Saturday, October 18, 2008

I wonder if any other corporate asset gets “lost” as frequently as backup tapes? Perhaps in ancient times, cash was “lost” in transit, but we went to electronic funds transfer and that rarely happens today. Perhaps electronic transfer of backup data would solve this problem?

http://www.pogowasright.org/article.php?story=2008101720462698

Lost backup tape contains Regal Entertainment Group personal data

Friday, October 17 2008 @ 08:46 PM EDT Contributed by: PrivacyNews

On September 17, ID Experts notified the New Hampshire Attorney General's Office that a backup tape belonging to Regal Entertainment Group that contained personal data was lost on August 29, 2008.

In its notification to those affected, the company writes:

We recently learned that individual employees violated established procedures during a routine exercise and lost some supplier's and other individual's data which was contained on a system backup tape. Our investigation indicates that some of your personal information, including your Social Security number, name, and address may have been included in the lost backup tape. However, it is important to note that absolutely no customer or guest data was exposed.

The bulk of the notification to the state and those affected outlines the free services Regal is offering those affected and what people can do to protect themselves after the fact, but apart from indicating that 120 NH residents were affected, their disclosure does not indicate how many individuals were affected total and whether the data on the backup tape were encrypted. Nor do they explain how the employees violated procedure.



Breach Blog makes a few good points...

http://breachblog.com/2008/10/17/indianapoliscity.aspx?ref=rss

More than 3000 affected by Indy.gov 11 day exposure

Posted by Evan Francen at 10/17/2008 1:07 PM

... inadvertently posted on the indygov.org Web site on Sept. 29 during a site upgrade

[Evan] This is a good reason why we use change control and a good reason why an integral part of change control is information security involvement. On the surface, a web site upgrade may seem innocent enough, but the risk can be enormous. Everything accessible (on purpose or on accident) on or through a web site is public. Be very careful that ONLY public information is accessible and test the dickens out of it.

The mistake wasn't discovered until Oct. 9, when the file was immediately removed

[Evan] It is not clear how the file was discovered or by whom

... "This is an unfortunate example of human error; however, once we discovered that personal information was posted, ISA took aggressive action to correct the problem, to notify the affected individuals and to prevent this type of disclosure from happening again," said Kevin Ortell, interim chief information officer for ISA.

[Evan] I think this is bigger than a simple "human error". I'm guessing its more like business process error that left the door open to human error.



This takes virtual business to a new level!

http://blog.wired.com/27bstroke6/2008/10/fed-blotter-ind.html

Fed Blotter: Alleged Hackers Charged With Highway Robbery, Literally

By Kevin Poulsen EmailOctober 17, 2008 | 4:43:45 PM

In this week's Fed Blotter, Nicholas Lakes and Viachelav Berkovich are charged with computer fraud for a man-in-the-middle attack that allegedly let them run a profitable trucking company without the hassle of driving a truck.

For over three years the Russian immigrants repeatedly hacked a Department of Transportation website called Safersys.org, which maintains a list of licensed interstate trucking companies and brokers, according to an affidavit (.pdf) filed by a department investigator. There, the pair would temporarily change the contact information for a legitimate trucking company to an address and phone number under their control.

The men then took to the web-based "load boards" where brokers advertise cargo in need of transportation. They'd negotiate a deal, for example, to transport cargo from American Canyon, California, to Jessup, Maryland, for $3,500.

But instead of transporting the load, Lakes and Berkovich would outsource the job to another trucking company, the feds say, posing as the legitimate company whose identity they'd hijacked. Once the cargo was delivered, the men allegedly invoiced their customer and pocketed the funds. But when the company that actually drove the truck tried to get paid, they'd eventually discover that the firm who'd supposedly hired them didn't know anything about it.

The men allegedly pulled in nearly $500,000 in the scheme before Smokey caught up with them. They're charged (.pdf) with computer, mail and wire fraud in a federal indictment in Los Angeles.



This could be useful for my students and for the school

http://www.killerstartups.com/Web-App-Tools/stellarsurvey-com-online-survey-software-tool

StellarSurvey.com - Online Survey Software Tool

http://www.stellarsurvey.com

This company provides tools for creating surveys of very different denomination, and there are different plans to choose from. The features of these are described in the section that goes by the corresponding name. Basically, free surveys come with multi-lingual support (which means that every element at play can be set in the language the user chooses), and a track response feature (useful for seeing exactly who answered the survey and how).

Extra features that are part of the different plans available include tools for filtering results and image upload as answer choices, along with a bigger degree of customization. For instance, the user can brand surveys by including its own logo, and create custom themes that can also be saved and used later on.

You can find more about the features of each specific plan along with pricing information by setting your browser to StellarSurvey.com. The site also features sample surveys that are illustrative of the services on offer and how they can make for reaching an immediate public in an effective way.



I looked, but the don't have PERL...

http://www.killerstartups.com/Web20/lingorilla-com-video-community-for-learning-languages

Lingorilla.com - Video Community For Learning Languages

http://www.lingorilla.com

Self-dubbed as “the first global video community for learning languages”, Lingorilla stands as a useful resource that takes full advantage of the latest technological developments that the Internet has brought along.

The approach of the site is very commendable, because (as any linguist can tell you) the one and true manner of picking up a language is actually living in the country where it is spoken. To a certain extent, what Lingorilla does is to bring the country to you by providing a live sampler of how is the language spoken. And it is not only a matter of pronunciation – facial gestures and expressions are also an intrinsic part of any language, and through Lingorilla you will have access to that.

Further resources include quizzes for testing your progress, and learning documents that can be consulted whenever you wish. Flashcards for expanding your vocabulary are likewise featured.

The site also has a social network flavor to it since you can make friends from all over the globe, and join in the existing language groups. It is also possible for you to create a group of your own. [COBOL anyone? Bob]



Geeky Stuff

http://tech.slashdot.org/article.pl?sid=08/10/17/1848258&from=rss

BSDanywhere Announces First Release

Posted by ScuttleMonkey on Friday October 17, @04:05PM from the anywhere-that-has-an-optical-drive-that-is dept. Operating Systems BSD

The call of ktulu writes

"Good things come to those who wait. After eight months of work the relatively new project BSDanywhere has announced its first final release 4.3. BSDanywhere is a bootable Live-CD image based on OpenBSD. It consists of the entire OpenBSD base system (without compiler) plus enlightenment desktop, an unrepresentative collection of software, automatic hardware detection and support for many graphics cards, sound cards, SCSI and USB devices as well as other peripherals. Give it a spin."


Also geeky

http://tech.slashdot.org/article.pl?sid=08/10/17/1552248&from=rss

Mainframe OpenSolaris Now Available

Posted by ScuttleMonkey on Friday October 17, @12:27PM from the better-late-than-never dept. Sun Microsystems IBM Operating Systems

BBCWatcher writes

"When Sun released Solaris to the open source community in the form of OpenSolaris, would anyone have guessed that it would soon wind up running on IBM System z mainframes? Amazingly, that milestone has now been achieved. Sine Nomine Associates is making its first release of OpenSolaris for System z available for free and public download. Source code is also available. OpenSolaris for System z requires a System z9 or z10 mainframe and z/VM, the hypervisor that's nearly universal to mainframe Linux installations. (The free, limited term z/VM Evaluation Edition is available for z10 machines.) Like Linux, OpenSolaris will run on reduced price IFL processors."



Interesting. I'll put even more emphasis on CSS in my website class

http://developers.slashdot.org/article.pl?sid=08/10/18/0222234&from=rss

Opera Develops Search Engine For Web Developers

Posted by Soulskill on Saturday October 18, @02:06AM from the web-devs-need-love-too dept. The Internet

nk497 writes

"The Metadata Analysis and Mining Application (MAMA) doesn't index content like a standard search engine, but looks at markup, style, scripting and the technology behind pages. Based on those existing MAMA-ed pages, 80.4 per cent of sites use cascading style sheets (CSS), while the average web page has 47 markup errors and 16,400 characters. Should you want to know which country is using the AJAX component XMLHttpRequest the most, MAMA can tell you that it's Norway, with 10.2 per cent of the data set."

No comments: