Thursday, March 20, 2008

Notice that this happens much faster than it used to...

http://www.pogowasright.org/article.php?story=20080319191748590

(follow-up) Hannaford hit with class action suit in data breach

Wednesday, March 19 2008 @ 07:17 PM EDT Contributed by: PrivacyNews News Section: Breaches

Hannaford Bros. Co. has been hit with two class action lawsuits filed on behalf of consumers whose credit and debit card numbers were stolen as a result of a security breach.

A Philadelphia law firm, Berger & Montague, said it filed suit Wednesday in U.S. District Court in Portland, alleging that the supermarket chain was negligent for failing to provide adequate security for computer data. A similar lawsuit filed in U.S. District Court in Bangor named Melinda Ryan as lead plaintiff.

Source - Seacoastonline.com

Related - More Victims Emerge In Credit Card Theft



Just wait until the TSA gets its hand on this data!

http://www.phiprivacy.net/?p=130

Mar-19-2008

States Hand Over the DNA of Newborns to DHS (OpEd)

Marti Oakley writes:

Unknown to most new parents, or those who became parents in the last ten or so years, DNA of newborns has been harvested, tested, stored and experimented with by all 50 states. And all 50 states are now routinely providing these results to the Homeland Security Department.

... There are other nagging problems with this system. Although the national website http://genes-r-us.uthscsa.edu/ insists that this harvesting of DNA is a highly visible program, my own polling of parents of newborns, or the grand parents had no idea that this was being done to their children and grand children. Further, not one knew that they had the right to demand the blood and tissue samples be destroyed after 45 days per written request. Even had they known, and the samples were destroyed (you would have no way of knowing if they really were) the information gleaned from them would still be available and on file …. in perpetuity.



Worth tracking down this paper...

http://www.pogowasright.org/article.php?story=20080320064339309

AU: Privacy reforms to cause industry shake-up

Thursday, March 20 2008 @ 06:43 AM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

Australia could see its biggest data breach yet when tough privacy laws clash with lax security culture.

Amendments to the Privacy Act include a range of sweeping new powers allowing the Privacy Commissioner to enforce the mandatory reporting of new data breaches.

... An Australian Law Reform Commission (ALRC) discussion paper detailing 301 privacy reforms is expected to go to parliament in June after it was delayed past its March 31 deadline.

The reforms will be mandated after the paper and submissions have been discussed in parliament, which industry experts say will be no earlier than 2009.

Source - CIO

[ALRC web site: http://www.alrc.gov.au/



Ignorance of the technology is no excuse?

http://www.pogowasright.org/article.php?story=20080320063454621

You have right to remain silent; your car may not

Thursday, March 20 2008 @ 06:34 AM EDT Contributed by: PrivacyNews News Section: In the Courts

Raleigh police are building a second-degree murder case against a man accused of drunken driving in part by using a small on-board computer in the man's car. If he's like most people, he didn't know it was even there.

Investigators obtained a search warrant that allowed them to extract information from an instrument known as an event data recorder in the 2001 Cadillac Deville that Kenya Teverris Alston, 31, was driving when he struck a Honda in the early hours of March 1. The driver of the Honda, Matthew Kraft, 21, was killed.

Source - The News & Observer/a>



This pretty much sums it up.

http://www.phiprivacy.net/?p=131

Mar-19-2008

Vendor identifies top five healthcare data security risks

Molly Merrill writes in Healthcare IT News that Absolute Software Corporation, a security software solutions vendor, has identified the top five data security risks most often faced by healthcare facilities. The five risks are:

1. Failure to protect sensitive data beyond encryption.
2. Inability to accurately manage mobile computer assets.
3. Sensitive information on public terminals.
4. Difficulty implementing a comprehensive data security plan.
5. Reluctance to create a data breach policy.

Full story - Healthcare IT News



What? A voting machine with errors? How unimaginable! Fortunately, the logs will reveal all...

http://yro.slashdot.org/article.pl?sid=08/03/19/1923220&from=rss

Ohio Investigating Possible Vote Machine Tampering Last Year

Posted by Zonk on Wednesday March 19, @03:46PM from the bit-of-dirty-pool dept. Government The Courts Politics

MozeeToby writes

"The Columbus Dispatch is reporting on a criminal investigation currently being performed in Franklin County Ohio. It seems several voting machines listed a candidate as withdrawn from the race when in fact he wasn't. By the time the investigations tracked down which machines had been affected, the candidate's name was back on the ballot. Normally, we could dismiss this as confusion or a mistake on the part of the voter(s) who noticed it. In this case, the person who first noticed the discrepancy was Ohio Secretary of state Jennifer Brunner. Further compounding matters, the Franklin County Board of Elections had disabled virtually all logging on the machines to speed setup of the balot. Naturally, the county board remains sceptical of these accusations."


Related. How to steal an election? (Just practicing, but they didn't clean up very well...)

http://www.freedom-to-tinker.com/?p=1266#comments

Evidence of New Jersey Election Discrepancies

March 19th, 2008 by Ed Felten

Press reports on the recent New Jersey voting discrepancies have been a bit vague about the exact nature of the evidence that showed up on election day. What has the county clerks, and many citizens, so concerned? Today I want to show you some of the evidence.


Related. “You can't investigate our product.” OR “Trust us. What could go wrong?”

http://techdirt.com/articles/20080319/003853580.shtml

More On Sequoia's Legal Threats Against Ed Felten: The Intimidation Worked

from the freedom-to-threaten-lawsuits dept

Yesterday we covered the threats that e-voting firm Sequoia had sent to Ed Felten and to various officials in New Jersey. Unfortunately, it appears those threats worked: the election officials have backed down and agreed not to send Felten the machine to test. News.com has more details on both the reason for the test and Sequoia's response to the whole mess. The reason? Shockingly enough, Sequoia's e-voting machines malfunctioned during the primary in a way that should scare you: it gave two different vote counts. [Making re-counting twice as easy! Bob] You would think that's a pretty good reason for allowing a qualified, well-respected researcher like Felten to check out the machines. No such luck. Sequoia has tried to explain it away as a bug, but that doesn't explain why the machines shouldn't be tested by a third party.

Sequoia's response to that question is disingenuous, claiming that the company "supports third party reviews and testing of its election equipment." If that's so, then why not Ed Felten? Well, because Sequoia says that the machines have already been through a "rigorous" independent review from an accredited Voting System Test Labs. Ah? Would that be one of the accredited Voting System Test Labs that was barred from further testing for not having proper controls in place and having no evidence that tests were actually conducted? Most of those tests have very limited real-world applicability -- which is what Felten is good at testing. Sequoia also lists out some independent tests in other states that the company was forced into accepting, as if it willingly took part in them. Yet, what the company doesn't explain is what it's so scared of in having Felten test its machine. If the company is confident in the machines, then where's the problem? As a last resort, Sequoia appeals to the fact that such a test would break a licensing agreement, noting that "Licensing agreements are standard practice in the technology industry." That's clearly a cop out. While it may be legally correct, it's no reason not to let a researcher try to figure out if there are any problems with its machines. This isn't some random technology here. This is the technology we're trusting with providing a free and fair election. Sequoia should be ashamed of pulling out legal threats and weak excuses.



I will be watching this. I suspect it is more of the FBI's efforts to prove Congress should “adopt” laws in effect in other countries without mentioning the role they had in drafting them. If this was intended to fight cybercrime, wouldn't they include at least one non-English-speaking country?

http://yro.slashdot.org/article.pl?sid=08/03/19/2225224&from=rss

The International Cyber Cop Unit

Posted by samzenpus on Wednesday March 19, @09:40PM from the cool-job-title dept. The Internet Government

coondoggie writes

"A group of international cyber cops is ramping up plans to fight online crime across borders. The unit, known as the Strategic Alliance Cyber Crime Working Group, met this month in London and is made up of high-level online law enforcement representatives from the U.S., Australia, Canada, New Zealand, and the United Kingdom. One of the main goals of the group is to fight cyber crime in a common way by sharing intelligence, swapping tools and best practices, and strengthening and synchronizing their respective laws."

[Mandatory FBI Press Release: http://www.fbi.gov/page2/march08/cybergroup_031708.html



...and they're ugly, too!” Perhaps Comcast should read this blog. I wonder which agency's regulations they have been following? (We know which they ignore...)

http://slashdot.org/article.pl?sid=08/03/19/1528241&from=rss

Comcast Says FCC Powerless to Stop P2P Blocking

Posted by CmdrTaco on Wednesday March 19, @12:17PM from the impotence-is-a-troubling-issue dept. The Internet

Nanoboy writes

"Even if the FCC finds that Comcast has violated its Internet Policy Statement, it's utterly powerless to do anything about it, according to a recent filing by the cable giant. Comcast argues that Congress has not given the FCC the authority to act, that the Internet Policy Statement doesn't give it the right to deal with the issue, and that any FCC action would violate the Administrative Procedures Act of 1946. '"The congressional policy and agency practice of relying on the marketplace instead of regulation to maximize consumer welfare has been proven by experience (including the Comcast customer experience) to be enormously successful," concludes Comcast VP David L. Cohen's thinly-veiled warning to the FCC, filed on March 11. "Bearing these facts in mind should obviate the need for the Commission to test its legal authority."'"



Tools & Techniques

http://www.hyperionics.com/hsdx/index.asp

HyperSnap

HyperSnap is the fastest and easiest way to take screen captures from Windows screen, and text capture (TextSnap™) from places where normal text copy is not possible. HyperSnap combines the power of a first-class screen capture application with an advanced image editing utility - wrapped into one easy-to-use tool!

No comments: