Extra care is indicated when you deviate from 'normal practice' – it is 'normal' for a reason.
http://www.pogowasright.org/article.php?story=20080423110831574
(follow-up) UK: The 'local bank' loses 370,000 customers' details
Wednesday, April 23 2008 @ 11:08 AM EDT Contributed by: PrivacyNews News Section: Breaches
PogoWasRight.org note: Apparently, HSBC has yet to send out notification letters.
The largest bank in the UK, HSBC, has admitted that it may never find the disk that contained thousands of its customers details on it.
The "world's local bank" sent 370,000 customers details in the post from HSBC's life offices in Southampton to Swiss Re in Folkestone in February.
The bank added that it is putting together customer communications and letters are going to be sent out shortly.
HSBC said that the disk, which was password protected but not encrypted, would "normally" be sent electronically, but was sent through the mail when it could not be sent using this method. [The Internet was closed that day? Bob]
HSBC apologised for the breach. Candice Durrett, HSBC's media relations executive, said: "The data disk lost by HSBC contains no address or bank account details for any customer and would therefore be of very limited, if any, use to criminals.
"The data, which was password-protected, includes names, life insurance cover levels, dates of birth and whether or not a customer smokes. There is nothing else that could in any way compromise a customer and there is no reason to suppose that the disk has fallen into the wrong hands. "
Source - FTAdviser
[From the article:
Norwich Union Life was handed the eighth largest fine in the history of the FSA following poor security checks at call centres. The breach allowed fraudsters to impersonate customers and cash in their policies, leaving customers with a £3.3m loss through identity fraud. The regulator fined Norwich Union £1.26m. [I didn't notice the “cash in their policies” bit. Must have come as a shock to find out they were dead. Bob]
Good news: Organizations are starting to review their systems. Bad news: They should have been doing this for years...
http://www.pogowasright.org/article.php?story=20080423143509287
CT: SCSU security breach
Wednesday, April 23 2008 @ 02:35 PM EDT Contributed by: PrivacyNews News Section: Breaches
About 11,000 current and former students at Southern Connecticut State University may be at risk for identity theft.
SCSU was reviewing their Web server when they realized that the names, addresses and Social Security numbers of students since 2002 were vulnerable to access by unauthorized individuals.
SCSU has been notifying the affected students and is offering free identity protection services for up to two years.
A help desk has been established to respond to questions at (203) 392-7216 or you can visit www.southernct.edu/creditmonitoring
Source - WTNH
[From the article:
The move comes after a website with student and alumni information was found to be easily accessible to hackers.
... SCSU says records of about 11,000 students and alumni may have been compromised by hackers.
[These two statements seem to conflict. Was the data unprotected, or was the University hacked? Bob]
Too common.
http://www.pogowasright.org/article.php?story=20080424062001528
Ca: Chrysler unit's missing tape contains sensitive personal information
Thursday, April 24 2008 @ 06:40 AM EDT Contributed by: PrivacyNews News Section: Breaches
Chrysler's lending arm has admitted a courier service may have lost a data tape with sensitive personal information of thousands of Canadian auto customers.
Chrysler Financial also acknowledged yesterday it didn't inform customers for five weeks or longer about the "destroyed or lost" tape because of an internal search and investigation. [Unlikely they were searching internally for a tape they sent out. Most likely they were trying to determine what was on the tape. Bob]
Chrysler has still not recovered the tape, but a company official emphasized that it would be extremely difficult to access the contents, which include names, addresses and social insurance numbers.
... Jelich said the data on the mainframe computer tape contains details from "thousands" of customers in several provinces, but Chrysler would not disclose the specific number. During the last week, customers received letters from Brian Chillman, general counsel for Chrysler Financial, that informed them of the incident.
Source - Toronto Star
[From the article:
Chrysler did not contact police, but Jelich said the company voluntarily informed federal and provincial privacy commissioners about the possible breach.
The company said it was in the process of changing the way it was sending the sensitive data when the breach occurred.
"We are now using a secure electronic transmission," Jelich noted.
... As Chrysler prepared to notify customers three weeks later about the missing tape, UPS indicated it had found one. Chrysler verified that it wasn't the tape in question [Perhaps another instance of lost data they hadn't noticed? Bob] and Chrysler proceeded again with the process of informing customers by letter, Jelich said.
“Easy to do” does not equal “Smart”
http://gizmodo.com/382972/crooks-rig-atm-with-eee-pc-to-steal-credit-card-info
Crooks Rig ATM with Eee PC to Steal Credit Card Info
In yet another demonstration of the never-ending hacking possibilities of the ASUS Eee PC laptop, three criminals in Brazil rigged an ATM with the little low cost computer to grab credit card information and personal information numbers to clone cards. Smart, except that one of them was a total moron.
The three men were specialized in cloning credit cards at ATMs, always with the same method. As you can see in the video, the first opens one of the machines, then another one comes to help him with the installation of a black Eee PC. Then they always proceeded to disable the rest of the machines, so clients were forced to use the rigged ATM. All this while they were being recorded by bank security cameras, of course.
The bank manager noticed that the door was forced and all the ATMs were disabled except for one, so he checked the security video and discovered what happened the night before. He immediately alerted the police, who started to search among the usual suspects. It didn't last long: Idiotic Crook Number One went to a police station to denounce a car accident and the three of them—who had a previous criminal history for bank assault in other parts of the country—were aprehended shortly thereafter.
Comments suggest this is the start down a slippery slope.
http://tech.slashdot.org/article.pl?sid=08/04/24/138227&from=rss
Google Turns Over Data on Suspected Pedophiles In Brazil
Posted by timothy on Thursday April 24, @09:39AM from the when-others-are-evil dept. Google Privacy
Dionysius, God of Wine and Leaf, points to a Yahoo! story which begins
"Google on Wednesday handed over data stored by suspected pedophiles on its Orkut social networking site to Brazilian authorities, ceding to pressure to lift its confidentiality duty to its users, officials said."
Of course we will be able to set our own criteria: “Caution Bob, you are approaching an area heavily infected by Democrats!”
http://techdirt.com/articles/20080422/025145916.shtml
GPS Will Now Tell You You're In A 'Bad' Neighborhood
from the now-that's-a-point-of-interest dept
While various GPS systems are competing to provide better, more interesting or more detailed "points of interest," it appears that Honda is going even further. Its new GPS system will also warn drivers when they're in a "bad neighborhood" where there's a high crime rate, and where their cars may be more likely to be vandalized or stolen. Right now, the product is only targeted at the Japanese market, but it's likely to eventually make it to the US. What will be worth watching is how communities respond if they're listed in GPS systems as being bad neighborhoods. These days, such designations are usually made by random people -- but having it in a GPS system (especially given how slavishly some listen to what their GPS tells them) may make it seem more "official." While I can imagine some communities getting angry about the designation, some might try to improve their reputations, which could have a very positive end result. Of course, when talking about American communities, that's probably not the case. They'll probably just sue, claiming defamation.
Quotable stats?
http://www.reuters.com/article/technologyNews/idUSL2390434820080423
Web criminals fuel big rise in "trojans"
Wed Apr 23, 2008 2:49pm EDT
... In a report released in London, Microsoft said the number of trojans removed from computers around the world in the second half of 2007 rose by 300 percent from the first half.
[Find the report at: http://www.microsoft.com/security/portal/sir.aspx
Can application developers learn from a bad example?
http://www.news.com/8301-10784_3-9926997-7.html
FBI grilled again over computer upgrade woes
Posted by Anne Broache April 23, 2008 12:35 PM PDT
... Sensenbrenner accused Mueller of "continuously frustrating" his committee's attempts to find out how much money had been spent before the failed program was abandoned about three years ago. The FBI has since begun a new effort called Sentinel, whose first phase--a Web portal of sorts for investigators--went live in June last year.
... Mueller said the agency now has help from technology and business process experts that it didn't have when the Virtual Case File project began. He said the agency has also set "firm requirements" so that contractors have clearer guidance on what to build.
... Rep. Zoe Lofgren (D-Calif.) also urged Mueller to devote more attention to digitizing years of paper FBI records, arguing that if a company like Google can digitize university library volumes in a matter of months, the federal agency has no excuse for inaction. "I don't know if you've done a cost-benefit analysis," she said, "but it seems to me (it's) clear that if you move into the modern age, your agents are going to be optimized in terms of their performance."
..to keep those UFO pilots from leaving?
http://www.pogowasright.org/article.php?story=20080423085606568
US-VISIT Program: Collection of Alien Biometric Data upon Exit from the United States at Air and Sea Ports of Departure
Wednesday, April 23 2008 @ 08:56 AM EDT Contributed by: PrivacyNews News Section: Older News Stories
The Department of Homeland Security has uploaded, "United States Visitor and Immigrant Status Indicator Technology (US-VISIT) Program In conjunction with the Notice of Proposed Rulemaking on the Collection of Alien Biometric Data upon Exit from the United States at Air and Sea Ports of Departure", April 22, 2008, (PDF, 26 Pages - 851 KB).
The United States Visitor and Immigrant Status Technology (US-VISIT) Program is implementing the first phase of the Exit component of its integrated, automated biometric entry-exit system that records the arrival and departure of covered aliens; conducts certain terrorist, criminal, and immigration violation checks of covered aliens; and compares biometric identifiers to those collected on previous encounters to verify identity. The US-VISIT Program has been implemented in phases with each phase adding additional capabilities, locations of implementation, or subject populations. US-VISIT is publishing this Privacy Impact Assessment (PIA) in conjunction with the Notice of Proposed Rulemaking (NPRM) on Collection of Alien Biometric Data upon Exit from the United States at Air and Sea Ports of Departure. A revised PIA will be issued in conjunction with the Final Rule on Collection of Alien Biometric Data upon Exit from the United States at Air and Sea Ports of Departure. US-VISIT does not collect any information on United States citizens.
It is beginning to look like Comcast will get slammed. (The comments are interesting...)
http://tech.slashdot.org/article.pl?sid=08/04/23/2145214&from=rss
FCC Reports Comcast P2P Blocking Was More Widespread
Posted by Soulskill on Wednesday April 23, @06:12PM from the saw-that-coming dept.
bob charlton from 66 tips us to a ComputerWorld story about FCC Chairman Kevin Martin, who has testified that Comcast's P2P traffic management occurred even when network congestion wasn't an issue, contrary to the ISP's claims. After defending its actions and being investigated by the FCC over the past few months, Comcast has tried to repair its image by making nice with BitTorrent and working towards a P2P Bill of Rights. Quoting:
"'It does not appear that this technique was used only to occasionally delay traffic at particular nodes suffering from network congestion at that time,' Martin told the Senate Commerce, Science and Transportation Committee. 'Based on testimony we've received thus far, this equipment was typically deployed over a wider geographic area or system, and is not even capable of knowing when an individual ... segment of the network is congested.'
...and this seems to be an indication that the phone companies are going the way of the music industry. “We don't understand it, so we aren't making money with it, so we should sue the people who are.”
Telecom carriers: 'Phantom' voice traffic costing billions
Some rural carriers are seeing up to 30 percent of their minutes eaten by voice calls lacking ID needed for carriers to charge access fees for use of their networks
By Grant Gross, IDG News Service April 23, 2008
I know there are people out there who hate PowerPoint – but honestly people... (Think of it as training for CyberWar)
http://www.techcrunch.com/2008/04/23/slideshare-slammed-with-ddos-attacks-from-china/
SlideShare Slammed with DDOS Attacks from China
Mark Hendrickson April 23 2008
SlideShare, a Mountain View-based startup that lets you upload and embed PowerPoint presentations on the web, appears to have stirred the red dragon last week.
About ten days ago the company began receiving anonymous requests to delete slideshows that were deemed “illegal” by the requesters. The SlideShare staff checked out these slideshows and discovered them to be quite innocent. While some described ways to fight corruption in China, none of them violated the company’s terms of service, and so SlideShow did nothing to fulfill the requests.
SlideShare soon began receiving a different type of request from the same people, who could now be identified by their email addresses. This time they were pretending to be users who had lost their passwords. Once again doing nothing, the company got a very demanding, and almost threatening, call to its Indian office on Wednesday, one that insisted that the company grant access to an account.
After these three failed attempts, SlideShare experienced a massive distributed denial of service attack starting at 10pm on Thursday, one day before the CNN website was attacked by Chinese instigators in apparent backlash to its coverage of the Tibetan protests. We’ve been told that the attack reached a peak of 2.5GB/sec and consisted entirely of packets sent from China.
Not long after the first attack subsided, SlideShare was hit a second time on Friday and the site went down again until Saturday morning. Since then there have been no more attacks, but the company continues to receive fake password recovery and illegitimate takedown requests at a rate of about 5-10 per day (it has accumulated about 50-60 total).
There’s a lot of speculation around just what has happened here since no one knows for sure who is behind the requests and attacks. However, it seems likely that they were from the same hacker groups - possibly linked to the Chinese government - that attacked the CNN site (and later called their attack off after getting too much publicity). Some of the slideshows with takedown requests have been viewed many times recently, so their popularity seems to have landed them on the Chinese government’s radar.
SlideShare insists that it will do everything it can to protect its users’ freedom of speech. As such, it has no plans to remove any of the content in question.
The Sports Network was also recently taken over by Chinese hackers who mistook it for CNN sports.
Update: Just as I finished writing this post, I received word from the company that a third attack had begun.
...and on the flip side...
China worries hackers will strike during Beijing Olympics
Amid recent turmoil over Tibet, hackers view the Olympics as a challenge and a target; Chinese security officials say the network security situation is grim
By Sumner Lemon, IDG News Service April 24, 2008
... "Based on historical experience, many hackers seeking to make a name for themselves view the Olympic Games as a challenge and a target, and the Beijing Olympics may face attacks from individual hackers, groups, organizations, as well as other countries and those with all kinds of political motivations, therefore the network security situation is very grim," China's National Computer Network Emergency Response Technical Team (CNCERT) said in a report released earlier this month.
I think I've mentioned this before. Clear, simple, introductory guides...
http://www.wral.com/business/blogpost/2782327/
In Pictures Is Now Apparently All Free
Posted: Apr. 23 7:12 p.m.
... all the tutorials are freely available on the Web. Among the tutorials are several Office applications, open office, and some Web programming basics.
For my web site students
http://www.killerstartups.com/Web-App-Tools/MashMakerIntelcom---Customize-Websites-on-the-Fly/
MashMaker.Intel.com - Customize Websites on the Fly
Intel Mash Maker lets you mash together bits and pieces of them web, as if it were your own personal canvas. The tool which comes from the chip making monolith, is currently offered as a free browser extension for Firefox and IE (with more features for the former). Once downloaded, users can modify web pages, combining info from a range of sources. All of this occurs on the client, so you’re not making a brand new web app per se. You are adding visualizations etc via widgets. So basically, the masher allows you to customize a page by creating or modifying widgets to different web pages. Customization is thus on offer to everyone, not simply tech nerds. There is a gallery where you can find popular widgets to customize for your own use.
No comments:
Post a Comment