Friday, March 21, 2008

We are learning about some breaches ONLY because we can access the mandatory reports to the states (at least New Hampshire) Is this part of the “Official TJX Keep It Quiet Protocol?”

http://www.pogowasright.org/article.php?story=20080320141117676

Lippincott Williams & Wilkins online customer database hacked; hack went undetected for 5 months

Thursday, March 20 2008 @ 02:11 PM EDT Contributed by: PrivacyNews News Section: Breaches

On March 10, Wolters Kluwer notified [pdf] the New Hampshire Department of Justice of a security breach affecting one of its businesses, Lippincott Williams & Wilkins. On February 27th, LW&W was notified by its web hosting company that one of its web sites, www.stedmans.com, had been hacked. [Strange how few organizations detect breaches themselves... Bob] Consumer information that may have been compromised included names, addresses, telephone numbers, email addresses, credit card numbers with expiration dates, and card verification numbers of customers who made online purchases between August 30, 2007 and February 27, 2008.

The company has notified those affected by mail and arranged for credit watch protection for one year.



Just a statistical point. Notice that the number of records breached is always significantly greater than the current number of students + employees. I wonder if there is a mean around 3-500%?

http://www.pogowasright.org/article.php?story=20080320125744995

MA: Lasell College latest to have user data stolen (updated)

Thursday, March 20 2008 @ 12:57 PM EDT Contributed by: PrivacyNews News Section: Breaches

Lasell College reports one of its employees has hacked its network, gaining access to personal information of students, employees and alumni.

The breach, which the school said it discovered on Feb. 6, included information on 20,000 students, employees and alumni, including social security numbers. The school, which has about 1,300 students, said the breach was carried out by a member of its IT department.

Source - Mass High Tech

Update: The college's notification letter to the NH Dept. of Justice is available online. [pdf] The college has also set up a web site for information on the breach: www.lasellemergency.net/.



Ja, you can trust us with your informazion.

http://www.pogowasright.org/article.php?story=20080320090440101

German government says 500 computers were lost or stolen in three years

Thursday, March 20 2008 @ 09:04 AM EDT Contributed by: PrivacyNews News Section: Breaches

The German government said about 500 of its computers where either misplaced or stolen [Wishful thinking, unless there have been incidents where the computers were later un-misplaced? Bob] in various administrative departments over the last three years, prompting calls from the opposition for better data protection for citizens.

Source - Forbes

Note from Dissent: in what may be the "Understatement du Jour," Carl-Ludwig Thiele, the deputy parliamentary-group leader of the opposition FDP party, is quoted as responding to the news by saying, "This requires clarification."



I'll follow this one until it fizzles....

http://www.technologyreview.com/Wire/20451/

Hannaford data breach offers twists from prior attacks

By Associated Press Thursday, March 20, 2008

PORTLAND, Maine (AP) -- At first, it sounded like another in a long line of credit card breaches: Up to 4.2 million account numbers were stolen by thieves who cracked computers at Hannaford Bros. Co., an Eastern supermarket chain.

But the specifics of the crime, revealed this week, included some troubling twists that might expose big holes in the payment industry's security standards.

For one thing, Hannaford said this sensitive data were exposed when shoppers swiped their cards at checkout line machines and the information was transmitted to banks for approval.

... Another intriguing facet is that Hannaford was found -- while the hack was still going on last month -- to be in compliance with the security standards required by the Payment Card Industry, a coalition founded by credit card companies.

... David Navetta, president of InfoSecCompliance LLC, a Denver law firm that concentrates on computer security and regulatory compliance, argues that Hannaford and its assessor may have been tripped up by ambiguity in the PCI standards about when companies must encrypt payment data to cloak it from outsiders.

... Litan argues that the biggest lesson is that the banking industry needs to make it harder for thieves to put stolen credit card data to use. Requiring PINs on credit card transactions, she said, ''would remove 75 to 90 percent of the fraud in the system.'' [I wonder if there is an “Opt in” available from any of the card issuers? Bob]

... Hannaford doesn't store credit card information in its databases and uses a wired network to transfer information, said spokeswoman Carol Eleazer. Hannaford is still trying to figure out, she said, how its thefts occurred.


Related and unique(?) dialog

http://www.pogowasright.org/article.php?story=20080321022056173

Insurance broker for Hannaford provides insider view on data theft insurance

Friday, March 21 2008 @ 02:20 AM EDT Contributed by: PrivacyNews News Section: Breaches

I have been exchanging emails off-line with Kevin P. Kalinich, J.D. Kevin is the Co- National Managing Director of the Financial Services Group at Professional Risk Solutions. A couple days ago Kevin emailed me a response to my blog on the Hannaford credit card theft and state of privacy breach insurance. Kevin is a pioneer in this emerging insurance space and I found his insight and experience very valuable. He sent me an excellent (30+ page) whitepaper he authored on the current state of the privacy breach insurance marketplace. Once he finishes his current revisions I hope to add a link to it here. It is a must read for any company considering a privacy breach insurance policy. With Kevin’s permission, here is the dialog we have had so far.

Source - Jamey Heary, on NetworkWorld



Just like Britanny Spears? Perhaps we need a “Sell it to the National Enquirer” exception to Privacy law?

http://www.pogowasright.org/article.php?story=20080320200729167

2 fired over Obama passport file breach

Thursday, March 20 2008 @ 08:07 PM EDT Contributed by: PrivacyNews News Section: Breaches

Two contract employees of the State Department were fired and a third person was disciplined for inappropriately looking at Democratic Sen. Barack Obama's passport file.

.... McCormack said the department itself detected the breaches, which occurred separately on Jan. 9, Feb. 21 and March 14.

... The three people who had access to Obama's passport records were contract employees of the department's Bureau of Consular Affairs, NBC News reported.

A senior official told NBC News there was "no political motivation" to the incidents, [State has mind eraders? Bob] adding that the three were low-level contract employees doing administrative work and accessed Obama's records out of "curiosity."

Source - MSNBC Related - Obama demands probe over passport breach



Is this e-Entrapment or just a poorly designed sting? Plus a great April Fools Day joke for all your friends!

http://techdirt.com/articles/20080320/102209599.shtml

Click This Link, Go To Jail

from the wide-open-to-abuse dept

Declan McCullagh has written up an article about a questionable tactic used by the FBI to go after people looking for child porn. It set up a honeypot server and then posted links to it on a forum frequented by those who are looking for child pornography. It then used the IP address of people who clicked on the link as enough evidence to charge them with a crime. In the specific case McCullagh discusses, the guy was found guilty of simply clicking on that link. Of course, it's always difficult to separate out legal discussions like this from the fact that it involves child pornography -- which immediately sets off an emotional response. The problem here, though, is that the evidence on which the guy was found guilty could be used to find many people guilty of many things. The FBI didn't even track the referrer log -- just who went to the site. In other words, if someone had taken that link out of the forum and posted it on another site, a blog or sent an email around -- and anyone clicked on it without knowing anything about the link, they could have broken the law. [Fortunately this article was published before April First... Bob] This is open to tremendous abuse. If all you need to do to get someone convicted of child porn charges is get them to click a link, that doesn't seem right. Furthermore, in this case, the only other evidence was two small (admittedly questionable) thumbnail images, that there was no evidence that the guy looked at. In other words, to have enough evidence to convict someone and send them to jail for years (and get them listed as a sex offender), you could just send them an email with a link and some thumbnail images attached. If they click on the link (even if they don't ever look at the attached files), that's enough evidence, according to this case. That seems incredibly problematic.



Interesting question?

http://techdirt.com/articles/20080318/180408577.shtml

Should Kids Get Control Of Their Data When They Come Of Age?

from the but-Dad,-I-don't-want-them-spamming-me... dept

If you're under a certain age, websites (at least under the law in many countries) cannot collect data on you -- or are required to get "consent" from an adult first. However, that's leading to a separate discussion about whether or not kids should have the right to take back that data once they come of age. A parent may agree to share certain data about a kid with a certain website, but once that kid is old enough, what if he wants to revoke that permission? It may sound like a simple thing, but once that data is out there, getting it back is nearly impossible. Yet, some politicians are trying to make that the law, even though it will be almost impossible to enforce in many cases.



Dis mouse got teeth!

http://techdirt.com/articles/20080319/233958596.shtml

Antigua Says It's Going To Start Ignoring US Copyrights (For Real This Time)

from the no,-really,-really,-really dept

Officials in Antigua are now trying to draw a line in the sand, claiming that if the US doesn't finally agree to allow some forms of online gambling by the end of this month, it will go ahead with its threats to ignore US copyrights with the approval of the WTO. As you may recall, back in December, the WTO granted Antigua that right, after a loooooooong series of battles with the US over whether or not the US was violating free trade agreements by banning online gambling. Of course, every time the WTO sided with Antigua, the US would stall, claim the WTO sided with the US (when it clearly did not) and (my personal favorite) claim that even if it had broken trade agreements, it didn't matter any more because the US was unilaterally changing its trade agreements so that it was no longer violating them.

Of course, when Antigua won the final decision in December, allowing the country to ignore US intellectual property rights, the US government and the entertainment industry quickly warned Antigua not to follow through on those plans -- but the US government still won't shift in its position on the matter. Thus, Antigua is agitating to get this show on the road. While it first needs to get one last permission slip from the WTO, once that's in place, it can start ignoring the copyright on American movies and music. Of course, while some are suggesting that it may make sense for The Pirate Bay to move to Antigua, that's not accurate. After all, the WTO has said that Antigua can only violate $21 million worth of intellectual property, and with the way the entertainment industry counts damages, that's like half an album or so.

In fact, that seems to be exactly the angle that the entertainment industry is taking in this fight. An MPAA letter warning: "The proposed retaliation would be impossible to manage. The real and resulting economic harm would vastly exceed any amount the (WTO) might approve, even the grossly exaggerated amount ($3.4 billion) for which Antigua seeks approval, plus the economic harm would extend to other WTO members."



Implications for e-Discovery?

http://www.pogowasright.org/article.php?story=20080320125631657

Wells Fargo Launching "Virtual" Safe Deposit Boxes Online

Thursday, March 20 2008 @ 12:56 PM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy

Wells Fargo bank is prepping to launch a new service called vSafe, which will essentially act as a "virtual" (i.e. non-physical) digital safe deposit box. Instead of storing heirlooms, cash, or jewelery, the "virtual" safe is designed to store digital records or copies of records, such as birth certificates or wills.

Wells Fargo will be facing an uphill battle, though.

Source - Switched.com

[From the article:

The bank plans to charge $4.95 a month for 1-gigabyte (GB) of storage, $9.95 for 3-gigabytes, and $14.95 for 6-gigabytes.

... it isn't giving too many other details on why its service is better than the already copious amount of storage offered for free by the likes of Microsoft and AOL.



Move along. No legal issues here!

http://www.pogowasright.org/article.php?story=20080320064625973

Librarian fired after reporting patron viewing child porn

Thursday, March 20 2008 @ 06:46 AM EDT Contributed by: PrivacyNews News Section: Other Privacy News

One California county may be facing a lawsuit by former librarian Brenda Biesterfeld, who says she was fired after alerting authorities that a patron was viewing child pornography on library computers.

A librarian assistant at the Lindsay Library, Biesterfeld was on the job late last month when she noticed 39-year-old Donny Chrisler downloading child porn on library computers. Biesterfeld told her supervisor Judi Hill, who instructed her to issue Chrisler a warning. Instead, Biesterfeld called police the next day. A few days later, Chrisler returned and Biesterfeld noticed he was once again viewing child porn. She notified police, who came and arrested Chrisler on the spot.

According to a press release, the police also confiscated the library's computer that had used by Chrisler. Supervisor Hill confronted police, accusing them of interfering where they did not belong and assuring them that county librarians were handling the matter internally. After police explained that, since federal law had been violated, it was now a legal matter in their hands, Hill demanded to know who reported the incident. The police protected Biesterfeld's identity. However, she was fired two days later.

Source - OneNewsNow.com



Something for those Law School students reading this blog?

http://www.bespacific.com/mt/archives/017860.html

March 20, 2008

Interviews of United States Supreme Court Justices

In Series of Videos, Supreme Court Justices Make Their Case - Justices' candid observations and pet peeves spill forth in legal writing guru Bryan Garner's video interviews. Legal Times, Tony Mauro
March 11, 2008.

  • "...the collection of videos on LawProse.org were shot at the Supreme Court and they star eight of the nine justices speaking passionately, sarcastically, angrily, into the camera as they answer questions about brief writing, oral advocacy and their own love-hate relationships with the written word. Their interviewer, legal writing guru Bryan Garner, quietly posted the eight videos on the Web site in January. Garner has interviewed dozens of judges, lawyers and writers over the years, seeking video clips for use in his profitable legal writing seminars. But he realized the interviews with the justices, conducted a year ago or more, were a unique treasure that he should not profit from, so he put them up without restriction, editing, fee or fanfare."



I wonder if the US could import this system?

http://www.pogowasright.org/article.php?story=20080320130130930

Do Not Call List' has telemarketers worried about hackers eliminating entire phone book

Thursday, March 20 2008 @ 01:01 PM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy

Telemarketers are worried they'll be put out of business by enterprising hackers who figure out how to upload Canada's phone book to the new Do Not Call List.

When the national list is launched in September, consumers will be able to add their names through a website to avoid getting unsolicited calls. Telemarketing executive Jason White says this feature is ripe for abuse.

Source - Vancouver Sun



What a great business model! All the golf nuts (and smarter pro shops) will want it, and no doubt it will make a common gift for golfers...

http://www.killerstartups.com/Social-Networking/SwingAcademycom---For-Students-Of-The-Game/

SwingAcademy.com - For Students Of The Game

SwingAcademy.com provides free online golf swing analysis software that our members can use to analyze their own swing or any other swing in our extensive library. They can also view their videos side-by-side with any video.

The way it works id very simple and actually quite cool. You have got to start by videotaping your swing. Once you've done that, you will upload the video tape of your swing to SwingAcademy.com. There, you will be able to go to step three, which is analyzing your swing, with the same tools that the pros use to make their swing perfect.

http://www.swingacademy.com/

No comments: