Monday, September 01, 2008

Just because you won't make the top 10 is no reason to go easy on security (see next article)

http://www.pogowasright.org/article.php?story=20080831082003929

The week that was: changes in the Top 10 list of breaches

Sunday, August 31 2008 @ 08:20 AM EDT Contributed by: PrivacyNews

When Scotland’s Sunday Herald proclaimed “Revealed: 8 million victims in the world’s biggest cyber heist,” they appeared to be wrong on a few counts. Even if they had been correct that every Best Western hotel guest’s data had been stolen, that would not have made the breach the world’s biggest cyber heist. Had they consulted any one of a number of online sources, they would have discovered that 8,000,000 records or people might have barely qualified for the Top 10 list in terms of breaches where we have numbers reported. As it turns out, Best Western disputes the numbers and claims that the numbers are in the dozens, not millions.

But what does it take to make the top 10 list in terms of breaches? After two breach reports from this week changed the rankings, it looks like it takes over 8,500,000 records or people just to stand a chance of becoming a cautionary tale . A breach reported from Taiwan moves right to the head of the list — depending on how you ‘count’ the TJX breach. If you count it as 94,000,000 as banks claimed in their court filings, TJX currently retains the dubious distinction of worst breach ever in terms of number of records compromised. If you use the 46,500,000 figure that had been previously cited and that seems to synch with recent federal indictments, the TJX breach falls to second place behind the 50,000,000-record hack in Taiwan orchestrated by at least 6 people who hacked into government databases, state-run firms, telecom companies and a television shopping network.

BNY Mellon and Archive Systems Inc. also joined the Top 10 list this week when BNY revealed that missing unencrypted backup tapes contained data on 12.5 million people — not the 4.5 million originally reported. To their shame, BNY Mellon did not discover the additional 8 million people on their own initiative — the extent of the breach was only discovered when they responded to a probe by Connecticut.

So what does the Top 10 list currently look like? Based on available information, it might look like this...

Read more on Chronicles of Dissent blog


Not the first law making the Credit Card industry's security “suggestions” mandatory. However, there still needs to be some legal restrictions on what they can do with that data.

http://www.pogowasright.org/article.php?story=20080831193325870

Calif. bill forces retailers to protect data

Sunday, August 31 2008 @ 07:33 PM EDT Contributed by: PrivacyNews

Retailers in California would not be allowed to store customers' personal information unless they took stringent steps to prevent identity theft under a bill state lawmakers approved Sunday.

Assemblyman Dave Jones, D-Sacramento, said many businesses fail to take even the most basic measures to protect that information, creating an opening for identity thieves.

His bill would prohibit, under most circumstances, any company that takes credit card or debit card information from retaining account numbers, verification codes or personal identification numbers.

Source - The Mercury News

[From the article:

For example, they would have to limit access only to those employees whose job requires them to see payment-related data. Companies also would have to strengthen electronic firewalls and encrypt personal information before sending it over public networks. [Nice start! Bob]



...because...

http://www.pogowasright.org/article.php?story=20080901065932261

Data “Dysprotection:” breaches reported last week

Monday, September 01 2008 @ 06:59 AM EDT Contributed by: PrivacyNews

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent



Bad lawyering or simple logic? (Is this as big as it looks to this non-lawyer?)

http://news.slashdot.org/article.pl?sid=08/08/31/1225252&from=rss

Court Rules Against AT&T's Service Agreement

Posted by Soulskill on Sunday August 31, @09:24AM from the now-get-to-work-on-those-eulas dept.

The Seattle Post-Intelligencer is running a story about a recent ruling from the Washington State Supreme Court, which decided that AT&T's service agreement was not capable of waiving a customer's right to file a lawsuit against the company. The full opinion (PDF) is also available. From the conclusion:

"AT&T's Consumer Services Agreement is substantively unconscionable and therefore unenforceable to the extent that it purports to waive the right to class actions, require confidentiality, shorten the Washington Consumer Protection Act statute of limitations, and limit availability of attorney fees. ... Courts will not be easily deceived by attempts to unilaterally strip away consumer protections and remedies by efforts to cloak the waiver of important rights under an arbitration clause."



It is better to look secure than to be secure. Cameras can not prevent crime.

http://yro.slashdot.org/article.pl?sid=08/09/01/0057225&from=rss

Newark and the Future of Crime Fighting

Posted by kdawson on Monday September 01, @05:37AM from the bangalore-across-the-hudson dept. Privacy Government

theodp writes

"Newark Mayor Cory Booker is betting that cutting-edge technology will reduce crime and spark an economic renaissance. From a newly opened Surveillance Operations Center, cops armed with joystick controllers monitor live video feeds from more than 100 donated cameras scattered across the crime-ridden city. The moves are drawing kudos from businesses like Amazon subsidiary Audible.com, which has moved its HQ to downtown Newark, where space is 50% cheaper than in Manhattan. But are citizens giving up too much privacy?"



This website analyzes data publicly – that is, anyone can see and comment on the data. I have no doubt that similar tools exist for offline use, but the idea that someone else might spot relationships you don't is worth trying. You can always anonymize (or hash) the data to maintain privacy and/or disguise the true nature of your data while leaving the relationships intact.

http://www.nytimes.com/2008/08/31/technology/31novel.html?_r=3&ref=technology&oref=slogin&oref=slogin&oref=slogin

Lines and Bubbles and Bars, Oh My! New Ways to Sift Data

By ANNE EISENBERG Published: August 30, 2008

... At an experimental Web site, Many Eyes, (www.many-eyes.com), users can upload the data they want to visualize, then try sophisticated tools to generate interactive displays.

... “The great fun of information visualization,” he said, “is that it gives you answers to questions you didn’t know you had.” [Always a surprise bases on my (humble) miliraty intelligence experience. Bob]



This is a nice little summary, however my problem seems to be student under-load. They find it almost impossible to read the assigned chapters or complete their homework.

http://www.bespacific.com/mt/archives/019193.html

August 31, 2008

Librarian's Advice on 10 Ways to Cope with Information Overload

Being Wired or Being Tired: 10 Ways to Cope with Information Overload: "Sarah Houghton-Jan explores different strategies for managing and coping with various types of informational overload." Ariadne, Issue 56 July 2008.

No comments: