http://www.pogowasright.org/article.php?story=20080908085157679
Ca: Gov't reveals security breach of online application site for N.L. student aid (Memorial University, updated)
Monday, September 08 2008 @ 08:51 AM EDT Contributed by: PrivacyNews
Newfoundland and Labrador's Education Department is dealing with a breach of personal information related to the online application site for student aid.
Education Minister Joan Burke says the Student Financial Services Division was recently notified of an incident [Translation: they didn't detect it themselves Bob] involving unauthorized access to a client's personal information. [Suggesting ONE victim? Bob]
Burke says the online site for student aid was immediately shut down, the problem identified and corrected and the site was re-established the same day.
The province says there were approximately 48,000 people who had information in the database at the time of the exposure.
So far its been determined that 90 people had their information accessed [Suggesting only 90 victims? Bob by an unauthorized source.
Burke says the site has been reviewed by an external security firm which confirms the personal information is now secured.
The minister says officials are contacting those affected.
Source - Canada East
Update: Adam Dodge of ESI kindly sent along a link to a later story with additional details on the breach: Student aid records exposed in security breach.
[From the CBC article:
So far, authorities have traced the source of the breach to a single IP address, but it's not known whether one individual tapped into the database.
... The breach was detected when a student reported that while filling out an online application form, information belonging to others could be seen. [Unless the student was accessing from the same “single IP address” that makes at least two... Bob]
[Note: Fist time I've see the ESI site. http://www.adamdodge.com/esi/ Bob]
A trivial breach at a trivial cost? A buck a victim?
http://www.pogowasright.org/article.php?story=20080908163024954
Firm to pay Wisconsin $250,000 for security breach (follow-up)
Monday, September 08 2008 @ 04:30 PM EDT Contributed by: PrivacyNews
A Texas company has agreed to pay Wisconsin $250,000 after it mailed tens of thousands of brochures with state Medicaid participants' Social Security numbers mistakenly printed on the address labels.
The mailing by Texas-based EDS Corp. went to 260,000 participants in Wisconsin's Medicaid, BadgerCare and SeniorCare programs in January. State officials feared the mailing increased the chances of identity theft.
The company and the state Department of Health Services reached a settlement on Aug. 28 calling for EDS to adopt a new system that uses identification numbers rather than Social Security numbers by Oct. 8 and pay the state $250,000 for damages.
Source - WKBT
Hack du jour? (Think of it as Social Engineering by proxy) I had only shorted a few thousand shares. Clearly a coincidence !
2002's News, Yesterday's Sell-Off
By Frank Ahrens Washington Post Staff Writer Tuesday, September 9, 2008; Page A01
A six-year-old article mistakenly seen by Bloomberg financial news users yesterday reported the bankruptcy of United Airlines and triggered a massive sell-off that nearly obliterated the company's stock in a matter of minutes.
... United parent company UAL opened trading on the Nasdaq Stock Market yesterday at $12.17 per share. The 2002 bankruptcy article appeared on Bloomberg monitors on Wall Street just before 11 a.m. In the minutes that followed, some 15 million shares of UAL traded and the stock plunged to $3 per share. [$12 minus $3 times 810,000 shares = no worries about gas prices Bob]
Hack du jour Second rate by definition: It was immediately detectable.
http://tech.slashdot.org/article.pl?sid=08/09/08/185238&from=rss
The London Stock Exchange Goes Down For Whole Day
Posted by ScuttleMonkey on Monday September 08, @04:23PM from the at-least-no-one-died-...-yet dept. Microsoft Technology
Colin Smith writes
"TradElect, the Microsoft .Net based trading platform for the London Stock Exchange, was offline for about seven hours, meaning that their 5-nines SLAs are shot for approximately the next 100 years. The TradElect system was launched back in June of 2007 and was designed for increased speed and system capacity."
“We can, therefore we must” In particular, how do cameras make us safer?
http://www.pogowasright.org/article.php?story=20080908163216843
NYCLU Sues Over NYPD Surveillance Plan
Monday, September 08 2008 @ 04:32 PM EDT Contributed by: PrivacyNews
The New York Civil Liberties Union wants police to disclose more details about a plan to use 3,000 surveillance cameras to help secure lower Manhattan against terror attacks, saying it could threaten the privacy of millions of law-abiding New Yorkers.
In a lawsuit filed Monday in state Supreme Court, the NYCLU claimed the New York Police Department has moved forward with the plan -- expected to cost tens of millions of dollars -- without explaining how it will use and store images and data captured by the closed-circuit cameras, license-plate readers and other high-tech security devices.
Source - MyFOXNY
[From the article:
The department already has turned over 91 pages of material about the so-called Lower Manhattan Security Initiative. But the NYCLU said the documents were redacted, and that more information should be disclosed.
The NYPD "must have hundreds if not thousands of documents that would be responsive to the NYCLU's request," the suit says.
Police spokesman Paul Browne said the NYPD had provided everything it could, "short of a road map terrorists could use for another attack." [How could terrorists use this information to plan an attack? Bob]
... Police officials say photos and license plate numbers would be cross-checked with information about potential terror suspects and suspicious vehicles. They insist data deemed innocent [Is the word “presumed?” Bob] would be purged from police records after 30 days.
Related? I hope not... (Fun hack though...)
http://www.killerstartups.com/Web-App-Tools/gotomycamera-com-store-your-surveillance-video
GoToMyCamera.com - Store Your Surveillance Video
If you’re having trouble dealing with the massive amounts of video your security cameras are storing, take a look at Gotomycamera.com. This service will allow you to store your network cameras’ videos online, so you can go back and analyze it later. Don’t worry, since the system only works with Axis Network cameras, only relevant video will be stored. Those cameras are motion-activated, so unless there’s some movement in the space you’re filming, the cameras won’t be filming. Once you hire the service, you’ll be given a username and password that will allow you to access your videos from anywhere in the world. All of these features will make it possible for you to keep track of your employees and avoid unwanted break ins. In short, if you’re looking for a way to keep better track of surveillance video and get rid of the storage problem, you should consider giving this service a try.
Related? (Connexe?)
http://www.pogowasright.org/article.php?story=20080909054138527
The French Battle Those Spying Bastards
Tuesday, September 09 2008 @ 05:41 AM EDT Contributed by: PrivacyNews
The French are finally in open rebellion against Napoleon's secret police, and don't want all the information collected by these snoops to be computerized and made available to a large number of civil servants. Not so much of a problem with the police having access. Government officials can't understand this,[and that's a surprize? Bob] as it is common knowledge (just check any American, or European, TV crime drama) that the police can quickly access all you phone, credit card and other electronic records when they have too. The bureaucrats don't understand that what upsets a lot of French citizens is all those civil servants nosing around there when they don't have to. The French will tolerate government snooping, but only up to a point, and apparently that point has been reached.
Source - Strategy Page
I suppose this was inevitable...
http://hardware.slashdot.org/article.pl?sid=08/09/08/1447234&from=rss
The Cyber Crime Hall of Fame
Posted by CmdrTaco on Monday September 08, @11:26AM from the do-they-get-cool-bronze-statues dept. Hardware Hacking
DigitalDame2 writes
"Not all hackers are bad guys, but a few fall prey to the dark side and use their talents for evil — not good. In compiling this list of the craziest cyber crimes, PC Mag looked for a few things: ingenuity (had it been done before?), scope (how many computers, agencies, companies, sites, etc. did it affect?), cost (how much in monetary damages did it cause?), and historical significance (did it start a new trend?). Read on about famous hackers John Draper, Robert Morris, Kevin Poulsen, and others."
Not the first case – an earlier decision said “you don't”
http://www.pogowasright.org/article.php?story=2008090905112913
Canton: Who owns your Facebook friends?
Tuesday, September 09 2008 @ 05:11 AM EDT Contributed by: PrivacyNews
A U.K. court recently ordered an ex-employee of a recruitment firm to disclose details of his profile, business contacts and e-mails at his social networking site, LinkedIn, to his former employer.
So who owns those contacts -- the employee or the employer?
LinkedIn is a social networking site used to maintain contacts, and exchange information, ideas and opportunities. One of its functions is to network for jobs and marketing one's services. The ex-employee had invited his employer's customers to join his network at LinkedIn while he was still in their employ. The employer claimed those contacts belonged to them.
Source - David Canton, in CANOE Technology
[From the article:
The decision shows the tension between employees being encouraged by their employers to use social networking websites, but at the same time trying to keep the contacts confidential at the end of their employment.
... The real legal issue is not ownership, but whether the employer is entitled to the contact list, and whether the ex-employee is restricted in any way from using that information.
The starting point is that customer lists are the employer's property, and employees and former employees should use those for their employer's purposes, not personal gain.
... It would be an easier decision to make if all the contact information was stored on a company-owned or -controlled system. [Another Cloud computing issue? Bob]
I must be missing something.
http://www.pogowasright.org/article.php?story=20080909051724519
Google shortens IP address retention on server logs to nine months
Tuesday, September 09 2008 @ 05:17 AM EDT Contributed by: PrivacyNews
Google has revealed plans to anonymise IP addresses on its server logs after nine months from the previous 18-month retention policy.
The search giant – which regularly comes in from scrutiny from privacy advocates over its access to knowledge of user activity – said it is taking the step to address regulatory concerns and improve privacy for users.
Source - Silicon Republic
[From the article:
The search giant – which regularly comes in from scrutiny from privacy advocates over its access to knowledge of user activity – said it is taking the step to address regulatory concerns and improve privacy for users.
Interesting stats. When will we hit the global “One record per person” mark?
530M records exposed, and counting
By Jay Cline
September 8, 2008 (Computerworld) By my count, over half a billion records of personal information have been exposed or mishandled in the past eight years. And these are only from breaches where a record count has been publicly revealed.
... There are a number of Web sites where you can find information about data breaches, including Computerworld's privacy page, Attrition.org, the Identity Theft Resource Center, blogs, government agencies and privacy newsletters such as the International Association of Privacy Professionals' "Daily Dashboard".
... The biggest line item we found was hackers, at 20% of all breaches. For their part, dishonest insiders garnered 3% of the blame. It's possible that a good number of the stolen laptops (19%) and other computers (8%) were taken by employees, but the cases we reviewed appeared mostly to be random criminal acts.
... A whopping 11% of publicized breaches were the result of an errors traceable to vendors. [Considering that most companies are moving into the “Cloud,” contracts with vendors need some serious attention. Bob]
... And what about industry sector? Some of the more infamous breaches — such as CardSystems, ChoicePoint and TJX — may have given the impression that the privacy breach phenomenon is all about credit card number acquisition from private-sector companies.
But in terms of sheer number of breaches, government agencies (23%) and schools (23%) topped the charts. Health care (14%), finance (13%) and retail (6%) companies followed.
How “intelligence” is supposed to work
http://www.bespacific.com/mt/archives/019266.html
September 08, 2008
U.S. Army Field Manual Section on Knowledge Management
Via Secrecy News: Knowledge Management Section, U.S. Army Field Manual 6-01.1, August 29, 2008
"This manual provides doctrine for the organization and operations of the knowledge management (KM) section. It establishes the doctrinal principles, tactics, techniques, and procedures necessary to effectively integrate KM into the operations of brigades, divisions, and corps."
I love a challenge!
http://hardware.slashdot.org/article.pl?sid=08/09/08/1710237&from=rss
World's First "Unclonable" RFID Chip
Posted by ScuttleMonkey on Monday September 08, @02:04PM from the until-they-make-a-better-cloner dept.
An anonymous reader writes to tell us that a new RFID chip from Verayo claims to be unclonable through the use of the new Physical Unclonable Functions (PUF), sort of an electronic DNA for silicon chips.
"Basic passive RFID chips can be easily cloned by copying the data residing on one chip to another. Verayo's PUF-based RFID chips cannot be cloned, and provide a very strong and robust authentication mechanism. No other chip or device can be disguised as the original chip, even if the data is copied from one Verayo RFID chip to another."
On November 5th, you'll be able to say “I told you so, Presdident Schwarzenegger”
http://politics.slashdot.org/article.pl?sid=08/09/09/0123249&from=rss
Black Box Voting 2008 Election Protection Toolkit
Posted by kdawson on Tuesday September 09, @08:12AM from the making-a-difference dept. Government United States Politics
Gottesser writes
"Bev Harris over at Black Box Voting has done everyone a favor and released her 2008 Election Protection toolkit as an ebook. It's like Cliff notes of Bev's 8+ years of experience on the front lines of the modern voting rights movement. The ebook presents succinct information to get individuals actively involved in the full-contact sport that is democracy. The target audience is those who believe that the political process requires more than just showing up to vote once every four years those who know that something's up with those voting machines. You may remember Bev Harris from her Emmy-nominated HBO documentary 'Hacking Democracy.' I've been working on election integrity issues in Ohio for some time now and have met Bev several times. Her work is nothing less than groundbreaking. Please check it out."
Instant collector's item? (for hackers)
http://hardware.slashdot.org/article.pl?sid=08/09/08/2246203&from=rss
Hacking Esquire's E-ink Cover
Posted by kdawson on Monday September 08, @07:50PM from the be-one-of-the-hundred-thousand dept. Hardware Hacking Displays Hardware
ptorrone writes
"I picked up the Esquire E-inked cover today and took a bunch of high res photos, for the makers out there. It has a programming header, 5-pin ISP, a Microchip PIC 12f629 which is flash programmable, 8 pin, 6 lithium coin cell CR2016s, 3 volts each. Two E-ink screens with flex connections — looks like it was made to be reprogrammed and different screens. The top screen has 11 segments, the bottom has 3. It was designed 2008-06-04. The PCB was made by Forewin, half thickness, 2 layer board (FR4). I think someone out there will likely reflash the PIC and make the segments go on / off at different times and perhaps put other displays on it, there's a little bit of hacking to be had but not that much really."
No comments:
Post a Comment