Friday, August 08, 2008

After years and years and hundreds of laptop thefts you would think that a bank (at least) would require encryption...

http://www.pogowasright.org/article.php?story=2008080713560089

Bank of America laptop stolen; customer data compromised

Thursday, August 07 2008 @ 01:56 PM EDT Contributed by: PrivacyNews

A Bank of America laptop containing customer information including names, account numbers and social security numbers was stolen from a bank facility.

Bank spokesperson Betty Riess would not say how many customers were affected were involved or what location the laptop was taken from.

“It’s still part of an ongoing investigation, but I can tell you it’s a very small number,” she said.

The laptop contained encryption software, [If there was any reason to believe the “encryption software” had actually been used, this report would not have been required. Bob] and there was no evidence that any customer’s information had been accessed so far, she said.

Source - Times Herald Record



Perhaps scam means something else in Ireland... We would call this a hack.

http://www.pogowasright.org/article.php?story=20080808051708534

Ie: Hundreds of credit card owners hit by online scam

Friday, August 08 2008 @ 05:17 AM EDT Contributed by: PrivacyNews

HUNDREDS of bank customers have had their credit cards cancelled following the latest international scam to hit the financial services sector.

Personal banking details of hundreds of customers were compromised after thieves hacked into the online database of one of the country’s leading retailers.

The scam was discovered on Wednesday night after the fraudsters attempted to use the credit card details to test if the cards were valid.

It is likely hackers got credit card details by getting into the retailer’s website or obtaining details from an employee, according to the Irish Payment Service Organisation (IPSO). IPSO’s head of card services Una Dillon confirmed a large number of Irish cards were compromised.

Source - Irish Examiner



If you collect “more than minimal”(?) data, you have a “more than minimal” duty to protect it.

http://www.pogowasright.org/article.php?story=20080807164723157

UK: BBC loses personal details of hundreds of children

Thursday, August 07 2008 @ 04:47 PM EDT Contributed by: PrivacyNews

The BBC has apologised to parents and started an investigation after a memory stick containing the personal data of hundreds of children was stolen.

Parents have been sent a letter by the BBC informing them that details such as the names, addresses, mobile phone numbers and dates of birth of children who applied to take part in a cookery show had been taken. The stolen data also included details of when children and their parents would be away on holiday. [Attention burglars! Bob]

Source - Times Online



For the “We can, therefore we must” ethics debate. What justifies publishing this data?

http://www.pogowasright.org/article.php?story=20080808053029413

Rex Smith: Pay data worth taking a few knocks (editorial)

Friday, August 08 2008 @ 05:30 AM EDT Contributed by: PrivacyNews

... This week, we’re doing something we think is required by the honorable pursuit of our work, knowing some readers won’t agree with our decision.

Like some newspapers in other states, and a few in New York, we are publishing the entire state public payroll online. Everybody who drew a paycheck last year from New York state and from 108 state-chartered public authorities … 375,000 names … is now listed at http://timesunion.com. You can make your own spreadsheets and become a data analyst.

We understand that if your name is on one of those payrolls, you may be annoyed. Never mind that somewhat less complete versions of the payroll already have been posted by the Empire Center, a conservative think tank, and by the five newspapers in the Gannett chain in this state. If the Times Union is your newspaper, this may strike you as an intrusion.

Source - Times Union

[From the article:

... because we believe it’s something taxpayers are entitled to see.

... What we offer you now was pieced together from separate requests filed with DiNapoli’s staff. [Aggregation Bob]



No useful details (sorry hackers) and a lot of “that can't be right” comments. We'll have to wait and see.

http://it.slashdot.org/article.pl?sid=08/08/08/1155208&from=rss

Vista's Security Rendered Completely Useless

Posted by kdawson on Friday August 08, @08:08AM from the bypassing-memory-protection-safeguards dept.

scribbles89 sends in a story with that alarmist headline from Neowin.net; it does sound like it could be a game-changer.

"While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren't based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista's fundamental architecture. According to Dino Dai Zovi..., 'the genius of this is that it's completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over.'"



This, not “Skynet” or “Colossus”, is how the computers will take over.

http://games.slashdot.org/article.pl?sid=08/08/08/1243244&from=rss

Computer Beats Pro At US Go Congress

Posted by kdawson on Friday August 08, @08:52AM from the going-going-gone dept. Programming Games

Bob Hearn writes

"I was in attendance at the US Go Congress match yesterday where history was made: the go program MoGo, running on an 800-core supercomputer, beat 8-dan professional go player Myungwan Kim in a 9-stone handicap game. Most in the audience were shocked at the computer's performance; it was naturally assumed that the computer would be slaughtered, as usual. Go is often seen as the last bastion of human superiority over computers in the domain of board games. But if Moore's law continues to hold up, today's result suggests that the days of human superiority may be numbered."

Read below for more details in Bob's account of the match.


Related? Granted, I'm a SiFi fan, but apparently there are people working on these issues.

http://techdirt.com/articles/20080805/0222511891.shtml

When Laws Can't Keep Up With Technology: Future Lawsuits To Worry About

from the well,-it'll-keep-the-lawyers-busy dept

We were just talking about how copyright law has been unable to keep up with technology changes, but that's not the only law that rapidly changing technology is already impacting. As the pace of technology innovation continues to increase, things are only going to get even more troublesome -- leading to all sorts of legal conundrums to deal with. Parker Mason alerts us to a post at Science Fiction blog io9, which tries to predict five future lawsuits that are likely to come about as a result of certain technology advances. These involve questions about things from the liability of artificial intelligence to the privacy of your thoughts due to brain scanning. If you want one sure thing, it's that there will be no shortage of work for lawyers.


Related? “We can, therefore we must?”

http://www.informationweek.com/blog/main/archives/2008/08/hacker_claims_a.html

Hacker Claims Apple Can Spy On iPhone Users, Disable Apps Remotely

Posted by Eric Zeman, Aug 7, 2008 10:42 AM

Apple may have opened up the iPhone to third-party applications, but it is keeping a very close eye on those apps. According to hacker Jonathan Zdziarski, the iPhone can "phone home" to tell Apple what apps are installed, and if Apple doesn't like what it sees on your iPhone, it can kill the offending application.

Oh man. Apple, please tell me you didn't open this can of worms for real.

... MacRumors suggests that Apple will most likely only use this functionality to kill malware or other code it deems dangerous. But what about unsanctioned applications that are downloaded to unlocked iPhones? Will Apple keep tabs on the applications that unlocked iPhone users download and install? Will it kill apps it doesn't like, even if the user has paid for it?

All these questions remain unanswered.

The bigger one that lingers in my mind is, if Apple is keeping tabs on the applications I am downloading, what else is it keeping tabs on? My phone calls? My text messages? My browsing history? The type of content I chose to consume? I surely hope not, as that's a major breach of privacy.



About time!

http://yro.slashdot.org/article.pl?sid=08/08/07/2233250&from=rss

Ohio Sues Over Missing Electronic Votes

Posted by timothy on Thursday August 07, @06:47PM from the oh-it-was-only-a-few-votes dept. The Courts Bug Security United States Politics

dstates writes

"The Columbus Post Dispatch reports that the State of Ohio is suing Premier Election Systems (previously known as Diebold) over malfunctions in electronic voting machines. Election workers found that votes were 'dropped' in at least 11 counties when memory cards were uploaded to computer servers. The same voting machines are used nationwide. The company blames a conflict between their software and antivirus software for the problem and says that an advisory was issued on the subject. The Ohio lawsuit contends that the company made false representations and failed to live up to contractual obligations and seeks punitive damages."



Phishers have bad security? Have these thieves no honor!

http://it.slashdot.org/article.pl?sid=08/08/07/2312214&from=rss

How Phishers Think, Act, and Make a Profit

Posted by timothy on Thursday August 07, @09:29PM from the good-laugh-at-your-expense dept.

whitehartstag writes with a write up of "the excellent session at Black Hat that detailed 'how phishers create sites, share info and code, and basically are lazy.' They store their stolen data 'on websites that they have hacked into, or on [publically available] sites like guestbooks. And even worse, they are not protecting their stolen data ... which means that all one needs to do to find this info is to reverse engineer a real phisher's website, look at their PHP script, and find out where they are storing the data.'"

[From the article:

Then simply go there and grab the stolen data. Anyone can find an active phishing site by visiting http://www.phishtank.com, a well known site that hosts info on known bad phishing sites, similar to a URL blacklist site.



Why do we design procedures to be followed? (Didn't the OJ trial teach us anything?)

http://news.yahoo.com/s/nm/20080807/od_nm/crime_dc;_ylt=Aoie0SIPJboPrHExx0YEvwes0NUE

Police reopen 7,000 cases after DNA error

Thu Aug 7, 11:20 AM ET

Australian police will re-examine 7,000 crimes solved through DNA evidence after a mistake forced detectives to free a suspect wrongly accused of murder.

... Police last month said a DNA sample taken from the murder scene, where Margaret Tapp was strangled and her daughter Seana raped and later killed, matched Gesah after comparison with 400,000 other DNA profiles on a national database.

Gesah was arrested and faced court, but a later check found the DNA evidence used against him was taken elsewhere and mistakenly tested with samples from the Tapp murder scene.

Overland said every crime solved by DNA in the state since the testing technology was introduced 20 years ago would now be reviewed to check no other bungles had occurred.



Geek tools

http://www.linux.com/feature/144170

Linux Foundation launches killer development tool

By Steven J. Vaughan-Nichols on August 07, 2008 (5:30:00 PM)

The Linux Foundation has just released a beta of a new program, Linux Application Checker (AppChecker), that's going to make ISVs and other programmers start to love developing for Linux.

... AppChecker then checks your program not only against different versions of the Linux Standard Base (LSB), but also against all the Linux distributions in the LSB Database. After the test is done it will present you with a report. It's this report that makes AppChecker special.

In the Web-based report, you're shown the compatibility status of your application with the various distributions, and which external libraries and interfaces your program uses. If all goes well, it gives you the option of putting your program in for LSB certification straight from the test program.



Are we devolving? If so, perhaps we should provide more opportunities for individuals to earn a “Darwin Award” not fewer.

http://news.yahoo.com/s/afp/20080807/od_afp/germanyfoodsafetylawoffbeat_080807085447;_ylt=Ai9K2uzJWfZvEs3bxNGPsKGs0NUE

Kinder surprise egg facing ban in Germany: reports

Thu Aug 7, 4:54 AM ET

Despite being a massive hit with children and adults alike, German lawmakers want to ban Kinder surprise eggs on safety grounds, press reports said on Thursday.

... "Children cannot tell the difference between a toy and food," the Welt newspaper cited Miriam Gruss from the commission as saying.

... The commission is also looking at forcing youngsters to wear cycle helmets and making schoolbooks lighter so children don't injure themselves or tire themselves out carrying them around all day, the paper added.



For my Security students (and the hacker club) – think of it as an advanced degree?

http://www.switched.com/2008/08/06/a-z-and-other-celebrity-hackers-gallery/?icid=100214839x1206934003x1200357184

'A-Z' and Other Celebrity Hackers (Gallery)

by Terrence O'Brien, posted Aug 6th 2008 at 7:12PM

... It's an increasingly popular job, according to Nick Newman, a computer crime specialist, who told USA Today: "All you need is a computer, Internet access and programming skills, and now you have a viable career path in front of you."

And, if you check out our gallery of other notorious electronic criminal masterminds, you'll see that many of them parlayed their hacking experience into some pretty decent legit jobs when they got out of prison!

No comments: