Monday, May 26, 2008

Note: This was announced on May 6th, but one line in this article caught my eye.

http://www.uticaod.com/education/x360360504/Stolen-laptop-contained-students-personal-information

Stolen laptop contained students' personal information

By DANA C. SILANO Observer-Dispatch Posted May 24, 2008 @ 07:12 PM

HERKIMER — Students and applicants at Herkimer County Community College should watch their credit reports carefully, especially if they received a letter from the school notifying them of a stolen laptop from a SunGard employee.

... Kvinge said the computer belonged to a consulting employee of SunGard, and the incident occurred at a customer site. She would not disclose the name of the police agency that initially handled the case for security purposes. [Huh? Bob] For the same reason, she would not release the make or model of the computer.

“Naturally, we want to go public and let people know what's going on, but at the same time, when we go public, we're sending a message to the person who stole that laptop that there is personal information on there.”



...because...

http://www.pogowasright.org/article.php?story=20080526072615634

Data “Dysprotection:” breaches reported last week

Monday, May 26 2008 @ 07:26 AM EDT Contributed by: PrivacyNews News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent



Interesting but futile? Another area not well covered by the ethical guidelines?

http://www.offshoreoutsourcingworld.com/2008/05/24/law-firm-files-suit-to-bar-outsourcing-of-client-data/

Law Firm Files Suit to Bar Outsourcing of Client Data

24th May 2008 posted in Outsourcing News and Top Outsourcing deals |

Source: legaltimes.typepad.com

Law firms looking to cut costs by outsourcing their legal support services overseas could be jeopardizing their client confidentiality, according to a recent federal suit filed by a Bethesda, Md. firm.

Joseph Hennessey, name partner at Newman McIntosh & Hennessey, turned to the U.S. District Court for the District of Columbia on May 7 seeking a ruling on the outsourcing of privileged client data that may be subject to eavesdropping by the U.S. government.

... The firm is looking to the court to rule on whether outsourcing of legal services compromises constitutional rights and whether consent should be required before such data is sent abroad. It also wants the court to order law firms to disclose their use of foreign legal support and to order that the government establish protocols to shield attorney-client information from surveillance.



Summarizes the EU position, but I don't think it opens any new cans of worms.

http://www.pogowasright.org/article.php?story=20080526072431252

Strong data protection rules are needed to prevent emergence of surveillance society

Monday, May 26 2008 @ 07:24 AM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

Surveillance technology is developing with breath-taking speed. This creates new instruments in the struggle against terrorism and organised crime, but also raises fundamental questions on the right to privacy for everyone. Individuals should be protected from intrusions into their private life and from the improper collecting, storing, sharing and use of data about them. Terrorism and organised crime must be combated - but not with means which undermine basic human rights.

Source - New Europe: Thomas Hammarberg, Commissioner for Human Rights for the Council of Europe



Tools & Techniques Still think system passwords protect your computer? (Note: This is amusing but not particularly useful. There are much simpler ways to gain access.)

http://tech.slashdot.org/article.pl?sid=08/05/26/0257213&from=rss

Gaining System-Level Access To Vista

Posted by kdawson on Monday May 26, @12:51AM from the seems-too-simple-somehow dept. Security Windows

An anonymous reader writes

"This video shows a method by which a user can use a Linux distro called BackTrack to gain system access to Windows Vista without logging into Windows or knowing the username or password for any accounts. To accomplish this, the user renames cmd.exe to Utilman.exe — this is the program that brings up the Accessibility options for users without sight or with limited vision. The attack takes advantage of the fact that the Utility Manager can be invoked before the user logs into the system. The user gains System access, which is a level higher than Administrator. The person who discovered this security hole claims that XP, 2000, 2003 and NT are not vulnerable to it; only Windows Vista is."



Since I don't have one, you must. Lots of good statistics to quote.

http://www.news.com.au/dailytelegraph/story/0,22049,23755088-5001028,00.html

Half of world's population has a mobile

Article from: Agence France-Presse From correspondents in Geneva May 25, 2008 04:58pm

THE number of mobile phone users world soared to over 3.3 billion by the end of 2007, equivalent to a penetration rate of 49 percent, the International Telecommunications Union has said in a report.

Africa showed the strongest gains over the past two years and more than two thirds of all mobile subscribers were from developing countries by the end of 2007, the ITU said.



Part 2 lists more tools and furthers the hack.

http://houseofhackers.ning.com/profiles/blog/show?id=2092781%3ABlogPost%3A43293

Assessment Methodology (Part 2)

Posted by hitechpo on May 25, 2008 at 2:30pm

No comments: