Tuesday, April 01, 2008

Today is April 1st. That means there are a number of April Fool stories on the sites I read. So I had to be extra careful in checking them out. OR I might have let one or two slip into this blog to see if you are paying attention. OR I did try to keep them out, but that last sentence was simply a way to cover my (quite extensive) butt. OR ALL of the articles today are bogus. (Cue the Twilight Zone theme: du du de du, du du de du)



Not much detail, but an actual apology on their website – not the TJX model...

http://www.pogowasright.org/article.php?story=20080331200333221

Advance Auto says data on 56,000 customers exposed

Monday, March 31 2008 @ 08:03 PM EDT Contributed by: PrivacyNews News Section: Breaches

Advance Auto Parts Inc said Monday a "network intrusion" had exposed credit card, debit card and checking account information for up to 56,000 customers and was the subject of a criminal investigation.

The auto parts retailer said 14 of its stores, including locations in Georgia, Ohio, Louisiana, Tennessee, Mississippi, Indiana, Virginia and New York, had been affected.

Source - Forbes



Note that a good (read: highly paid) spin doctor can state the obvious (people may have used their cards more than once) in a way that makes it seem they have somehow mitigated this disaster. No indication if they were in PCI compliance or using encrypted communications.

http://www.pogowasright.org/article.php?story=20080331200455862

Credit cards at ski resort compromised

Monday, March 31 2008 @ 08:04 PM EDT Contributed by: PrivacyNews News Section: Breaches

A Vermont ski resort has been the target of a security breach that may have compromised tens of thousands of credit cards.

Okemo Mountain Resort said Monday that hackers broke into its computer network and potentially gained access to credit card data from 28,168 transactions between Feb. 7 and Feb. 22 and 18,401 credit cards between January and March 2006.

The number of affected cardholders is unknown but Okemo said it expects it to be lower than the number of transactions.

Source - Forbes



Another “guide” resource.

http://www.phiprivacy.net/?p=180

Apr-1-2008

Genetic Privacy Page

The World Privacy Forum has published a new page on genetic privacy outlining basic policy issues and collecting World Privacy Forum work in the area. The page also links to key external research being done in privacy and genetics, and also links to key organizations doing work in this area in the U.S. and the U.K.

See their Genetics Privacy Page


...and another

http://www.pogowasright.org/article.php?story=20080401073248870

New Rules on School Privacy Law Proposed

Tuesday, April 01 2008 @ 07:32 AM EDT Contributed by: PrivacyNews News Section: Minors & Students

The Department of Education this week proposed the most comprehensive update of its regulations for the main federal school privacy law in two decades.

The more than 30 pages of proposed rules for the Family Educational Rights and Privacy Act, or FERPA, include protections for educators who seek to share information to protect a student’s health or safety, new guidelines for school districts on sharing student data with educational researchers, and a proposed requirement that schools safeguard electronic and other records, including from some school staff members.

Source - Education Week

Related - Federal Register, March 24



Pass this to your security geek (and perhaps your Legal Dept?) Might be the start of a “What's Possible” for e-discovery..

http://books.slashdot.org/article.pl?sid=08/03/31/143235&from=rss

Windows Forensic Analysis

Posted by samzenpus on Monday March 31, @02:07PM from the read-all-about-it dept.

Don Wolf writes

"Computer forensics is a rapidly growing discipline and an even faster growing business. Whether it's the natural progression of technological science pertaining to crime or perhaps the digression of a few elite information security professionals, computer forensics is every so slowly gaining credibility in the otherwise PhD dominated field of criminal science. Computer evidence continues to be showcased in some of the most high-profile and controversial court cases in history, from the murder case of Lasie Peterson to the multi-billion dollar Enron scandal. Whether society will allow it or not, computer forensics geeks will play pivotal roles in the prevalence of justice."

Keep reading for the rest of Don's review.



Background for Security Planning?

http://www.technewsworld.com/rsstory/62066.html

Cyber-Thieves' New Target: Business Processes

By Jack M. Germain TechNewsWorld 04/01/08 4:00 AM PT

... "The two things that stand out the most in this new report are the dramatic increase in attacks against businesses and the casual response from company officials about protecting their e-mail," Benham told TechNewsWorld.

... Infections from viruses and spyware are the No. 1 e-mail security concern. These security worries are followed by data breaches and spam. More than half of the respondents experienced spyware and virus attacks in 2007. Over 40 percent dealt with a phishing attack.

Download the full report (3.4 MB) [Registration required Bob]



Is this an indication of some systemic weakness in Australia? Or...

http://www.pogowasright.org/article.php?story=20080331204430374

Aussies hit by ID theft

Monday, March 31 2008 @ 08:44 PM EDT Contributed by: PrivacyNews News Section: Breaches

ALMOST a quarter of the Australian population have been affected by identity theft, a new study has found.

The study by Veda Advantage research found 23 per cent had been affected and that, oddly, those in the most tech savvy age group 16-24 years of age were the least likely to have done something to prevent it.

As many as nine out of 10 people in that age bracket admitted they had taken no measure whatsoever to protect themselves.

Source - Courier Mail


...is it just easy to steal Ids everywhere?

http://www.pogowasright.org/article.php?story=20080331204319739

NZ: Teenager guilty of million-dollar hacking campaign

Monday, March 31 2008 @ 08:43 PM EDT Contributed by: PrivacyNews News Section: Breaches

A New Zealand teenager accused of leading an international ring of computer hackers which skimmed millions of dollars from bank accounts was today convicted of illegal computer hacking.

Owen Thor Walker, 18, pleaded guilty yesterday to six charges related to using computers for illegal purposes. Police allege that he led a group of hackers who took control of 1.3m computers around the world without their owners' knowledge.

Source - Guardian

[From the article:

Although several of the charges he was convicted of carry maximum terms of five years' imprisonment, Judge Arthur Tompkins said he was not considering prison. [Is it ethical for a judge to signal intent before the trial? Bob]



How exposed are you on the web?

http://www.pogowasright.org/article.php?story=20080331103700171

Identifight Tells You What Sites Your Email Address Is Publicly Linked To

Monday, March 31 2008 @ 10:37 AM EDT Contributed by: PrivacyNews News Section: Internet & Computers

Matthew wrote in to complain about a new website called Spokeo, which sounds like a stalker's dream: it sucks up all the entries in your address book, then returns a Big Brothery smorgasbord of all the publicly accessible accounts and services linked to each email address, along with updates any time something happens. It might surprise you to see just how easy it is for someone to assemble a picture of your Internet footprint with only an email address.

Don't like the sound of that? Luckily for you, someone has already been inspired to follow Spokeo's model and create a tool—Identifight—that lets you track your own email address to see what shows up, so you can patch up privacy leaks.

Source - The Consumerist blog



This could be intersting – and expensive.

http://techdirt.com/articles/20080321/171235620.shtml

Is It Unconstitutional To Restrict Time On A Library Computer?

from the seems-a-bit-extreme dept

A woman in Florida is claiming that it's a violation of her First Amendment rights that a library is restricting the amount of time patrons can spend on a computer. She's also upset that they're asking for ID before you can log on. The library says they're doing this to keep the wait down for a computer, but the woman says it's to keep homeless people and other low income people from using computers. It may be difficult case to prove, as it hardly seems like the library is preventing people from using the computers altogether -- just limiting how long they can use them in a single sitting. Even then, the limit of two and a half hours, does seem pretty long. The requirement for an ID might be an issue, if there are people with no IDs, but it's still difficult to see this as a First Amendment issue.



It is nice to see that, with all the pontificating back and forth, someone is actually checking the facts. Now if only Congress-beings could read...

http://www.pogowasright.org/article.php?story=20080331101731461

CRS: Selected Laws Governing the Disclosure of Customer Phone Records by Telecommunications Carriers

Monday, March 31 2008 @ 10:17 AM EDT Contributed by: PrivacyNews News Section: Fed. Govt.

... This report discusses recent legislative and regulatory efforts to protect the privacy of customer telephone records and efforts to prevent the unauthorized use, disclosure, or sale of such records by data brokers. In addition, it provides a brief overview of the confidentiality protections for customer information established by the Communications Act of 1934. It does not discuss the legal framework for the disclosure by telephone companies of phone records to the government. For an overview of laws that address disclosure of telephone records to the government, see CRS Report RL33424, Government Access to Phone Calling Activity and Related Records, by Elizabeth B. Bazan, Gina Marie Stevens, and Brian Yeh. For an overview of federal law governing wiretapping and electronic eavesdropping, see CRS Report 98-326, Privacy: An Overview of Federal Statutes Governing Wiretapping and Electronic Eavesdropping, by Gina Marie Stevens and Charles Doyle. This report will be updated when warranted.

Source - CRS: Selected Laws Governing the Disclosure of Customer Phone Records by Telecommunications Carriers [pdf], March 10, 2008



I bet Sony wishes this was a joke...

http://arstechnica.com/news.ars/post/20080331-sony-bmgs-hypocrisy-company-busted-for-using-warez.html

Sony BMG's hypocrisy: company busted for using warez

By David Chartier | Published: March 31, 2008 - 02:12PM CT

Sony BMG is no stranger to piracy. As one of the most vocal supporters of the RIAA and IFPI antipiracy efforts, the company has some experience hunting down and punishing consumers who don't pay for its products. The company is getting some experience on the other side of the table, however, now that it's being sued for software piracy.

PointDev, a French software company that makes Windows administration tools, received a call from a Sony BMG IT employee for support. [Bob's 49th rule: Don't steal what you don't understand. Bob] After Sony BMG supplied a pirated license code for Ideal Migration, one of PointDev's products, the software maker was able to mandate a seizure of Sony BMG's assets. The subsequent raid revealed that software was illegally installed on four of Sony BMG's servers. The Business Software Alliance, however, believes that up to 47 percent of the software installed on Sony BMG's computers could be pirated. [Not a totally unbiased source Bob]

These are some pretty serious—not to mention ironic—allegations against a company that's gone so far as to install malware on consumers' computers in the name of preventing piracy.

While PointDev is claiming €300,000 (over $475,000) in damages in its suit against Sony BMG, Agustoni Paul-Henry, PointDev's CEO, says (from a Google translation of a French report) that this is more about principle than money: "We are forced to watch every week if key software pirates are not [sic] on the Internet. We are a small company of six employees. Instead of trying to protect us, we could spend this time to develop ourselves."

Paul-Henry thinks Sony BMG's piracy of PointDev's products is the fault of more than just a single employee (again, translated): "I think piracy is linked to the policy of a company. If the employee has the necessary funding to buy the software he needs, he will. If this is not the case, he will find alternative ways, as the work must be done in one way or another."



R this the right wae to teach kids to read?

http://www.killerstartups.com/eCommerce/AudibleKidscom---Reading-Is-Easy-If-Youre-Listening/

AudibleKids.com - Reading Is Easy (If You're Listening)

Remember Reading Rainbow? It was great, educational, and all sorts of book-loving goodness. We all loved that guy from Star Trek letting us in on books like Amelia Bedelia and Where The Wild Things Are. Even the old school graphics and jingle were so catchy and cool, you’d have to stop yourself from singing it in the bath. Nowadays, it seems like reading went the way of the dinosaurs. Dead. Gone. Rare at best. Luckily, there’s AudibleKids. If you’re familiar with Audible, the site that provides audible book pleasure for users everywhere, then you’ll get the idea of AudibleKids. It’s the kid-sized version of Audible. It’s the Reading Rainbow for the 2000’s. Parents can create profiles for their kids and set content controls. Profiles will show what you’ve downloaded and acts as a way to network, get to know other audiophiles. Audio books are search by age group, keyword, award winners, etc. Once you’ve downloaded the software, you can listen to the audiobooks on your device of choice. To whet your child’s reading appetite, there’s a nice selection of free books to download.

http://audiblekids.com/



This looks like fun.

http://www.killerstartups.com/Blogging-Widgets/Innertoobcom---The-Next-Level-of-Podcasting/

Innertoob.com - The Next Level of Podcasting

If you are a podcaster or blogger looking for a way to make your podcasting completely interactive and user friendly, then Innertoob is the service for you. Innertoob allows you to upload any mp3 or flash link and then create the most dynamic podcast possible. Make real time comments directly on the screen and create easy to click on time posts, allowing people to click on the parts of the recording that you have commented on. People can respond to these comments in real time so that your file becomes a constantly changing resource where people can discuss things in real time. Users can also easily change the screen size and clicking from one time post to the next is simple. So if you are looking for a way that allows you to have a real time discussion on your podcast, then look no further.

http://www.innertoob.com/

No comments: