Thursday, August 28, 2008

There are many ways to increase your retirement fund... Note that they did detect this email. Better would have been securing the database from wholesale copying in the first place.

http://www.pogowasright.org/article.php?story=20080827151751486

OH: Database security breached

Wednesday, August 27 2008 @ 03:17 PM EDT Contributed by: PrivacyNews

A database that contains the names, addresses and Social Security numbers of 13,000 retired Ohio police officers was improperly transmitted by a retired Ohio Police & Fire Pension Fund employee, officials said Wednesday.

... The pension fund employee retired Aug. 15. Within 30 hours, the state discovered he had emailed the database to himself at home. Warning letters were mailed Monday.

State officials do not believe the unidentified employee would have used it for "malicious intent," so they do not plan to prosecute him at this point, according to pension fund spokesman David Graham.

Source - Cincinnati.com



Think locally act globally? (or at least Federally)

http://www.pogowasright.org/article.php?story=20080828055455528

AU: Civil libertarians concerned by Qld's phone tapping move

Thursday, August 28 2008 @ 05:54 AM EDT Contributed by: PrivacyNews

Civil libertarians are up in arms over moves to give Queensland Police and the Crime and Misconduct Commission (CMC) police phone-tapping powers.

The Qld Government has been reluctant to allow telephone interception laws because of privacy concerns, but the Commonwealth has agreed to change federal legislation to set up a Public Interest Monitor.

Source - ABC

[From the article:

"Criminal cases will be compromised, police and prosecutors will get access to the private conversations of lawyers and their clients when they are preparing cases," he added.



Plan Behind! Governments tend not to look at risk, but the appearance of risk. The public doesn't see these systems, so there is no (political) risk.

http://news.cnet.com/8301-1001_3-10027667-92.html?part=rss&subj=news&tag=2547-1_3-0-5

After flight delays, FAA may add backup system

Posted by Stefanie Olsen August 27, 2008 5:55 PM PDT



Using technology to secure technology. But guessing a password still allows you complete access. Perhaps they should have used one of the USB fingerprint readers too.

http://www.infoworld.com/article/08/08/28/Nortel_uses_USB_drive_to_secure_remote_work_1.html?source=rss&url=http://www.infoworld.com/article/08/08/28/Nortel_uses_USB_drive_to_secure_remote_work_1.html

Nortel uses USB drive to secure remote work

Nortel's 'office on a stick' USB drive can link almost any PC with a corporate VPN and keep all the information from a session encrypted

By Stephen Lawson, IDG News Service August 28, 2008

... To use the USB stick, workers can simply plug it into a USB port and enter a username and password, said Rod Wallace, director of security services and solutions at Nortel. Software on the stick first checks the PC for viruses and required security mechanisms, and then sets up an encrypted remote session. It typically will provide access to remote applications via the Web browser or another method. It can completely take over the system using a remote desktop and block off printing, document-saving and remote drives, preventing employees from improperly copying sensitive data.

... As a result, IT administrators can know that sensitive information isn't out in the world on PCs they can't control. [PCs are easy, it's the people they can't control... Bob] Policies can be configured so that users who plug the drive into less-secure PCs get either limited or no access to applications, he said.



Tools & Techniques: Something to keep handy when you are out of town?

http://www.killerstartups.com/Comm/dukadial-com-make-free-calls

DukaDial.com - Make Free Calls

The folks from Jaduka labs have come up with a useful tool that will allow you to make calls from your computer to any phone number in North America. All you have to do is register (which is free), and you can start making calls to all your friends and family. Just go on the site, log in, and dial the number you want to call. You’ll be connected and be able to talk just like you were using a phone. This reminds me of when Skype first came out and it revolutionized the way people thought about making calls.

http://labs.jaduka.com/dukadial/



Publishing a leak is one thing, selling “first access” is another. The cost is to their ethics...

http://yro.slashdot.org/article.pl?sid=08/08/28/0314205&from=rss

Wikileaks To Sell Hugo Chavez' Email

Posted by samzenpus on Thursday August 28, @05:31AM from the how-much-to-look-through-his-garbage dept. Privacy

I Don't Believe in Imaginary Property writes

"Wikileaks seems to be a bit hard-up for cash, so they're trying a little experiment. They plan to auction off an archive with three years worth of Hugo Chavez' email. The winner will get a period of embargoed access to break any stories they can find in the files, while Wikileaks will later publish the archive in full. Wikileaks plans to use the profits for their legal defense fund, but they may run into trouble because most reputable news outlets have policies against paying sources."



Demonstration of bad security: It has long been a “Best Practice” to encrypt (hash) the users password and store the encrypted version rather than the plaintext. If a hacker copies the password file, he can't use it to gain access. This article shows that Llyods has not done that and that employees are free to browse the password file.

http://yro.slashdot.org/article.pl?sid=08/08/27/2246235&from=rss

Changing Customers Password Without Consent

Posted by samzenpus on Thursday August 28, @12:09AM from the leave-my-words-alone dept. Businesses IT

risinganger writes

"BBC News is reporting that a customer had his password changed without his knowledge. After some less than satisfactory service the customer in question changed his password to 'Llyods is pants'. [More for my “english as a foreign language” notebook Bob] At some point after that a member of staff changed the password to 'no it's not'. Requests to change it back to 'Llyods is pants', 'Barclays is better' or censorship were met with refusal. Personally I found the original change funny, like the customer did. After all, god forbid a sense of humour rears its ugly head in business. What isn't acceptable is the refusal to change it per the customer's requests after that."



An interesting question... Which is more important, a license or expertise?

http://blog.wired.com/27bstroke6/2008/08/do-riaa-snoops.html

Do RIAA Snoops Need P.I. Licenses?

By David Kravets August 26, 2008

... But demanding a private investigator's license doesn't make such sense for computer forensic work, according to the American Bar Association. In a recent report, the country's largest legal lobbying group urges the states to jettison the idea of, or licensing requirement for computer forensic specialists, especially since most state licensing boards don't demand education in such work.

... Among other things, the ABA report and recommendation (.pdf) says "investigation and expert testimony in computer forensics and network testing should be based upon the current state of science and technology, best practices in the industry and knowledge, skills and education of the expert."

... "Computer forensic assignments often require handling data in multiple jurisdictions. For example, data may need to (be) imaged from hard drives in New York, Texas and Michigan," the report notes. "Does the person performing that work need to have licenses in all three states?"



If nothing else, this might be useful to the small (sole practitioner) tech user. There are still a number of issues to address (SLA, security, etc.) but this will only get simpler and cheaper.

http://news.cnet.com/8301-13846_3-10026724-62.html?part=rss&subj=news&tag=2547-1_3-0-5

The opportunity for backup and disaster recovery in the Cloud

Posted by Dave Rosenberg August 27, 2008 3:48 AM PDT



Very interesting! Could this translate into stockholder suits seeking to cut costs in US businesses? (The commenters seem to like the idea.)

http://linux.slashdot.org/article.pl?sid=08/08/28/0310216&from=rss

Quebec Gov Sued For Ignoring Free Software

Posted by samzenpus on Thursday August 28, @02:58AM from the what-about-the-cheap-stuff dept. Government Linux

Mathieu Lutfy writes

"The CBC is reporting that 'Quebec's open-source software association is suing the provincial government, saying it is giving preferential treatment to Microsoft Corp. by buying the company's products rather than using free alternatives. ...Government buyers are using an exception in provincial law that allows them to buy directly from a proprietary vendor when there are no options available, but Facil said that loophole is being abused and goes against other legal requirements to buy locally.' The group also has a press release in English."


Related Quebec insists they are French, so why don't they do things the French way?

http://www.infoworld.com/article/08/08/28/35NF-open-source-france-lessons_1.html?source=rss&url=http://www.infoworld.com/article/08/08/28/35NF-open-source-france-lessons_1.html

Open source: What you should learn from the French

With open source embraced at all levels, the real benefits of a passionate community arrive

By Tom Kaneshige August 28, 2008

... This summer, an economic commission set up by French President Nicolas Sarkozy recommended tax benefits to stimulate even more open source development.

... French authorities, for instance, handed out 175,000 open-source-software-equipped memory sticks to high school students last year. Technical universities have made open source their top priority, and some offer advanced degrees.



You should know that I like lists. Even if you think you've been everywhere on the web, I bet you missed a few of these...

http://www.pcmag.com/article2/0,2817,2328649,00.asp

The Top 100 Classic Web Sites

08.25.08

PC Magazine's definitive list of the best and most trustworthy Web sites of 2008.



For my website students, because the world is in the wrong format...

http://www.youconvertit.com/convertfiles.aspx

YouConvertIt

YouConvertIt.com, the world's first and most complete conversion, file storage, units conversion website allowing internet users to convert audio video images and documents into an array of formats also sending or delivering file(s). YouConvertIt.com support unit conversion of thousands of types making it easy for users to reach one stop shop without the need to jump from one location to another.



Dilbert explains the role of the corporate lawyer (and how to estimate billable hours)

http://dilbert.com/strips/comic/2008-08-28/

No comments: