http://www.pogowasright.org/article.php?story=20081126053111655
Who's been reading my cell-phone records?
Wednesday, November 26 2008 @ 05:31 AM EST Contributed by: PrivacyNews
If Verizon Wireless employees could snoop into then-U.S. Senator Barack Obama's cell-phone records, as the carrier acknowledged last week, then mobile subscribers may worry how well protected they are. They should, according to some industry analysts and privacy lawyers.
Source - Computerworld
[From the article:
Information that is saved by mobile operators -- and that might be available to unauthorized or unscrupulous employees -- includes whom you talked to, when you called them or they called you, and for how long you talked, as well as text messages and voicemail, according to Ari Schwartz, vice president and chief operating officer of the Center for Democracy and Technology (CDT).
... The information can also include your locations when you started and ended the call, as determined by cell towers or other techniques, CDT Senior Counsel John Morris said.
Related A new definition of “Oops?”
http://www.pogowasright.org/article.php?story=20081125102825544
Pharmacy Extortionists Take on CIA, DoD, FBI, NSA
Tuesday, November 25 2008 @ 10:28 AM EST Contributed by: PrivacyNews
Over on the Security Fix blog, Brian Krebs suggests that the Express Scripts extortionists may have bitten off more than they can chew because "among the company's biggest customers is the federal government, and specifically almost every federal law enforcement, military and intelligence agency in the country."
A list of entities that have reported that they are clients and/or have notified their employees are listed here.
I expect this to become common as reaction to Identity Theft builds.
http://breachblog.com/2008/11/25/bnyupdate.aspx?ref=rss
IMPORTANT NOTICE TO ALL READERS OF THE BREACH BLOG
UPDATE: The Bank of New York Mellon Corporation Data Breaches
On July 2, 2008, a class action lawsuit was filed against Bank of New York Mellon (BNY Mellon) for this year's earlier loss of unencrypted backup storage tapes containing the personal information of approximately 12.5 million individuals.
The case is progressing but BNY Mellon contends that it has no reason to believe that the "lost" personal information has been improperly misused as a result of this incident. If you have experienced any fraud or identity theft at any time after BNY claims to have "lost" these data tapes in February of 2008 please contact Chimicles & Tikellis LLP, one of the law firms that filed suit against BNY Mellon for the data breaches, as soon as possible.
Apparently we'll some real details on this case. Should be a fun (geeky) read.
http://blog.wired.com/27bstroke6/2008/11/proof-porn-pop.html
Proof: Porn Pop-Up Teacher is Innocent, Despite Misdemeanor Plea
By Ryan Singel EmailNovember 24, 2008 | 8:22:01 PM
... if a soon-to-be released forensic report (.pdf) about her hard drive is accurate, Amero's guilty plea is hardly justice -- since the school computer had adware, the anti-virus software on the computer had been discontinued, and the technical testimony at her trial was amateurish and flawed.
http://developers.slashdot.org/article.pl?sid=08/11/25/2320236&from=rss
Searching DNA For Relatives Raises Concerns
Posted by kdawson on Tuesday November 25, @06:37PM from the database-creep dept.
An anonymous reader calls our attention to California's familial searching policy, which looks for genetic ties between culprits and kin. The technique has come to the fore in the last few years, after a Colorado prosecuter pushed the FBI to relax its rules on cross-state searches.
"Los Angeles Police Department investigators want to search the state's DNA database again — not for exact matches but for any profiles similar enough to belong to a parent or sibling. The hope is that one of those family members might lead detectives to the killer. This strategy, pioneered in Britain, [Law enforcement will adopt any technique invented anywhere. Perhaps even suggesting other countries with less stringent laws try it first. Then they can say: “It works in the UK!” Bob] is poised to become an important crime-fighting tool in the United States. The Los Angeles case will mark the first major use of California's newly approved familial searching policy, the most far-reaching in the nation."
Beware of warnings to beware!
http://news.cnet.com/8301-1009_3-10108529-83.html?part=rss&subj=news&tag=2547-1_3-0-5
Gmail 'vulnerability' turns out to be phishing scam
Posted by Steven Musil November 25, 2008 6:05 PM PST
Reports that a purported Gmail vulnerability was being used by unauthorized third parties to hijack domains turned out to be nothing more than a phishing scam, Google announced Tuesday.
The alleged vulnerability reportedly allowed an attacker to set up filters on users' e-mail accounts without their knowledge, according to a proof of concept posted Sunday at the blog Geek Condition. In the post, Geek Condition's "Brandon" wrote that the vulnerability had caused some people to lose their domain names registered through GoDaddy.com.
However, after consulting with those who claimed to be affected by the so-called vulnerability, Google determined that they were victims of a phishing scam, Google information security engineer Chris Evans explained in a blog:
Attackers sent customized e-mails encouraging Web domain owners to visit fraudulent Web sites such as "google-hosts.com" that they set up purely to harvest usernames and passwords. These fake sites had no affiliation with Google, and the ones we've seen are now offline. Once attackers gained the user credentials, they were free to modify the affected accounts as they desired.
Another “Privacy guideline”
http://www.pogowasright.org/article.php?story=20081126052622533
UK: Adopt privacy friendly solutions says ICO
Wednesday, November 26 2008 @ 05:26 AM EST Contributed by: PrivacyNews
The Information Commissioner’s Office (ICO) is publishing a new report today urging organisations to take simple steps to improve organisational and technological measures to better protect personal information. The privacy watchdog commissioned the report, Privacy by Design, to help organisations adopt new privacy by design techniques.
Privacy by Design is being launched at the ICO’s conference in Manchester on 26 November 2008. The report highlights the need to ensure privacy is considered properly by organisations and from the start when they are developing new information systems. Jonathan
Source - Information Commissioner's Office
Related - Privacy by Design [pdf] [Strange implementation (to me) of a PDF Bob]
The research can be downloaded at www.ico.gov.uk
For the Computer Forensics class. First, have a plan!
http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202426262016
Why Examination Protocols Are Problematic
By Craig Ball Law Technology News November 25, 2008
... Courts impose examination protocols to limit the intrusiveness, scope and conduct of the work and establish who can see the outcome. It takes technical expertise to design a good protocol. Without it, you get protocols that are forensic examinations in name only, impose needless costs and cumbersome obligations or simply elide over what the examiner is expected to do.
Related He likes it... I think.
Trial Lawyers Turn a Blind Eye to the True Cause of the e-Discovery Morass
A distinguished group of trial lawyers recently completed a study on litigation which concluded that the main problem with the U.S. legal system today is e-discovery. Interim Report & 2008 Litigation Survey. Not too unexpectedly, they placed the blame squarely on poor rules, bad law, and judges. They overlook their own role in the problem. The report does not even acknowledge lawyer incompetence with technology as one of causes of the morass. Like the profession as a whole, including most law schools, they are blinded by their own shadow. They have not yet realized the insights of Walt Kelly who said in Pogo: “We have met the enemy and he is us.”
I agree with the eminent trial lawyers and academics that conducted this study that our rules and law need reform, and our judges need to do a better job. But, in my opinion, the fundamental cause of the e-discovery problem is the failure of the legal profession, especially the trial bar, to keep up with the rapid changes in technology. That is why new rules and legislation alone will never fix the problem. Such reforms must be coupled with an aggressive attorney education program that starts in law school. Some law firms today are starting to awaken to this problem and set up internal training programs. So too are a few law schools. But the vast majority of our profession still refuses to own-up to the competency issue. They either ignore the problem of e-discovery all-together, like most academics, or they acknowledge the problem, like this report does, then blame anyone other than themselves.
Interim Report & 2008 Litigation Survey
This interim report, aside from its competency shadow-blindness, is excellent and well written. It is a joint project of the American College of Trial Lawyers task force on discovery and the Institute for the Advancement of the American Legal System, a group based out of the University of Denver. I applaud these groups for recognizing the problem and trying to do something about it. There insights go well beyond e-discovery and I recommend a full reading.
Another for the Forensic Class
http://tech.slashdot.org/article.pl?sid=08/11/26/0424250&from=rss
Sending Secret Messages Via Google's SearchWiki
Posted by kdawson on Wednesday November 26, @12:23AM from the your-mission-should-you-choose-to-accept-it dept.
We discussed the advent of Google's SearchWiki when it was introduced a few days back. Now Lauren Weinstein offers a thought experiment in transmitting coded messages using SearchWiki, with a working example encoded into the results of this Google search.
Yet another Forensics article
http://news.cnet.com/8301-1023_3-10108293-93.html?part=rss&subj=news&tag=2547-1_3-0-5
How online gamblers unmasked cheaters
Posted by CBS Interactive staff November 26, 2008 5:00 AM PST
A collaboration by two news organizations reveals how online poker players suspecting cheating were forced to successfully ferret out the cheaters themselves. That's because managers of the mostly unregulated $18 billion Internet gambling industry failed to respond to their complaints.
See? Even old dogs can learn new tricks...
http://slashdot.org/article.pl?sid=08/11/26/012230&from=rss
At Atlantic Records, Digital Sales Surpass CDs
Posted by kdawson on Tuesday November 25, @10:20PM from the trading-analog-dollars-for-digital-pennies dept.
The NYTimes reports that Atlantic is the first major label to report getting a majority of its revenue from digital sales, not CDs. Analysts say that Atlantic is out in front — the industry as a whole isn't expected to hit the 50% mark until 2011. By 2013, music industry revenues will be 37% down from their 1999 levels (when Napster arrived on the scene), according to Forrester.
"'It's not at all clear that digital economics can make up for the drop in physical,' said John Rose, a former executive at EMI... Instead, the music industry is now hoping to find growth from a variety of other revenue streams it has not always had access to, like concert ticket sales and merchandise from artist tours. ... In virtually all... corners of the media world, executives are fighting to hold onto as much of their old business as possible while transitioning to digital — a difficult process that NBC Universal's chief executive... has described as 'trading analog dollars for digital pennies.'"
Geeky? Perhaps, but it could be useful as well.
http://news.cnet.com/8301-17939_109-10108201-2.html?part=rss&subj=news&tag=2547-1_3-0-5
Tarpipe begins to tackle personal content overload
Posted by Rafe Needleman November 25, 2008 3:30 PM PST
Tarpipe is one of the most curious experiments in social media that I've seen lately. It takes personal content (e-mail messages, primarily) as input, and can shunt it to one or more desinations, transforming it in the process. For example, I created a Tarpipe e-mail address that will take a pictures I send it and posts it to Flickr, update Twitter with a link to the Flickr page, and put the picture and the Twitter URL in an Evernote record for me. All I have to do is send the e-mail.
Tarpipe looks a lot like Yahoo Pipes. They work in similar ways: Users drag service and function boxes around on the workspace and connect them with blue tubes to control the flow of data. But Yahoo is about taking inputs from several sources and then creating a universal RSS output. Tarpipe is more about directly updating personal content services like Twitter, Flickr, Friendfeed, Delicious, and Evernote, which Yahoo Pipes doesn't do.
The answers are interesting... But incomplete.
http://ask.slashdot.org/article.pl?sid=08/11/25/178242&from=rss
Arranging Electronic Access For Your Survivors?
Posted by timothy on Tuesday November 25, @12:20PM from the leave-a-note-on-the-fridge dept. Communications Technology
smee2 writes
"In the past, when a family member died, you could look through their files and address books to find all the people and businesses that should be notified that the person is deceased. Now the hard-copy address book is becoming a thing of the past. I keep some contact information in a spreadsheet, but I have many online friends that I only have contact with through web sites such as Flickr. My email accounts have many more people listed than my address book spreadsheet. I have no interest in collecting real world info from all my online contacts. The sites where I have social contact with people from around the world (obviously) require user names and passwords. Two questions: 1. How do you intend to let the executors of your estate or family members know which online sites/people you'd like them to notify of your demise? 2. How are you going to give access to the passwords, etc. needed to access those sites in a way that doesn't cause a security concern while you're still alive?"
It is common for TV News to put videos of crooks on the air, so this is a bit old fashioned, but still amusing...
Billboard surprise for burglar
Tuesday, November 25, 2008
Rule number one of burglary is 'don't get yourself photographed'. Probably coming in somewhere around rule number 437, meanwhile, is 'don't make an enemy of someone who owns billboards all around your city'.
No comments:
Post a Comment