Wednesday, May 28, 2008

Do you suppose these questions would ever be asked at a stockholders meeting?

http://www.pogowasright.org/article.php?story=2008052011432361

Axcess Financial laptop stolen in October, but customers not notified until May

Tuesday, May 27 2008 @ 09:15 AM EDT Contributed by: PrivacyNews News Section: Breaches

With many angry voices demanding to know why Bank of New York Mellon customers were not notified of a security breach months ago, some of the smaller breaches that do not get disclosed promptly often get overlooked. One such case involved a laptop stolen form Axcess Financial, Inc. On May 13, Axcess Financial, Inc. notified the New Hampshire Attorney General's office that a laptop stolen from an employee on October 23, 2007 contained personal information including names, addresses, and Social Security numbers of 142 residents of NH who were customers of the company. No explanation was provided to either the AG's office or customers as to why notification to customers was delayed for over 6 months other than that "an extensive forensic investigation was required to determine the information contained within the stolen property." In its notification and disclosure letters, Axcess Financial indicated that misuse of the data was unlikely because of the laptop's "password protection and other security measures." Customers were offered free credit monitoring for 12 months.

When asked for more details about the incident and delayed notification, Jeff Kursman, Director of Public Relations for Axcess Financial, informed PogoWasRight.org that the laptop had been stolen from an employee's vehicle and that the employee was following policy at the time. Kursman did not reply directly to the question of whether the data were encrypted, saying only that "The laptop was secured with password protection."

Did it really take Axcess Financial six months to determine what information was on that laptop? Kursman explains, "The incident was initially classified by law enforcement as a petty crime involving an employee's stolen personal belongings. When it was ascertained that the theft included the loss of a secured computer, additional forensic analysis was conducted. Axcess Financial was supporting an active investigation of law enforcement to recover the property and identify and prosecute the thief(s)." A follow-up inquiry to Kursman asking whether law enforcement specifically requested that Axcess Financial delay notification or if Axcess Financial delayed it on its own initiative was not answered by the time of publication.



Expect more of this at gas stations. After all, if you have enough money to buy gas, your identity is worth stealing!

http://www.pogowasright.org/article.php?story=20080528065154433

San Jose police investigating another string of ID thefts at an Arco gas station

Wednesday, May 28 2008 @ 06:51 AM EDT Contributed by: PrivacyNews News Section: Breaches

More than a dozen Silicon Valley consumers have been victimized by thieves who allegedly stole their bank card information and personal identification numbers at a South San Jose gas station.

San Jose police were notified of a theft Monday night when a San Jose couple reported three unauthorized withdrawals totaling $1,500 from their bank account over Memorial Day weekend. By late afternoon, police had reports of at least seven confirmed victims who lost a combined $4,200. They all were customers recently at the same Arco station in the Almaden Valley.

Source - Mercury News Related - NBC11



“Hope is not a strategy” Title of a book I once read (I can too read!)

http://www.pogowasright.org/article.php?story=20080528065451225

Business owners have false hopes when it comes to data loss

Wednesday, May 28 2008 @ 06:54 AM EDT Contributed by: PrivacyNews News Section: Breaches

A recent study of fifteen hundred business owners shows that most have an “air of invincibility” when it comes to the potential for their company to suffer an intentional or accidental data exposure. This could explain why we have seen record numbers of information stolen, lost, or leaked over the past year or so.

It is understandable that some companies feel they are secure. However, when the topic of data breaches ranked last among the biggest business fears behind government fines, lawsuits, bankruptcy, and natural disasters, there is something wrong. Forty-five percent of those interviewed admit they are more concerned about data breaches than in the past, however that figure pales in comparison to the fact that thirty percent are more concerned that they could personally become a victim of identity theft (76% vs. 45%).

Source - The Tech Herald



What will happen when the number of reports exceeds the number of soccer games?

http://www.pogowasright.org/article.php?story=2008052806451751

UK: Companies told to disclose data breaches

Wednesday, May 28 2008 @ 06:45 AM EDT Contributed by: PrivacyNews News Section: Breaches

The EU's online security body is calling for laws to force companies to reveal when their computer systems have been breached.

The European Network and Information Security Agency (Enisa) wants mandatory reporting on security and data breaches by businesses.

Enisa called for the change in its General Report 2007, where it also detailed the spread of Computer Emergency Response Teams (Certs) to 14 EU states, up from eight in 2005.

Source - ZDNet (UK)

Related - ENISA: General Report 2007: Full Report (Adopted but financial/accounting figures are provisional. Final, designed version scheduled for July 2008.) [pdf]



Probably the same ratio in the US...

http://www.pogowasright.org/article.php?story=20080527173137467

UK: Identity fraud cases up by two thirds

Tuesday, May 27 2008 @ 05:31 PM EDT Contributed by: PrivacyNews News Section: Breaches

Cases of identity fraud increased by two thirds last year with people in affluent areas most at risk, credit data figures show.

London was Britain's identity fraud capital with people almost twice as likely to become victims as those in the rest of the country.

Kensington was the most vulnerable area with residents facing a risk more than three-and-a-half times the average.

It was followed in the top five by Richmond-upon-Thames, Putney, Wimbledon and the King's Road area of Chelsea. Commuter towns, including Guildford, St Albans and Windsor, also faced a risk that was twice the national average.

Source - Telegraph



...and a lot of people use Adobe Flash...

http://it.slashdot.org/article.pl?sid=08/05/28/0138247&from=rss

Adobe Flash Zero-Day Attack Underway

Posted by kdawson on Wednesday May 28, @03:26AM from the gone-in-a-flash dept. Security

Robellus writes

"Security researchers have found evidence of a previously unknown Adobe Flash vulnerability being exploited in the wild. The zero-day flaw has been added to the Chinese version of the MPack exploit kit and there are signs that the exploits are being injected into third-party sites to redirect targets to malware-laden servers. From the article: 'Continued investigation reveals this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages) most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue.'"



Another Chinese innovation? (Isn't this likely to slow entrance to the stadium while ticket holders are matched to their photograph and the 'approved' list?

http://yro.slashdot.org/article.pl?sid=08/05/28/0057253&from=rss

Olympic Tickets Contain Microchip With Your Data

Posted by kdawson on Tuesday May 27, @11:11PM from the what-has-identity-to-do-with-intent dept. Privacy

OMNIpotusCOM writes

"Tickets to the Olympic opening and closing ceremonies will contain a microchip with information about the ticket holder, including a photograph, passport details, addresses, e-mail, and telephone numbers. The stated intent is to keep troublemakers out of the 91,000-seat National Statdium so that they cannot cause disruptions while China is on world-wide television, but it brings up serious concerns for privacy and identity theft."



The world, she is a changing...

http://gigaom.com/2008/05/26/in-london-a-glimpse-of-a-broadband-future/

In London, a Glimpse of a Broadband Future

Om Malik, Monday, May 26, 2008 at 7:06 PM PT

London is one of those few fortunate cities to have a surfeit of telecom competition. From broadband providers to mobile operators, Londoners have a choice. They have decent broadband speeds as well as access to Wi-Fi and 3G networks. And as a result, there has been a big change in their behavior.

A new report from Ofcom outlines how Londoners (and the rest of the UK) are using these new wireless and broadband services. It’s a great example of how consumer behavior changes with bandwidth.



Another blow to Microsoft?

http://www.bespacific.com/mt/archives/018450.html

May 27, 2008

A Strategy for Openness: Enhancing E-Records Access in New York State

Government Technology: "The New York State Office for Technology and the New York State Archives, a program of the State Education Department, issued a report last week that examines how the state can provide choice, interoperability and vendor neutrality in electronic document creation while ensuring electronic records are preserved and remain accessible. A Strategy for Openness: Enhancing E-Records Access in New York State makes recommendations to promote openness and transparency aimed at ensuring public records remain free from being locked into proprietary systems and software applications."



Big happenings in law...

http://hosted.ap.org/dynamic/stories/S/SCOTUS_T_MOBILE?SITE=WIRE&SECTION=HOME&TEMPLATE=DEFAULT

May 27, 10:41 AM EDT

Justices turn down T-Mobile appeal over contracts

By CHRISTOPHER S. RUGABER AP Business Writer

WASHINGTON (AP) -- The Supreme Court handed a defeat to T-Mobile USA Inc. Tuesday, rejecting the company's appeal in three cases involving the legal remedies available in millions of cell phone contracts.

The issue in the three cases is the same: whether state laws that limit the ability of companies to prohibit consumers from banding together to pursue class action lawsuits are preempted by federal law.


Ditto

http://news.slashdot.org/article.pl?sid=08/05/27/2044207&from=rss

Internet-Based Realtors Win Monster Settlement

Posted by kdawson on Tuesday May 27, @07:20PM from the disintermediation-works-eventually dept. The Courts United States

coondoggie writes

"Until today, most Internet-based real-estate brokers were considered second-class citizens, and their clients were left in the cold. But perhaps that will change with today's news that the Department of Justice has reached a proposed settlement with the National Association of Realtors that requires NAR to let Internet-based residential real estate brokers compete with traditional brokers. NAR has agreed to be bound by a 10-year settlement, under whose terms NAR will repeal its anticompetitive policies and require affiliated multiple listing services to repeal their rules that were based on these policies."

Here's the whole settlement document on the DoJ's site.



Tsk Tsk

http://www.infoworld.com/article/08/05/28/Court-finds-Dell-guilty-of-fraud_1.html?source=rss&url=http://www.infoworld.com/article/08/05/28/Court-finds-Dell-guilty-of-fraud_1.html

Court finds Dell guilty of fraud

N.Y. court finds that Dell deprived customers of technical support they bought or were eligible for under warranty

By Nancy Gohring, IDG News Service May 28, 2008

Dell was found guilty on Tuesday of fraud, false advertising, deceptive business practices, and abusive debt collection practices in a case brought by the New York attorney general.

The Albany County Supreme Court found that Dell deprived customers of technical support that they bought or were eligible for under warranty in several ways, including by requiring people to wait for very long times on the phone, repeatedly transferring their calls and frequently disconnecting their calls.

Dell also often failed to provide onsite repairs for customers who bought contracts for such support and often blamed software when hardware was actually the problem, the court found. The company also sometimes refused to offer support when a support contract ended, even though the user had first complained about a problem before the end of the contract. Subscribers to a "next-day" repair service sometimes waited as long as a year for support, the court found.



Developing hackers in the developing world/

http://news.slashdot.org/article.pl?sid=08/05/27/1333248&from=rss

OLPC's XO As a Wireless Hacking Tool

Posted by timothy on Tuesday May 27, @10:11AM from the well-equipped dept. Security Education Wireless Networking IT

twistedmoney99 writes

"InformIT.com has a whimsical yet intriguing look at the OLPC in an article series titled "One Leet Pwning Child — Give one, Get Owned". Part one details how to upgrade the core system with some extras, but part two is where the fun begins as the author converts the OLPC into a lean green hacking machine to enable wireless sniffing, setup the OLPC for vulnerability assessments, and stage the device for a little autopwning with Metasploit."



I want a grant to study the effects of beer on Global Warming

http://www.killerstartups.com/Search/grantgophercom-grant-funding-search/

GrantGopher.com - Grant Funding Search

Grant Gopher is a site that sends registered users weekly email announcements about available grants. Users can find out about federal, state, private, and local grant donations to open up funding possibilities for their causes. Possible grant receivers can be individuals, small businesses, and larger organizations. To find a grant that suits their cause, users may search the list of available grants, and refine their search with criteria that is relevant to their needs and qualities. This is free site to use, and also offers links on other free resources that users will find valuable, such as a grant glossary and a list of various grant forms.

http://www.grantgopher.com/



I'm seeing many sites like this one. Perhaps enough to allow my students to work as teams, even though they are often not even in the same country...

http://www.killerstartups.com/Web-App-Tools/mikogo-com-free-online-meetings-and-screen-sharing/

Mikogo.com - Free Online Meetings and Screen Sharing

Mikogo allows anyone to implement presentations and online meetings for free. The screen sharing tool, once installed, allows up to ten users to connect and view content from one of the member’s computer screen. Mikogo allows access via remote control; presenters can easily be switched during a presentation; file sharing is enabled with privacy controls, and you can pause transmissions. Mikogo works with Skype as well, meaning you can share you screen and get free phone calls. It’s perfect for remote learning, webinars, remote support, product demos and online meetings. There’s a complete set of both audio and video tutorials for beginners.

http://mikogo.com/Welcome.aspx



Something for the little geeks.

http://www.technewsworld.com/rsstory/63138.html

Entertaining the Kids for Free - With Linux

By Katherine Noyes LinuxInsider Part of the ECT News Network 05/27/08 4:00 AM PT



Dilbert on the latest in computer security

http://dilbert.com/strips/comic/2008-05-28/

No comments: