I've found all of their publications to be interesting and worth reading.
http://www.pogowasright.org/article.php?story=20080603110840141
Lack of basic privacy and security measures causing major data breaches, Privacy Commissioner says
Tuesday, June 03 2008 @ 11:08 AM EDT Contributed by: PrivacyNews News Section: Non-U.S. News
Too many data breaches are occurring because companies have ignored some of the most basic steps to protect personal information, says the Privacy Commissioner of Canada, Jennifer Stoddart.
The Commissioner's 2007 Annual Report on the Personal Information Protection and Electronic Documents Act (PIPEDA) was tabled today in Parliament.
Source - CNW Group
Related - Annual Report to Parliament 2007 — Report on the Personal Information Protection and Electronic Documents Act [pdf]
[From the article:
"Too often, we see personal information compromised because a company has failed to implement elementary security measures such as using encryption on laptops."
[and a passage from the PDF I just couldn't resist:
Not so long ago, a group of executives was debating the merits of delaying an upgrade of their company’s out-of-date computer security system.
One of them cautioned his colleagues in an e-mail:
“It must be a risk we are willing to take for the sake of saving money and hoping we do not get
compromised.”
Those words were prescient.
They were written by a vice-president at TJX – a name which has become synonymous with data breach. The e-mail was released during legal proceedings against TJX.
Just a thought, but if you are the victim of identity theft, what are the odds that you have received a notice from someone – perhaps several someones, recently?
http://www.pogowasright.org/article.php?story=20080603175400647
UnitedHealthcare data breach leads to ID theft at UC Irvine
Tuesday, June 03 2008 @ 05:54 PM EDT Contributed by: PrivacyNews News Section: Breaches
A data breach at United Healthcare Services Inc. has led to a rash of identity-theft crimes at the University of California, Irvine.
To date, 155 graduate and medical students at the school have been hit by the scam, in which criminals file false tax returns in the victim’s name and then collect their tax refunds. The breach affects 1,132 graduate students who were enrolled with the university’s graduate student health insurance program in the 2006-07 school year, said Cathy Lawhon, the university’s media relations director.
UC Irvine police and IT staff have been investigating the crime for several months, she said.
Source - ComputerWorld
You don't have to be a TJX to get hit this way – just bad at security.
http://www.pogowasright.org/article.php?story=20080603182239243
Police investigate online thefts at Oregon State bookstore
Tuesday, June 03 2008 @ 06:22 PM EDT Contributed by: PrivacyNews News Section: Breaches
Oregon State officials say credit card scammers may have defrauded 4,700 online customers of the school's bookstore.
... State Police Lieutenant Jeff Lanz says the security breach appears to have originated outside the university, but where is unknown.
Source - kgw
[From the article:
Phone calls and e-mails started flooding into the bookstore from customers who noticed suspicious charges on their credit cards immediately after they'd placed online orders.
Ditto
http://www.pogowasright.org/article.php?story=20080603182654380
Oops! Verizon Sells 12,500 Unlisted Phone Numbers And Addresses
Tuesday, June 03 2008 @ 06:26 PM EDT Contributed by: PrivacyNews News Section: Breaches
Verizon announced last week that they accidentally sold over 12,500 private addresses and phone numbers to a phone book company in West Virginia. "We certainly apologize to those customers whose numbers were published. ... We're taking accountability for that," said a Verizon spokesman. Translation: they're calling customers to let them know what happened, offering to change their phone numbers for free, and offering to pay the fee to have an unlisted number ($1.98 a month) for a year. Since this is the second time Verizon has made this mistake in the past four years, we wonder if "accountability" can also include taking steps to find out how the numbers keep getting offered up for sale.
Source - The Consumerist
Remember. This is the bank that didn't know how many accounts were compromised. That's another way of saying you don't know how many are safe. Expensive, isn't it?
http://www.pogowasright.org/article.php?story=20080603150433562
Indiana Bank’s Debit Card Breach Underscores Issuer Vulnerability (1st Source update)
Tuesday, June 03 2008 @ 03:04 PM EDT Contributed by: PrivacyNews News Section: Breaches
South Bend, Ind.-based 1st Source Bank is reissuing its entire portfolio of debit cards after a hacker or hackers broke into a bank server containing debit card data. No fraud has been discovered as a result of the intrusion, a bank executive tells Digital Transactions News.
The $4.5-billion-asset bank with 79 branches in northern Indiana and southern Michigan began alerting customers last month after an outside monitoring service it uses noticed on May 12 an unusual flow of data from a bank server containing debit card data, says James Seitz, senior vice president of consumer and electronic banking. “We immediately saw that and shut it down,” says Seitz.
... In addition to monitoring debit card transactions as they come through, the bank has “shut some things down, and we’re working with all of our vendors to strengthen our systems,” says Seitz. He adds that he couldn’t comment [Something else they don't know? Bob] about the state of the bank’s compliance with the Payment Card Industry data-security standard, or PCI.
Source - Digital Transactions
[From the article:
They did, however, get Track 2 data contained on magnetic stripes, including account numbers, according to Seitz, as well as PINs in at least some cases.
Networking for fun and profit. Not every “contact” is your friend...
http://techdirt.com/articles/20080602/0003451286.shtml
Nigerian 419 Advance Fee Scammers Move To... LinkedIn?
from the suckers,-suckers-everywhere dept
It still seems difficult to believe that anyone falls for those "Nigerian" advance fee 419 scams, but time and time again we read about smart people who should know better who fall for them. And reports come in about just how much money these scams make. And, the really amazing thing, is that many of the victims are so convinced by the scam that even after it's all revealed, and they've lost all their money, they still believe the scammer's story. However, times are getting harder to convince people about these scams over unsolicited email, so apparently they're starting to move onto social networks, including business social networks like LinkedIn. Perhaps I just use LinkedIn in a very different manner than most people, but I find it hard to believe that if some random unknown person suddenly "connected" to you on LinkedIn and offered you a cut of a multi-million dollar stash, you wouldn't be suspicious.
Sort of a “What's hot and what's not” for lawyers?
http://www.bespacific.com/mt/archives/018501.html
June 03, 2008
New Resource Displays All U.S. Statutes Cited by Federal Prosecutors as Primary Charge in Prosecutions and Convictions
"TRAC [Transactional Records Access Clearinghouse, Syracuse University] has just added a unique new feature for displaying all the U.S. statutes cited by federal prosecutors as the primary charge in their prosecutions and convictions. For every law, there are case counts and the full text of the relevant statute, according to Congress. In addition, for those laws with a sufficient number of matters, there are links to exclusive TRAC reports on the prosecutions and convictions under the selected statute, as well as a link to a U.S. map showing the geographic distribution of convictions across the country. For free direct access to this new service, go to http://trac.syr.edu/laws/"
When fans become stalkers...
http://www.pogowasright.org/article.php?story=20080603110617963
Paris Hilton & Lindsay Lohan Private MySpace Photos Exposed Through Yahoo Hack
Tuesday, June 03 2008 @ 11:06 AM EDT Contributed by: PrivacyNews News Section: Breaches
Everyone has a MySpace profile, and that includes celebrities, but due to privacy settings not everyone's profile is viewable to the general public. That, however, is apparently not the case as Canadian computer technician Byron Ng has discovered a security hole in Yahoo's integration with MySpace that makes it easy to view the photos for any profile.
To prove this was able to be done, Ng snagged some photos from both Lindsay Lohan and Paris Hilton's MySpace profiles.
Source - Cleveland Leader
[From the article:
Check out the full batch of photos snagged here at Valleywag.
And if you're looking to sneak a peek at your favorite celebrity's private photos, or your secret crush or enemies, Ng has posted instructions on how to take advantage of the security hole. But act fast because MySpace and Yahoo are sure to patch it up soon.
Related How “public” a figure must you be to be “fair game” for parody?
http://www.law.com/jsp/article.jsp?id=1202421864062
Fake Online Profiles Trigger Suits
Tresa Baldas The National Law Journal June 2, 2008
Phony profiles on social networking sites like MySpace and Facebook are triggering lawsuits by school officials and public figures who claim that their reputations are being damaged online.
Specifically, plaintiffs are suing individuals who are creating fake profiles of them, replete with derogatory comments, obscenities, unflattering photographs and, in some cases, sexually offensive information.
Related? Being the best (or at least well known) brings this kind of attention.
http://blog.wired.com/27bstroke6/2008/06/hacker-hijacks.html
Hacker Hijacks Website of Hacking Tool Maker
By Ryan Singel June 02, 2008 6:24:53 PM
Being one of the baddest security researchers on the net can't be an easy job.
Take H D Moore, the creator of Metasploit Framework -- a widely-used open-source tool which hackers and developers alike use to find vulnerabilities in remote servers.
Good to see that someone understands that the IT world is changing.
http://www.eweek.com/c/a/Careers/IT-Certifications-Declining-in-Value/
IT Certifications Declining in Value
By Deb Perelman 2008-06-03
... David Foote, whose management consultancy Foote Partners has been tracking the value of IT certifications for years, argues that a shift away from certifications has to do with a shift away from purely technical roles in the IT department.
"Certifications were created by vendors to sell products. Once people were trained, these companies ended up with all of these specialists out there that didn’t work for them but advocated for them," said Foote.
Do you suppose this is related to the new iPhone (Getting ready for all those new features?)
http://www.tuaw.com/2008/06/02/mac-mail-down-speculations-abound/
.Mac mail down, speculations abound
Posted Jun 2nd 2008 9:00PM by Cory Bohon
Filed under: Internet, Internet Tools, .Mac
If you're a .Mac mail user, then you probably know that .Mac's mail system has been down for almost 6 hours. According to the .Mac system status, 100% of users are experiencing the problems.
No comments:
Post a Comment