Wednesday, August 27, 2008

Could have been one of those unethical defense lawyers...

http://www.pogowasright.org/article.php?story=20080827061550982

UK: Secret files found in bin

Wednesday, August 27 2008 @ 06:15 AM EDT Contributed by: PrivacyNews

SENSITIVE Merseyside police documents containing details of secret tactics used to smash a global drugs ring have been found dumped in a bin.

Nine men were jailed for a total of more than 100 years after the police sting in which lorry-loads of drugs were stopped making their way from the Continent into the hands of Liverpool gangsters.

The drugs were all intended to flood the streets of Merseyside giving the gangsters control of the markets, meaning they could set prices and drive competitors out of business.

But now every single shred of evidence – including secret tactics and names of witnesses and undercover police officers – have been discarded.

It is believed a builder found the files, running into hundreds of pages, discarded in a recycling bin.

Today an investigation was launched into the security breach.

Source - Liverpool Echo Related - Drugs bust files found at Leyland tip



Clearly computer theives are not interested in computing

http://www.pogowasright.org/article.php?story=20080826133042781

Britain investigates sale of computer with banking data on eBay

Tuesday, August 26 2008 @ 01:30 PM EDT Contributed by: PrivacyNews

A computer containing banking security details of more than one million people has been sold on eBay for $64, bank officials said Tuesday - the latest in a series of losses of personal data in Britain.

The computer contained account numbers, passwords, cellphone numbers and signatures. It belonged to MailSource UK - an arm of Graphic Data, an archiving company that holds financial information for Royal Bank of Scotland, NatWest and American Express.

Source - Canadian Press

Related - Cnet: Amex, Royal Bank of Scotland, NatWest customer details sold on eBay

[From the article:

The security breach became known when the computer's buyer found the information and contacted authorities. [There are a few honest and aware people left in the world. Bob]



Keeping you secure, the Big Brother way!

http://www.pogowasright.org/article.php?story=20080827045909806

UK: Officials 'back ban on data sale'

Wednesday, August 27 2008 @ 04:59 AM EDT Contributed by: PrivacyNews

There is massive support among election officials in England for a ban on the sale of voters' personal data to direct mail companies, a survey has found.

The Local Government Association poll of more than 200 administrators found 98% supported an end to the practice.

Source - BBC

[From the article:

The Direct Marketing Association said the majority of its members used the edited roll only to confirm the accuracy of the personal details they held. [In other words, “We already know everything about you.” Bob]

And it said that banning sales could lead to more, not less unwanted mail. [Seems to conflict with the first sentence... If they used the voter data to drop people from their mailing list, why don't they say that? Bob]



No surprise...

http://www.bespacific.com/mt/archives/019146.html

August 26, 2008

Steady Increase in IDThefts Recorded So Far For 2008

News release: "Today, the total number of breaches in on the Identity Theft Resource Center’s (ITRC) 2008 breach list surpassed the final total of 446 reported in 2007, more than 4 months before the end of 2008. As of 9:30 a.m. August 22nd, the number of confirmed data breaches in 2008 stood at 449. The actual number of breaches is most likely higher, due to under-reporting and the fact that some of the breaches reported, which affect multiple businesses, are listed as single events. In the last few months, two subcontractors became examples of these “multiple” events. In one case, the customers and/or employees of at least 20 entities were affected by a breach that the ITRC reported as a single breach event....Breaches: 449 Exposed: 22,091,338."

[From the Breach List:

It should be noted that the ITRC does not place an inordinate weight on the count of records exposed. While the ITRC breach list reflects compromised records of more than 22 million, in more than 40% of breach events, the number of records exposed is not reported or fully disclosed. This means the number of affected records is grossly incomplete and unusable for any statistic or research purpose. The use of potentially affected records generally causes more concern and is ‘news-sexy’.



For your Security Manager

http://www.infoworld.com/article/08/08/26/Four_quick_tips_for_choosing_an_IM_security_product_1.html?source=rss&url=http://www.infoworld.com/article/08/08/26/Four_quick_tips_for_choosing_an_IM_security_product_1.html

Four quick tips for choosing an IM security product

71 percent of businesses will invest in real-time messaging this year. [I bet less than 10% have even considered IM security Bob] If you're one of them, be sure to protect your enterprise

By Chenxi Wang, CIO.com August 26, 2008



Should we look at this an an effort to make phishing more genteel?

http://www.infoworld.com/article/08/08/26/Call_out_a_phisher_get_attacked_by_malware_1.html?source=rss&url=http://www.infoworld.com/article/08/08/26/Call_out_a_phisher_get_attacked_by_malware_1.html

Call out a phisher, get attacked by malware

In new twist, phishing scam snares victims through a log-in screen where they can give the cybercrooks a piece of their mind

By Gregg Keizer, Computerworld August 26, 2008

... In a new twist, phishers using the Asprox botnet have struck victims who use the scam's log-in screen to give the crooks a piece of their mind. The scammers fire off a multi-exploit attack kit against anyone who uses profanity in place of the username or password, said Joe Stewart, director of malware research at SecureWorks Inc.



Resource for a “Policy Guideline?”

http://www.pogowasright.org/article.php?story=20080826064306369

The privacy policy problem, Part 1: A model policy

Tuesday, August 26 2008 @ 06:43 AM EDT Contributed by: PrivacyNews

Many organizations strive to protect the confidentiality of prospects and clients. In this column and the next three, I want to explore issues relating to privacy policies and the sometimes problematic relations between legitimate, well-meaning institutions and the commercial organizations with which they do business - and the criminal organizations which abuse their good names and reputations.

Norwich University’s Privacy Policy stands as an excellent example of a clear, well-written and comprehensive document - an example that could usefully be considered by readers of this column who may need a sample policy for their own organization’s use.

Source - NetworkWorld



Hack du jour... (Filed under: Passwords are not adequate security)

http://www.infoworld.com/article/08/08/27/Locked_iPhones_can_be_unlocked_without_a_password_1.html?source=rss&url=http://www.infoworld.com/article/08/08/27/Locked_iPhones_can_be_unlocked_without_a_password_1.html

Locked iPhones can be unlocked without a password

Private information stored in Apple's iPhone and protected by a lock code can be accessed by anyone just by pushing a few buttons

By Peter Sayer, IDG News Service August 27, 2008


Related: There are many was to 'hack the system'

http://digg.com/apple/iPhone_developers_beat_Apple_s_NDA_with_1_bills

iPhone developers beat Apple's NDA with $1 bills

latimes.com — iPhone developers still bound by an Apple gag order are paying each other $1 to share coding tips. That way, if challenged by Apple's legal department, they can argue that they are subcontractors and therefore free to discuss the software.

http://www.latimes.com/technology/la-fi-apple25-2008aug25,0,2200545.story



We don't need no stinking legal basis for harassing people we don't like!” (Clearly adds fuel to the recall fire – don't these people think before they act?)

http://techdirt.com/articles/20080825/2231352090.shtml

Woman Sues Mayor For Order Demanding She Remove City Links From Her Website

from the abuse-of-power dept

GigaLaw points us to the news of a lawsuit filed by a woman in Sheboygan, Wisconsin, against that city's mayor and other officials for demanding that she remove links to the city's police department from her website. The woman believes that the demand was in response to her own support of an effort to recall the mayor.

Apparently, sometime after this effort, the mayor's secretary asked the city attorney if it was legal for the woman to link to the city's police department website from her web design company's website (totally separate from the website about the mayor's recall). The city attorney told the mayor that a link is perfectly legal -- but offered to send a cease-and-desist anyway, which the mayor approved. The woman says she felt threatened in getting a cease-and-desist from the mayor's office and took the link down.

From the facts presented in the article, this certainly sounds like an abuse of power. There's nothing inherently illegal in just linking to someone else's website, and it appears the city attorney even knew this. So it looks like the mayor and the city attorney decided to send the cease-and-desist anyway to intimidate the woman -- which worked (at least temporarily). While it's not clear if this woman will be able to win any damages, it's good to see her fighting back against what appears to be an abuse of power.



If this was in the US (and it was and will be again) there would be more Class Action Lawyers than wheat in Alberta! (“Hey dude, we know that we promised 'unlimited' phone service but we never expected anyone would actually require us to deliver it.!”)

http://news.slashdot.org/article.pl?sid=08/08/26/2037207&from=rss

TELUS Forcing Customers Off Unlimited Plans

Posted by kdawson on Tuesday August 26, @05:42PM from the can't-eat-all-that dept. Cellphones The Almighty Buck

An anonymous reader writes

"Canadian telco TELUS sold a bunch of (expensive) Unlimited EV-DO aircard accounts last winter and are now summarily canceling them or forcing people to switch to much less valuable plans. TELUS is citing 'Violations,' but their Terms Of Service (see #5) are utterly vague and self-contradictory. The TELUS plans were marketed as being unlimited, without the soft/hard caps that the other providers had at the time. They were purchased by a lot of rural Canadians who had no other choice except dialup. Now TELUS is forcing everyone to switch from a $75 Unlimited plan to a $65 1GB plan, and canceling those who won't switch. Have a look at the thread at Howardforums, a discussion of the TELUS ToS (in red at the bottom), an EV-DO blogger who's been a victim, a post at Electronista, and of course Verizon getting fined for doing the same thing! Michael Geist has taken an interest as well."



Tools & Techniques: Intercepting the data is simple, storing the data is expensive, extracting exactly what you need/want is incredibly difficult (unless you want “everything.”)

http://it.slashdot.org/article.pl?sid=08/08/27/0141247&from=rss

The Internet's Biggest Security Hole Revealed

Posted by kdawson on Tuesday August 26, @11:16PM from the kaminsky-was-a-warmup dept.

At DEFCON, Tony Kapela and Alex Pilosov demonstrated a drastic weakness in the Internet's infrastructure that had long been rumored, but wasn't believed practical. They showed how to hijack BGP (the border gateway protocol) in order to eavesdrop on Net traffic in a way that wouldn't be simple to detect. Quoting:

"'It's at least as big an issue as the DNS issue, if not bigger,' said Peiter 'Mudge' Zatko, noted computer security expert and former member of the L0pht hacking group, who testified to Congress in 1998 that he could bring down the internet in 30 minutes using a similar BGP attack, and disclosed privately to government agents how BGP could also be exploited to eavesdrop. 'I went around screaming my head about this about ten or twelve years ago... We described this to intelligence agencies and to the National Security Council, in detail.' The man-in-the-middle attack exploits BGP to fool routers into re-directing data to an eavesdropper's network."

[Try it yourself... Bob] Here's the PDF of Kapela and Pilosov's presentation.



Another “security hole” but somewhat less vast... (Not quite half-vast...)

http://www.pogowasright.org/article.php?story=2008082606164598

Out of Sight, But Not Gone

Tuesday, August 26 2008 @ 06:16 AM EDT Contributed by: PrivacyNews

To protect the privacy of litigants, the Federal Rules of Practice and Procedure require that certain personal data identifiers be modified or partially redacted from federal court case files. These identifiers are Social Security numbers, dates of birth, financial account numbers, and names of minor children, and in criminal cases, also home addresses.

In all cases, it is the responsibility of the attorney and the parties in the case to redact personal identifiers.

But redaction, once a matter of drawing a heavy black line through the words on paper, has changed with the electronic filing of documents. A black bar drawn over the text is no longer enough to block it from view. In an electronic file, the obscured text still lurks beneath the highlighter box and can be readily recalled. The text is hidden, not excised.

... Many courts, such as the District of Arizona and the Northern District of California, have posted information to their websites on effective redaction techniques. For a look at their tips, visit their websites at: https://ecf.cand.uscourts.gov/cand/faq/tips/redacting.htm or http://www.azd.uscourts.gov/azd/cm-ecf.nsf/docview/files/$file/redaction.pdf. [The second links points to even more links Bob]

Source - The Third Branch



The changing (globalizing?) legal world. I hope they write better contracts for themselves than the contracts they write for their clients.

http://www.pogowasright.org/article.php?story=20080827050040359

ABA Gives Thumbs Up to Legal Outsourcing

Wednesday, August 27 2008 @ 05:00 AM EDT Contributed by: PrivacyNews

The American Bar Association has waded into the debate over legal outsourcing with an ethics opinion blessing the outsourcing trend as "a salutary one for our globalized economy."

A growing number of legal process outsourcing (LPO) companies have sprouted up in recent years to offer the services of lawyers abroad to handle the most labor-intensive aspects of U.S. legal matters, especially document review in large-scale litigation. India has been the most popular destination for legal outsourcing because it has a common-law system and English is widely spoken.

Source - Law.com



because you can never have enough video...

http://www.killerstartups.com/Video-Music-Photo/johnlocker-com-video-learning-network

JohnLocker.com - Video Learning Network

Johnlocker.com is an extensive educational video library that will allow you to learn about any topic you can think of. Teachers and students will both benefit from the many videos that can be viewed through the site. The many documentaries that can be seen online will allow you to learn more about topics as diverse as sports and science (there’s even a category named “weird”). This makes the site a great resource that can be consulted when you want to learn more about any particular subject. There are many long documentaries hosted by the site, not just snippets.

http://johnlocker.com/



How would you describe this niche? (I suspect there are many demonstrators with “Official Rodney King” model video cameras too.)

http://blog.wired.com/27bstroke6/2008/08/democratic-conv.html

Democratic Convention: Live Audio of Denver Police

By Kevin Poulsen August 26, 2008 | 1:19:14 PM

If you're less interested in the speeches inside the Pepsi Center than the rubber bullets flying outside, the donation-supported scanner site ScanAmerica.us is streaming the dispatch frequency for the Denver police.



I want one, but it might be difficult to get by TSA at airport security...

http://mobile.slashdot.org/article.pl?sid=08/08/27/1334214&from=rss

Space Cube – the World's Smallest Linux PC

Posted by timothy on Wednesday August 27, @09:47AM from the not-time-cube-note dept. Portables Power Space Linux

Barence writes

"Meet the Space Cube — the world's smallest fully functional PC. Primarily designed for use in space, it somehow manages to cram a working PC with USB ports, card readers, audio outputs and proprietary interfaces into a tiny cube chassis measuring just two inches square. It runs a basic Linux front-end, which the blogger takes a look at, and there are some great photos of the device being loomed over by everyday objects like coffee mugs and cellphones. It has connections for controlling various electronics used by ESA, NASA and JAXA, but it will also apparently be for sale to the public soon, for use by amateur engineers and robotics clubs."



Have you noticed that some technology is near the Gilette model (give away the razor, sell the blades)

http://news.cnet.com/8301-13845_3-10026808-58.html?part=rss&subj=news&tag=2547-1_3-0-5

Print without wires for $41 shipped

Posted by Rick Broida August 27, 2008 5:08 AM PDT

... Circuit City has the Lexmark Z1480 color inkjet on sale for $40.96 shipped

... A set of replacement cartridges will run you $39.99 if purchased at Circuit City

No comments: