Wednesday, May 21, 2008

I think this is a new low... They not only lost the disc, but it was their ONLY COPY?

http://www.phiprivacy.net/?p=412

May-20-2008

NHS disc containing sensitive data lost

Caroline Gammell reports in the Telegraph:

A computer disc containing the medical records of more than 38,000 NHS patients went missing when it was sent to a software company to be backed up - in case the records got lost.

The information, which dates back 10 years, was mislaid somewhere between London and Sandown Health Centre on the Isle of Wight.

It was given to courier company City Link in March, but the health centre only spotted it was missing in May.

Full story - Telegraph Related - The Press Association



Increasingly common?

http://www.pogowasright.org/article.php?story=20080520184358499

LendingTree LLC Sued Over Customer Information Data Breach

Tuesday, May 20 2008 @ 06:43 PM EDT Contributed by: PrivacyNews News Section: Breaches

LendingTree LLC, the online mortgage unit of IAC/ InteractiveCorp. (IACI), has been sued over a security breach in which some employees allegedly allowed mortgage lenders to gain access to confidential customer information.

The lawsuit, filed in U.S. District Court in Manhattan on Friday, alleges that the Charlotte mortgage referral company failed to adequately safeguard confidential customer information contained in its customer loan request forms and that data was accessed and stolen by several LendingTree employees.

"As a result of defendant's actions, millions of its customers have had their personal confidential information compromised, have had their privacy rights violated, have been exposed to the risk of fraud and have otherwise suffered damages," the lawsuit said.

Source - CNN Money



How bad was it? Would it scale up to have a similar impact on the US?

http://news.cnet.com/8301-10789_3-9948720-57.html?part=rss&subj=news&tag=2547-1_3-0-5

The Estonia cyberwar: One year later

Posted by Robert Vamosi May 20, 2008 2:34 PM PDT

One year ago, the Estonian government moved a war memorial honoring Russian-Estonians who died fighting the Nazis, a move that may have triggered what some believe is the first instance of a sustained, international cyberwar.

Now, Gadi Evron, a security evangelist for Beyond Security who was in Estonia at the time of the attacks, has revisited the events with an article in the Georgetown Journal of International Affairs and reprinted here online (PDF).



Tools & Techniques. It takes some thought to figure this stuff out...

http://www.f-secure.com/weblog/archives/00001440.html

Phishing Piers on Legitimate Sites

Posted by Sean @ 10:52 GMT Wednesday, May 21, 2008

... However, even obscure URLs can be taken offline quickly as they have no legitimate functions. Sending a message to the host providers with a request that the entire bogus site be taken offline does the trick.

So what next?

Instead of setting up their own sites, we're seeing more and more evidence of phishing from hacked sites; legitimate sites that are unknowingly hosting phishing. And then the site cannot simply be pulled offline without collateral damage to the legitimate business. So the website's administrator must be contacted to repair the damage.

Sites such as bbcsales.com, a 15 year old business with a long-standing Web presence.



Tools & Techniques These “how to” videos are useful...

http://digg.com/gadgets/How_To_Eavesdrop_on_Bluetooth_Conversations

How To Eavesdrop on Bluetooth Conversations watch!

5min.com — A demo on how to attack and capture audio on a Bluetooth headset using a handheld Nokia.

http://www.5min.com/Video/How-To-Eavesdrop-on-Bluetooth-Conversations-925061



Coming soon to a server near you?

http://hardware.slashdot.org/article.pl?sid=08/05/20/1248231&from=rss

New 'Phlashing' Attack Sabotages Hardware

Posted by timothy on Tuesday May 20, @09:29AM from the not-so-nice dept. Security Hardware IT

yahoi writes

"A new type of denial-of-service attack, called permanent denial-of-service (PDOS), damages a system so badly that it requires replacement or reinstallation of hardware. A researcher has discovered how to abuse firmware update mechanisms with what he calls 'phlashing' — a type of remote PDOS attack."



The data is there, why not use it? Information overload?

http://www.cnet.com/8301-13880_1-9949185-68.html?part=rss&tag=feed&subj=Workers'Edge

Get the low-down on the sites you visit with CallingID

Posted by Dennis O'Reilly May 21, 2008 12:01 AM PDT

I used to think the last thing I needed was another browser toolbar. But now I gladly sacrifice a little screen real estate to find out who owns the sites I visit, where they're located, and whether they pass muster with the security checkers.

That's what you get with CallingID, an add-on for Internet Explorer and Firefox that adds a mult-hued toolbar to the browsers. Along with use of green, yellow, and red to signify the site's safety, the toolbar shows the owner and location of the site.



We love our customers... When Microsoft pushes (forces) the update to SP3, your browser will die?

http://www.informationweek.com/news/windows/operatingsystems/showArticle.jhtml?articleID=207801330

Windows XP SP3 Chokes On ISP Versions Of Internet Explorer 7

Specifically, XP3 runs a version of an essential dynamic-link library file called XMLLite.dll that's not compatible with versions of IE7 released prior to October.

By Paul McDougall InformationWeek May 20, 2008 02:09 PM

Private label versions of Microsoft's Internet Explorer 7 browser, including those provided to customers by Internet Service Providers Comcast and Qwest, are prone to crash during installation on computers running Windows XP SP3 because they tend to be outdated, Microsoft is warning.



We love our customers... “We are actually blocking the only indication that you are being monitored, but we'll keep selling your information to our advertisers and charging them as if you were still looking at the ads!”

http://www.pogowasright.org/article.php?story=2008052018482763

UPDATE: Charter Will Track Your Internet Activity Regardless Of Whether You Opt Out

Tuesday, May 20 2008 @ 06:48 PM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy

Last week, we wrote about Charter's decision to begin tracking its users internet activity and inserting targeted ads. One of our readers wrote in to let us know he discovered that Charter's insecure opt-out solution—downloading a cookie that must be downloaded for each user and browser, and downloading it again whenever the cache is cleared—only blocks the ads from showing up; it doesn't block Charter from monitoring users' searches and web activity.

Source - The Consumerist


Related. Maybe we can get versions for any company that tracks us on the Internet... (No doubt this will escalate into an all out arms race...)

http://www.pogowasright.org/article.php?story=20080520070402684

Privacy group launches Phorm spoiler

Tuesday, May 20 2008 @ 10:04 AM EDT Contributed by: PrivacyNews News Section: Internet & Computers

A privacy group has launched a new piece of software that it claims will make the data collected by the Phorm advertising service "absolutely worthless".

The AntiPhorm group - which describes itself as "a loose conglomeration of concerned individuals comprised of artists, programmers and designers" - says it wants to prevent ISPs from profiting from their customers' personal surfing habits.

Source - PC Pro



A simple way to show off the new puppy?

http://www.killerstartups.com/Comm/Ekkotv---Flash-Based-Video-Chat/

Ekko.tv - Flash Based Video Chat

ekkoTV is a new flashed based video chat service. It pulls your contacts from AIM, Yahoo, Google, and/or MSN to create buddy lists. Clicking on the name of your friend will send out an invite; once they’ve received the invitation, a webpage for your chat is opened. Users can chat with up to two other people. The platform can be embedded on blogs and personal websites to create interesting dialogues. Users will of course need a webcam and a decent internet connection to take advantage of ekkoTV. Using the video chat app is absolutely free. Sign up is required.

http://www.ekko.tv/



Could be useful...

http://www.killerstartups.com/Web20/Vocabulixcom----Learn-Spanish-and-German-the-Easy-Way/

Vocabulix.com - Learn Spanish and German the Easy Way

To avoid mistakes like the infamous Kennedy flub, “Ich bin ein Berliner” (roughly, ‘I’m a jelly donut’), you may want to brush up on those language skills. And why not try something free, something web-based, and something multilingual like Vocabulix. Granted, Vocabulix focuses on a trio of languages—English, Spanish, and German—but the spread is comprehensive. You can build vocabulary with a series of customizable (level, topic, type) practices. Or, you can focus on your verb skills with Vocabulix’s verb drills. Even those tricky conjugations are available for practice. Of course, there’s the requisite networking touch as well. You can find and connect with language buddies for extra practice, or create group lessons. You can find language schools, buy cds and books and post questions if you need extra help. And you don’t even have to leave your house.

http://www.vocabulix.com/

No comments: