Wednesday, October 22, 2008

The classic questions. How much do you reveal and when do you reveal it?

http://www.pogowasright.org/article.php?story=20081022052007412

Coral Springs breach affected over 12,000 (update)

Wednesday, October 22 2008 @ 05:20 AM EDT Contributed by: PrivacyNews

If we've said it once, we've said it thousands of times: it would probably be better for entities to provide fuller disclosure in their initial notifications rather than to let stories dribble out. [Amen! Bob]

When the City of Coral Springs recently notified the New Hampshire Attorney General's Office of a breach last month, they did not reveal the data service provider involved nor the total number of individuals affected. , Wisconsin's Office of Privacy Protection sheds some additional light on the breach, however.

According to the state's web site, they were notified on September 18 by ChoicePoint about the breach involving the Coral Gables City Attorney’s office in Florida. The City Attorney’s office has access to ChoicePoint’s AutoTrack product, which provides full SSNs for investigatory purposes. As reported previously, the city had discovered that one of its IDs and passwords to access the database had been compromised, affecting 57 residents of New Hampshire.

According to Wisconsin's report, 77 Wisconsin residents were among a total of 12,120 consumers affected.

Although neither the notification letters posted by NH or WI offer free credit monitoring, Wisconsin's site says "Those affected should have received a letter offering credit monitoring services for one year free." Consumers who have been affected by this incident may wish to call Coral Spring's consumer hot-line at their toll-free number, 866-315-4215, to inquire.



This is for the students who thought I was nuts to claim this was a trend to watch. (Now all I need do is find some way to convince the other 99% than I'm not nuts.)

http://news.cnet.com/8301-13556_3-10072405-61.html?part=rss&subj=news&tag=2547-1_3-0-5

When corporate clients go personal

Posted by Gordon Haff October 22, 2008 6:00 AM PDT

In most enterprises, PCs are what the accountants call a "corporate asset." The company buys them, loads software on them, sticks on a little asset tag, and lets employees use them as tools for their jobs.

... It would, of course, be silly to say all that history is now part of some dead past. However, we're starting to see a variety of intersecting changes that make it much more thinkable that IT shops could at least partially divest themselves of their PC supplier role. Instead, the idea is that employees would just use their own personal systems. There might be stipends; there might be negotiated bulk purchases that people would have the option of hooking into. IT would still be on the hook for at least corporate application support. But, whatever the details, it would be a very different way of thinking about PCs.

[After they stopped laughing, my security students were able to develop a plan to ensure security. Bob]



For the Computer Forensics students?

http://www.pogowasright.org/article.php?story=20081022054104251

A team effort against ID theft

Wednesday, October 22 2008 @ 05:41 AM EDT Contributed by: PrivacyNews

The U.S. Secret Service and U.S. Marshals Service have joined a consortium of academic institutions and corporate entities to combat identity theft and other identity management problems.

The Center for Applied Identity Management Research (CAIMR) will focus on researching real-world security problems, providing practical solutions and best-practice recommendations. CAIMR is composed of a cross section of experts in various fields, ranging from biometrics and financial crime to cyberdefense and homeland security.

Source - GCN



Lawyers and technology OR Automating screw-ups!

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=328174

Frankly Speaking: No. 1 rule for users: Keep it simple

Frank Hayes

October 20, 2008 (Computerworld) In November, a federal judge in New York will decide whether to fix a user's spreadsheet error. Does that sound like overkill? Well, the judge is in charge of the biggest bankruptcy in U.S. history, and the spreadsheet lists hundreds of assets involved in that bankruptcy.

Now does it sound more like a federal case?

Here's what happened: On Sept. 15, giant investment bank Lehman Brothers collapsed into bankruptcy. Three days later, lawyers for Barclays Capital were furiously working to finish up an agreement to purchase some of Lehman's assets in time to meet a bankruptcy court deadline.

Those assets -- contracts that were worth money to Lehman -- were listed in a spreadsheet. One of the spreadsheet's columns indicated whether Barclays wanted the assets with a "Y" for yes and "N" for no.

A Lehman exec sent the spreadsheet to Barclays' law firm barely four hours before the deadline. But it had to be converted from Excel to a PDF to be submitted to the court. An associate lawyer glanced at the spreadsheet, saw nothing but Y's in the "Do we want it?" column, and sent it to a law clerk with instructions to cut out certain columns and turn it into a PDF.

You can see what's coming, can't you?

The clerk cut out the columns, then saw that some of the rows were formatted oddly. He reformatted the spreadsheet into nice, even rows and converted the result to a PDF, then sent it back to the associate, who posted the file without even looking at it.

No one noticed that the new version was 179 rows longer than the original. In fact, 20% of the items in the spreadsheet -- the ones with an "N" -- had been hidden automatically using an Excel function. When the clerk cut out the "Do we want it?" column, they reappeared.

Oops.

The Lehman-Barclays deal closed on Sept. 22. The mistake wasn't discovered until Oct. 1, nine days later. Now Barclays is hoping the court will let it off the hook for millions of dollars in assets it never intended to buy.



Tools & Techniques Could be useful for indexing video depositions, for example.

http://news.cnet.com/8301-17939_109-10069806-2.html?part=rss&subj=news&tag=2547-1_3-0-5

New media player searches for spoken words in videos

Posted by Rafe Needleman October 22, 2008 5:00 AM PDT

EveryZing, a media indexing company, is launching its own media player that lets people search for spoken words within videos.

The player's secret power is that it also indexes YouTube videos, giving a publisher who embeds YouTube content more functionality than YouTube itself provides.

The new video player, called MetaPlayer, uses technology the company already has in the market in its EasySearch and EasySEO products.



Statistics or a pat on the back?

http://blog.wired.com/27bstroke6/2008/10/us-identity-the.html

U.S. Identity Theft Convictions Increase 26 Percent, Feds Say

By David Kravets EmailOctober 21, 2008 | 2:44:13 PM

... The 70-page document (.pdf) also includes 31 recommendations to combat identity theft. The recommendations state the obvious, but are important nonetheless. Among them, the task force wants to see a reduction in the use of Social Security numbers in the public and private sectors, more law enforcement training and better cooperation between the states and with other nations.


More quotable stats Even a possible “We don't know” statistic.

http://www.pogowasright.org/article.php?story=20081021074242372

AU: Data breach hits 80% of local companies: survey

Tuesday, October 21 2008 @ 07:42 AM EDT Contributed by: PrivacyNews

ALMOST 80 per cent of local organisations have experienced a data breach in the past five years, with a further 40 per cent reporting between six and 20 known breaches during the period, according to Symantec's first Australian data loss survey.

As well, 59 per cent of businesses surveyed suspected they had suffered undetected data breaches, but were unable to identify what information had left the organisation, or how.

Source - Australian IT


Stats I probably won't quote. Are they so bad, a politician would hesitate? Nothing is that bad!

http://www.pogowasright.org/article.php?story=20081022072716919

1-in-10 Canadians hit by Web ID theft

Wednesday, October 22 2008 @ 07:27 AM EDT Contributed by: PrivacyNews

About 10 percent of Canadians who shop online report being victims of identity theft, a survey published Wednesday said.

The Canadian Anti-Fraud Call Center, which is operated by the Royal Canadian Mounted Police, says Canadians this year have reported 8,048 cases of identity theft, with $7.3 million in losses, the Canwest News Service reported.

Source - UPI



Strange how we see FBI in headlines along side celebrates or big name politicians, but never with us second class people. Is there really a different set of rules for people who make the cover of the tabloids?

http://blog.wired.com/27bstroke6/2008/10/miley-cyrus-hac.html

Miley Cyrus Hacker Raided by FBI

By Kim Zetter EmailOctober 20, 2008 | 11:59:02 PM

A 19-year-old hacker who published provocative photos of teen queen Miley Cyrus earlier this year was raided by the FBI Monday morning in Murfreesboro, Tennessee.

The hacker, Josh Holly, repeatedly bragged online about breaking into the Disney star's e-mail account and stealing her photos. He also gave interviews to bloggers and others and boasted that authorities would never find him because he moved so often. [Last month, Holly contacted Threat Level seeking to have an article written about him here.]



Because I have more than a passing interest in Economics.

http://yro.slashdot.org/article.pl?sid=08/10/21/1855210&from=rss

Learning To Profit From Piracy

Posted by kdawson on Tuesday October 21, @04:43PM from the pointing-out-a-market-failure dept.

I Don't Believe in Imaginary Property writes

"Wired has an interview with Matt Mason, author of The Pirate's Dilemma: How Youth Culture Is Reinventing Capitalism, which discusses how businesses could make money off of piracy, rather than attacking people in a futile attempt to suppress it. And some of his ideas are gaining traction; work is underway on a TV show called Pirate TV, which he describes as 'two parts Anthony Bourdain, one part Mythbusters.' (Heroes executive producer Jesse Alexander is on board.) Also, Mason is pretty good about practicing what he preaches in that you can pirate his book on his own website."



New Jersey will be the first state to go to Ron Paul!

http://news.slashdot.org/article.pl?sid=08/10/21/2036246&from=rss

Damning Report On Sequoia E-Voting Machine Security

Posted by kdawson on Tuesday October 21, @06:15PM from the worse-than-you-thought dept.

TechDirt notes the publication of the New Jersey voting machine study, the attempted suppression of which we have been discussing for a while now. The paper that the Princeton and Lehigh University researchers are releasing, as permitted by the Court, is "the same as the Court's redacted version, but with a few introductory paragraphs about the court case, Gusciora v. Corzine." What's new is the release of a 90-minute evidentiary video — the researchers have asked the court for permission to release a shorter version that hits the high points, as the high-res video is about 1 GB in size. See TechDirt's article for the report's executive summary listing eight ways the AVC Advantage 9.00 voting machine can be subverted.



It's good to see that someone is still thinking of the future... Go India!

http://science.slashdot.org/article.pl?sid=08/10/22/1217227&from=rss

Indian Moon Mission Launched

Posted by CmdrTaco on Wednesday October 22, @08:46AM from the to-the-moon-alice dept. Moon Space Science

hackerdownunder writes

"India's maiden lunar mission (Chandrayaan-1) got off to a flying start today. Describing the launch as "perfect and precise", the chairman of the Indian Space Research Organization (ISRO), G Madhavan Nair, said that it would be 14 days before the satellite would enter into lunar orbit. Chandrayaan carries eleven payloads, five designed and developed in India, three from European Space Agency, one from Bulgaria and two from NASA."



Dear Student, Thank you for the email explaining how the dog ate your (homework/thumbdrive/car keys/baby sister)...

http://news.cnet.com/8301-17939_109-10072457-2.html

GMail gets auto-replies

Posted by Rafe Needleman October 21, 2008 7:54 PM PDT

This is probably more useful than GMail's last experimental new feature (Mail Goggles): Canned responses (see Official GMail blog). You can now save a reply you're writing as a "canned response" and then quickly select one of these responses when you're replying to a future e-mail.

No comments: