Thursday, July 31, 2008

The ultimate Case Study? Loss of unencrypted tapes, third party involvement, outside the US, unknown number of companies involved – covers almost everything that could possibly be done wrong!

http://www.pogowasright.org/article.php?story=2008073008311954

Lost backup tape contains TANA employee data

Wednesday, July 30 2008 @ 08:31 AM EDT Contributed by: PrivacyNews

Tele Atlas North America ("TANA") reports that Willis North America, [a UK company? Bob] TANA's third party benefits administrator, "inadvertently misplaced backup tapes while in transit to a storage facility in India" on June 9, 2008. TANA was first notified by Willis of the loss on June 30th. The backup tapes contained computerized data including the names and social security numbers of TANA employees and their dependents who have insurance provided through TANA.

A letter signed by James O'Gorman. Vice President, Operations & Organizational Development for TANA, indicates that Willis will be providing TANA's employees with identify theft protection and monitoring services through lDFreeze from lrustedlD.

It is not known at this time how many other companies may also have employees' personal information on the missing backup tape.



If you wanted to steal “high value identities,” not just a random sample of individuals using a credit card, wouldn't it make sense to target bank customers? And where best to find bank customers?

http://www.pogowasright.org/article.php?story=20080730085319868

Thieves steal Vancouver client information from TD bank

Wednesday, July 30 2008 @ 08:53 AM EDT Contributed by: PrivacyNews

TD Canada Trust officials waited three weeks this summer before telling customers their personal information might have been stolen from a Vancouver branch.

Bank representative Kelly Hechler confirmed Tuesday a piece of computer equipment (thumb drive? Bob] stolen during a June 22 break-in at the 4597 West 10th Ave. branch contained confidential customer information.

... Hechler would not reveal how many customers were affected by the security breach, calling it a "relatively small number."

The letter to customers said the stolen equipment may have contained names, addresses, birthdates, social insurance numbers, account numbers, bill payment details, transactions and balances.

Source - Vancouver Sun



http://www.pogowasright.org/article.php?story=2008073106543476

Stolen LPL laptop contained customer info

Thursday, July 31 2008 @ 06:54 AM EDT Contributed by: PrivacyNews

LPL Financial, which has reported five breaches involving personal information, has revealed a 6th incident involving customer data.

By letter to the New Hampshire Attorney General's office dated July 24, LPL reports that on April 4, 2008 one or more unknown persons broke into and entered the Lansing, Michigan office of William and Nathanael Flynn and stole a laptop computer.

The laptop contained unencrypted names, Social Security numbers, account numbers, and date of birth of an unspecified number of customers and non customer beneficiaries.

No explanation was provided as to why customers were not notified until some time in July.


Related

http://breachblog.com/2008/07/30/lpl.aspx

A laptop is stolen from an LPL Financial office in Michigan



The long (never ending) series of negative headlines continues. Has no one ever read “The Prince?” (You know, at some point all of these ex-clients are going to start thinking the “data loss” was deliberate.)

http://www.pogowasright.org/article.php?story=20080730081943559

24 Hour Fitness employee data on stolen Colt Express Outsourcing Services, Inc. computers

Wednesday, July 30 2008 @ 08:19 AM EDT Contributed by: PrivacyNews

And then there were 12....

Through its lawyers, 24 Hour Fitness has notified the NH Attorney General's office that Colt Express Outsourcing Services, Inc. had provided employee benefit plan administrative services for approximately ten years until 2006, when the relationship was terminated. Yet the employee data were still on computers in Colt's offices, unencrypted, when the computers were stolen on May 26th. As with other entities affected by the burglary, current and former employees' first names, last names and Social Security numbers were on the stolen computers, as were the employees' dependents' names and Social Security numbers.

In response to the theft, 24 Hour Fitness arranged for Triple Alert services for employees for one year at no cost to employees. The company also ."demanded the return of any other sensitive information that may still be in Colt's possession to ensure that Colt can cause no additional harm to its current and former employees and their dependents." [Interesting, but probably impossible. Demand all you want, the data Colt holds is probably needed for a variety of legal reasons (not least of which will be defending against an ever-increasing number of lawsuits.) Bob]



Useful?

http://www.pogowasright.org/article.php?story=20080730182441741

State Breach Disclosure Laws - Update

Wednesday, July 30 2008 @ 06:24 PM EDT Contributed by:PrivacyNews

Five states (and D.C.) have put data breach disclosure laws in the books in recent months. Article includes links to full text of each law.

Source - CSO

[From the article:

Alaska: http://www.legis.state.ak.us/PDF/25/Bills/HB0065Z.PDF

Iowa: http://coolice.legis.state.ia.us/Cool-ICE/default.asp?category=billinfo&service=billbook&GA=82&hbill=SF2308

South Carolina: http://www.scstatehouse.net/sess117_2007-2008/bills/453.htm

Virginia: http://leg1.state.va.us/cgi-bin/legp504.exe?000+cod+18.2-186.6

Law does not apply to not apply to criminal intelligence maintained by law-enforcement agencies of the state and the organized Criminal Gang File of the Virginia Criminal Information Network (VCIN) ['cause criminals gots not rights? Anyone on those files who has NOT been convicted? Bob]

Washington D.C. http://www.dccouncil.washington.dc.us/images/00001/20061218135855.pdf

West Virginia http://www.legis.state.wv.us/Bill_Text_HTML/2008_SESSIONS/RS/BILLS/SB340%20SUB1.htm



Once you steal an Identity, what can you do with it?

http://www.pogowasright.org/article.php?story=20080731063635414

ID Analytics Study Reveals Employees' Criminal Misuse of Stolen Identities

Thursday, July 31 2008 @ 06:36 AM EDT Contributed by: PrivacyNews

... Key findings from the study include:

  • Fraudulent activity reflected a significant increase in attempts to acquire wireless phones. [First, I'll buy something they can easily trace! Bob] Of the 1,300 cases of attempted fraud, 69 percent targeted the wireless industry.

Today at 1:00 p.m. ET / 10:00 a.m. PT, ID Analytics product analyst Cooper Bachman will present the study findings in a free, one-hour webinar titled "What Happens After Employees Steal Data?" To register for the webinar, please visit http://idanalytics.com/webinars/evite7/ .

Source - Press Release Related - ID Analytics

To request a white paper providing more detail on the research, please visit http://www.idanalytics.com/whitepapers/.


Related. Another way to use all those identities... (Don't passports have unique numbers that can be flagged on the database?)

http://www.schneier.com/blog/archives/2008/07/3000_blank_brit.html

July 31, 2008

3,000 Blank British Passports Stolen

Looks like an inside job.



Are they saying that certain rights no longer exist or have been negated by technology?

http://www.pogowasright.org/article.php?story=20080731061203650

Google says complete privacy 'does not exist'

Thursday, July 31 2008 @ 06:12 AM EDT Contributed by: PrivacyNews

Google has argued in a court submission that there can be no expectation of privacy in the modern world.

The search giant is being sued by a Pennsylvania couple after their home appeared on Google Street View. The couple's house is on a road clearly marked as private property.

Source - vnunet.com

Thanks to Brian Honan for this link.


Related: Maybe they are right.

http://www.pogowasright.org/article.php?story=20080731072159403

UK: Google Street View gets go ahead

Thursday, July 31 2008 @ 07:21 AM EDT Contributed by: PrivacyNews

Google's controversial Street View photo-mapping tool has been given the all clear by the UK's privacy watchdog.

Source - BBC Related - Guardian: Watchdog clears Google's street cameras


Related Why not allow these future winners of a Darwin Award to remove themselves from the gene pool?

http://techdirt.com/articles/20080730/1816441840.shtml

ER Doctors Warn About Walking While Texting; When Will We Start Seeing Laws?

from the they're-coming dept

Anyone want to take a guess on when we'll see the first laws proposed to ban the practice of walking-while-texting? We've already seen a few proposals that would ban walking and talking in a crosswalk. And, to add some fuel to the fire, some ER doctors are warning people who walk and text at the same time that it's risky behavior. The doctors say they're seeing a rise in reports of people walking and texting at the same time, leading to some sort of injury, including two people who were hit by a car after paying more attention to their phone than oncoming traffic. Since technopanics always seem to start with a news article, just wait for someone to propose a law against this -- rather than insisting that perhaps it's time to institute a little common sense.


Related? At least this is a response to all that video surveillance (assuming you can hack their database.)

http://gizmodo.com/5030958/face+swapping-tech-keeps-your-privacy-online-by-making-you-look-horrifying

Face-Swapping Tech Keeps Your Privacy Online By Making You Look Horrifying

... Well, this new "Face Swapper" software found on Boing Boing automatically switches out features on peoples faces with features from photos in its database, creating horrifying cross-gender hybrids.

[Imaging merging everyones face with Janet Reno – Oh the horror! Bob]



Are CISOs starting to feel vulnerable?

http://www.pogowasright.org/article.php?story=20080730212401662

Data Breach Fallout: Do CISOs Need Legal Protection?

Wednesday, July 30 2008 @ 09:24 PM EDT Contributed by: PrivacyNews

Since the security executive is on the hot seat after a data breach, some industry experts suggest CISOs get themselves some form of liability protection. The downside is that such protection could shield those who deserve the blame for an incident

Source - CSO

[From the article:

In the wake of a data breach, the company's top brass may go looking for someone to blame. If you are the security chief, chances are it's going to be you.

... He has watched as some of his CSO acquaintances were blamed for a security failure or dismissed for trying to blow the whistle over the company's security holes.

... In the final analysis, experts say, the best insurance policy for CSOs is a security program that keeps incidents from happening in the first place.

Dan Lohrmann, CISO for the State of Michigan, notes that his staff is adequately protected as long as the team is following industry and government security best practices. Besides, he says, state workers are self-insured.



“It's not a bug, it's a feature!” W. Gates (Not a problem if you don't hack the system.)

http://it.slashdot.org/article.pl?sid=08/07/30/204241&from=rss

Dual Boot Not Trusted, Rejected By Vista SP1

Posted by timothy on Wednesday July 30, @04:28PM from the that's-south-of-luckless dept. Bug Microsoft Operating Systems Windows

Alsee writes

"Welcome to our first real taste of Trusted Computing: With Vista Enterprise and Vista Ultimate, Service Pack 1 refuses to install on dual boot systems. Trusted Computing is one of the many things that got cut from Vista, but traces of it remain in BitLocker, and that is the problem. The Service Pack patch to your system will invalidate your Trust chain if you are not running the Microsoft-approved Microsoft-trusted boot loader, or if you make other similar unapproved modifications to your system. The Trust chip (the TPM) will then refuse to give you your key to unlock your own hard drive. If you are not running BitLocker then a workaround is available: Switch back to Microsoft's Vista-only boot mode, install the Service Pack, then reapply your dual boot loader. If you are running BitLocker, or if Microsoft resumes implementing Trusted Computing, then you are S.O.L."



For my Security students

http://bhconsulting.ie/securitywatch/?p=318

NIST Publications

July 29th, 2008 by Brian Honan

The US National Institute of Standards and Technology, NIST, have released a number of publications that are well worth reading;

The above publications are well worth taking the time to download and review.



Geek stuff

http://digg.com/gadgets/An_Illustrated_Guide_to_Every_Stupid_Cable_You_Need

An Illustrated Guide to Every Stupid Cable You Need

gizmodo.com — We put up with too many cables. There are at least four different kinds of USB plugs, two kinds of FireWire and like a million different ways to connect something to TV or monitor.

http://gizmodo.com/5030810/giz-explains-an-illustrated-guide-to-every-stupid-cable-you-need



Every geek should be learning this technology (Quick! Before the lawyers realize what it really does!)

http://tech.slashdot.org/article.pl?sid=08/07/30/2126217&from=rss

Review of Sun's Free Open Source Virtual Machine

Posted by timothy on Wednesday July 30, @05:33PM from the expanding-options dept. Operating Systems Software Sun Microsystems

goombah99 writes

"After snapping up virtualization company InnoTek at the beginning of the year, Sun has recently released VirtualBox as a fully functional and highly polished free GPL open source x86 Virtual Machine. It can host 32- or 64-bit Linux, Windows XP Vista and 98, OpenSolaris and DOS. It runs on Mac OS X, Windows, and Unix platforms. The download is just 27MB. A review of it on MacWorld, showing HD movies playing inside windows XP on a mac, demonstrates performance visually indistinguishable from VMware. Like its competition, it can run other OSes in rootless, rooted, or seamless modes display modes (where all the applications have their windows mixed at the same time). Each VM instance can only run single core (though I/O is multi-core), and it does not yet support advanced windows graphics libraries however, so some gamers may be disappointed. Slashdot discussed the InnoTek acquisition earlier.



Sometimes when things sound too good to be true, it's because they are.

http://mobile.slashdot.org/article.pl?sid=08/07/30/221204&from=rss

India's "$10 Laptop" To Cost $100 After All

Posted by timothy on Wednesday July 30, @06:22PM from the ain't-it-the-way-of-things dept. Education Government Hardware

narramissic writes

"In case you missed it, India's Minister of State for Higher Education yesterday announced the development of a $10 laptop that will target higher education applications. There were no specifications given for the laptop and the rock-bottom price raised questions about government subsidies. Today, the figure was corrected: It's not a $10 laptop; it's a $100 laptop. Still no specs though."



With access to TV via the Internet, wasn't this inevitable? Perhaps the government will offer coupons for this, like those HD converter boxes...

http://www.killerstartups.com/eCommerce/wherever-tv-800-channels-of-free-international-tv

Wherever.tv - 800 Channels Of Free International TV

With the WhereverTV Receiver (a portable device - 5"x 5"x 1" & 6 oz. now available for $199) you can now watch all of these live TV channels on any TV in the world.

http://www.wherever.tv/html/splash.jsf



Ah, I said to myself when I read the headline, Hackers! I guess this is how they do it if they don't have portable computers...

http://news.yahoo.com/s/nm/20080729/od_nm/passengers_dc;_ylt=AsgHaBpAVC4Fz1auzwKhHpCs0NUE

Angry, late, tired passengers make computers crash

Tue Jul 29, 7:20 AM ET

BEIJING (Reuters) - Scores of Chinese air passengers smashed computers and desks and clashed with police Tuesday after a night stranded at an airport without accommodation, state media said.

No comments: