Friday, July 18, 2008

This is a new justification as far as I know....

http://techdirt.com/articles/20080716/0225551698.shtml

Disgruntled Tech In Liechtenstein Steals Banking Info On Tax Cheats; Turns It In For Rewards

from the good-or-bad? dept

Forget the disgruntled tech holding the city of San Francisco hostage. An even more interesting story of a disgruntled tech is coming out of the tiny European country of Lichtenstein. Apparently (who knew?) Lichtenstein is a favorite destination for money of rich folks looking to avoid taxes. It's banking system is apparently quite secretive... except, of course, in the hands of a disgruntled computer tech. It appears that just such a tech, named Heinrich Kieber walked off with tons of data from Liechtenstein LGT Group, a bank owned by Lichtenstein's ruling family. He then sold that data to a variety of countries to help those countries find and arrest tax cheats. This turned out to be quite lucrative for Kieber. For example, the US offers such "whistle blowers" 30% of whatever tax money they recover. Germany apparently paid him somewhere between $6 million and $7.3 million for the info. The guy's lawyer insists he's a whistleblower -- while those exposed have a different word (or words) they think of when discussing Kieber.



Ignorance of the law is... useful? ...cheaper than compliance? ...worth the risk? ...a way to attract corporate clients?

http://breachblog.com/2008/07/17/weber.aspx

Houston law firm threw confidential client information in the trash

Posted by Evan Francen at 7/17/2008 2:53 PM and is filed under Weber Law Firm,Insecure Discard

... "HOUSTON -- Harris County Sheriff's deputies uncovered hundreds of people's personal financial files that had been discarded in a dumpster in northwest Houston on Monday."

... When the sheriff's office first arrived, the responding deputies had no idea what to do with the records.

So, they called the law office from where the records had come from. 11 News called the law offices of William Weber as well.

[Evan] Mr. Weber's bio is pretty extensive.

Weber, who eventually arrived to pick up the discarded records, told both 11 News and the sheriff's office that it was "no big deal"

[Evan] Obviously, this answer probably doesn't go over very well. In hindsight, I am guessing that Mr. Weber wishes he could take these words back.

Still, at the insistence of the sheriff's office, Weber did arrive to pick the boxes up.

Weber had a different answer for 11 News when he showed up to retrieve the 32 boxes.

"It's a mistake," he said. "We regret it. We regret it. They weren't intended to be put here. I didn't put them here. It was a misunderstanding between me and my wife."

[Evan] Ugh. Blaming the wife would not be a good idea in my house, even if it were her fault.


Related

http://www.pogowasright.org/article.php?story=20080718063916115

TX: AG looking into Houston file-dumping case (follow-up)

Friday, July 18 2008 @ 06:39 AM EDT Contributed by: PrivacyNews

Bankruptcy case files dumped in a Houston trash bin have gotten the attention of the Texas Attorney. After 11 News broke the story about the 32 boxes of personal – and sensitive -- information discarded in a dumpster, the AG says there is a potential that “hundreds or thousands of violations” occurred.

Source - KHOU

[From the article:

“If there were boxes of documents that potentially contained hundreds or thousands of names, that could potentially be hundreds or thousands of violations,” Abbott said.

Violations of the Texas ID Theft Act. It is a civil law that requires business to destroy or make unreadable anything containing clients' personal information. It carries up to a 50,000 fine per violation for those found to have violated the law.

“It is a very expensive proposition not to comply,” said Abbott. “It is in every business' best interest for their bottom line to comply with the law.”

... Weber confirmed that he has been contacted by the AG's office and said he will cooperate with any investigation. He also said he destroyed all of the documents that were found in the trash. [Notification is going to be difficult. Bob]



“We don't bother to look so we get defensive when someone points to a problem.”

http://www.pogowasright.org/article.php?story=20080717130950102

UT students' personal info found online (follow-up)

Thursday, July 17 2008 @ 01:09 PM EDT Contributed by: PrivacyNews

A Washington D.C. Web site that documents illegal online disclosures of personal information has accused UT of posting the private data of 2,500 UT students.

... "We ended up notifying a very small subset of those that Mr. Titus claims were exposed," Roberts said. "What he claims is personal information is not what the law requires to trigger a notification."

In a Jan. 30 e-mail correspondence with Titus, Cam Beasley, chief information security officer said, "You were likely the only individual to view the files containing particularly sensitive data in some time, and we have no evidence to indicate any malicious use has occurred." [That is not a requirement for disclosure... Bob]

... "As I recall, he was incorrect about the number," said Jeffery Graves, associate vice president for Legal Affairs. "He lumped together those who had just normal information like directory information and a very few who had sensitive information and he lumped them together in one number. Very few had information disclosed that was confidential or sensitive information."

Source - Daily Texan Online



Not a wholesale release. Would you count this as 23,000 individual breaches?

http://www.pogowasright.org/article.php?story=20080718060517798

UMD Released Students' Social Security Numbers

Friday, July 18 2008 @ 06:05 AM EDT Contributed by: PrivacyNews

University of Maryland said Thursday they accidentally released the addresses and social security numbers of thousands of students.

The University of Maryland's Department of Transportation Services sent all students, a total of more than 23,000, registered for classes a brochure with on-campus parking information. It was sent by U.S. Mail. The University discovered the labels on the mailing had the students' social security numbers on it as well. [Question: Why put either the SSAN or the University ID on the label? It serves no purpose. Bob]

Source - WJLA



When it came time to plan for Backups, my students didn't even consider physical media. Interesting how organizations can fail to review old, established procedures until they bite them.

http://www.pogowasright.org/article.php?story=20080717155556191

Bristol-Myers: Tape With Workers' Personal Data Was Stolen

Thursday, July 17 2008 @ 03:55 PM EDT Contributed by: PrivacyNews

Bristol-Myers Squibb Co. (BMY) said a backup computer-data tape containing employees' personal information, including Social Security numbers, was stolen recently.

The New York drug maker learned of the theft on June 4, and began notifying current and former employees by letter in the past few days, spokeswoman Tracy Furey told Dow Jones Newswires Thursday afternoon.

... The information on the tapes included names, addresses, dates of birth, Social Security numbers and marital status, and in some cases bank-account information, the company said. Data for some employees' family members also were on the tape.

Source - CNN Money

[From the article:

The Bristol-Myers backup data tape was stolen while being transported from a storage facility, Furey said.



“We only use proven security technology – like this cupboard where we store the Earl Grey tea.”

http://www.phiprivacy.net/?p=543

Jul-18-2008

UK: Patient data of 45,000 ‘is stolen from cupboard’

SOUTHWARK PRIMARY Care Trust lost sensitive and confidential information on 45,000 of the country’s most vulnerable patients, after a portable hard drive was reportedly stolen from a specialist disability rehabilitation centre.

The hard drive - containing the name, address, telephone number and a description of the level of disability of 45,000 patients at Crystal Palace’s Bowley Close, went missing from a locked cupboard.

The cupboard was described as ‘not normally accessible to the public’, and the disk went missing sometime between January 25-28.

Full story - Southwark News

[From the article:

Having begun the process of sending out recorded delivery letters to the estimated 45,000 victims across the country - 14,300 from Southwark - the PCT claim that the information may not have got into the wrong hands. [Oxymoron alert! (Or are they saying it could be in the right hands, but the owner of those hands is too stupid to realize it?) Bob]



Hey, it's an Identity Theft story. I can't help it if it's also amusing...

http://www.pogowasright.org/article.php?story=20080718063615551

Duped by Dupre: N.J. woman charges Spitzer call girl with identity theft

Friday, July 18 2008 @ 06:36 AM EDT Contributed by: PrivacyNews

A shy dental assistant claims her good name is ruined because Eliot Spitzer's high-priced hooker stole her identity to appear in a "GirlsGone Wild" video.

Amber Arpaio filed a federal complaintcharging Ashley Dupre used Arpaio's lost New Jersey driver's license in the notorious 2003 video to hide the fact that she was a minor.

Source - NY Daily News



Real risk or good marketing?

http://www.pogowasright.org/article.php?story=20080718071331172

HR directors targeted as computer hackers seek staff data

Friday, July 18 2008 @ 07:13 AM EDT Contributed by: PrivacyNews

A security analyst has warned HR directors they are "under threat" from computer hackers hunting for employee data, after unearthing a huge operation.

Anti-virus software giant McAfee discovered a scam targeting users of global recruitment website Monster.com, less than a year after 1.3 million users' data was stolen from the site.

Source - PersonnelToday.com

[From the article:

In the most recent attack, e-mails asking Monster users to click through and update their profile were in fact sending information to a computer in Turkey.

... "We're seeing scammers particularly targeting HR directors because they have the highest security clearance and access to vast amounts of information," Day told Personnel Today. [Not in any organization I know of... Bob]



I laughed at this the other day and my students laughed when I showed them the article. Either something is being withheld from the article or this is seriously mis-reported.

http://www.pogowasright.org/article.php?story=20080718065055657

Experts Say Lax Security Allowed San Francisco Network Hijacking, Admin Offers Passwords

Friday, July 18 2008 @ 06:50 AM EDT Contributed by: PrivacyNews

San Francisco's "rogue" computer admin accused of commandeering the city's exclusive network passwords has offered to hand them over, his attorney said Thursday.

The jailed defendant, Terry Childs, 43, pleaded not guilty Thursday to four felony counts of denying access to the city's network and of producing an unauthorized access device to control the government's network remotely.

Childs is being held on $5 million bail, as the authorities fear he could unleash a wave of attacks on the FiberWAN system Childs built. It controls the city's e-mails, payroll, law enforcement records and other data.

Source - Threat Level blog

[From the article:

"We're regaining control of the access that Mr. Childs has denied us access to," he said in a telephone interview. "We're not sure what we were locked out of."

... "If they had adequate backup, they could effectively restore it with new passwords in days or so," Hom said in a telephone interview. "Unless the backups don't exist. The executive management should be held accountable for that."



Think of it as academic research for the times we will need to replace Real-ID cards as terrorists (translation: non-government employed teenagers) crack the codes...

http://www.pogowasright.org/article.php?story=20080717095351148

After Security Breach, Harvard Unveils New IDs

Thursday, July 17 2008 @ 09:53 AM EDT Contributed by: PrivacyNews

The Faculty of Arts and Sciences (FAS) announced last week that students, faculty, and staff will receive new identification cards that use contactless Smartcard technology when they return to campus this fall.

The upgrade comes less than a year [this will have to improve, hackers will crack the codes while people are still lined up to get the new cards! Bob] after Theodore R. Pak '09 was caught creating duplicates of the Harvard University ID (HUID) cards belonging to University President Drew G. Faust, Assistant Dean of the College Paul J. McLoughlin II, and Dunster House Superintendent H. Joseph O'Connor.

Pak's hack revealed a significant security flaw in the more than 15-year-old swipe card system, as he was able to gain access to buildings and gates across campus with only knowledge of HUID numbers and a $200 card reader bought from eBay.

Source - The Harvard Crimson

[From the article:

Lichten said that the encryption makes the system more difficult to hack, but he said he is "not sure" if it is more secure than the swipe-access cards that Harvard has used for in the past. [Interesting that Harvard would implement an unproven system Bob]

... The security scare caused by Pak's forgery highlighted a significant vulnerability to student and faculty members' Crimson Cash accounts, which are directly linked to HUID numbers and are considered financial account numbers by the Commonwealth of Massachusetts.

In 2007, the Massachusetts state legislature passed a law that required all financial account numbers to be protected and mandated that notice should be issued whenever an incident compromises the security of that data.



“Hey, we spent a lot of time & treasure to make this possible. It would cost lots more to make it un-possible, so we'll just promise not to do it...”

http://tech.slashdot.org/article.pl?sid=08/07/17/1833212&from=rss

Logged In or Out, Facebook Is Watching You

Posted by timothy on Thursday July 17, @02:50PM from the damn-addictive-scrabulous-and-cute-iris-chang dept. Social Networks Privacy

kaos07 links to this ZDNet story, according to which

"Researchers at software vendor CA have discovered that social networking site Facebook is able to track the buying habits of its users on affiliated third-party sites even when they are logged out of their account or have opted out of its controversial 'Beacon' tracking service. Responding to privacy concerns, Facebook has since moved to reassure users that it only tracks and publishes data about their purchases if they are both logged in to Facebook and have opted-in to having this information listed on their profile. But in 'extremely disconcerting' findings that directly contradict these assurances, researchers at CA's Security Advisory service have found that data about these transactions are sent to Facebook regardless of a user's actions."



“Und next, ve vill identify za homozexuals und the mental defectivz und der liberal politicians und...”

http://www.pogowasright.org/article.php?story=20080717102852714

AU: Public servants may have to divulge religion and ethnicity

Thursday, July 17 2008 @ 10:28 AM EDT Contributed by: PrivacyNews

VICTORIAN public servants may have to divulge personal information about their religion and ethnicity under a move to crack down on workplace discrimination.

Source - Herald Sun

[From the article:

"In Victoria, the research found that those with Vietnamese and Greek-sounding names [“Sorry, Mr. Socrates, we only hire smart people.” Bob] had significantly less success in gaining job interviews than those with Anglo-Saxon names, despite the details in the applications being identical," it says.



Ooh! Instant research!

http://www.pogowasright.org/article.php?story=20080717103007266

SS8 Publishes Follow-up Guide on Lawful Intercept Legislation

Thursday, July 17 2008 @ 10:30 AM EDT Contributed by: PrivacyNews

.... The Ready Guide to Intercept Legislation 2 (available for download at http://www.ss8.com/ready-guide.php) details 84 pages of intercept legislation from 31 different countries, with specific attention paid to personal privacy issues, responsibilities of carriers, accountability to national law making bodies and cost recovery mechanisms. The result of extensive research into LI legislation around the world, this pocket-sized booklet details the historical context for current worldwide LI statutes, and is designed to serve as a valuable reference for anybody connected with the surveillance industry.

Source - TMCnet,com (press release) Free registration required to obtain copy of guide.



Companies agree to obey the law! (Why is this news?)

http://www.pogowasright.org/article.php?story=20080718061732134

AGs welcome massive agreement with ISPs

Friday, July 18 2008 @ 06:17 AM EDT Contributed by: PrivacyNews

What started with New York Attorney General Andrew Cuomo has spread across the rest of the country.

The National Association of Attorneys General announced an agreement with the National Cable & Telecommunications Association that is designed to limit the distribution of child pornography on the Internet.

Source - LegalNewsline



So everyone will want one? Naaaah! You have to be obeying the speed limits for it to be useful. I want the “create evidence as required” version

http://tech.slashdot.org/article.pl?sid=08/07/18/0318228&from=rss

GPS Tracking Device Beats Radar Gun in Court

Posted by timothy on Friday July 18, @12:51AM from the double-edged-sword-at-least dept. The Courts Transportation Technology

MojoKid writes

"According to a release issued by Rocky Mountain Tracking, an 18-year old man, Shaun Malone, was able to successfully contest a speeding ticket in court using the data from a GPS device installed in his car. This wasn't just any old make-a-left-turn-100-feet-ahead-onto-Maple-Street GPS; this was a vehicle-tracking GPS device — the kind used by trucking fleets — or in this case, overprotective parents. The device was installed in Malone's car by his parents, and the press release makes no mention if the teenager knew that the device was installed in his vehicle at the time."

[From the article:

GPS expert, Dr. Stephen Heppe wrote a report that essentially said that the GPS data was not accurate enough to contest the accuracy of the radar gun. Malone appealed the decision and had his day in court. At trial, things played out differently:

"However, when he took the stand to begin his testimony, Dr. Heppe corrected that written report, saying that the Rocky Mountain Tracking device was "very" accurate, to within a couple of meters on location and to within 1 mph on speed. Dr. Heppe also pointed out that the GPS device released instantaneous data, and not data averaged over a distance."

[Makes you wonder about his “expertise” Bob]



Tools & Techniques How dare they not have WiFi everywhere!

http://mobile.slashdot.org/article.pl?sid=08/07/17/1625254&from=rss

A DIYer's Quick Guide To Cheap Wireless Extension

Posted by timothy on Thursday July 17, @01:17PM from the use-genuine-zip-loc-bags dept. Communications Hardware Hacking Wireless Networking

An anonymous reader writes

"This piece is described in one of the comments on it as 'a little piece of genius'... and I have to agree! Although Peter Cochrane seems a bit of a crack pot, the ways that he comes up with to get connected when he's out of range in the sticks are pure genius and he makes them appear really simple! Think old satellite dishes, USB dongles and plastic bags and you'd be on the right tracks to upping wi-fi signal by 4 bars."

A perfect excuse to link to one of my favorite sites, if you want more details and photos on similar jury-rigged long-distance connections. However, your meterage may vary — I've found USB Wi-Fi devices to be pretty fickle under Linux, with some distros working way better than others.



My students are tasked with installing and securing an application “in the cloud” -- they would certainly agree that there is no good definition...

http://tech.slashdot.org/article.pl?sid=08/07/17/2117221&from=rss

Multiple Experts Try Defining "Cloud Computing"

Posted by timothy on Thursday July 17, @06:23PM from the chance-of-haze-leading-to-fuzziness dept. The Internet

jg21 writes

"Even though IBM's Irving Wladawsky Berger reports a leading analyst as having said recently that 'There is a clear consensus that there is no real consensus on what cloud computing is,' here are no fewer than twenty attempts at a definition of the infrastructural paradigm shift that is sweeping across the Enterprise IT world — some of them really quite good. From the article: 'Cloud computing is...the user-friendly version of grid computing.' (Trevor Doerksen) and 'Cloud computing really is accessing resources and services needed to perform functions with dynamically changing needs. An application or service developer requests access from the cloud rather than a specific endpoint or named resource.' (Kevin Hartig)"


Related

http://tech.slashdot.org/article.pl?sid=08/07/17/2255226&from=rss

GDocs vs. ThinkFree vs. Zoho vs. MS Office

Posted by timothy on Thursday July 17, @08:39PM from the probably-the-one-steel-cage-is-enough dept. Software Google Microsoft

CWmike writes

"Web-based productivity suites, once almost a contradiction in terms, have become real challengers to desktop applications. Google Docs, ThinkFree, and Zoho, have all made major improvements in recent months. They're becoming both broader, with more applications, and deeper, with more features and functionality in existing apps. The question is: Are these three applications really ready to take on a desktop-based heavy hitter like Microsoft Office?"

[From the article:

Microsoft Office (primarily its Word, Excel and PowerPoint applications) has long been famous for including every possible feature, no matter how obscure -- and for imposing a hefty load of code on your hard drive to provide all those features, not to mention the heavyweight user interface it takes to support them. [and most users probably use no more than 10% of the available features 99% of the time. Bob]



For my website class

http://www.killerstartups.com/Video-Music-Photo/snagfilms-com-watch-and-share-free-documentaries

SnagFilms.com - Watch and Share Free Documentaries

SnagFlims makes it possible to find, watch, and share the best film documentaries out there. Users can log on and browse various categories of documentaries, such as environment, health, and politics. Listed films range from large titles, like National Geographic programs, to small lesser-known independent features. Because the goal is to spread the word about these films, all documentaries can be watched on the SnagFilms for free. Moreover, users can embed a widget that allows the films to be watched for free from their own sites. Before viewing the film, users may read a quick synopsis, as well as any corresponding comments that other users have made. When available, users may order a DVD of the film right from the SnagFilms site.

http://snagfilms.com/

No comments: