I can steal it for you wholesale!
http://www.pogowasright.org/article.php?story=20080506081942789
Finjan Discovers Compromised Business & Customer Data of 40 Top-Tier Global Businesses
Tuesday, May 06 2008 @ 08:19 AM EDT Contributed by: PrivacyNews News Section: Breaches
Finjan Inc., a leader in secure web gateway products, today announced its discovery of a server controlled by hackers (Crimeserver) containing more than 1.4 Gigabyte [less than I have on my thumb drive Bob] of business and personal data stolen from infected PCs. The data consisted of 5,388 unique log files. Both email communications and web-related data were among them.
The compromised data came from all around the world and contained information from individuals, businesses, as well as renowned organizations, including healthcare providers.
To illustrate the scope; the server contained among others 571 log files from the US, 621 from Germany (DE), 322 from France (FR), 308 from India (IN), 232 from Great Britain (GB), 150 from Spain (ES), 86 from Canada (CA), 58 from Italy (IT), 46 from the Netherlands (NL), and 1,037 from Turkey (TR).
Due to the sheer impact, Finjan followed its company guidelines and promptly notified over 40 major international financial institutions [It's not quantity, it'a quality. Bob] located in the US, Europe and India whose customers were compromised as well as various law enforcements around the world.
The report contains examples of compromised data that Finjan found on the Crimeserver, such as:
Compromised patient data
Compromised bank customer data
Business- related email communications
Captured Outlook accounts containing email communication
To download the report, please visit http://www.finjan.com/mpom
Source - PR Newswire
[From the Newswire article:
Since the stolen data was left unprotected on the Crimeserver, without any access restrictions or encryption, the data were freely available for anyone on the web, including criminal elements. [Tisk, tisk. Bad OpSec or sample data? Bob]
Is this automatically a terrorism case? Will similar risk apply when RealID is fully implemented?
http://www.pogowasright.org/article.php?story=20080506081227135
FBI notifies customers of Atlanta visa service
Tuesday, May 06 2008 @ 08:12 AM EDT Contributed by: PrivacyNews News Section: Breaches
The FBI is notifying as many as 1,000 customers of a metro Atlanta travel visa service that they may be victims of identity theft.
Warren Fowler, an employee of International Visa Service in Sandy Springs, has been arrested and charged with stealing the personal information of people who were applying for a passport. Fowler allegedly sent the information to his brother, Alvin Fowler, in Miami, who is accused of selling the identities for up to $7,500 each. Alvin Fowler is in federal custody.
Source - WRDW
Fortunately, the Zip was still Locked...
http://www.pogowasright.org/article.php?story=2008050605535628
NC: Officials recover stolen tax information (update)
Tuesday, May 06 2008 @ 05:53 AM EDT Contributed by: PrivacyNews News Section: Breaches
Law enforcement officials in Wingate have recovered personal financial information belonging to more than 400 taxpayers that was stolen last month.
The Iredell County Tax Collector’s Office said in a news release that a shipment of processed tax payments and unprocessed items that was reportedly stolen from a courier April 22 in Charlotte had been found and secured.
Officials said the bags did not appear to have been opened.
Source - statesville.com
The joy of databases – from the county that gave us “Big Brother.” A 40 second video with the sounds of Black Helicopters, police sirens, attack dogs, and a polite voice to remind you to pay you TV License, because...
http://digg.com/television/The_BBC_knows_where_you_live_its_all_in_the
The BBC knows where you live; its all in the
liveleak.com — Wow, is this real or fake? I love the veiled threats...fantastic! What do they do to you if you fail to license your TV? Do they send out the bone-crushers? Do folks show up at your door and take your TV?
http://www.liveleak.com/view?i=8ee_1210010683
An interesting resolution.
http://yro.slashdot.org/article.pl?sid=08/05/05/1617230&from=rss
US Court Orders Company to Use Negative Keywords
Posted by ScuttleMonkey on Monday May 05, @01:11PM from the negative-ghostrider-the-pattern-is-full dept.
A US court has ordered a firm to utilize negative adwords in their internet advertising.
"Orion Bancorp took Orion Residential Finance (ORF) to court in Florida over ORF's use of the word 'Orion' in relation to financial services and products, arguing that it had used the term since 2002 and had held a trade mark for it since then. [...] The judge in the case went further, though, restraining ORF from 'purchasing or using any form of advertising including keywords or "adwords" in internet advertising containing any mark incorporating Plaintiff's Mark, or any confusingly similar mark, and shall, when purchasing internet advertising using keywords, adwords or the like, require the activation of the term "Orion" as negative keywords or negative adwords in any internet advertising purchased or used.'"
[From the article:
By 'negative adword', the judge is referring to the fact that keyword advertising systems allow someone to instruct the system never to display their advert when a certain term is searched for, as well as to pay to have their ad displayed when a certain term is searched for.
... See: The ruling (9-page / 29KB PDF)
Might make for an interesting ethical discussion.
http://www.pogowasright.org/article.php?story=20080506061203573
Using cell phones to find missing persons pushes law
Tuesday, May 06 2008 @ 06:12 AM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy
The call came in to police just after midnight April 16.
Hours before, a distraught young man had phoned his mother, hinting he wanted to kill himself. When he didn't meet her as planned, she telephoned Seattle police and reported her son missing.
Because of increasing advances in technology, officers were able to find the missing man's cellular phone using his wireless network. Two hours after he was reported missing, the man was found alive but unwell lying on his desk and taken to University Hospital for a psychological evaluation.
... "All the officer needs to do is confirm to us that an exigent circumstance exists," she said.
No legal challenges have been filed related to cell locater technology in missing persons cases. But privacy rights advocates say unambiguous guidelines are needed to ensure that the technology isn't misused.
Source - Seattle Post-Intelligencer hat-tip, slashdot
[From the article:
"It's a very, very small percentage of missing persons cases where it turns out that a crime has been committed," Rahr said.
... Masamitsu said Verizon, like other cellular providers, requires detailed follow-up reports from investigators. But she said the company doesn't conduct any independent review of the requests before releasing location information.
"All the officer needs to do is confirm to us that an exigent circumstance exists," she said.
Another ethical question?
http://www.eweek.com/c/a/Security/Kraken-Botnet-Infiltration-Triggers-Ethics-Debate/
Kraken Botnet Infiltration Triggers Ethics Debate
By Ryan Naraine 2008-05-01
Researchers seize control of one of the world's largest spam-spewing botnets, but there is disagreement about what should happen next.
Researchers at TippingPoint Technologies' Digital Vaccine Laboratories have found a way to infiltrate and seize control of one of the world's largest spam-spewing botnets, a breakthrough that has ignited an intense debate over the ethics of "cleaning" infected computers.
... The ability to infiltrate and seize control of Kraken's C&C mechanism left the company with an ethical dilemma that has prompted a discussion of whether infected computers used in denial-of-service attacks and spam runs should be cleansed without the owners' consent.
"On the technical side, we have proven that it can be done. From our proof-of-concept, it would have been one more click of a button to shut down the communication between the people sending commands to these [infected] computers," Pierce said.
... David Endler, director of security research at TippingPoint, is on the other side of the fence. "The reality is that you really don't know what you're modifying," Endler said in an interview. "It's a very tricky situation. What if that end-user system is performing a critical function? What if that target system is responsible for someone's life support? Who is to say what is more beneficial? It really is a moral and a legal quandary."
First, get their attention...
http://www.f-secure.com/weblog/archives/00001431.html
BBB Case #947344536
Posted by Mikko @ 16:05 GMT
We're seeing some new BBB trojan attacks going around.
This attack method is well-known and has been occurring for months: A high-level executive [Always target the most vulnerable... Bob] inside an organization receives an e-mail that mentions a complaint supposedly made to the Better Business Bureau (USA). The e-mail appears to be credible and links to a site in order to download the complaint. The download claims to require IE and ActiveX in order to succeed. Once ActiveX is enabled, the sites drops a backdoor on the system.
The message looks like this:
... The message links to a page under us-bbb.com (the real BBB site is at us.bbb.org).
For my computer security students.
http://news.yahoo.com/s/nm/20080502/od_nm/japan_porn_odd_dc;_ylt=AgStIVFU1Uyx7IdnqesY7yOs0NUE
Official suspended for surfing porn at work
Reuters Fri May 2, 11:09 AM ET
TOKYO (Reuters) - A city bureaucrat in western Japan was suspended from his job after officials discovered he visited porn websites at work almost every day, often spending hours [Interesting that no one noticed a lack of productivity. Perhaps he performed as well as any government employee? Bob] gazing at nude photos, a city official said.
... Angered citizens called city hall all day on Friday, saying the suspension was not enough, he added. [I wonder if there would be as much anger in the US? Bob]
The city only found out about his activities in February when it noticed that his computer had picked up the same virus repeatedly from the sites, Ueyama said. [Better than not noticing at all... Bob]
A safer way to find your porn? What is their liability for a “false positive?”
http://www.techcrunch.com/2008/05/05/yahoo-flags-malware-sites-in-search-results/
Yahoo To Flag Malware Sites In Search Results
Michael Arrington May 5, 2008
Tomorrow Yahoo will launch a partnership with McAfee and will integrate their Site Advisor malware scanning product into Yahoo search.
The most dangerous websites are simply being removed from search results. Yahoo is also flagging less dangerous offending sites to warn users of specific problems that have been reported from those sites. Example warning messages include “Warning: Unsolicited E-mails” and “Warning: Dangerous Downloads.”
For Security Managers. Another option for secure communications?
http://freenetproject.org/news.html
24th Apr, 2008 -
Freenet 0.7.0 release candidate 2 now available
Freenet version 0.7 Release Candidate 2 is now available for public testing. Release Candidate 2 features many bugfixes and a number of usability improvements.
Freenet is a global peer-to-peer network designed to allow users to publish and consume information without fear of censorship. To use it, you must download the Freenet software, available for Windows, Mac, Linux and other operating systems. Once you install and run Freenet, your computer will join a global, decentralized P2P network. [and likely be blocked by your ISP for sharing copyrighted music? Bob] You will be able to publish and consume information anonymously, either through your web browser, or through a variety of third party applications.
Freenet 0.7 is a ground-up rewrite of Freenet. The key user-facing feature in Freenet 0.7 is the ability to operate Freenet in a "darknet" mode, where your Freenet node will only talk to other Freenet users that you trust. This makes it much more difficult for an adversary to discover that you are using Freenet, let alone what you are doing with it. 0.7 also includes significant improvements to both security and performance.
Freenet 0.7 RC2 can be downloaded from: http://freenetproject.org/download.html
One of those business models that couldn't possibly work...
http://www.news.com/8301-13577_3-9936896-36.html?part=rss&subj=news&tag=2547-1_3-0-5
A billion-dollar valuation for LinkedIn?
Posted by Caroline McCarthy May 6, 2008 5:58 AM PDT
On Monday, reports surfaced that business social network LinkedIn is likely looking to raise a round of venture capital (rather than find a corporate parent).
TechCrunch reports that investment bank Allen & Co. is hoping to help LinkedIn pull in that funding at a $1 billion valuation.
... The average user of LinkedIn (there are 20 million total) is reportedly 41 years old and makes about $110,000 annually.
That's made it possible for the social network to charge advertisers $75 per thousand impressions, which is almost unheard of in the social-media world.
To free, or not to free...
http://www.nytimes.com/2008/05/06/technology/06wifi.html?_r=1&partner=rssnyt&emc=rss&oref=slogin
Free Wi-Fi, but Not for All
By SUSAN STELLIN Published: May 6, 2008
The battle between free and paid wireless Internet access is starting to look like a draw. Or more accurately, a third variation is winning — a combination of the two.
... Starbucks is probably the biggest example of that model. In February, the company announced plans to switch to AT&T from T-Mobile as the Internet provider in its 7,000 stores.
When AT&T takes over, customers who use their Starbucks card once a month will get two hours of free Wi-Fi access each day. Otherwise, that same time period will cost $3.99, or $19.99 for a monthly unlimited access plan.
... Denver International Airport switched from a paid to an ad-supported model last November, and has already seen use increase from 600 connections a day to more than 5,000.
... That ad revenue slightly exceeds what the airport used to earn from its share of user fees ($7.95 for 24 hours of access), according to Jim Winston, the airport’s director for telecommunications. [See? Free is good! Bob]
Apparently, it is easy to screw up. Checklists might help...
ABA Litigation Section Reacts to the Qualcomm Case and Recommends e-Discovery Checklists
The Litigation Section of the American Bar Association has published an online article on Qualcomm v. Broadcom. Written by Kristine L. Roberts, Litigation News Associate Editor, the article is significant for its glimpse into the thinking of ABA leaders on electronic discovery abuses.
What's in your coffin? (Not every untapped market will be lucrative...)
http://www.wired.com/techbiz/startups/news/2008/05/tributes
Monster.com Founder Starts Social Networking Site for the Dead
By Marty Graham 05.05.08 | 1:00 PM
How could I pass this one up?
http://digg.com/comics_animation/The_Simpsons_Compilation_of_Couch_Gag_Intros
The Simpsons - Compilation of Couch Gag Intros watch!
youtube.com — Love the Evolutionary Couch Gag...lots of good ones in the related videos here.
No comments:
Post a Comment