Friday, July 04, 2008

You must make a conscience effort to look for ALL sensitive information, ask yourself if you really need it and if so, how you will protect it.

http://www.pogowasright.org/article.php?story=20080704053350603

NV: Juror data breach is reported

Friday, July 04 2008 @ 05:33 AM EDT Contributed by: PrivacyNews

In a District Court security breach, a contracted vendor released personal information on about 380 potential jurors to an employee's private e-mail address, court officials said Thursday.

Clark County court officials said the people affected were notified by letters sent out Monday. Court officials did not specify whether the breach was intentional or accidental. They also didn't specify when the incident occurred.

The information was transferred from the printing company that prepares jury summons notices to an unidentified employee's e-mail account.

Source - Las Vegas Review-Journal

[From the article: Court officials said they have since removed all personal identifiers from the jury summons list... [Probable that no one even thought of doing this before the incident. Bob]



“We're your government and we're here to protect you!”

http://www.pogowasright.org/article.php?story=20080703173717194

Passport record system open to abuse, IG finds

Thursday, July 03 2008 @ 05:37 PM EDT Contributed by: PrivacyNews

A State Department passport record system that holds personal data on more than 120 million Americans is wide open to abuse and unable to prevent or detect unauthorized access, investigators said Thursday.

The review by the department's inspector general was ordered after revelations in March that State Department employees and contractors had accessed the files of presidential candidates Hillary Clinton, John McCain and Barack Obama.

The IG report found a much broader problem.

Source - McClatchy

[From the article:

Investigators surveyed the records of 150 high-profile Americans, whose names were selected from Forbes and Sports Illustrated magazine lists and Internet search engine Google's most-searched names.

Of the 150 — who weren't named in the report — 127, or 85 percent, had had their passport files accessed a total of 4,148 times, strongly suggesting attempts at unauthorized access.

... Investigators said they were unable to determine precisely how many individuals had access to the system or how many breaches had occurred.



If not a trend at least a more common scenario

http://mobile.slashdot.org/article.pl?sid=08/07/04/1228208&from=rss

Irrigation Controller Stolen, Wirelessly Rescues Itself

Posted by kdawson on Friday July 04, @08:46AM from the visionary-solutions-to-water-management-through-technology dept.

wooferhound sends along an amusing piece about thieves who got run over by technology and never knew what hit them. "A Rain Master Eagle-i Irrigation Controller recently stolen out of a housing development just outside of Tucson traveled nearly 80 miles before rescuing itself. The smart controller is now back in place on the wall where it was originally pinched... In this day and age, something that may look passive like an irrigation controller may not be so passive. The thieves didn't realize they were removing equipment that features 2-way wireless communications via the Internet. Three weeks later, the unexpected happened. The Maintenance Supervisor noticed a signal coming in from the stolen controller. He thought it was kind of odd that it was up and running... Whoever had stolen it had plugged it back in."



Repeat after me: Passwords do not provide adequate security.

http://houseofhackers.ning.com/profiles/blog/show?id=2092781%3ABlogPost%3A58655

Pass-The-Hash

Posted by hitechpo on July 3, 2008 at 4:30pm

For this blog, I wanted to give you some instructional material. Some of this stuff has been around for awhile, but there is some new stuff out there specifically, a new version of pass-the-hash toolkit. In a nutshell, the instructions that follow will allow you to gain full control of a windows domain without ever lifting a finger at cracking a password.

... Some rules to follow to prevent this type of attack are: lock down your workstations. Do not allow users to have local admin rights. Make sure they are not able to download programs they aren't supposed to. If you can, go to the computer that needs support instead of connecting remotely - don't be lazy. Utilize your network devices to assist in filtering and providing access control levels to your systems and assist in remote access control.



Still think it can't happen in your organization? What does this say about the effectiveness of Data Breach disclosure laws?

http://mobile.slashdot.org/article.pl?sid=08/07/03/2143254&from=rss

12,000 Laptops Lost Weekly At Airports

Posted by timothy on Thursday July 03, @06:02PM from the dignity-lost-even-more-often dept. Portables Security Transportation United States Hardware

kthejoker writes

"Apparently companies are even worse about losing our data than we suspected. From the article: 'According to a study of 106 major US airports and 800 business travelers published by the Ponemon Institute and Dell Computer, about 12,000 laptops are lost in airports each week. Only 30 percent of travelers ever recover the lost devices. Nearly half of the travelers say their laptops contain customer data or confidential business information.' Kinda scary..."

[From the article:

Sixty-five percent of the business travelers admit that they do not take steps to protect the confidential information contained on their laptops when traveling on business, according to the study. Forty-two percent say they don't back up their data before going on a trip. Fewer than 20 percent of respondents said they have whole disk encryption or file encryption on their machines.

[The Study: http://www.dell.com/downloads/global/services/dell_lost_laptop_study.pdf



Crooks in the computer age: Another Estonia? Would Tony Soprano be able to do (conceive) this?

http://news.cnet.com/8301-10789_3-9983940-57.html?part=rss&subj=news&tag=2547-1_3-0-5

July 3, 2008 1:35 PM PDT

Hundreds of Lithuanian Web sites defaced

Posted by Robert Vamosi

Last weekend, several hundred Lithuanian Web sites were defaced with pro-Soviet and anti-Lithuanian slogans, according to The New York Times.

Last Friday, Lithuanian government sites were warned of an impending Web attack and mounted appropriate defenses. Several hundred commercial sites did not do so and over the weekend took the brunt of the attack. By Monday, most all of the sites had been restored.

... Early evidence suggests a group of criminal hackers may have organized the attacks. The IPs used in the attacks appear to be from a variety of nations, but Reston, Va.-based iDefense told the Washington Post that one site, hack-war.ru, appeared to have organized the protest.



Fairly dull, but someone to quote?

http://interviews.slashdot.org/article.pl?sid=08/07/03/1913245&from=rss

Lt. Col. John Bircher Answers Your Questions

Posted by timothy on Thursday July 03, @03:35PM from the questions-that-dan-savage-won't-touch dept.

A few weeks ago, you asked questions of Lt. Col. John Bircher, head of an organization with a difficult-to-navigate name: the U.S. Army Computer Network Operations (CNO)-Electronic Warfare (EW) Proponent's Futures Branch. Lt. Col. Bircher has answered from his perspective, at length, not just the usual 10 questions, but several more besides. Read on for his take on cyberwar, jurisdiction, ethics, and more.



Don't you love it when a Judge “get it?”

http://techdirt.com/articles/20080703/0336421589.shtml

Lawyer Seriously Slapped Down For SLAPP Attempt Against Librarian Blogger

from the ouch dept

We've covered the concept of SLAPP (Strategic Lawsuit Against Public Participation) suits plenty of times before. These are bogus lawsuits filed to try to bully a critic into shutting up. In one such case, involving an incredibly broad subpoena against a librarian blogger compiling information on the potential link between mercury and autism, a magistrate judge has seriously smacked down the lawyer who filed the subpoena.

... Shoemaker has not offered a shred of evidence to support his speculations. He has, he says, had his suspicions aroused because she has so much information. Clearly he is unfamiliar with the extent of the information which a highly-competent librarian like Ms. Seidel can, and did, accumulate



All this, and it's free! This looks verrry interesting. All the normal “suite” applications, plus graphic design and image manipulation tool, flowcharts and diagrams, even project management. (and for us Math teachers -- for mathematical formula editing.

http://linux.slashdot.org/article.pl?sid=08/07/04/0624208&from=rss

Review of KOffice 2.0 Alpha 8 – On Windows

Posted by timothy on Friday July 04, @05:28AM from the didn't-see-that-coming-did-you dept. KDE Software Windows Linux

4WebChimps writes

"As featured previously on Slashdot, the KOffice project is working towards a cross-platform, open source office suite for Linux, Windows and Mac OS X. The most recent release, KOffice 2.0 Alpha 8, achieved that goal by being the first release for all three operating systems simultaneously. Want to try KOffice on Windows? TechWorld has a review (with screenshots) of KOffice on Windows, including the installation process which is as simple as clicking a few buttons (the online installer does the rest). Hopefully it won't be long before KOffice sits alongside OpenOffice.org as a usable cross-platform open source productivity suite."



976 free movies, including several episodes of Flash Gordon Conquers the Universe. How can you go wrong!

http://www.publicdomaintorrents.com/

Download Movies - Classic Movies and B-Movies For FREE!



Or, you could watch brief excerpts to choose you TED video

http://www.ted.com/index.php/talks/top10

Announcing the Top 10 TEDTalks

No comments: