Tuesday, August 05, 2008

Reading this order, I can only think (hope) that it serves to establish the FTC's jurisdiction. It certainly doesn't impress me as a penalty for bad corporate behavior.

http://www.pogowasright.org/article.php?story=20080804090242903

FTC Approves Final Consent Order in Matter of The TJX Companies, Inc.

Monday, August 04 2008 @ 09:02 AM EDT Contributed by: PrivacyNews

The FTC has issued its final orders concerning the TJX breach. The order includes assessments on alternate years for the next 20 years.

Decision and Order - In The Matter of The TJX Companies, Inc., FTC File No. 072-3055

Related - Complaint


Ditto.

http://www.pogowasright.org/article.php?story=20080804091139390

FTC Approves Final Consent Order in Matter of Reed Elsevier Inc. and Seisint, Inc.

Monday, August 04 2008 @ 09:11 AM EDT Contributed by: PrivacyNews

The FTC has issued its final orders concerning the Reed Elsevier Inc. and Seisint, Inc. breach. The order includes assessments on alternate years for the next 20 years.

Although EPIC.org had urged [pdf] financial penalties as well as monitoring requirements, the final decision and order did not contain any financial penalties for either company or TJX, another breach that led to Commission review and actions.

Decision and Order - In the Matter of Reed Elsevier Inc. and Seisint, Inc., FTC File No. 052-3094

Related - Complaint



Local, and no, this is not one of the schools I teach at – or they'd know better!

http://www.pogowasright.org/article.php?story=20080804160738543

CO: College contractor loses 15,000 students' personal information

Monday, August 04 2008 @ 04:07 PM EDT Contributed by: PrivacyNews

Arapahoe Community College (ACC) is notifying 15,000 students that their personal information has been lost or stolen.

... The e-mail indicates that a contractor [uncontrolled third party Bob] who manages the student information database had a flash drive lost or stolen at Copper Mountain Resort in Summit County. ['cause you gotta take the data on vacation! Bob] A police report was filed with the Summit County Sheriff's Department on Friday.

Source - 9News.com

Note: in the discussion following the news item, a poster purporting to be from the affected college writes:

"This comment is from Arapahoe Community College. First, we want to clarify that this situation only affects non-credit students served by our Corporate Learning Division in Parker. It does not affect credit students or those students who attend main campus in Littleton at 5900 S. Santa Fe. Also, out of the 15,000 records at risk - only 5,286 contained credit card or social security information. Only 1,200 students received customized training from this division a year and the only reason 15,000 records were in the database is because it was a compilation of 11 years. AT THIS TIME THERE IS NO EVIDENCE INFORMATION WAS STOLEN AS OPPOSED TO BEING MISPLACED. WE ARE JUST TAKING APPROPRIATE PRECAUTIONS TO PROTECT THIS VERY SMALL PERCENTAGE OF OUR NON-CREDIT STUDENT BODY."



Sounds shocking doesn't it? (Suggest a business model for a loss prevention/recovery service?)

http://www.pogowasright.org/article.php?story=20080805054621907

Lost: More than 15,000 laptops per week

Tuesday, August 05 2008 @ 05:46 AM EDT Contributed by: PrivacyNews

Business travellers in the US and Europe lose 15,648 laptops per week, according to a study by Dell.

On Dell’s behalf, Ponemon Institute surveyed 3,034 business travellers at 113 major airports located in the US, UK and Europe.

According to ITPro in the UK, Ponemon found that the airports with the highest number of lost, missing or stolen laptops included Los Angeles’ LAX, with an estimated weekly loss of 1,200 and London Heathrow, with an estimated weekly loss of 900. Of those lost laptops, the survey found that 43 percent were reclaimed in Europe, compared to only 33 percent in the US.

Source - DMM



Does this effectively put these guys out of business? What is encryption worth now? (Drat! This will make it more difficult for hackers to add themselves to the “throughly background checked and found to be innocent” file.)

http://www.pogowasright.org/article.php?story=20080805054328930

'Clear' registration halted after laptop theft (update)

Tuesday, August 05 2008 @ 05:43 AM EDT Contributed by: PrivacyNews

The federal government on Monday barred a registered-traveler service launched three years ago at Orlando International Airport from enrolling new members after an unencrypted company laptop containing personal information for about 33,000 prospective customers was stolen from a locked office.

The Transportation Security Administration said it has instructed all airports that contract with Verified Identity Pass Inc. -- which operates the "Clear" program at OIA and nearly 20 other airports across the country -- to suspend enrollment in the service and to secure all unencrypted computers until encryption software is installed. [Take their computers away? Bob]

... The company said the information on the stolen laptop included applicant names, addresses and birth dates. The computer also contained drivers license numbers, passport numbers and alien registration card numbers for "some" customers -- but no credit-card information, Social Security numbers or biometric information. The company said the information was secured by two levels of password protection. [Translation: Doubly worthless. Bob]

Source - Orlando Sentinel

[From the article:

"We don't believe the security or privacy of these would-be members will be compromised in any way," Verified Identity Pass Chief Executive Officer Steven Brill said in a written statement. [“Belief” in this case means “Hope” -- not a value taught in MBA programs. Bob]

... Both TSA and Verified Identity Pass said existing Clear customers will not experience any disruption at the airport. [Do you see why hacking this database was valuable to terrorists and other second class citizens? Bob]



Related? Pretty light weight, but this is how most people learn about Identity Theft

http://www.pogowasright.org/article.php?story=20080804193807368

Consumer Reports Investigation Reveals Government Among Biggest Sources of ID Leaks

Monday, August 04 2008 @ 07:38 PM EDT Contributed by: PrivacyNews

Americans trust government officials to safeguard sensitive personal and financial data but government is among the biggest sources of ID leaks, according to a Consumer Reports investigation.

The report "ID Leaks, A Surprising Source is Your Government at Work," in the September issue points out that penalties are also rarely imposed on those who are negligent.

Source - Marke*censored*ch

[Report is at: http://www.consumerreports.org/cro/money/credit-loan/identity-theft/government-id-leaks/overview/government-id-leaks-ov.htm?resultPageIndex=1&resultIndex=1&searchTerm=%22ID%20Leaks,%20A%20Surprising%20Source%20is%20Your%20Government%20at%20Work,%22



My father called Ireland “a country where on occasion, peace breaks out.” Looks similar in computer crime terms. I wonder if computer crime in the US is as widespread.

http://bhconsulting.ie/securitywatch/?p=334

Cyber Crime and Small Businesses in Ireland

August 4th, 2008 | by Brian Honan |

The Small Firms Association released their 6th annual crime survey which focuses on how crime impacts on small businesses in Ireland. An interesting point in the press release highlights that the companies surveyed reported an increase in online crime with the average cost on an incident being €2,250 and it appears the largest cost was €6,000.

Worryingly though the survey also stated that 26% of companies surveyed reported they had been the victim of online scams. These were either 419, advance fee or business directory scams, clearly highlighting a major need for these companies to receive appropriate security awareness training.



Bruce Schneier points to this artice which seems to suggest our legal system isn't all that it could be...

http://www.schneier.com/blog/archives/2008/08/garuy_mckinnon.html

August 4, 2008

Gary McKinnon

Good perspective on Gary McKinnon's extradition to the United States.



Turning reporters into hackers? Are the Olympics a story worth the risk of getting tossed out of China?

http://www.bespacific.com/mt/archives/018955.html

August 04, 2008

Global Internet Freedom Consortium Offers China-Based Reporters Software to Break Through Internet Blockade

News release: "The Global Internet Freedom Consortium (GIFC) announced today that their anti-censorship software tools are ready to help journalists and tourists during the Olympics, to circumvent China's Internet blockade. The software, which is available free of charge, can be downloaded onto a hard drive or USB drive to safely and effectively overcome the Internet censorship in China.

In the run-up to Olympics, Beijing tightened control over media and Internet. Overseas web sites that have keywords on Beijing's blacklist are blocked and cannot be visited from China without any "anti-censorship" tools. The decision to block access to these websites is in contravention to Beijing's earlier promises to grant unrestricted Internet access to foreign reporters during the Games, and will seriously impede reporters' ability to do their work in Beijing. Although web restrictions were relaxed to some degree on Friday, it is unclear how long these conditions will last.

In order to overcome these Internet restrictions and gain free access to the Internet in China, the GIFC recommends that journalists and tourists download the free software packages by its partners. All Internet traffic through the tools is encrypted and can successfully bypass the Internet blockades in repressive nations around the world."



This is not a very “heavy” article on e-Discovery – in fact the author goes off on a long story about the philosophy of Aikido, but it is an amusing look at an overly aggressive plaintiff and a “you asked for it” response. Maybe the defendants lawyers weren't so intimidated, and certainly not dumb!

http://ralphlosey.wordpress.com/2008/08/03/adversarial-search-a-perfect-barrier-to-cost-effective-e-discovery-and-one-litigants-aikido-like-response/

Adversarial Search, a “Perfect Barrier” to Cost Effective e-Discovery, and One Litigant’s “Aikido-like” Response



For the Hacker Club: I bet we can improve on this! If Denver had a subway, the talk (ride free for life) might be interesting too.

http://mobile.slashdot.org/article.pl?sid=08/08/05/1248259&from=rss

The Low-End Approach To Wireless Hacking

Posted by timothy on Tuesday August 05, @09:07AM from the not-enough-empty-cans-yet dept. It's funny. Laugh. Security Wireless Networking

Adrian writes

"Zack Anderson, an MIT student, created a solution to wardriving on a budget: warcarting. The Warcart is a shopping cart retrofitted with just about every sort of wireless sniffing device available. It has pivoting antennas and a smoke grenade launcher. It can even dispense infected USB flash drives. It's part of a talk about subway fare-collection-system vulnerabilities that will be given at Defcon 16 in a few days."

"Mostly as a joke," says the site — but only mostly.

No comments: