid=08/03/29/1514258&from=rss

Jail-Breaking iPhones at the Apple Store

Posted by CmdrTaco on Saturday March 29, @12:04PM Hardware Hacking Apple

An anonymous reader writes

"According to an article in Xconomy, iPhone hacker and author Jonathan Zdziarski was invited to speak at an Apple Store in Cambridge, MA last week where he talked about the history of iPhone hacking, jail-breaking, and limitations of the official SDK. From the article, "Zdziarski was one of the first software engineers to figure out how to hack the iPhone, and he's the author of a forthcoming O'Reilly Media book called iPhone Open Application Development, which gives readers explicit instructions on jail-breaking iPhones. So for Apple to give Zdziarski the podium at an Apple retail location is a little like Steve Ballmer inviting Linus Torvalds to speak at a Windows product launch." Zdziarski reports in his own blog how the open source community was on the iPhone developer scene as early as 2007, long before enterprises got there, and estimates that nearly 40% of all iPhones have been jail-broken to run the third-party community software installer. Finally, this story from Top Tech News suggests that open source software might actually create competition for Apple's "official" developers, because applications using the open source iPhone compiler are not subject to the same limitations as official Apple SDK programs are."



I knew a guy who thought himself the world's leading authority on Fernando Pó (Now Bioko) No doubt he would have loved this resource...

http://ucblibraries.colorado.edu/govpubs/for/foreigngovt.htm

Foreign Information by Country



Is this interesting to my many librarian readers?

http://journal.code4lib.org/articles/47

Free and Open Source Options for Creating Database-Driven Subject Guides

Issue 2, 2008-03-24



Dilbert explains why Corporate Security is the way it is.

http://www.unitedmedia.com/comics/dilbert/archive/images/dilbert2008033349280.jpg

No comments: