Saturday, August 30, 2008

There must be more here than is reported in the article.

http://www.pogowasright.org/article.php?story=20080830065224207

Malicious link leaves St. Joseph’s site exposed

Saturday, August 30 2008 @ 06:52 AM EDT Contributed by: PrivacyNews

Thousands of personal records were briefly at risk this summer when an intruder placed a malicious link on the Web site of St. Joseph’s Academy in Baton Rouge.

Earlier this week, the all-girl Catholic high school sent out about 7,000 letters to anyone who might have been affected, including students, parents, teachers, staff as well as alumnae going back to the class of 1985.

... The malicious link appeared on the news page of the school’s Web site on July 21.

Greg Hanner, systems administrator for the private school, said the link directed clickers to a site in China, which would then place malicious software on that person’s computer.

Source - 2theadvocate.com

[From the article:

He said the school removed the link within minutes of it appearing and corrected the Web coding that allowed it to appear. Hanner said he is “99.9 percent” sure that the breach went no further, but said theoretically hackers could have used their access to that Web server to break into protected [How? Passwords? Bob] databases also on that same server. [Poor planning to have sensitive data on the same server... Bob] The protected databases included names, social security and bank routing numbers.

... Since the breach, the school has made changes.

“Now, the databases are completely on a separate physical server,” Hanner said. “The Web server now has no access to the business database at all.”

Also the school is planning in the future to hire a second computer security firm to add to the school’s overall level of cyber-protection.

It’s unreasonable to expect that any one company can cover everything,” Hanner said. [Interesting statement. Bob]



The TJX strategy has evolved. Now that they are not making headlines where their customers are likely to see them (in the general news) they can be more aggressive in their defense.

http://www.pogowasright.org/article.php?story=20080830062804748

TJX reacts to bank lawsuit (follow-up)

Saturday, August 30 2008 @ 06:28 AM EDT Contributed by: PrivacyNews

The parent company of the T.J. Maxx and Marshall's chains has filed a forceful response to a lawsuit brought by TrustCo Bank Corp NY, saying the Glenville bank-holding company "unnecessarily and unreasonably" canceled customer debit cards after the retailer's highly publicized 2006 data breach.

... in the response filed Wednesday, TJX says TrustCo "caused or contributed to, and failed reasonably to mitigate, any injury they allegedly have suffered."

The retailer claims TrustCo "failed to implement policies or procedures" that would have allowed the bank to avoid canceling and replacing customer debit cards, including installing certain fraud-detection software, monitoring international transactions and implementing transaction limits. [A specious argument? Bob]

TJX spokeswoman Sherry Land did not return a phone call seeking comment Friday.

Source - Times Union



E-Vigilantism? “We don't like you, therefore it's okay to hack you.” Sound familiar?

http://www.pogowasright.org/article.php?story=20080830064923337

De: Report: Left-Wing Hackers Break into Neo-Nazi Server

Saturday, August 30 2008 @ 06:49 AM EDT Contributed by: PrivacyNews

Left-wing computer hackers have reportedly broken into the secure server of one of the world's largest neo-Nazi groups, copying more than 30,000 pieces of data.

Members of the anti-fascist left-wing group Daten-Antifa on Friday, Aug. 29, managed to break the access codes and enter the databank of Blood and Honour (B&H), a neo-Nazi organization that has been banned in Germany since 2000.

"Now some people in the far-right extremist scene are going to get very nervous, including activists from the NPD (Germany's far-right National Democratic Party)," Guenther Hoffmann from the Center for Democratic Culture told the Frankfurter Rundschau on Saturday.

Source - DW-World.de

[From the article:

Katharina Koenig from the Action Alliance against the Right in Jena told the Frankfurter Rundschau that evidence had been found that B&H concerts had taken place in Germany and that German extremists had organized far-right concerts abroad.

Koenig said that the new information would be helpful to police, although the data was gathered illegally.



Tools & Techniques: Simplifying a forensic process that was already availble.

http://www.pogowasright.org/article.php?story=20080830065456268

CSI Stick grabs data from cell phones

Saturday, August 30 2008 @ 06:54 AM EDT Contributed by: PrivacyNews

If someone asks to borrow your cell phone, or you leave it unattended, beware!

Unless you actually watch them use it, they may be secretly grabbing every piece of your information on the device, even deleted messages. If you leave your phone sitting on your desk, or in the center console of your car while the valet parks it, then you and everyone in your contacts list may be at risk, to say nothing of confidential e-mails, spread sheets, or other information. And of course, if you do not want your spouse to see who you are chatting with on your phone, you might want to use extra caution.

There is a new electronic capture device that has been developed primarily for law enforcement, surveillance, and intelligence operations that is also available to the public. It is the Cellular Seizure Investigation Stick, or CSI Stick as a clever acronym. It is manufactured by a company called Paraben, and is a self-contained module about the size of a BIC lighter. It plugs directly into most Motorola and Samsung cell phones to capture all data that they contain. More phones will be added to the list, including many from Nokia, RIM, LG and others, in the next generation, to be released shortly.

Source - Cnet

[From the article:

The good news: the device should find wide acceptance by parents who want to monitor what their kids are doing with their phones, who they are talking to and text messaging, and where they are surfing.



Is this aggressive lawyering or just bad lawyering? (Or is it that I love articles with “epistemlogical” in the title?)

http://www.freedom-to-tinker.com/?p=1375

Lenz Ruling Raises Epistemological Questions

August 22nd, 2008 by David Robinson

Stephanie Lenz’s case will be familiar to many of you: After publishing a 29-second video on YouTube that shows her toddler dancing to the Prince song “Let’s Go Crazy,” Ms. Lenz received email from YouTube, informing her that the video was being taken down at Universal Music’s request. She filed a DMCA counter-notification claiming the video was fair use, and the video was put back up on the site. Now Ms. Lenz, represented by the EFF, is suing Universal, claiming that the company violated section 512(f) of the Digital Millennium Copyright Act. Section 512(f) creates liability for a copyright owner who “knowingly materially misrepresents… that material or activity is infringing.”



Did you ever get the feeling that some surveys are a bit self-serving?

http://www.itworld.com/security/54579/survey-it-staff-would-steal-secrets-if-laid

Survey: IT staff would steal secrets if laid off

by Computerworld UK staff August 29, 2008, 11:58 AM — Computerworld UK

Most IT staff would steal sensitive company information, including CEO's passwords and customer details, if they were laid off, according to a new survey from Cyber-Ark.

A staggering 88 percent of IT administrators admitted they would take corporate secrets, if they were suddenly made redundant. The target information included CEO passwords, customer database, research and development plans, financial reports, M&A plans and the company's list of privileged passwords.

The research also revealed that, of that 88 percent, a third would take the privilege password list to gain access to valuable documents such as financial reports, accounts, salaries and other privileged information.

Identity management firm Cyber-Ark conducted the survey of 300 IT professionals in its annual review 'Trust, Security & Passwords'.

... One third of companies believe that industrial espionage and data leakage is rife, with data being leaked out of their companies and going to their competitors or criminals, usually via high gigabyte mobile devices such as USB sticks, iPods, Blackberry's and laptops or even sent over email.

http://www.cyber-ark.com/news-events/pr_20080827.asp



“Of course I listen to the PACs. What? The Facts? Oh, never mind.”

http://techdirt.com/articles/20080826/2218102106.shtml

Professor Slams European Commission For Ignoring The Evidence On Copyright Extension

from the it's-not-about-evidence,-it's-about-campaign-contributions dept

We were pretty surprised a few weeks back when the European Commission endorsed a plan for copyright extension, despite ample evidence that retroactive copyright extension is a bad idea. Soon after that announcement, a group of European academics sent a letter warning that such extension would harm innovation. The academics keep piling on, as Professor Bernt Hugenholtz, the director of the University of Amsterdam's Institute for Information Law (IViR) has sent an open letter to the Commission blasting them for ignoring all of the research showing that copyright extension is bad. Specifically, Hugenholtz is amazed that the Commission relied only on reports prepared by industry, and willfully ignored research prepared by independent academics, such as his own group, claiming that by ignoring such studies, the Commission has a clear intention to mislead the rest of the EU by hiding the research that shows why copyright extension is a bad idea.



You know by now that I live lists. Some of these are just silly (in a good way) and some I might even consider.

http://thehottestgadgets.com/2008/08/21-cool-and-unusual-usb-powered-devices-001241/

21 Cool and Unusual USB Powered Devices

So you might be like most people, spending all day working in your room or cubicle with the same old stuff plugged into your USB ports. Well today we have put together a list of USB powered devices to help you step outside the box.

No comments: