Wednesday, September 17, 2008

The article doesn't answer the questions, “Why was the data on a flash drive?” and “Why was the flash drive abandoned where a student could 'borrow' it?”

http://www.newschannel5.com/Global/story.asp?S=9013147

TSU Recovers Missing Student Data

Posted: Sep 15, 2008 03:21 PM

NASHVILLE, Tenn. - Private financial information that was missing last week has been recovered, said Tennessee State University President Melvin Johnson.

... The information, which included Social Security numbers, was downloaded by a financial aid counselor onto the flash drive.

He said the drive had been taken from the school forum last week by a student who used it to save a paper.



On the face of it, this seems a good way to avoid paying for most of the victims. (The data lost is test records for high school students.)

http://www.pogowasright.org/article.php?story=2008091611401778

Princeton Review offers credit monitoring for adult students (follow-up)

Tuesday, September 16 2008 @ 11:40 AM EDT Contributed by: PrivacyNews

The Princeton Review is offering students over the age of 18 a free credit monitoring service because of its accidental release of student records on the Internet.

Last month, the company revealed that it accidentally posted the names of about 34,000 students and their school identification numbers – in some cases the same as their Social Security numbers.

The data also included their birthday, gender, ethnicity, whether or not they have a disability and their level on the Florida Comprehensive Assessment Test. There are about 38,500 students in the Sarasota school district.

Source - Herald Tribune



Are we getting serious or is this simply another “we did something” for the campaign trail?

http://www.pogowasright.org/article.php?story=20080917061845609

Identity Theft Legislation Passes Congress

Wednesday, September 17 2008 @ 06:18 AM EDT Contributed by: PrivacyNews

via EPIC.org:

The House of Representatives has approved the Identity Theft Enforcement and Restitution Act, legislation introduced by Senator Patrick Leahy that passed the Senate in 2007. The bill contains new provisions to provide restitution to victims of identity theft and expands the computer crime law to address the problem of spyware. The President is expected to sign the measure. Senator Leahy and Senator Specter are also pressing for passage of the Personal Data Privacy and Security Act, which addresses consumer concerns such as security breaches and the misuse of the Social Security Number. The bill is currently pending in the Senate. Related: S.2168: Identity Theft Enforcement and Restitution Act of 2007 S. 495: Personal Data Privacy And Security Act Of 2007

[From Senator Leahy's website:

The legislation passed today includes critical cyber crime provisions that will help to better protect our Nation’s leaders... [Sounds like another Congressional perk in the making. (It isd also reffered to as the “Former Vice President Protection Act” -- did Al Gore invent this too?) Bob]



Please ignore the man behind the curtain...

http://it.slashdot.org/article.pl?sid=08/09/17/1320239&from=rss

Asus Ships Cracking Software On Recovery DVD

Posted by timothy on Wednesday September 17, @09:47AM from the cold-sweat-in-taiwan dept. Security Bug

Barence writes

"Asus is accidentally shipping software crackers and confidential documents on the recovery DVDs that come with its laptops. The startling discovery was made by a PC Pro reader whose antivirus software was triggered by a key cracker for the WinRAR compression software, which was located on the recovery DVD for his Asus laptop. Along with the key cracker the disc also contained confidential Asus documents including a PowerPoint presentation that details 'major problems' identified by the company, including application compatibility issues. The UK reader is not alone, either — several users in the US and Australia have also found suspicious files on Asus discs."



Your Security Manager should already have concerns with “Cloud Computing” sites. This is not the only bug, my students tell me.

http://www.pogowasright.org/article.php?story=20080916141413983

Google Docs flaw could allow others to see personal files

Tuesday, September 16 2008 @ 02:14 PM EDT Contributed by: PrivacyNews

A security researcher said he has discovered a vulnerability in Google Docs that mysteriously allows private documents to appear in other users' accounts.

Tim Bass, a researcher posting Monday on the ISC(2) blog, wrote that when he recently was using his Google Docs account he found that it was listing documents as "owned" by him but that did not belong to him.

Source - SC Magazine



Oh gee, that's okay then...

http://www.pogowasright.org/article.php?story=20080916141654105

Phorm: the UK government's verdict

Tuesday, September 16 2008 @ 02:16 PM EDT Contributed by:PrivacyNews

Phorm, the controversial ad-targeting system, does conform to European data laws, the UK government has said, but it must be more explicit in informing customers about the programme and make pt [sic] out more straightforward.

Source - Guardian

[From the article:

The bruhaha - as documented by the Guardian Technology blog - started when some of Phorm's partners, including BT, were revealed to have tested Phorm's targeting technology without informing their customers. The EU then got involved, demanding clarification about how the system is being implemented and about how consumers are being informed.



I intended to follow this one, but Slashdot readers are doing it for me.

http://yro.slashdot.org/article.pl?sid=08/09/17/0238226&from=rss

City Sues To Prevent Linking To Its Website

Posted by kdawson on Wednesday September 17, @12:23AM from the nolo-mi-tangere dept. Censorship The Courts

Mike writes

"In what appears to be a first-of-its-kind case, the Sheboygan city attorney ordered Jennifer Reisinger to remove a link to the city's police department from her Web site. The city went further, she claims, launching a criminal investigation of her for linking to the department on one of her sites, and in response she's suing the mayor and the city. 'The mayor decided to use his office to get back at Jennifer for her efforts in the recall and picked this to do it,' said her attorney, Paul Bucher. It appears this will go to court, and the question will be can a city (or any business or Web property) stop people from posting a link to its site?"

[From the Article:

Boyden said not all speech is protected, including links. For instance, someone might use a link to communicate a threat or violate a copyright, and that wouldn’t be protected. [??? Bob]

... “Linking to the Web site is no different than listing the street address of the Sheboygan police department,” he said.

Bucher also said the case was a first as far as he knows.



So can one bored teenager put you out of business? (A security company in name only)

http://torrentfreak.com/mediadefender-one-year-after-the-email-leak-080915/

MediaDefender, One Year After the Email Leak

Written by Ernesto on September 15, 2008

Exactly a year ago, the anti-piracy company MediaDefender was put to shame after a hacker gained access to their systems. Many of the deepest secrets of the company were published online, and now, twelve months on, the company is walking the plank to bankruptcy as its shares are worth less than one cent each.



Background for my Computer Security class

http://www.pogowasright.org/article.php?story=20080917065806562

Federal Laws, Regulations, and Mandatory Standards to Securing Private Sector IT Systems and Data in Critical Infrastructure Sec

Wednesday, September 17 2008 @ 06:58 AM EDT Contributed by: PrivacyNews

Summary of GAO report:

Federal policy identifies 18 infrastructure sectors--such as banking and finance, energy, public health and healthcare, and telecommunications--that are critical to the nation's security, economy, public health, and safety. Because these sectors rely extensively on computerized information systems and electronic data, it is crucial that the security of these systems and data is maintained. Further, because most of these infrastructures are owned by the private sector, it is imperative that public and private entities work together to protect these assets. The federal government uses both voluntary partnerships with private industry and requirements in federal laws, regulations, and mandatory standards to assist in the security of privately owned information technology (IT) systems and data within critical infrastructure sectors. As agreed, our objectives were to (1) identify, for each critical infrastructure sector, the federal laws, regulations, and mandatory standards that pertain to securing that sector's privately owned IT systems and data and (2) identify enforcement mechanisms for each of the above laws, regulations, and mandatory standards.

There are at least 34 federal laws, regulations, and mandatory standards that pertain to securing privately owned IT systems and data in our nation's critical infrastructure sectors. Of the 34, 1 is a law, 25 are regulations, and 8 are mandatory standards. These requirements pertain to 10 of the 18 critical infrastructure sectors, including the agriculture and food; energy; nuclear reactors, materials, and waste; and transportation systems sectors. Each of the 34 federal legal requirements has at least one enforcement mechanism. These mechanisms include court injunctions, civil monetary penalties, criminal penalties, and administrative actions, such as license revocation and suspension. Typically, these mechanisms are what agencies use to enforce requirements in general, and are not necessarily specific to the requirements for securing privately owned IT systems and data.

Source - GAO-08-1075R, September 16, 2008



See! Hollywood isn't the only 'special interest; that owns influences congressmen.

http://news.slashdot.org/article.pl?sid=08/09/16/208247&from=rss

Congress May Kill NIH Open Access Research Rules

Posted by kdawson on Tuesday September 16, @04:49PM from the you-paid-for-it-now-we-own-it dept. Government Science

Savuka writes

"A policy that mandates public, open access to all National Institutes of Health research is in danger. The House of Representatives is considering legislation that would change the open access policy to make it more publisher-friendly, under the false pretense of protecting copyrights. The Ars author paints the new legislation as somewhat reflective of a turf battle in Congress: 'The Intellectual Property Subcommittee clearly felt that it had been ignored during the original passage of the bill that compelled the NIH's open access policy...' The article concludes: 'Currently, the disruptions wrought by the Internet and expectations of open access are too new for a viable alternative to traditional publishing to have emerged. But it doesn't appear that the NIH policy is making a significant contribution to that disruption, and the benefits of the policy appear likely to be significant. If Congress rolls back that policy in response to disagreements with other countries over film piracy, then it could really be throwing the baby out with the bathwater.'"



Something to look at/something to hack. This software claims to be able to control files I send to you for review, so you can't print or copy them. Somehow I doubt it.

http://www.killerstartups.com/Web-App-Tools/fortressw-com-futuristic-data-storage

FortressW.com - Futuristic Data Storage

http://www.fortressw.com

Keeping your files safe is easier said than done. You might back them up in your company’s network, but if something happens to that, you’re done. Maybe you like to keep them on a USB memory, but if you lose it, then wave bye-bye to your data. Backing up online might sound like a great solution, but with most services, your files will be exposed to thousands of users. If you’re looking for a new way to keep your files safe, then you should check out Fortressw.com. On the site, you’ll be able to find a new and secure method of backing up your files online, making it possible for you to worry about other things besides your files’ safety. You’ll have total control over your files, keeping them private and being able to access them wherever you are. On the whole, if you still haven’t found a secure way to store your files online, you have to check this out.



I told you Dilbert had the answers to everything.

http://news.slashdot.org/article.pl?sid=08/09/16/1654217&from=rss

Scott Adams's Political Survey of Economists

Posted by kdawson on Tuesday September 16, @01:36PM from the who's-the-fairest-of-them-all dept. Politics

Buffaloaf writes

"Scott Adams, the creator of Dilbert, wanted to have unbiased information about which presidential candidate would be better for the economy, so he financed his own survey of 500 economists. He gives a bit more detail about the results in a CNN editorial, along with disclosure of his own biases and guesses as to the biases of the economists who responded."



This could be (geeky) fun!

http://www.webmonkey.com/tutorial/Build_an_SMS_Notification_App

Build an SMS Notification App

... In this tutorial, I'll show you how I built this SMS app and how you can build your own.



More geeky fun! It is possible to override the satellite signal and send all those GPS dependant drivers down dead-end streets,or into the nearest traffic jam, or any other traffic nightmare you could imagine.

http://www.schneier.com/blog/archives/2008/09/gps_spoofing.html

September 17, 2008

GPS Spoofing

No comments: