Is nothing sacred?
http://www.pogowasright.org/article.php?story=20080529165523235
KY: Stolen traffic records include personal information
Thursday, May 29 2008 @ 04:55 PM EDT Contributed by: PrivacyNews News Section: Breaches
The records of more than 300 traffic cases were stolen this month from the Jefferson County court archives, leading court officials to update their security and warn citizens of potential identify theft.
The traffic cases, all from November 2003, include the names, addresses, dates of birth and possibly the Social Security number of people who received a traffic citation or were involved in DUI arrest that month, said Jefferson Circuit Court Clerk David Nicholson.
He said court workers did not know the records were missing until police told them yesterday.
Source - courier-journal.com
Do you really want to say: “We don't know what we're doing?”
http://www.pogowasright.org/article.php?story=20080529153805410
State Street Data Theft Affects More Than 45,000
Thursday, May 29 2008 @ 03:38 PM EDT Contributed by: PrivacyNews News Section: Breaches
Computer equipment containing personal information on more than 45,000 customers and employees of a State Street unit was stolen five months ago, the company said. The personal information included names, addresses and social security numbers.
... The company, a Boston-based provider of financial services to institutional investors, said 5,500 employees and 40,000 customers of Investors Financial Services, which it acquired last year, were affected.
The computer equipment was stolen from a vendor hired by Investors Financial Services to provide legal support services.
... The theft occurred in December. State Street said it was informed of the theft in January and needed the past four months to analyze what and whose information had been stolen. That analysis was completed Wednesday.
Source - CNBC
Related - AP reports that State State says it will provide those affected with free credit monitoring for two years.
Perhaps we can get a look inside if we follow this one.
http://www.pogowasright.org/article.php?story=20080529101637519
Stolen Verizon Wireless customer data part of racketeering and money laundering case
Thursday, May 29 2008 @ 12:05 PM EDT Contributed by: PrivacyNews News Section: Breaches
As a follow-up to a story posted on April 25 concerning the discovery of Verizon Wireless customer data in possession of a former employee, Somerset County Prosecutor Wayne J. Forrest announced earlier today that the Somerset County Grand Jury has returned a 407 Count Indictment charging fifteen defendants in an interstate Racketeering, Money Laundering and Conspiracy case. In a press release, Forrest stated, "The underlying investigation, code-named “Operation Stop Payment”, focused primarily on: identifying the number of defendants involved in this criminal enterprise; identifying any individuals, financial institutions or other business and government entities that were victimized by this criminal enterprise; and stopping the payment on fictitious payroll checks that were manufactured by this criminal enterprise on an almost daily basis."
During the execution of search warrants as part of their investigation, detectives had discovered customer records belonging to 2,700 Verizon Wireless customers. The customer data included personal identification information such as the customer’s name, address, cellular account information, Social Security number and/or Federal Taxpayer Identification Number. Prosecutor Forrest said the grand jury charged Tihee Jabbar Brisbane with multiple counts of second degree computer related criminal activity stemming from the theft of the Verizon Wireless customer account summaries. Brisbane had previously been employed as a telemarketing representative for Verizon Wireless from November 3, 2003, until January 26, 2005 at the Verizon Wireless offices located in Branchburg, Somerset County.
The press release provides more details about the other defendants and allegations as well as a listing of banks and companies that were victimized.
Not sure how this could occur every time one user tried to logon yet be classes as “isolated.”
http://www.pogowasright.org/article.php?story=20080530061942821
"Glitch" gives customer access to other Charter accounts
Friday, May 30 2008 @ 06:19 AM EDT
Contributed by: PrivacyNews
News Section: Breaches
.... McDowell was horrified that she had somehow gotten into a stranger's account. She quickly logged off. Besides, she still had her own bill to pay.
. She tried again to log on to her account. This time she arrived at the Charter account of a woman in Slidell, La.
. McDowell logged off and tried again, this time arriving at the Charter account of a woman in Covington, Ga.
.McDowell says she did this 20 times, each time getting the account of a different Charter customer. She couldn't see any connection between the names or addresses, although she did note that many of the accounts listed overdue bills.
... Lamont said the company fixed the "glitch" later in the day.
... Lamont said Charter recently had started a new service activation system. In a few isolated instances, "The customer login information was erroneously 'matched' to the wrong customer account under certain specific circumstances upon login attempt. And I hope you'll understand that that's all we can really say," she said in an e-mail. [“Without convincing you that we are entirely incompetent.” Bob]
Source - STLtoday.com
This is an interesting description of a Denial of Service attack. The perpetrators willingly admitted that they caused the attack, and even claimed it was because they wanted to continue using Revision3's servers! Sounds like an open and shut lawsuit to me...
http://revision3.com/blog/2008/05/29/inside-the-attack-that-crippled-revision3
Inside the Attack that Crippled Revision3
on May 29th, 2008 at 07:49 am by Jim Louderback in Polemics
As many of you know, Revision3’s servers were brought down over the Memorial Day weekend by a denial of service attack. It’s an all too common occurrence these days. But this one wasn’t your normal cybercrime – there’s a chilling twist at the end. Here’s what happened, and why we’re even more concerned today, after it’s over, than we were on Saturday when it started.
Tools & Techniques: Might be very useful for my website class, not to mention the security troops...
http://news.cnet.com/8301-13880_3-9955552-68.html
May 30, 2008 12:01 AM PDT
Firefox add-on shows all the files downloaded by the current page
Posted by Dennis O'Reilly Post a comment
These days you can't be too careful about what you download. A new Firefox add-on from Florian Queze called View Dependencies takes some of the guesswork out of knowing the content of a Web page, and the source of that content.
After you download the free add-on and restart Firefox, you'll see a Dependencies tab when you click Tools > Page Info to view information about the page that's currently open. The tab lists the files on the page, their URL, and their size.
... You can right-click an entry and choose Open in New Tab or Open in New Window to view just that one file. Other context-menu options let you copy the entry, copy just the URL, or just the host name. [Great for stealing... I mean, reverse engineering, and duplicating without compromising patents or copyrights. Bob]
Registration required – probably worth it.
http://www.centernetworks.com/akamai-state-internet
Akamai Releases State of the Internet Report
Written by Allen Stern - May 29, 2008
Akamai is out today with their first "State of the Internet" report. The report is well worth a read as it covers a variety of topics including: security, connection speeds, geography, network access, and Internet penetration. Some of the interesting stats include:
China leads the world in attack traffic including denial of service attacks.
Nearly 30% of attacks are to port 135 which is used for remote procedure calls on Microsoft operating systems.
In March 2008, more than 10,000 Web pages on hundreds of Web sites were infected by hackers looking to steal passwords used in popular online games.
Some details seem a bit fantastic, but if true, they are tools I want!
http://news.cnet.com/8301-10784_3-9955375-7.html?part=rss&subj=news&tag=2547-1_3-0-5
May 29, 2008 6:02 PM PDT
Did Chinese officials copy U.S. government laptop data and use it in hack?
Posted by Elinor Mills 10 comments
The U.S. government is looking into allegations that Chinese officials snagged a laptop left unattended by a top U.S. official there, copied the data and then used it to try to hack into U.S. government computers, according to a report by The Associated Press.
The incident is alleged to have happened during Commerce Secretary Carlos M. Gutierrez's trip to Beijing in December, unidentified sources told the AP. Gutierrez told the wire service he couldn't comment on an ongoing investigation.
Since then, the U.S. Computer Emergency Readiness Team, known as US-CERT, responded to computer network break-ins at least three times, the report says.
"The Pentagon, State Department and Commerce Department all have been victimized by widespread computer intrusions blamed on China since July 2006," with the Commerce Department even having to unplug itself from the Internet, as a result, the article says.
[From the article:
Surreptitious copying is believed to have occurred when a laptop was left unattended during Gutierrez's trip to Beijing for trade talks in December...
... Modern copying equipment can duplicate a laptop's storage drive in just minutes. [Not that I'm aware of... Bob]
... A senior U.S. intelligence official, Joel F. Brenner, recounted a separate story of an American financial executive who traveled to Beijing on business and said he had detected attempts to remotely implant monitoring software on his handheld "personal digital assistant" device - software that could have infected the executive's corporate network when he returned home. The executive "counted five beacons popped into his PDA between the time he got off his plane in Beijing and the time he got to his hotel room," Brenner, chief of the office of the National Counterintelligence Executive under the CIA, said during a speech in December.
Brenner recommended throwaway cellular phones for any business people traveling to China.
"The more serious danger is that your device will be corrupted with malicious software that takes only a second or two to download - and you will not know it - and that can be transferred to your home server when you collect your e-mail," he said.
Never annoy a hacker. Never, never annoy lots of hackers.
http://torrentfreak.com/comcast-hacked-in-bittorrent-throttling-packback-080529/
Comcast Hacked in BitTorrent Throttling Payback?
Written by enigmax on May 29, 2008
It has become apparent during the last few hours that Comcast, everyone’s favorite ISP (especially in the BitTorrent world) has been hacked. The message on the homepage read: “KRYOGENIKS EBK and DEFIANT RoXed COMCAST.”
Can you “disappear” on the Internet?
http://www.pogowasright.org/article.php?story=20080529102008516
How to be unGoogleable
Thursday, May 29 2008 @ 10:20 AM EDT Contributed by: PrivacyNews News Section: Internet & Computers
I recently received an odd plea for help. A former colleague e-mailed me to request that all references to her be expunged from the online news blog I coordinate for a university here in Rome. It was a legitimate request, I concluded, so I went into the old posts and deleted the one in which her name appeared. It was about an upcoming event on campus from more than a year ago and had absolutely no news value to readers today.
She was grateful for my quick response. A few minutes later though she was back in my in-box. This time, the tone was less gracious. She Googled her name and still the reference appeared.
Source - Times Online
Thanks to Brian Honan for this link.
Standards is standards. Someone has to try to establish good (if not best) practices...
http://www.pogowasright.org/article.php?story=20080530061122507
CDT Issues Privacy Principles for Digital Watermarking
Friday, May 30 2008 @ 06:11 AM EDT Contributed by: PrivacyNews News Section: Other Privacy News
CDT today released a paper offering a set of principles for addressing potential privacy considerations when deploying digital watermarking technology. This technology embeds information within the content of digital media files in a form that is machine readable but often imperceptible to humans. Digital watermarking has a variety of applications and is increasingly being considered as a tool for deterring copyright infringement. CDT's paper is intended to provide guidance for companies that plan to use the technology to communicate information that is specific to individual consumers.
Source - CDT Press Release Related - Privacy Principles for Digital Watermarking [PDF]
No comments:
Post a Comment