See, you don't need an expensive laptop to compromise data... (How do they know this was created by the police? They admitted it in this case.)
http://www.pogowasright.org/article.php?story=20080313065625230
UK: Police suffer memory loss
Thursday, March 13 2008 @ 06:56 AM EDT Contributed by: PrivacyNews News Section: Breaches
A POLICE memory stick containing confidential information about offenders known to the police has been found by a member of the public.
The stick contained offenders' names, addresses and convictions and was found lying in a gutter outside a betting shop in Stevenage, according to a national newspaper.
It said a passer-by picked up the stick containing 330 megabytes of data, equivalent to 165,000 pages, and was able to access the confidential information at home, as it was not encrypted.
Source - The Comet
Interesting, no?
http://www.pogowasright.org/article.php?story=20080314065715406
Is the Fifth Amendment Password Protected?
Friday, March 14 2008 @ 06:57 AM EDT Contributed by: PrivacyNews News Section: In the Courts
We are cautioned to create undecipherable passwords and personal identification numbers to protect our privacy, identity and property. On the flip side, these protections may be put to the test in a criminal investigation.
Until recently, the Fifth Amendment provided guidance in responding to demands for keys to lock boxes and combinations for safes. Now suspects are being asked to disclose information that will access computer hard drives and open encrypted files. How far will the Constitution protect the right against self-incrimination in light of increasingly sophisticated means of securing computer contents?
Source - Law.com
[From the article:
The judge concluded that revealing the password was the same as turning over the contents of the laptop. It was an act of production that became testimonial. Giving up the password would establish or confirm that the files existed, were within defendant's possession or control (custody) and authentic. The grand jury's subpoena put Boucher in the dicey position of potentially implicating himself, committing perjury or being held in contempt.
Pass this to your Security Manager
http://it.slashdot.org/article.pl?sid=08/02/17/1628210&from=rss
A Look at the State of Wireless Security
Posted by Soulskill on Sun Feb 17, 2008 02:30 PM from the tubes-of-the-ether dept.
An anonymous reader brings us a whitepaper from Codenomicon which discusses the state and future of wireless security. They examine Bluetooth and Wi-Fi, and also take a preliminary look at WiMAX. The results are almost universally dismal; vulnerabilities were found in 90% of the tested devices[PDF]. The paper also looks at methods for vendors to preemptively block some types of threats. Quoting: "Despite boasts of hardened security measures, security researchers and black-hat hackers keep humiliating vendors. Security assessment of software by source code auditing is expensive and laborious. There are only a few methods for security analysis without access to the source code, and they are usually limited in scope. This may be one reason why many major software vendors have been stuck randomly fixing vulnerabilities that have been found and providing countless patches to their clients to keep the systems protected."
Ditto
National Vulnerability Database Version 2.1
NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics. NVD supports the Information Security Automation Program (ISAP).
Ditto?
http://www.modsecurity.org/blog/archives/2008/02/web_hacking_inc.html
Web Hacking Incidents Database Annual Report for 2007
Posted by ofer on February 17, 2008.
Breach Labs which sponsors WHID has issued an analysis of the Web Hacking landscape in 2007 based on the incidents recorded at WHID. It took some time as we added the new attributes introduced lately to all 2007 incidents and mined the data to find the juicy stuff:
This won't worry my readers as most have loyalty cards issued in the name of a certain DU Law School professor. It probably will confuse Kroger – he buys thousands of dollars worth of groceries in dozens of stores around the state...
http://www.pogowasright.org/article.php?story=20080313070738768
Online Coupons Tied To Loyalty Cards Raise Privacy Concerns
Thursday, March 13 2008 @ 07:07 AM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy
AOL IS EXPECTED TO ANNOUNCE today a free consumer service that ties online coupons to loyalty cards, and privacy experts are less than pleased. However, supporters say that while the cards record purchases and shopping habits, the technology helps marketers focus campaigns on products that shoppers really need.
The Kroger Co. [King Soopers in Colorado Bob] becomes the first to sign up for AOL's Shortcuts. The grocery chain will offer the service at 2,481 stores--such as Kroger, Ralphs, King Soopers and Fry's--in 31 states across the country. General Mills signed on to offer coupons for Cheerios, Green Giant and Yoplait beginning today. Kimberly-Clark and Kraft will begin offering discounts on items by the end of the month.
Source - MediaPost
This sounds like fun!
http://www.pogowasright.org/article.php?story=20080313132816926
Computer searches under F.R.C.P. 34(a) by private litigants; a Fourth Amendment issue?
Thursday, March 13 2008 @ 01:28 PM EDT Contributed by: PrivacyNews News Section: In the Courts
Under the 2006 amendments to F.R.C.P. 34(a), it is now possible in a civil case for a litigant to get access to an opponent's computer or a computer network to conduct their own search for electronic evidence if certain standards are met. See Nolan M. Goldberg, Is Your Data Wide Open to Your Opponent?, in the NLJ.
Source - FourthAmendment.com
Will this increase Steroid use?
http://www.pogowasright.org/article.php?story=20080313174031688
WA high court says random school drug testing unconstitutional
Thursday, March 13 2008 @ 05:40 PM EDT Contributed by: PrivacyNews News Section: Minors & Students
The state Supreme Court ruled Thursday that random drug testing of student athletes is unconstitutional, finding that each has "a genuine and fundamental privacy interest in controlling his or her own bodily functions."
The court ruled unanimously in favor of some parents and students in the lower Columbia River town of Cathlamet who were fighting the tiny Wahkiakum School District's policy of random urine tests of middle school and high school student athletes.
The high court wrote, "we can conceive of no way to draw a principled line permitting drug testing only student athletes."
Source - Seattle Post-Intelligencer
Related - FourthAmendment.com
How the law is enforced...
http://www.bespacific.com/mt/archives/017806.html
March 13, 2008
DOJ OIG: A Review of the FBI’s Use of Section 215 Orders for Business Records
Department of Justice Office of Inspector General: A Review of the FBI’s Use of Section 215 Orders for Business Records in 2006, March 2008, Unclassified (99 pages, PDF)
Ditto
http://www.bespacific.com/mt/archives/017805.html
March 13, 2008
DOJ OIG: A Review of the FBI’s Use of National Security Letters
Department of Justice Office of Inspector General: A Review of the FBI’s Use of National Security Letters: Assessment of Corrective Actions and Examination of NSL Usage in 2006, March 2008, Unclassified, (187 pages, PDF)
Quotable (but weird) statistics?
http://www.pogowasright.org/article.php?story=20080313065123602
Business responsible for protecting 85% of world's data
Thursday, March 13 2008 @ 06:51 AM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy
More information is now created online about people, rather than by those individuals themselves, according to a study from storage specialist EMC.
The supplier calls the volume of online data referring to a specific person their “digital shadow". This footprint will often consist of details uploaded by a user themselves, but the presence of financial records, captured security images and web surfing histories are becoming increasingly significant.
And while 70 per cent of the digital world is created by individuals, the responsibility for protecting and maintaining 85 per cent of this information lies with businesses.
Source - iwr
A valuable new resource?
http://techdirt.com/articles/20080313/061405533.shtml
USENIX To Free Its Papers
from the open-science dept
Matt Blaze points out that USENIX, one of the world's most important computer science conferences, has decided to make all of its papers and proceedings freely available to the public immediately upon publication. Blaze is right that this is a great development. In the past, when paper distribution was the norm, it was unavoidable that academic publishers would charge money to cover the costs of printing and distributing the papers they published. But the web has made these costs close to zero. And given that the authors generally donate their papers to journals and conferences free of charge, and that authors want their papers to be read as widely as possible, it seems a little unreasonable for those conferences to turn around and charge money for web access to those same papers. This is especially true because, while most journals and conferences still print paper copies of their publications, scholars increasingly prefer the convenience of downloading papers from the web and printing them on demand. It seems especially perverse to cripple a cheap and convenient distribution mechanism in order to prop up an outdated one that is increasingly falling into disuse. The USENIX announcement is the latest sign of growing momentum for free online publication of scientific papers. While we shouldn't expect it to happen overnight, it's only a matter of time before free, web-based publication of scientific papers is the norm, rather than a news-making exception.
[...and from F-Secure:
All Usenix conference proceedings can be found at:
http://www.usenix.org/publications/library/proceedings/
Also a new resource...
http://googleblog.blogspot.com/2008/03/book-info-where-you-need-it-when-you.html
Book info where you need it, when you need it
3/13/2008 10:10:00 AM
Posted by Frances Haugen, Associate Product Manager and Matthew Gray, Software Engineer, Book Search
Here at Google Book Search we love books. To share this love of books (and the tremendous amount of information we've accumulated about them), today we've released a new API that lets you link easily to any of our books. Web developers can use the Books Viewability API to quickly find out a book's viewability on Google Book Search and, in an automated fashion, embed a link to that book in Google Book Search on their own sites.
As an example of the API in use, check out the Deschutes Public Library in Oregon, which has added a link to "Preview this book at Google" next to the listings in their library catalog. This enables Deschutes readers to preview a book immediately via Google Book Search so that they can then make a better decision about whether they'd like to buy the book, borrow it from a library or whether this book wasn't really the book they were looking for.
No comments:
Post a Comment