The scope of access is where security went wrong. As my Hacking Class learns each new technique they can access parts of their final grade. Learn all the techniques, give yourself an “A” (There is no way to access other students' grades...)
http://www.chron.com/disp/story.mpl/front/5750954.html
Hackers change grades at Fort Bend ISD high school
Four Hightower students being investigated after scores were changed for 60
By ERIC HANSON Copyright 2008 Houston Chronicle
SUGAR LAND — Four high school students are being investigated on suspicion of breaking into the Fort Bend Independent School District's computer network and changing the grades of at least 60 students, according to court documents and school officials.
Investigators estimated the financial loss to the school district at more than $190,000, making the case a possible felony. [I'd love to see the justification for that number... Bob]
... School officials did not say if all the grades were improved or if the hackers gave some students lower grades. [Never mess with a geek! Bob]
... That discovery launched police on a lengthy cyber trail involving the use of sophisticated detection programs and the issuing of low-tech subpoenas. [Paper? Bob]
I wonder if any of my students are involved?
http://www.pogowasright.org/article.php?story=200805030817580
5,500 Argosy University students had data on stolen Sungard HE laptop (SunGard Update) (corrected)
Saturday, May 03 2008 @ 08:17 AM EDT Contributed by: PrivacyNews News Section: Breaches
Argosy University has notified; the Maryland Attorney General that the laptop stolen from a Sungard HE employee in March contained personal information including name, Social Security number, and in many cases, addresses, of 5,500 Argosy University students who may have applied for financial aid in 2001, 2002, and/or 2004.
Corrected at 12:33 pm to insert correct url to notification letter.
Related - previous coverage of the SunGard HE incident on PogoWasRight.org
Perhaps this will change the courses these law school students take? The sample “letter to victims” suggest they will notify Maryland residents only – or am I misreading it?
http://www.pogowasright.org/article.php?story=20080503082509618
Yeshiva University law students' personal information on stolen laptop (SunGard update)
Saturday, May 03 2008 @ 08:25 AM EDT Contributed by: PrivacyNews News Section: Breaches
Some students of Yeshiva University's Benjamin N. Cardozo School of Law had their personal information stolen when a laptop was stolen from a SunGard HE employee in mid-March. According to Yeshiva's notification to the Maryland Attorney General, information for a "small number of former students" included names, Social Security numbers, student loan identification numbers, other financial aid info, and other student information.
Related - previous coverage of the Sungard HE incident on PogoWasRight.org
Interesting. Who could this be?
http://www.pogowasright.org/article.php?story=20080503110202644
AU: WESTPAC recalls uo (sic) to 2000 Visa cards
Saturday, May 03 2008 @ 11:02 AM EDT Contributed by: PrivacyNews News Section: Breaches
WESTPAC has been forced to recall up to 2000 Visa cards after a security breach exposed customers to "high risk" of fraud.
The bank wrote to customers on April 22 telling them their account details may have been compromised and that their cards needed to be replaced.
A letter stated that because of the "high risk compromise to your account" customers' cards would be blocked if they did not contact the bank by April 29.
... She said the breach had taken place overseas.
Source - news.com.au
[From the article:
A Westpac spokeswoman said the breach was an example of "a common point of purchase compromise where a single vendor has broken security".
[This suggests that at least 2000 people used the Visa cards at the same vendor (same card swipe machine?) I can only think of an airline or perhaps someplace like Harrod's. No doubt we'll find out soon, if the “overseas” country has disclosure laws or a large number of customers in Maryland, New Hampshire or California. Bob]
This is actually good news. I doubt there are many organizations who would even look back this far. (Or is this an ongoing case and they just realized the Identity Theft potential?) The notification letter was scanned in upside down and no one seems to have noticed – fortunately you can “rotate” the image by clicking a button.
http://www.pogowasright.org/article.php?story=200805030844228
Purdue Pharma employees notified of security breach
Saturday, May 03 2008 @ 08:44 AM EDT Contributed by: PrivacyNews News Section: Breaches
Purdue Pharma, a privately held pharmaceutical company, notified the Maryland Attorney General on April 14 that they had recently learned that a "former employee accessed a disk containing personal information about individuals employed by Purdue Pharma and its associated U.S. companies prior to December 31, 2003 and attempted to email some of the information on the disk to another person."
The disk contained names, dates of birth, Social Security numbers and pension-related information on approximately 5,000 individuals.
In his letter [pdf] to the AG's office, David Long, Senior Vice President of Human Resources, reports that the employee kept the disk when his employment ended, in direct violation of the company's policies and standard confidentiality agreement. When the company discovered the unauthorized access, they demanded that the information be "deleted and returned to us." [Watch your language. Would you really want to receive a blank disk with a note saying “the data used to be here, but I deleted it?” Bob] They report that the original disk has been returned and that they believe that all copies of the information have been deleted and that there has been no misuse of the information.
The documentation submitted does not indicate when the unauthorized access occurred or when the employee terminated employment. The company discovered the unauthorized access in late March, 2008.
Purdue Pharma contracted with TrustedID to provide two years' services to those whose data were on the disk.
To err is human, to screw up this massively takes a bureaucracy...
http://www.pogowasright.org/article.php?story=20080503130505156
Hundreds of Laptops Missing at State Department, Audit Finds
Saturday, May 03 2008 @ 01:05 PM EDT Contributed by: PrivacyNews News Section: Breaches
Hundreds of employee laptops are unaccounted for at the U.S. Department of State, which conducts delicate, often secret, diplomatic relations with foreign countries, an internal audit has found.
As many as 400 of the unaccounted for laptops belong to the department’s Anti-Terrorism Assistance Program, according to officials familiar with the findings. [Terrorists like to steal these first... Bob]
The program provides counterterrorism training and equipment, including laptops, to foreign police, intelligence and security forces.
Source - CQ Politics hat-tip, Raw Story
[From the article:
Ironically, the Anti-Terrorism Assistance Program is administered by the State Department’s Bureau of Diplomatic Security (DS), which is responsible for the security of the department’s computer networks and sensitive equipment, including laptops, among other duties. It also protects foreign diplomats during visits here. [Doesn't that give you a warm fuzzy feeling? Bob]
... A senior IG official, asking not to be identified, said he could “not comment on ongoing work.” [You must be scared if you don't want to be identified as saying “No comment.” Bob]
... Hints of the State Department’s laptop losses first surfaced March 31 in an anonymous post at an obscure Web site frequented by employees of the Bureau of Diplomatic Security, called Dead Men Working. [Goodbye obscure. Bob]
Be very careful to ensure that your spokespeople know the facts. Nothing says “We're lying” like a number of contradictory statements –in writing!
http://www.pogowasright.org/article.php?story=20080504075258305
BoI data breach: a sample customer notification (follow-up)
Sunday, May 04 2008 @ 07:52 AM EDT Contributed by: PrivacyNews News Section: Breaches
More on the Bank of Ireland 30,000-customer data breach (which is up to 31,500 people by now — BoI promised to contact the “affected” customers by post, warning them that their data had been leaked. If you were wondering what those letters might look like, wonder no more. Here’s one, via a friend who found himself in this unenviable position:
Page 1 Page 2 [Not a hacker? You may need to link via the taint.org article Bob]
So it’s not just name, date of birth, and address — he notes that they’ve leaked ‘information on the current account I use to pay for the policy.’
Interestingly, he says that his life assurance policy was set up directly with their life assurance department, not via the local branch — which directly contradicts what BoI say on their website....
Source - taint.org
Note: if anyone received a letter from BoI that references medical information, please send a redacted copy to privacynews[at]pogowasright.org
Security is as security does. F. Gump “I want you photographers to note that this is the equipment we executed those spys for trying to photograph. Be sure to get my good side...”
http://news.slashdot.org/article.pl?sid=08/05/03/2231202&from=rss
An Inside Look At Iran's Nuclear Program
Posted by timothy on Saturday May 03, @06:39PM from the glowing-reviews dept. Power The Military Politics Science Technology
NotBornYesterday writes
"On April 8, Iranian President Mahmoud Ahmadinejad visited his country's secretive nuclear enrichment plant at Natanz for a photo op. What came out of this visit is a series of photos which have caused a fair amount of interest among western scientists. Shown in the photos are not only some of the inner workings of the plant and current generation of enrichment centrifuges, but also key components to newer generations of more effective centrifuges. Analysts are 'intrigued' not only by the technical revelations in the pictures, but also because Iran's Defense Minister Mostafa Mohammad Najjar accompanied Ahmadinejad through the facility."
War is hell
http://www.huffingtonpost.com/2008/05/03/unearthed-photos-reveal-h_n_99970.html
New Photos Reveal Horror Of Hiroshima (GRAPHIC IMAGES)
The Huffington Post May 3, 2008 02:04 PM
... Below, you'll find one of the photos from this collection. See the rest here. Warning: some of the images are graphic and will be difficult for some readers to view.
It's one of those silly databases geeks love.
http://digg.com/programming/The_Hello_World_Program_in_366_Programming_Languages
The "Hello World" Program, in 366 Programming Languages!
roesler-ac.de — "Hello World" is the traditional first program you write when learning a new language, first appearing in K&R's "The C Programming Language" book in 1978. Since then it has been implemented in almost every programming language on the planet. This collection has it in 366 coding languages (even LOLCode!) and 58 human ones! Is your favourite here?
http://www.roesler-ac.de/wolfram/hello.htm
For those of us who know Classical does not mean “Brittany Spears, the Early Years”
http://www.gramophone.co.uk/newsMainTemplate.asp?storyID=3020&newssectionID=1
Gramophone to launch revolutionary website
May 2 2008
... By September every word ever printed in Gramophone will be available for free as a fully searchable online archive – that’s hundreds and thousands of reviews, articles and interviews, by far the biggest archive of its kind.
... The new website, Gramophone.net, will be created in two stages. The first, the creation of the archive, will live alongside this existing website from early September. The start of 2009 will then see the creation of an all-new state-of-the-art website – where downloading, internet mail order and ticket-buying services will be linked to editorial – so visitors will be able to read reviews and features, listen to music samples and then if they wish, buy CDs or book tickets to live events.
Dennis has outdone himself... Instead of mere lists, he is now sending me lists of lists. That's good, because I plan to send you lists of my list of lists, so you can collect them and have lists of my lists of Dennis' lists of lists...
No comments:
Post a Comment