Thursday, August 14, 2008

Interesting that they have to scramble and that so many people are under suspicion – apparently everyone uses the same password (that technique earns you a “F” in Computer Security 101)

http://www.pogowasright.org/article.php?story=200808140607102

Security Flap Slams Wells Fargo Over Data Breach

Thursday, August 14 2008 @ 06:07 AM EDT Contributed by: PrivacyNews

In the wake of news that a Wells Fargo bank access code had been used to steal thousands of consumers' personal information, the bank has launched a full-scale investigation into the crime.

The code was used to access information from MicroBilt, which describes itself as the "single source industry leader in risk management information" and provides consumer information to Wells Fargo and other banks and businesses, between May and June, Wells Fargo spokeswoman Mary Berg told InternetNews.com.

MicroBilt only notified Wells Fargo on July 1, and both companies told InternetNews.com that they suspended their dealings by mutual agreement.

Source - InternetNews.com

[From the article:

Data breaches are expensive, and loan applications staff [Translation: all of them. Bob] at Wells Fargo are now under a microscope.

... "We're looking into how someone got hold of that access code." [Other than the thousands of people we gave the code to... Bob]

... "MicroBilt sent us a list of about 7,000 names and, after we took out any duplicate names, the list worked [out] to about 5,000," she added. [This suggests to me that more bogus requests were made than legitimate ones... Bob]

... The breach at MicroBilt occurred because, like other companies that offer business to business (B2B) services, it uses authentication that generally is considered good enough, Eric Skinner, chief technology officer of security vendor Entrust (NASDAQ: ENTU), told InternetNews.com.

"They looked around, saw what everybody else was using and used the same thing," Skinner said. "It's not unusual that they don't have banking-grade security applications in place."



Private companies would never use captured personal information inappropriately, they say so in their Privacy Statements.

http://www.pogowasright.org/article.php?story=20080814061130357

Confidential Data of 17,000 Germans Sold to Call Centres

Thursday, August 14 2008 @ 06:11 AM EDT Contributed by: PrivacyNews

An investigation has been launched in Germany after a CD containing the personal details of 17,000 individuals was anonymously handed to the Schleswig-Holstein Consumer Association. According to the Association the data, which was sold to a number of call centres, appears to have originated from the lottery operator Süddeutsche Klassenlotterie (SKL).

... The records on the CD include not only details of names, addresses, phone numbers and dates of birth, but also full bank account details.

Source - GamingIntelligenceGroup.com (free reg. required)



Can you say “liability?”

http://www.pogowasright.org/article.php?story=20080814063019356

NZ: Slingshot error puts customer privacy at risk

Thursday, August 14 2008 @ 06:30 AM EDT Contributed by: PrivacyNews

New Zealand internet service provider Slingshot claims to be "a better place", but that is really not the case after the shocking incident that occurred today.

Media Fetish reported earlier that Facebook was experiencing an issue where users would sign in with their username and password but gain access to a strangers account rather than their own. I can now reveal that this issue was not the fault of Facebook, but instead was caused by an error with Slingshot.

Customers of Slingshot found that this issue was not just occurring on Facebook, but on many various websites where a log-in was required. These websites ranged everywhere from buying and selling site TradeMe to the University of Otago's 'Blackboard' service. It is not yet known whether any online banking services were affected.

.... After today's incident it has also become apparent that the Bebo error Media Fetish reported on in May was also highly likely to be caused by the ISP Slingshot, rather than the social networking site itself.

Source - Media Fetish blog



http://news.cnet.com/8301-1023_3-10016687-93.html?part=rss&subj=news&tag=2547-1_3-0-5

August 13, 2008 3:46 PM PDT

E-mail messages tell story of Clinton's failed bid

Posted by Stephanie Condon

... Joshua Green, who wrote the article, said he collected "stacks" of material from unnamed sources. He notes in the article that "paranoid dysfunction breeds the impulse to hoard. Everything from major strategic plans to bitchy staff e-mail feuds was handed over."

Green said none of his sources expressed any concern over breaking any sort of disclosure agreements they may or may not have had with the campaign over their correspondences.

... Some politicians have already made moves in recent years to cut back on sending easily retrievable communications. New Jersey Gov. Jon Corzine in July 2007 announced he would no longer be using e-mail, after state Republicans filed a lawsuit forcing him to release his e-mail correspondence with a union president.



How to interpret this? The new boss wants to review everything or they will take the program to the dark side? Should be interesting to watch.

http://tech.slashdot.org/article.pl?sid=08/08/13/1436224&from=rss

Air Force Suspends Cyber Command Program

Posted by CmdrTaco on Wednesday August 13, @11:34AM from the less-qq-more-pewpew dept. The Military The Internet

AFCyber writes

"The Air Force on Monday suspended all efforts related to development of a program to become the dominant service in cyberspace, according to knowledgeable sources. Top Air Force officials put a halt to all activities related to the establishment of the Cyber Command, a provisional unit that is currently part of the 8th Air Force at Barksdale Air Force Base in Louisiana, sources told Nextgov. An internal Air Force e-mail obtained by Nextgov said, 'Transfers of manpower and resources, including activation and re-assignment of units, shall be halted.' Establishment of the Cyber Command will be delayed until new senior Air Force leaders, including Chief of Staff Norton Schwartz, sworn in today, have time to make a final decision on the scope and mission of the command."



Why new laws?

http://www.pogowasright.org/article.php?story=20080814055430820

UK: Government publishes new, wider Data Retention Regulations

Thursday, August 14 2008 @ 05:54 AM EDT Contributed by: PrivacyNews

The Government has published a draft law that mandates the retention of data by internet service providers (ISPs) and telecoms companies. The proposed Regulations will replace an earlier law that applied to non-internet data only.

If approved by both Houses of Parliament, the Electronic Communications Data Retention (EC Directive) Regulations 2008 would come into force on 15th March 2009. They will revoke the 2007 Regulations of the same name and complete the UK’s implementation of an EU Directive.

Source - Out-Law.com

[From the article:

The Home Office confirmed that access to 12 months' worth of call, text, email and internet records will be open to all bodies covered by phone tap law the Regulation of Investigatory Powers Act (RIPA). That includes local councils, health authorities and the Post Office.


Because apparently there is not enough obfuscation in the current system.

http://www.pogowasright.org/article.php?story=20080813164438318

UK: £68m 'snooping' database: Little impact on serious crime

Wednesday, August 13 2008 @ 04:44 PM EDT Contributed by: PrivacyNews

Powers to snoop on the UK's email and internet records will be of limited use in tackling serious crime, the government has admitted.

Home Office proposals for phone, email and internet records - including VoIP - to be kept for 12 months are expected to cost taxpayers up to £68m to set up and £39m per year to run.

Source - Silicon.com

Thanks to Brian Honan for the link.



Just how poor are US ISPs? They will find out when Japan does to them what it did to the automotive industry. (How can they not see this as a business opportunity?)

http://tech.slashdot.org/article.pl?sid=08/08/13/1648211&from=rss

US Broadband Won't Catch Up With Japan's For 101 Years

Posted by timothy on Wednesday August 13, @01:06PM from the all-other-things-being-equal-which-they-never-are dept. Networking

An anonymous reader writes

"Internet speeds of users nationwide shows that the United States has not made significant improvements in deploying high-speed broadband networks in the past year, and if the average US Internet speed continues to improve only at the same rate it did from 2007 to 2008, the country won't catch up with Japan's current download speed for another 100 years, according to findings released by the Communications Workers of America's (CWA's) Speed Matters campaign."

With enough statistical mangling, nearly anything can be presented as plausible, but that's not enough to cover up my envy of Asian broadband speeds.

[From the article:

The 2008 median real-time download speed in the U.S. is a mere 2.3 megabits per second. This represents a gain of only 0.4 mbps over last year’s median download speed. It compares to an average download speed in Japan of 63 mbps, the survey reveals.



How does this differ from use of binoculars? The technology is newer.

http://www.pogowasright.org/article.php?story=20080814060258994

Police Turn to Secret Weapon: GPS Device

Thursday, August 14 2008 @ 06:02 AM EDT Contributed by: PrivacyNews

... Across the country, police are using GPS devices to snare thieves, drug dealers, sexual predators and killers, often without a warrant or court order. Privacy advocates said tracking suspects electronically constitutes illegal search and seizure, violating Fourth Amendment rights of protection against unreasonable searches and seizures, and is another step toward George Orwell's Big Brother society. Law enforcement officials, when they discuss the issue at all, said GPS is essentially the same as having an officer trail someone, just cheaper and more accurate. Most of the time, as was done in the Foltz case, judges have sided with police.

Source - Washington Post



Rick: How can you close me up? On what grounds?

Captain Renault: I'm shocked, shocked to find that gambling is going on in here!

[a croupier hands Renault a pile of money]

Croupier: Your winnings, sir.

Captain Renault: [sotto voce] Oh, thank you very much.

[aloud]

Captain Renault: Everybody out at once!

Casablanca (1942)

http://www.pogowasright.org/article.php?story=20080814060758286

Il: Under 'Big Brother Law,' telecom firms would tell all to police

Thursday, August 14 2008 @ 06:07 AM EDT Contributed by: PrivacyNews

The Knesset's law committee was shocked to discover yesterday that the police have been abusing the so-called "Big Brother Law" by forcing telecom companies to give them subscriber information beyond that allowed by law.

Cellcom officials told the Constitution, Law and Justice Committee of police attempts to circumvent the Knesset via regulations under this law.

Source - Haaretz.com



Another way to get on lists.

http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_tsa_spot.pdf

Privacy Impact Assessment for the Screening of Passengers by Observation Techniques (SPOT) Program [pdf]


Related

http://www.pogowasright.org/article.php?story=20080814055027340

Fliers without ID placed on TSA list

Thursday, August 14 2008 @ 05:50 AM EDT Contributed by: PrivacyNews

The Transportation Security Administration has collected records on thousands of passengers who went to airport checkpoints without identification, adding them to a database of people who violated security laws or were questioned for suspicious behavior.

The TSA began storing the information in late June, tracking many people who said they had forgotten their driver's license or passport at home. The database has 16,500 records of such people and is open to law enforcement agencies, according to the TSA.

Source - USA Today



Will this become the standard?

http://www.pogowasright.org/article.php?story=20080814054819555

2nd Circuit allows anonymous lawsuit over alleged sexual assault

Thursday, August 14 2008 @ 05:48 AM EDT Contributed by: PrivacyNews

A federal appeals court has reinstated the lawsuit of a woman whose sexual-assault claim was tossed out because she insisted on proceeding anonymously.

The 2nd U.S. Circuit Court of Appeals said yesterday’s ruling in Sealed Plaintiff v. Sealed Defendant #1 may be used as a precedent.

Source - Opinion [pdf]



This article is 'Consumer Oriented' and assumes that Customer Service (“immediate” password reset) is more important than security. This is not how the business world works. A simple verification technique I used (many years ago) was to call the employee (would also work with customers) on their office phone. New employees or those outside the office were verified via their managers.

http://it.slashdot.org/article.pl?sid=08/08/13/2241242&from=rss

Password Resets Worse Than Reusing Old password

Posted by samzenpus on Wednesday August 13, @08:26PM from the one-password-when-you're-born dept. Security IT

narramissic writes

"We all know well the perils of password reuse. But what about the information used to reset passwords? Many sites use a standard set of questions — your mother's maiden name, the name of your best friend, what city you grew up in, or what brand your first car was. And you probably have a standard set of responses, making them easy to remember but not very secure. 'The city you grew up in and your mother's maiden name can be derived from public records. Facebook might unwittingly tell the name of your best friend. And, until quite recently, Ford with its 25% market share had a pretty good chance of being the brand of your first car,' says security researcher Markus Jakobsson. But 'password reset does not have to be a weak link,' says Jakobsson. 'Psychologists know that people's preferences are stable — often more so than long term memory. And very few preferences are recorded in public databases.'"



Attention all Cellphone users! (perhaps we could have these printed on a card to hand to offenders?)

http://digg.com/gadgets/Top_10_Cell_Phone_Etiquette_Rules_People_Still_Break

Top 10 Cell Phone Etiquette Rules People Still Break

mobilecommandos.com — Do we really still need to talk about this? You ’d think with over a decade of experience under our belts along with our inherent delusions of hyper sophistication that we’d have figured things out by now. But the sad truth remains: cell-phone douche-baggery is worse than ever!

http://www.mobilecommandos.com/random-stuff/top-10-cell-phone-etiquette-rules-people-still-break/



Every now and then, someone demonstrates brilliance by doing the obvious rather than doing “what everyone else is doing.” Not a formal study (hint, hint) but still interesting...

http://games.slashdot.org/article.pl?sid=08/08/13/2249246&from=rss

Game Developer's Response To Pirates

Posted by samzenpus on Wednesday August 13, @10:08PM from the scuttle-the-console dept. The Internet Games

cliffski writes

"A few days ago, indie PC games developer Positech publicly called for people pirating their games to explain why, in an open and honest attempt to see what the causes of gaming piracy were. Hundreds of blog posts, hundreds more emails and several server-reboots later, the developer's reply is up on their site. The pirates had a lot to say, on subjects such as price, DRM, demos and the overall quality of PC games, and Positech owner Cliffski explains how this developer at least will be changing their approach to selling PC games as a result. Is this the start of a change for the wider industry? Or is this the only developer actively listening to the pirates point of view?"



Tools & Techniques with emphasis on tools. I've wondered why no one had done this before (except at the Radio Shack 'individual chip' level) At last I can build my combination grapefruit spoon/phaser!

http://www.killerstartups.com/eCommerce/buglabs-net-a-new-breed-of-tech-company

BugLabs.net – A New Breed Of Tech Company

What do you call a tech company that doesn’t sell you a specific product? You call it Bug Labs. They sell consumers the components they’ll need to create their own consumer electronics. For instance, say you want to build your own mp3 player, you’ll find the tools you need here. Don’t panic, you don’t need to know how to assemble things from scratch. Each component is easily coupled with other ones, so you don’t need a soldering iron to put things together. They also carry the software you’ll need to make sure your tools work perfectly. If you are out of ideas on what to build, you’ll be able to get some through the site. The forums are stuffed with people who love to build their own components, just like you. There’s even a wiki section, for you to write about some of the things you’ve created with your Bug Labs components.

http://www.buglabs.net/



Tools & Techniques Encryption is easy (and you don't need to jump through all the hoops in this article.)

http://digg.com/linux_unix/Encrypt_Your_USB_Drive_with_TrueCrypt

Encrypt Your USB Drive with TrueCrypt

linuxhaxor.net — TrueCrypt allows you to make all kinds of encrypted containers, but one of the most interesting is a hidden partition.

http://www.linuxhaxor.net/2008/08/13/encrypt-your-usb-drive-with-truecrypt/



So much for the Apple is irrelevant crowd.

http://news.slashdot.org/article.pl?sid=08/08/14/0257244&from=rss

Apple's Market Cap Exceeds Google

Posted by samzenpus on Thursday August 14, @03:45AM from the big-apple dept. The Almighty Buck Businesses Google Apple

Lawrence Person writes

"Mac Daily News was one of many Apple-followers to note that Apple Inc.'s market capitalization exceeded Google today. That means that the combined value of all Apple's outstanding shares of stock exceeded the combined value of all Google's outstanding shares of stock. Apple's stock is worth $157 billion and change vs. Google's $156 billion. Other companies Apple has surpassed in market cap include Cisco, HP, and Intel. Also, Apple is now worth 3 times the value of Dell Computer, despite Dell's founder and CEO declaring over a decade ago that if he ran Apple, he'd 'shut it down and give the money back to the shareholders.'"


Related How did they do it, you ask?

http://news.cnet.com/8301-13579_3-10017065-37.html?part=rss&subj=news&tag=2547-1_3-0-5

August 14, 2008 7:35 AM PDT

HSBC could order 200,000 iPhones

Posted by Liam Tung

Global banking giant HSBC is considering ditching the BlackBerry and adopting Apple's iPhone as its standard staff mobile device, a move that could result in an order for some 200,000 iPhones.


Related

http://digg.com/tech_news/Facebook_1_Globally

Facebook: #1 Globally

businessweek.com — They day has finally come. The social network site has vaulted over rival MySpace in worldwide audience growth, thanks to tools that translate content into many languages.

http://www.businessweek.com/technology/content/aug2008/tc20080812_853725.htm?chan=top+news_top+news+index_news+%2B+analysis

[From the article:

Of Facebook's 132 million users, nearly 63% are outside North America. The site, which had been translated into 20 languages including French, Spanish, and Mandarin, has recently added 69 more.

No comments: