There is no reason why a programmer should have live data.
http://www.pogowasright.org/article.php?story=20080724145317822
FL: Loss Of HCC Worker's Laptop Spurs ID Theft Warning
Thursday, July 24 2008 @ 02:53 PM EDT Contributed by: PrivacyNews
Hillsborough Community College warned its roughly 2,000 employees on Wednesday to monitor their bank accounts because an HCC programmer's laptop was stolen from a hotel parking lot in Georgia.
The college also is looking into acquiring technology that will allow workers to remotely locate laptops and to encrypt computers or disks.
Source - Tampa Tribune
[From the article:
There was no intentional negligence on this programmer's part that requires discipline, Carl said. [Agreed, but let's fire the manager who gave her the data Bob]
PR apologists take note!
http://www.pogowasright.org/article.php?story=20080724150355672
WI: MPTC warns of data breach
Thursday, July 24 2008 @ 03:03 PM EDT Contributed by: PrivacyNews
Moraine Park Technical College, with campuses in Beaver Dam, Fond du Lac and West Bend, sent a letter to its bookstore customers on Tuesday notifying them of an incident that occurred when the equipment hosting the system provided by the bookstore software provider experienced a security breach. [Interesting phrasing. Probably their equipment, (no indication otherwise) but by adding the reference to the software provider they shift some of the blame. Bob]
According to Moraine Park President Gayle Hytrek, the information affects only those customers who purchased books and supplies between 2002 and July 2006.
Source - WiscNews
The “give as few details as possible” approach. Bloggers will speculate that EVERYONE (all native Alaskans plus employees and their families) was compromised. All of these people will call Sealaska and demand to know if they are included in the breach. Details will eventually come out. Is this a viable strategy?
http://www.pogowasright.org/article.php?story=200807241517239
AK: Sealaska arranges for credit protection after data stolen
Thursday, July 24 2008 @ 03:17 PM EDT Contributed by: PrivacyNews
Sealaska Corp. arranged credit protection service for its shareholders after company data was stolen from one of its employees.
Sealaska declined to provide details about the theft. Sealaska spokesman Todd Antioquia said he couldn't describe where, when or how the theft occurred, but he said it wasn't at Sealaska headquarters in Juneau.
Source - newsminer.com
Related More details come out in response to victims outrage?
http://www.phiprivacy.net/?p=564
Jul-25-2008
Scope of Saint Mary’s database questioned (follow-up)
Jason Hildago reports:
The fallout continued Thursday from the announcement by Saint Mary’s Regional Medical Center of a potential database intrusion that might have exposed the personal information of thousands of clients and patients.
Several recipients of the letters expressed concern about the nature of the database, including its size, about 128,000 records, and how their information was collected. Saint Mary’s officials said they were trying to determine if everyone affected was informed and the records were compiled properly.
[...]
Saint Mary’s officials said the database is “absolutely separate” from hospital medical records and that Palka was not added to the database as a result of an emergency room visit. Information for people, such as Palka and Pyne, likely was added through community screenings or workplace flu shots, said Gary Aldax, marketing manager for Saint Mary’s.
“They may have never even set foot in any of our facilities,” Aldax said. “Many companies contract with us to do health fairs and flu shots. Say, you were at Scolari’s during flu season to get a shot, you usually fill out a form and that gets added to the database.”
Full story - RGJ.com
Gee Willikers! We deal with crime all day, every day – but it never occurred to us that we might be victims!
http://www.pogowasright.org/article.php?story=20080725060411130
UK: Ministry of Justice loses 45,000 records
Friday, July 25 2008 @ 06:04 AM EDT Contributed by: PrivacyNews
The details of 45,000 people, including criminal records and banking and court information have been lost or compromised in the past year by the Ministry of Justice (MoJ).
The MoJ has lost laptops, portable storage devices and papers containing information on recruits, offenders, court appellants and suppliers, the department's annual resource accounts have revealed.
The MoJ didn't notify more than 30,000 of the 45,016 affected by the data breaches, first when MoJ supplier records were compromised in June 2007 and then when the names, addresses, birth dates and alleged offences relating to 3,648 people were lost in November 2007.
Source - Silicon.com
Follow-up
http://www.pogowasright.org/article.php?story=20080725055311420
Personal info for 20,000 found (update)
Friday, July 25 2008 @ 05:53 AM EDT Contributed by: PrivacyNews
Officials say a back up computer tape that could contain personal information for more than 20,000 people in the Chicago suburb of Tinley Park has been found.
Village manager Scott Niehaus said Thursday the tape that was lost in June was not tampered with. [Tapes do not record access. There is no way to know if it was read. Bob]
Source - Chicago Tribune
[From the article:
Officials say it's not clear how the backup tape, which could contain driver's license numbers, Social Security numbers and bank account information, was lost.
Niehaus says a Tinley Park resident found the tape in a parkway [Sounds like the tape was set on the roof of a car while the employee unlocked the door and then stayed there as he drove off. Bob] and threw it in the garbage, but then returned it to the village hall after hearing media reports and getting a letter. [This must be one of those trash cans that never get emptied? Bob]
I'm seeing more articles like this one, that point out that bad 9or no) security isn't sufficient.
http://www.pogowasright.org/article.php?story=2008072507111076
Ca: School board broke privacy law in computer theft case: report (follow-up)
Friday, July 25 2008 @ 07:11 AM EDT Contributed by: PrivacyNews
The largest school board in Newfoundland and Labrador breached privacy legislation, according to a ruling made in the wake of computer thefts from the board's offices this winter.
Four laptops were stolen from the St. John's headquarters of the Eastern School District in February.
... In a report released Thursday, the information and privacy commissioner said the school board did not do enough to protect the information of its students.
Source - cbc.ca
[From the article:
The board breached the provincial Access to Information and Protection of Privacy Act, Ed Ring said, "by not having reasonable safeguards in place to protect personal information which then resulted in unauthorized disclosure of personal information."
Among other things, Ring found that security provisions on the laptop computers amounted only to passwords. [so, passwords are NOT reasonable safeguards. Told-ya-so! Bob]
Local, no comment
http://www.pogowasright.org/article.php?story=20080725055138236
Fugitive spammer dead in apparent murder-suicide
Friday, July 25 2008 @ 05:51 AM EDT Contributed by: PrivacyNews
Convicted penny-stock spammer Eddie Davidson has died of a self-inflicted gunshot wound, apparently after killing his wife and three-year-old daughter in his hometown of Bennet, Colorado, the Department of Justice said Thursday.
Davidson had been a fugitive from the law since walking away from a federal minimum-security prison camp in Florence, Colorado on Sunday.
Source - Computerworld
Lots of juicy details...
http://www.pogowasright.org/article.php?story=20080724154558476
Researchers could face legal risks for network snooping
Thursday, July 24 2008 @ 03:45 PM EDT Contributed by: PrivacyNews
A group of researchers from the University of Colorado and University of Washington could face both civil and criminal penalties for a research project in which they snooped on users of the Tor anonymous proxy network. Should federal prosecutors take interest in the project, the researchers could also face up to 5 years in jail for violating the Wiretap Act.
Source - Surveill@nce St@te
[From the article:
The team of two graduate students and three professors neither sought legal review of the project, nor ran it past the Human Subjects Committee at their university, putting them in a particularly dangerous position.
The academic paper, "Shining Light in Dark Places: Understanding the Tor Network" (pdf) was presented at the Privacy Enhancing Technologies Symposium yesterday, in Leuven, Belgium.
... In order to study Tor, the researchers setup their own 'exit node' server on the University of Colorado's high-speed network. For 4 days in December 2007, they logged and stored the first 150 bytes of each network packet that crossed their network, thus revealing what kind of traffic was crossing the network, and the remote websites that Tor users were visiting. While the authors do not state how many sessions they snooped on, they do state that their server carried over 700GB of data.
In a second part of the study, the researchers ran an 'entry node' to the network for 15 days, which allowed them to determine the source IP address of a large number of Tor users. They used this to learn which countries use Tor more heavily than others. Note that in this second part of the study, the researchers did not have access to the destination site information, nor were they able to observe the kinds of traffic going through their server.
The researchers found that HTTP (web traffic) was responsible for 58% of their servers' bandwidth. They also found that the BitTorrent file-sharing protocol, while accounting for only 3% of the number of connections, was responsible for over 40% of the overall bandwidth. They also observed that German users were responsible for over 30% of the requests through their server. [Huh! I wonder why? Bob]
... Bauer said that the researchers "spoke informally with one lawyer, who told us that that area of the law is ill defined" based on this, the researchers felt that it was "unnecessary to follow up with other lawyers."
The lawyer they spoke to was Professor Paul Ohm, who teaches at the University of Colorado Law School. Ohm has previously collaborated with two of the researchers on an earlier publication, which discussed the legal risks faced by academics engaged network monitoring research.
... During his presentation, Bauer revealed that the researchers did not seek the approval of their university's Institutional Review Board -- a body that reviews research projects that involve human subjects. He said that, "we were advised that it wasn't necessary," adding that the IRB review process is used "used more in medical and psychology research at our university," and was not generally consulted in computer science projects
[Paper on Institutional Review: http://www.usenix.org/event/upsec08/tech/full_papers/garfinkel/garfinkel_html/
Well, that didn't take long!
http://news.cnet.com/8301-13739_3-9999425-46.html
July 25, 2008 5:01 AM PDT
University clears Tor snooping researchers of misconduct
Posted by Chris Soghoian Post a comment
An internal review by University of Colorado officials has found that a controversial research project conducted by a team of computer scientists did not constitute research misconduct. University lawyers have also stated their belief that the team probably did not violate US wiretapping laws.
What is the sentencing formula? TJX paid a couple of bucks per victim.
http://www.pogowasright.org/article.php?story=20080725061022834
OR: Medford woman receives 7½ years for identity theft
Friday, July 25 2008 @ 06:10 AM EDT Contributed by: PrivacyNews
A 36-year-old Medford woman was sentenced to seven and a half years in prison Wednesday for a series of identity thefts that damaged the credit of 33 people, police said.
Christina Lynn Harrison pleaded guilty in Jackson County Circuit Court to seven counts of identity theft, tampering with evidence, first-degree aggravated theft and unlawful use of a computer, [I'll have to look that one up. Bob] court records show.
... Harrison utilized methods such as stealing from cars and mailboxes to obtain her victims' sensitive information such as their Social Security and bank account numbers.
Source - Mail Tribune
[From the article:
Harrison, who is no stranger to prison after having served time in 2005 for identity theft, [i-Theft has a high recidivism rate. Bob] was described by Medford Detective Katie Ivens as a "one-person crime spree."
Harrison's stiff sentence was a pleasant surprise for Ivens, [Perhaps it was his birthday? Bob] who specializes in financial crimes.
... Harrison's conviction just happened to fall on the day before the Southern Oregon Financial Fraud and Security Team celebrated its 10-year anniversary.
This is a follow-up to an earlier post.
http://www.pogowasright.org/article.php?story=20080724143853727
Recent Cert. Petition on Aggravated Identity Theft
Thursday, July 24 2008 @ 02:38 PM EDT Contributed by: PrivacyNews
On Tuesday, we filed this cert. petition in Flores-Figueroa v. United States. The petition asks the Court to resolve a 3-3 circuit split over the mens rea requirement of the federal “aggravated identity theft” statute, 18 U.S.C. § 1028A(a)(1). That statute provides a mandatory 2 year sentence upon anyone who, during and in relation to certain enumberated [Help me out readers, is this a simple typo or a legal term that I'm unfamiliar with? Bob] felonies, “knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person.” The question is whether the “knowingly” requirement extends through the entire clause, requiring the Government to show that the defendant knew that the identification he used belonged to another person. [Is the term “another person” defined such that “not the defendant” is specifically excluded? That seems (to this non-lawyer) to be the issue. Bob] The question arises frequently in immigration cases, when defendants acquire or make up false social security numbers having no idea whether the fabricated number belongs to another person or is simply invalid.
Source - SCOTUSBlog
[I find it amusing that they are aslo starting a Wiki: http://www.scotuswiki.com/index.php?title=Main_Page Bob]
Useful?
http://www.emergentchaos.com/archives/2008/07/new_fisa_analysis.html
New FISA Analysis
(Posted by mordaxus)
Vox Libertas, a blogger at the Daily Kos has written an analysis of the new US FISA law in his article, "I think I understand the FISA bill. Do I?"
Post hack, ergo propter hack? ( don't often get to make a pun in my pidgen Latin)
http://hardware.slashdot.org/article.pl?sid=08/07/25/1239225&from=rss
Hacked Oyster Card System Crashes Again
Posted by kdawson on Friday July 25, @09:54AM from the no-pearls-in-sight dept.
Barence sends along PcPro coverage of the second crash of London's Oyster card billing system in two weeks. Transport for London was forced to open the gates and allow free travel for all. "There is currently a technical problem with Oyster readers at London Underground stations which is affecting Oyster pay as you go cards only," explains the TfL website. This follows the first crash two weeks ago, which left 65,000 Oyster cards permanently corrupted. Speculation is increasing that the crashes may be related to the hacking of the Oyster card system by Dutch researchers from Radboud University, though TfL denies any link. Plans to publish details of the hack were briefly halted when the makers of the chip used in the system sued the group, although a judge ruled earlier this week that the researchers could go ahead. During the court action, details briefly leaked on website Wikileaks.
Not just for students!
http://www.bespacific.com/mt/archives/018869.html
July 24, 2008
New on LLRX.com - Review of Zotero
A Review of Zotero, the free, Firefox extension to assist in collecting, managing and citing research sources - Stacy Bruss focuses on specific and practical examples of using this flexible application to organize and manage current collections of resources as well as citations to documents, web sites, and blogs. — Published July 24, 2008
This is easy to disprove, just look at the source code. Oh, wait! Skype is not open source.
http://www.pogowasright.org/article.php?story=2008072415480099
Speculation over back door in Skype
Thursday, July 24 2008 @ 03:48 PM EDT Contributed by: PrivacyNews
According to reports, there may be a back door built into Skype, which allows connections to be bugged. The company has declined to expressly deny the allegations. At a meeting with representatives of ISPs and the Austrian regulator on lawful interception of IP based services held on 25th June, high-ranking officials at the Austrian interior ministry revealed that it is not a problem for them to listen in on Skype conversations.
Source - Heise
The impact of this is in compatibility...
Forrester survey: Enterprises reject Vista like 'new Coke'
Fewer than one in 11 of the PCs being used in large or very large enterprises runs Windows Vista.
By Eric Lai, Computerworld July 24, 2008
Fewer than one in eleven of the PCs being used in large or very large enterprises runs Windows Vista , according to survey results released Wednesday by Forrester Research Inc.
No comments:
Post a Comment