Saturday, May 17, 2008

Here's how they do it down under...

http://www.pogowasright.org/article.php?story=20080516122853418

AU: 'Hacker shuts down government computers'

Friday, May 16 2008 @ 12:28 PM EDT Contributed by: PrivacyNews News Section: Breaches

AN EXPERT hacker allegedly shut down the Northern Territory Government computer system and deleted thousands of employees' identities, a Darwin court heard yesterday.

And the court heard the Government could still be at risk of another cyber attack.

David Anthony McIntosh, 27, allegedly hacked in and shut down several NT Government databases on May 5, including servers for the Health Department, Royal Darwin Hospital, Berrimah Prison and Supreme Court using his laptop at a Palmerston home.

... She said police contested Mr McIntosh's bail application yesterday, as there were fears he made copies of passwords and data. [...and we don't want to change those passwords, we've been using the same ones for years! Bob] If they existed, the court heard the alleged hacker could possibly access these "anywhere in the world".

IT security consultant Anthony Ashbury said there was no proof copies existed "at this stage", but they were examining the logs of a number of servers. [There are programs that can do this in minutes – what method are they using, trained Kola bears? Bob]

"We believe it may have occurred," he said.

Source - news.com.au hat-tip, Fergie's Tech Blog

[From the article:

Prosecutor Sergeant Erica Sims told the Darwin Magistrates Court yesterday the Sydney IT expert allegedly deleted the independent user accounts of 10,475 NT public servants.

She said many workers had to be "stood down", and experts had been working "24 hours, seven days a week" to repair the damage. [That happens only when you have no backup/recovery plan Bob]

But Sgt Sims said it could take months to fix, with the repair cost estimated to run into the "hundreds of thousands of dollars".



Here's how it's done in America. Why no arrest?

http://www.pogowasright.org/article.php?story=20080517062549930

PA: Student hacks district files

Saturday, May 17 2008 @ 06:25 AM EDT Contributed by: PrivacyNews News Section: Breaches

Police are investigating a computer hacking by a 15-year-old student who authorities say broke into an office [looking for passwords on post-it notes? Bob] at Downingtown High School West and downloaded files containing restricted information on several dozen teachers and thousands of district taxpayers.

School officials said they discovered the breach of the school's computer network by the student, whose name was withheld because of his age, on May 9, and reported it to Downingtown police.

Police said the files contained information on 71 teachers from a school within the Downingtown Area School District. The school was not identified because of the sensitivity of the case. The downloaded information included the teachers' W-2 forms, which listed their Social Security numbers and home addresses, among other things.

Investigators said the student also downloaded information, including Social Security numbers, on possibly as many as thousands of school district taxpayers. [Why would the school have that information? Bob]

"We are still early in the investigation and cannot provide further details," Lt. Steven J. Plaugher of the Downingtown Police Department said in a statement last night. "No arrests have been made at this time."

Source - Philadelphia Inquirer Related - DailyLocal.com



Perhaps it is the low journalistic standards of TV News, but this article leaves a lot of unanswered (and probably un-asked) questions..

http://www.pogowasright.org/article.php?story=20080516112950698

8,000 Students' Personal Information Stolen

Friday, May 16 2008 @ 11:29 AM EDT Contributed by: PrivacyNews News Section: Breaches

Nearly 8,000 students' identities were at risk after a laptop containing their personal information was stolen, KPRC Local 2, Your Education Station, reported Thursday.

The laptop has "Property of Spring ISD" written across the cover. [No other security mentioned, not even passwords! Bob] Inside the laptop was personal information about students from around the district, including names, Social Security numbers and dates of birth.

... It was recently stolen out of the district testing coordinator's car after school.

Source - Click2Houston.com

[From the article:

Curry said the school district is responsible for keeping information confidential, but the woman who had the laptop needed it to get TAKS test scores.

"That information can come at any time, and she needs to be available 24/7."

[TAKS is Texas Assessment of Knowledge and Skills. Do they wake students in the middle of the night to take the test? Bob]



Your cell phone is spying on you...

http://www.pogowasright.org/article.php?story=20080516071002822

UK: Shops are tracking their customers via mobile phone

Friday, May 16 2008 @ 07:15 AM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy

Customers in shopping centres are having their every move tracked by a new type of surveillance that listens in on the whisperings of their mobile phones.

The technology can tell when people enter a shopping centre, what stores they visit, how long they remain there, and what route they take as they walked around. [It's just like having your own “Personal Stalker” Bob]

The device cannot access personal details about a person’s identity or contacts, but privacy campaigners expressed concern about potential intrusion should the data fall into the wrong hands.

Source - Times Online

[From the article:

In the case of Gunwharf Quays, managers were surprised to discover that an unusually high percentage of visitors were German - the receivers can tell in which country each phone is registered - which led to the management translating the instructions in the car park.

The Information Commissioner's Office (ICO) expressed cautious approval of the technology, which does not identify the owner of the phone but rather the handset's IMEI code - a unique number given to every device so that the network can recognise it. [You know, like your phone number... Bob]

... Only the phone network can match a handset's IMEI number to the personal details of a customer. [Bullish! Bob]

... Other types of wireless technology, such as wi-fi and Bluetooth, can be used to locate devices, but the regular phone network signal is preferable because it is much more powerful and fewer receivers are needed to monitor a given area.



I must admit that I fail to see the logic in claiming that images that do not involve harm to a child are the same as those that do. Earlier laws made the same argument about cartoon characters. Are we protecting children or “prosecuting perverts?”

http://yro.slashdot.org/article.pl?sid=08/05/16/1836246&from=rss

Senators OK $1 Billion for Online Child Porn Fight

Posted by ScuttleMonkey on Friday May 16, @04:30PM from the blinded-by-the-children dept.

A Bill that could allocate more than $1 billion over the next eight years to combat those who trade in child pornography has been unanimously approved by a Senate panel. "The Senate Judiciary Committee on Thursday voted to send an amended version of the Combating Child Exploitation Act, chiefly sponsored by Sen. Joe Biden (D-Del.), to the full slate of politicians for a vote. [...] An amendment adopted Thursday also adds new sections to the original bill that would rewrite existing child pornography laws. One section is designed to make it clear that live Webcam broadcasts of child abuse are illegal, which the bill's authors argue is an "open question." Another change is aimed at closing another perceived loophole, prohibiting digital alteration of an innocent image of a child so that sexually explicit activity is instead depicted."



When the world gives you lemons, make lemonade. When Big Brother gives you ubiquitous video surveillance, make a music video!

http://www.npr.org/templates/story/story.php?storyId=90425187

In Surveillance Video, Band Rocks Big Brother

The Bryant Park Project, May 14, 2008 - When Manchester, England's The Get Out Clause didn't have enough money to make a video for their new single, the group conjured up a novel idea: Why pay for cameras when cameras are everywhere?

With the help of the country's 4.2 million closed-circuit TV security cameras and an armload of information requests, the band had a rock video.

"We tried to position ourselves right in front of these cameras, to make sure the CCTV footage was the best shot we could get," guitarist Tony Churnside says. "We had no idea at all how it would look."

Churnside says they played for 80 to 100 cameras over a period of a week. Then they spent three weeks asking individual businesses to release the footage. That was a task made easier by a British law that requires all public cameras to feature a sign listing contact information for the owner of any public camera.

The result — partly mesmerizing, partly chilling — has gained the band widespread attention.

"I think this was just a nice, original idea that we're pleased to do before anyone else," Churnside says. "Now we have to top it with the next video."

Listen Now NPR Story watch now Music Video



Tools & Techniques You terminate an employee, but let him keep the key to the front door and the office safe combination? See why I say most managers don't understand security?

http://www.eweek.com/c/a/Security/Old-User-Accounts-Pose-Current-Security-Risks-for-Enterprises/

Old User Accounts Pose Current Security Risks for Enterprises

By Brian Prince 2008-05-16

A new study by eMedia USA found 27 percent of respondents had more than 20 orphaned accounts currently within their organization. More alarming, more than 38 percent of respondents said they had no way of determining whether a current or former employee used an orphaned account to access information, and 15 percent said this has occurred at least once.

... In addition to the other findings, the report noted approximately 30 percent of respondents said it takes longer than three days to terminate an account after an employee or contractor leaves the company - 12 percent said it takes more than a month.



http://www.pogowasright.org/article.php?story=20080517062046408

A First Principles Approach to Communications' Privacy

Saturday, May 17 2008 @ 06:20 AM EDT Contributed by: PrivacyNews News Section: Other Privacy News

Freiwald, Susan, "A First Principles Approach to Communications' Privacy" . Stanford Technology Law Review, 2007 Free full-text article available at SSRN: http://ssrn.com/abstract=1132421

Abstract:

Under current doctrine, parties to a communication enjoy robust constitutional protection against government surveillance only when they have a reasonable expectation of privacy in those communications. This paper suggests that the surprising dearth of case law applying the reasonable expectations of privacy test to modern electronic communications reflects courts' discomfort with the test's necessarily normative analysis. That discomfort also likely explains courts' use of shortcuts based on Miller v. United States and Smith v. Maryland in those few cases that have considered online surveillance practices. In particular, the government has argued that a broad third party rule deprives electronic mail of Fourth Amendment protection merely because Internet Service Providers (ISPs) may access those e-mails. Similarly, some courts have denied Fourth Amendment protection to information stored on computer systems other than e-mail contents, by over reading Smith to provide a bright line at contents/non-contents. Both analytical shortcuts not only miss the point of the Katz v. United States, which established the reasonable expectations of privacy test, but also dramatically under protect privacy, with pernicious results. This paper articulates a first principles approach to constitutional protection that focuses instead on the reasons electronic surveillance requires significant judicial oversight. In particular, it argues that electronic surveillance that is intrusive, continuous, indiscriminate, and hidden should be subject to the heightened procedural requirements imposed on government wiretappers. Because surveillance of stored e-mail, such as the type at issue in the case of Warshak v. United States, often shares the characteristics of this four factor test, it should be subject to the highest level of constitutional regulation.



Sense or semantics?

http://www.pogowasright.org/article.php?story=20080517061739327

Dignity as a New Framework, Replacing the Right to Privacy

Saturday, May 17 2008 @ 06:17 AM EDT Contributed by: PrivacyNews News Section: Other Privacy News

Miller, Jeremy M., "Dignity as a New Framework, Replacing the Right to Privacy" . Thomas Jefferson Law Review, Vol. 30, No. 1, 2007 Free full-text article available at SSRN: http://ssrn.com/abstract=1127986/

Abstract:

Privacy if not now, will soon be a dead letter in legal analysis. However, the related concept of dignity will fill the void; and make sense out of a tangled area of law.

... Privacy can promote crime, but dignity promotes only goodness.

... The continued use of the fiction privacy, places our glorious country in danger.



Linux is making itself easy to use (something Microsoft can't duplicate) First Ubuntu allows you to create a dual-boot machine, now Fedora makes it easy to carry with you.

http://lifehacker.com/391067/fedora-9-puts-your-desktop-on-a-usb-drive

Fedora 9 Puts Your Desktop on a USB Drive

This week's release of the Fedora 9 Linux distribution makes putting a full-fledged desktop on a portable USB thumb drive a three-click affair.

No comments: