Please tell me this isn't deja vu all over again?
http://www.wpri.com/Global/story.asp?S=8027693&nav=menu20_3
Mass. bankers say retailer hit by big data breach in New England
Associated Press - March 17, 2008 12:54 PM ET
BOSTON (AP) - The Massachusetts Bankers Association is warning consumers about another data breach involving a major retailer.
The association said Monday about a third of its 200 member banks have been contacted by Visa and MasterCard. The alerts advised that some of the credit and debit cards the banks issued could be at risk.
Credit card companies haven't named the retailer in the breach, which is believed to affect consumers in Massachusetts and northern New England states.
MasterCard said in a statement it could not name the retailer because the breach is the subject of an ongoing investigation by law enforcement.
The bankers association says the breach reportedly occurred from Dec. 7 to March 10.
This is NOT the breach in the previous article
http://www.pogowasright.org/article.php?story=20080317161650243
Supermarket data breach affects 4.2 million accounts
Monday, March 17 2008 @ 04:16 PM EDT Contributed by: PrivacyNews News Section: Breaches
The Hannaford Bros. supermarket chain said a breach of its computer system led to the theft of about 4.2 million credit and debit card numbers from its Hannaford and Sweetbay stores and other locations.
Hannaford, based in Maine, said about 1,800 cases of fraud have been tied to the breach, [Commendable honesty! (and indication of significant delay in reporting?) Bob] but no personal information -- such as names or addresses -- was accessed, and it has contained the breach.
Source - Boston.com
[From the article:
The company said in a statement posted to its website that the stolen data was "illegally accessed from our computer systems during transmission of card authorization.'' [Another case of no encryption? Bob]
This is related
http://www.pogowasright.org/article.php?story=2008031717363788
Credit card numbers stolen from Sweetbay grocery stores
Monday, March 17 2008 @ 05:36 PM EDT Contributed by: PrivacyNews News Section: Breaches
1.6 million customers of Sweetbay have had their credit card numbers stolen. Sweetbay's parent company Hannaford blames a "data intrusion" of its computer network. No personal information, like names or addresses, were accessed.
The numbers stolen between December 7, 2007 and March 8, 2008.
The company asks Sweetbay customers to carefully review credit card statements, and call your credit card company right away if you spot a problem.
Hannaford has opened a hotline for customers to received more information or ask questions about the security breach. that number is 866-591-4580.
Source - TampaBays10.com
For those of us who track this kind of stuff...
Police Blotter: Murderer nabbed via tracking, Web search
Husband's death is discovered through a vehicle-tracking device and a search for "decomposition of a body in water."
By Declan McCullagh Staff Writer, CNET News.com Published: March 18, 2008, 5:41 AM PDT
What: Woman sentenced to 25 years in prison for murdering her husband, in part because of Internet searches and GPS tracking, appeals on Fourth Amendment grounds.
When: Texas appeals court rules on March 13.
Outcome: Sentence upheld.
What happened, according to court documents:
I never would have expected the FTC to do this.
http://www.pogowasright.org/article.php?story=20080317173811712
FTC Deal Suggests Enterprises Could Be Liable for Poor Security
Monday, March 17 2008 @ 05:38 PM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy
The Federal Trade Commission settled a lawsuit against ValueClick today for making email and advertising claims that were deceptive and misleading. But as with many other legal documents, the real impact of the decision might be in the fine print.
... But there's a twist : ValueClick was also found guilty of violating its own privacy policy, which promises to protect customer data and implement "reasonable security measures." The FTC nailed ValueClick for failing to encrypt data when its privacy policy promises encryption, and even for failing to fix vulnerabilities to SQL injection attacks.
In a nutshell, the decision means that enterprises could be found negligent for promising to protect user data but subsequently failing to implement the security precautions required to meet those promises. If you promise good security and then fail to provide it, it could weigh against you in court, the decision says.
Source - Dark Reading
Speaking of poor security? What manager thought of sending a letter like this?
http://www.freedom-to-tinker.com/?p=1265#comments
Interesting Email from Sequoia
March 17th, 2008 by Ed Felten
A copy of an email I received has been passed around on various mailing lists. Several people, including reporters, have asked me to confirm its authenticity. Since everyone seems to have read it already, I might as well publish it here. Yes, it is genuine.
Sender: Smith, Ed [address redacted]@sequoiavote.com
To: felten@cs.princeton.edu, appel@princeton.edu
Subject: Sequoia Advantage voting machines from New Jersey
Date: Fri, Mar 14, 2008 at 6:16 PM
Dear Professors Felten and Appel:
As you have likely read in the news media, certain New Jersey election officials have stated that they plan to send to you one or more Sequoia Advantage voting machines for analysis. I want to make you aware that if the County does so, it violates their established Sequoia licensing Agreement for use of the voting system. Sequoia has also retained counsel to stop any infringement of our intellectual properties, including any non-compliant analysis. We will also take appropriate steps to protect against any publication of Sequoia software, its behavior, reports regarding same or any other infringement of our intellectual property.
Very truly yours,
Edwin Smith
VP, Compliance/Quality/Certification
Sequoia Voting Systems
Is Microsoft's move to compliance about to backfire? http://www.informationweek.com/news/showArticle.jhtml?articleID=206904001
Internet Explorer 8 Could Break Applications, Gartner Warns
Microsoft's support for Web standards in IE 8 could hurt apps built to work with the company's own protocols, the research firm says.
By Paul McDougall InformationWeek March 17, 2008 09:12 AM
(They can't mean “personal” drives, can they?) Interesting take on securing them however...
http://it.slashdot.org/article.pl?sid=08/03/18/0518242&from=rss
State Agency to Destroy Unauthorized USB Drives
Posted by Zonk on Tuesday March 18, @05:21AM from the what-they-don't-know-won't-hurt-you dept. Data Storage Government Privacy IT
Lucas123 writes
"The State of Washington's Division of Child support has forced hundreds of workers to turn in personal USB flash drives and has instead begun issuing corporate-style USB drives. The goal is to centrally monitor, configure and prevent unauthorized access to storage devices. So far about 150 common drives have been issued. The agency eventually plans to destroy all existing thumb drives collected as part of the security policy change."
[From the article:
Brian Main, the division's data security officer, said the new drives promise to help officials keep better track of mobile data by integrating them with Web-based management software that can centrally monitor, configure and prevent unauthorized access to the miniature storage devices.
... The software, which relies on a Web connection to directly communicate with agents on the tiny flash drives, can also remotely monitor and flush any lost drives, he said.
Employee monitoring, the next wave? “If our employes aren't happy we beat them until they are!”
http://tech.yahoo.com/xb/hughes?blogpost=24619
Watch tells the boss how you're feeling at work
Fri Mar 14, 2008 2:57PM EDT
Remember that spying mouse with bio-sensors that tells you boss if you're stressed out at work? IO9 found another gadget that gives the boss even more insight into your emotional and physiological well-being while you're in the office. Exmocare's monitoring watch, called the BT2, can measure a person's heart rate, location, body temperature, and skin moisture levels then sends all that information to a central database using a Bluetooth connection.
This letter nicely sums up the dilemma.
http://www.pogowasright.org/article.php?story=20080317150228499
UK: Phorm Pharce — FIPR open letter
Monday, March 17 2008 @ 03:02 PM EDT Contributed by: PrivacyNews News Section: Internet & Computers
... an open letter on the subject from the Foundation for Information Policy Research to Britain’s information commissioner.
[...] We therefore consider that even if third party scanning obtains the fully-informed and explicit consent of a user, it simply cannot hope to obtain all the consents necessary from others. It therefore involves unlawful interception; and it therefore cannot comply with either the first or the second of the data protection principles.
Source - p2pnet.net
Related - BBC: Phorm 'illegal' says policy group
Shouldn't every shop owner have this ability? After all, when did health care become a right?
http://online.wsj.com/article/SB120580305267343947.html?mod=hpp_us_inside_today
Why Hospitals Want Your Credit Report
Many Are Using Personal Data To Assess Your Ability to Pay; Concerns About Denial of Care
By SARAH RUBENSTEIN March 18, 2008
In a development that consumer groups say raises privacy issues, a growing number of hospitals are mining patients' personal financial information to figure out how likely they are to pay their bills.
... Hospitals have "a limited amount of resources that are available to actually execute the collection process," says Karen Godfrey, who runs revenue management at Baptist Health South Florida, a Miami system of five nonprofit hospitals that is likely to adopt one of these systems soon. "You want to concentrate on the ones that have the ability to pay."
Consumer advocates say the practice creates the potential for hospitals to misuse the information by denying or cutting back on patients' care if they can't pay.
Protecting drivers or profits? Easy call...
http://techdirt.com/articles/20080313/231629539.shtml
Yet Another Study Shows Red Light Cameras Cause More Accidents And Aren't Needed
from the it's-all-about-the-money dept
Over and over again, we've seen studies that have shown that red light cameras tend to increase, not decrease auto accidents, and certainly don't do much to improve safety. The Agitator points us to yet another study, this time from researchers at the University of South Florida, who again point out that red light cameras tend to increase the number of accidents. The research also points out that accidents from running red lights are rather rare, and it's hardly a problem that requires automation. As for the few studies that have shown better safety from red light cameras, every single one came from a group poised to make money off of the cameras -- and they certainly do make money. It's just unfortunate that it seems to come at the expense of more car accidents, all in the bogus name of public safety. Update: Of course, just after publishing this, I see a story on Engadget about how Dallas has found that red light cameras are effective in preventing red light violations (no word on rear end collisions from people slamming on the brakes however). Yet, here's the irony: because of that, the city gov't doesn't want to install any more, as it's cutting into revenue.
Tools & Techniques: How to muzzle your problem clients. (Interesting that the credit card companies can even talk to these people before they testify...
http://blog.seattlepi.nwsource.com/consumersmarts/archives/134417.asp
Testify, but first waive your privacy
Last week, a House subcommittee invited ordinary citizens, consumer advocates and credit card issuers to testify on a proposed credit card bill of rights that would ban abusive practices, such as arbitrary rate hikes or charging interest on balances already paid off.
Four consumers never got to testify, when they declined to sign waivers allowing credit issuers to make public their information.
Elizabeth Warren, a Harvard University law professor who did testify Thursday, explained in this blog post:
They had flown in from around the country with their credit card bills in hand, only to learn that they couldn't talk unless they would sign a waiver that would permit the credit card companies to make public anything they wanted to tell about their financial records, their credit histories, their purchases, and so on. The Republicans and Democrats had worked out a deal "to be fair to the credit card lenders." These people couldn't say anything unless they were willing to let the credit card companies strip them naked in public.
See, it's not the thought that counts! (Business model: Build cell phones into ear warmers...)
http://techdirt.com/articles/20080316/153047550.shtml
Best Excuse Ever For Using A Mobile Phone While Driving: It Was Just To Warm My Ears
from the gotta-remember-that-one dept
It's become quite common these days for various local governments to pass laws forbidding the use of mobile phones while driving (though, most allow the use of a hands free kit, which might not be any safer). However, one truck driver in Germany figured out a loophole that got him off the hook: he claimed he wasn't talking on the phone, but just using a recently charged mobile phone to warm his ears -- and the court believed him after he showed an itemized bill that showed no phone call at the time (found via Fark, of course). The man claims he had an earache, and that the heater in the truck cab took too long to warm up, so he was using the phone instead -- though, you can understand why the police officer might not have believed him.
For my web site class...
http://www.news.com/8301-13577_3-9895536-36.html
CBS to bloggers: Install our widgets, and we'll split the profits
Posted by Caroline McCarthy March 17, 2008 7:47 AM PDT
CBS Television Stations has launched a new program to get its local news headlines onto blogs and social-media sites, the CBS division said Monday.
Called the CBS Local Ad Network, it's a way for participating region-focused blogs to pull in extra cash by embedding CBS news widgets on their sites and splitting the revenue of accompanying ads with CBS.
On Monday, the program was launched in a selection of the TV network's regional markets: Boston, Dallas-Fort Worth, San Francisco, Denver, and Chicago. Within the next few weeks, CBS has said, the CBS Local Ad Network will come to New York, Los Angeles, Philadelphia, Minneapolis-St. Paul, Miami, Sacramento, Pittsburgh, and Baltimore.
Ditto
http://www.killerstartups.com/Web-App-Tools/BasicStatecom---Free-Web-Monitoring/
BasicState.com - Free Web Monitoring
... BasicState runs a website monitoring service which ensures that your site is up and running properly. It will alert you whenever there’s a problem with your site via email and SMS text message. The service checks your site every 15 minutes and you’ll be sent a daily email report of your site’s performance.
Ditto
http://www.killerstartups.com/Web-App-Tools/ReadTheWordscom---Convert-Documents-Feeds-into-MP3s/
ReadTheWords.com - Convert Documents, Feeds into MP3s
ReadtheWords is an absolutely free service which converts text into MP3. All you’ve got to do is sign up and select what files you want to convert. Read works with PDF documents, Word, HTML files, and even RSS feeds.
... Finally, download your mp3 to your iPod, post your reading on your blog, make a podcast, or simply listen to it online.
No comments:
Post a Comment