Tuesday, July 01, 2008

Who's the leader of the club

that lost your i-den-ti-ty

M-I-C, K-E-Y

M-O-U-S-E

(Not new)

http://www.wftv.com/news/16756814/detail.html

Disney Shareholders Notified Personal Information Was Compromised

POSTED: 8:15 am EDT July 1, 2008

ORANGE COUNTY, Fla. -- Some of Disney's shareholders have been notified their personal information has been compromised.

Bank of New York Mellon, which manages stocks for Disney shareholders, sent out a letter saying a box of data containing people's personal information was lost as it was being moved to a storage facility. The incident happened in February, but shareholders are just receiving the letters.



Do you suppose Hannaford gave each issuing bank a list of the cards compromised? (Perhaps through the Credit Card companies?) If so, how do they know this activity is due to a specific breach? It could be another breach, (or someone using the list of compromised cards...)

http://www.pogowasright.org/article.php?story=20080630171814134

Hannaford data breach fallout continues (update)

Monday, June 30 2008 @ 05:18 PM EDT Contributed by: PrivacyNews

The fall out from the Hannaford data breach that began last year continues.

Approximately 7,000 individuals who have Ocean National Bank ATM/Debit Cards are having them replaced because there has been recent illegal activity on them reported.

“At the time (of the breach) we gave Ocean customers the opportunity to have their debit cards re-issued,” said Kathy Schirling, a senior vice president with Chittenden Bank, a sister institution of Ocean’s. “We knew it was a significant inconvenience to customers who do online banking and decided to hold off doing a full re-issue and only give new cards to those individuals who requested them.”

With new illegal activity taking place, bank officials decided now is the time for a total re-issue, Shirling said. A letter was sent to all Ocean customers dated June 25, advising them of that decision.

Source - SeascoastOnline.com



For my Security students. It's not just lost laptops that cause data breaches...

http://www.pogowasright.org/article.php?story=20080630182120114

Cracking Physical Identity Theft

Monday, June 30 2008 @ 06:21 PM EDT Contributed by: PrivacyNews

A researcher performing social engineering exploits on behalf of several U.S. banks and other firms in the past year has “stolen” thousands of identities with a 100 percent success rate.

Joshua Perrymon, hacking director [What a great job title! Bob] for PacketFocus Security Solutions and CEO of RedFlag Security, says organizations typically are focused on online identity theft from their data resources, and don’t think about how the same data can literally walk out the door with a criminal posing as an auditor or a computer repairman. He once walked out of a client site carrying their U.S. mail tray with 500 customer statements inside it, he says.

Source - Dark Reading



Don't mess with Texas!

http://www.pogowasright.org/article.php?story=20080630181710906

Dallas Judge Gives Woman 38 Years For ID Theft

Monday, June 30 2008 @ 06:17 PM EDT Contributed by: PrivacyNews

A woman who stole thousands of dollars from North Texas nursing home patients and fast food customers and employees will face the longest identity theft sentence in Dallas County history.

Source - CBS

[From the article:

The degree of theft was so large that the case was one of the first to qualify as a first-degree felony under a new Texas law.

Prosecutors had sought a life sentence against Parker. Defense attorneys were asking for probation. It's believed Parker received the harsher sentence because she has more than two dozen prior felonies on her police record. [Yeah, that could have something to do with it... Bob]



Attention Hackers! Here's the script: “Hello Dell? Someone stole my laptop and I need you to erase it immediately! My name is [insert victim's name here]”

http://www.pogowasright.org/article.php?story=20080630172417837

Dell says it will delete data from stolen laptops

Monday, June 30 2008 @ 05:24 PM EDT Contributed by: PrivacyNews

Dell Inc. is joining a long list of other computer makers that offer a service designed to track lost or stolen laptops and delete sensitive data if the finder connects the machine to the Internet.

Source - CNN Money

[From the article:

Dell will charge business customers less than $100 per machine for three years of the service...

... A study commissioned by Dell estimated that up to 12,000 laptops are lost in U.S. airports each week. The Ponemon Institute said half the 864 business travelers it surveyed carry confidential company information on their laptops and about two-thirds don't take steps to protect the data.



Research tool Talking points

http://www.pogowasright.org/article.php?story=20080630170557946

ITRC mid-year report card on breaches

Monday, June 30 2008 @ 05:05 PM EDT Contributed by: PrivacyNews

The Identity Theft Resource Center’s mid-year press release should come as no surprise to regular readers of PogoWasRight.org and this blog. ITRC reports that the total number of data breaches through June 27 is 342, more than 69% greater than the same time period in 2007.

[...]

Additional reports available on ITRC’s web site enable additional analyses. Inspection of Type of Incident x Year x Sector suggests the following patterns for 2007 and 2008 data:

  • The number of Accidental Exposures appears to be increasing somewhat from 2007 to 2008, but not uniformly across sectors: the Educational sector may account for most of the increase.

  • The number of incidents involving Data on the Move also appears to be increasing somewhat in 2008, but most of the increase is due to increases in the Business and Health/Medical sectors; the Educational sector is showing a decrease relative to 2007.

  • The number of Hacking incidents appears to be increasing significantly from 2007, with both the Banking/Financial and Business sectors accounting for the increase.

  • The number of incidents involving Insider Theft by mid-2008 is already double the total number for all of 2007, with all sectors except the Government/Military sector showing an increase in this type of incident.

  • The number of incidents involving Subcontractors at mid-year is almost equal to the total number for all of 2007; Business, Educational, and Military/Government sectors are all on a rate to double the number of incidents they reported last year.

Source - Chronicles of Dissent blog



Perhaps a case for the law school crowd?

http://www.pogowasright.org/article.php?story=20080630125008616

Company snoops ex-CEO's Yahoo Mail account, faces lawsuit

Monday, June 30 2008 @ 12:50 PM EDT Contributed by: PrivacyNews

Less than two weeks ago, the US 9th Circuit Court carved out a large space for privacy in the workplace by indicating that personal messages sent via work equipment were off limits to search unless the employer had a policy of regularly accessing the equipment. In the process, they gave protection to the contents of electronic messages, while accepting that information such as the recipients' identity were necessarily public. That decision may play a role in determining the outcome of a case brewing in Connecticut, in which a fired employee is suing his former employer for accessing his personal Yahoo account. The case, however, has a number of significant complications that may leave everyone involved looking bad.

Source - Ars Technica



Problems with the Cloud?

http://yro.slashdot.org/article.pl?sid=08/06/30/1416238&from=rss

RMS and Clipperz Promoting Freedom In the Cloud

Posted by CmdrTaco on Monday June 30, @11:16AM from the can-i-see-what-you-see dept. Privacy

mbarulli writes

"Clipperz and Richard Stallman recently launched a joint call for action to bring freedom and privacy to web applications. 'The benefits of web apps are many, but quite often users lose their freedom to study, modify and discuss the source code that powers those web apps. Furthermore, we are forced to trust third parties with our data (bookmarks, text documents, chat transcripts, financial info ... and now health records!) that no longer resides on our hard disks, but are stored somewhere in the cloud.' Clipperz and RMS urge web developers to adopt the new AGPL license and build their applications using a 'zero-knowledge architecture,' a framework for web services that has been derived from Clipperz online password manager. A smooth path toward web apps based on free software that know nothing about you and your data."



Quite interesting. Hundreds of petabytes of data?

http://gigaom.com/2008/06/30/microsofts-internet-infrastructure-its-big-plans/

Inside Microsoft’s Internet Infrastructure & Its Plans For The Future

Om Malik, Monday, June 30, 2008 at 6:30 PM PT

A few minutes after she delivered a speech at our Structure 08 conference [More videos here Bob] in San Francisco, I caught up with Microsoft’s corporate VP of global foundation services, Debra Chrapaty, for a video chat.



Research: Keep track of your competition...

http://www.llrx.com/features/ciguide.htm

Competitive Intelligence - A Selective Resource Guide

By Sabrina I. Pacifici, Published on June 1, 2008

Selected Web, Blogs, News, Video Search and Alerts



Think of it as project Gutenberg for music... Anyone want to record this copyright-free music under a GPL so we can put it online?

http://yro.slashdot.org/article.pl?sid=08/07/01/0232231&from=rss

Provider of Free Public Domain Music Re-Opens

Posted by kdawson on Tuesday July 01, @04:58AM from the music-wants-to-be-free dept. Censorship Music

Chip Zoller writes

"This community took note when the International Music Score Library Project shut down last October, and when Project Gutenberg stepped in to help three days later. I would like to alert you all that our site, IMSLP, has re-opened to the public for good after a 10-month hiatus. All the news updates in the interim can be found linked to the main page. We take great pride in re-opening as it demonstrates our willpower to make the masterpieces of history free to the world; and moreover to make manifest that we will not be bullied by publishers sporting outrageous claims of copyright in a country where they clearly are expired."

No comments: