Wednesday, November 12, 2008

Does this change Express Scripts liability?

http://www.pogowasright.org/article.php?story=2008111114275919

Express Scripts Reports New Threats Tied to Data Security Breach (update)

Tuesday, November 11 2008 @ 02:27 PM EST Contributed by: PrivacyNews

Express Scripts (Nasdaq:ESRX), one of the largest pharmacy benefit management companies in North America, announced today that a small number of its clients have received letters threatening to expose the personal information of its members. The threats are believed to be connected to an extortion threat the company made public last week.

The letters, which were received by Express Scripts' clients in the past few days, are similar in form to the one that Express Scripts said it received in early October from an unknown person or persons threatening to publicly expose millions of the company's members' records if an extortion threat was not met. That original letter included the personal data of 75 Express Scripts members. The company publicly disclosed the extortion threat last week and is notifying affected members.

Express Scripts said it immediately informed the FBI about the new threats. The company also said it was establishing a reward totaling $1 million for the person or persons who provide information resulting in the arrest and conviction of those responsible for these criminal acts. The company said anyone with information about the extortion threats should contact the FBI at 800-CALL-FBI.

Source - Press Release



Trends? Send your boyfriend nude photos? Rely on the Privacy digital technology makes possible? (Some suggest this is a deliberate act to void a contract or announce themselves ready for “big girl” roles, or just for the publicity.)

http://www.ecanadanow.com/news/entertainment/adrienne-bailon-falls-victim-to-an-extortion-plot-20081111.html

Adrienne Bailon Falls Victim To An Extortion Plot

New York (ECN) - Near the end of October, Adrienne Bailon became one of the three Disney stars to fall victim to an extortion plot.

While at JFK airport in New York, Adrienne had private pictures stolen from her personal laptop. Her computer was later returned to her record label for the reward of $1,000, but by then it was too late. All of her pictures had been removed from the hard drive and leaked to the internet.

... Adrienne claims that the pictures were an anniversary gift for her boyfriend, Robert Kardashian.

... Adrienne Bailon has also filed a lawsuit against the person responsible for exploiting her pictures and stealing her laptop computer. Unfortunately, she is unaware of the person's identity, and the lawsuit will not undo the damage that has been done to this star's reputation and private life.



Another large (and largely undetected?) phony bank card scam.

http://www.pogowasright.org/article.php?story=20081112055034909

Jp: Fake ATM cards used to steal 400 million yen

Wednesday, November 12 2008 @ 05:50 AM EST Contributed by: PrivacyNews

About 400 million yen in cash [$4,108,463.24 -- Dissent] has been illegally withdrawn from six banks using counterfeit ATM cards made with personal information leaked from another company since December 2006, according to police.

The banks in question are Okayama-based Chugoku Bank; Sapporo-based North Pacific Bank; Chiba Kogyo Bank; Shinjuku Ward, Tokyo-based Yachiyo Bank; Oita Bank and Wakayama-based Kiyo Bank.

Police suspect criminals are using a new counterfeiting technique to create the phony ATM cards used in these crimes.

The Metropolitan Police Department believes the cases in question were caused by a large counterfeit group, and plans to set up a joint investigative office with other police forces to conduct a full-fledged probe.

.... Until recently, many cases of ATM fraud were perpetrated using a technique called skimming. .... However, police found that most of the affected account holders were members of a program run by a Tokyo-based company that sells health food.

Source - Daily Yomiuri Online



Perhaps they should floss those servers more frequently?

http://www.pogowasright.org/article.php?story=20081112073444751

FL: Dental School Security Breach

Wednesday, November 12 2008 @ 07:34 AM EST Contributed by:PrivacyNews

University of Florida officials have notified about 330,000 current and former dental patients that an unauthorized intruder recently accessed a College of Dentistry computer server storing their personal information.

The breach was discovered October third while college information technology staff members were upgrading the server and found software had been installed on it remotely. It was just made public today.

Information stored on the server included names, addresses, birth dates, Social Security numbers and, in some cases, dental procedure information for patients dating back to 1990.

Source - AM850.com Related - University of Florida College of Dentistry breach support site



Is it logical to order impossible actions? Is that a basis for overturning a ruling? (Image of a Google search shows a notice of the filtering, but still return 2,240,000 “hits.” Who specifies the filtering criteria? Who will be checking them?)

http://news.cnet.com/8301-13578_3-10094597-38.html?part=rss&subj=news&tag=2547-1_3-0-5

Argentine judge: Google, Yahoo must censor searches

Posted by Stephanie Condon November 11, 2008 6:58 PM PST

... Both Yahoo and Google are locked in a legal battle with dozens of fashion models and other public figures like Maradona over whether the Internet companies should have to censor search results relating to those persons' names.

The result so far: since last year, Internet users have been left with abbreviated search results from Yahoo Argentina and Google Argentina, as a result of temporary restraining orders handed down by Argentine judges.

The restraining orders against Google and Yahoo mean the search companies must censor search results from their Argentine sites for information about the plaintiffs, such as their names. The court orders do not apply to the U.S. sites Google.com and Yahoo.com.

The move effectively holds the search companies responsible for content on other Web sites, a legal maneuver that would not be possible in the United States or the European Union, according to a Google representative.



Related? Perhaps we need an organization to translate laws into programmable logic and testable standards?

http://www.infoworld.com/article/08/11/12/46FE-tech-new-regulation_1.html?source=rss&url=http://www.infoworld.com/article/08/11/12/46FE-tech-new-regulation_1.html

New regulations will soon swell IT workloads

Government's response to the financial meltdown will require major tech initiatives for compliance, despite the recession's cutbacks

By Ephraim Schwartz November 12, 2008

... Coming: A greater IT burden than Sarbanes-Oxley and the Patriot Act

"The last two tsunamis to hit IT, the Patriot Act and Sarbanes-Oxley, required companies to know their customers and to know themselves and their [own] finances," says Larry Rafsky, CEO of Acquire Media, which distributes companies' financial news. "Now, the upcoming regulations will say, 'Know your customers' finances.'" [Suppose I find that intrusive. Do I have any alternative? Bob]

... Brokerages will need to redefine and scale up technology significantly

In addition, Baskin expects that regulatory agencies will require that the prime broker executing trades on behalf of a client will have to prove that it did the best execution rather than the fastest. That's because regulators believe that financial services providers deliberately created pricing inefficiencies that favored themselves at the expense of their clients. [A common complaint! Bob] The new regulations will try to force financial providers to put clients' interests first by ensuring that pricing reflects actual value.



What else can be learned from search trends?

http://yro.slashdot.org/article.pl?sid=08/11/11/232225&from=rss

Google Can Predict the Flu

Posted by kdawson on Tuesday November 11, @07:42PM from the sees-you-when-you're-sleeping dept.

An anonymous reader mentions Google Flu Trends, a newly unveiled initiative of Google.org, Google's philanthropic arm. The claim is that this Web service, which aggregates search data to track outbreaks of influenza, can spot disease trends up to 2 weeks before Centers for Disease Control data can. The NYTimes writeup begins:

"What if Google knew before anyone else that a fast-spreading flu outbreak was putting you at heightened risk of getting sick? And what if it could alert you, your doctor and your local public health officials before the muscle aches and chills kicked in? That, in essence, is the promise of Google Flu Trends, a new Web tool... unveiled on Tuesday, right at the start of flu season in the US. Google Flu Trends is based on the simple idea that people who are feeling sick will tend to turn to the Web for information, typing things like 'flu symptoms; or 'muscle aches' into Google. The service tracks such queries and charts their ebb and flow, broken down by regions and states."



Tactics of CyberWar?

http://it.slashdot.org/article.pl?sid=08/11/11/192230&from=rss

40-Gbps DDoS Attacks Worry Even Tier-1 ISPs

Posted by kdawson on Tuesday November 11, @02:16PM from the isotropic-tsunami dept.

sturgeon and other readers let us know that Arbor Networks has released their annual survey of tier-1 / tier-2 ISP security engineers. This year they got responses from 70 lead engineers. While DDoS attacks are reaching new heights of backbone-crushing traffic — 40 Gbps was seen this past year — the insiders are also worried about emerging threats to DNS and BGP. The summary notes that "Most believe that the DNS cache poisoning flaw disclosed earlier this year was poorly handled and increased the danger of the threat," but doesn't spell out what a better way of handling it might have been. All in all, the ISPs sound a bit pessimistic — one says "fewer resources, less management support, and increased workload." You can request the full PDF report here, but it will cost you contact information. In related news, an anonymous reader passes along a survey by Secure Computing of 199 international security experts and other "industry insiders" from utilities, oil and gas, financial services, government, telecommunications, transportation and other critical infrastructure industries. They are worried too.



Research

http://www.killerstartups.com/Search/refseek-com-academic-search-engine

RefSeek.com - Academic Search Engine

http://www.refseek.com

RefSeek can be described as a search engine that is geared towards students and researchers everywhere. The aim of this search tool is to make academic information readily available to everybody by taking into account more than one billion documents. These include web pages, newspapers, journals, encyclopedias and books.

The site also includes a “Search Tips” section that provides concise advice and strategies for maximizing the use of RefSeek, such as specifying an exact phrase or searching a specific website. The latter is implemented by clicking on the “Search this Site” link that appears after a search has been conducted. The force inclusion of words is also explained in this section of the site.

When all is said and done, it is nice to have search engines that cater for specific fields. This way, the searching process can be streamlined and you can look up the corresponding information and compare and contrast materials instantly. The team behind this endeavor can be reached at support@refseeek.com in case you have comments or inquiries you wish to put forward.



International research?

http://www.killerstartups.com/Web20/trackthisnow-com-track-articles-around-the-world

TrackThisNow.com - Track Articles Around The World

http://www.trackthisnow.com

As its name denotes, this is a service that will let you track information over the web in real time. This service is implemented in a very simple manner, too. Basically, you key in any topic that interests you in the provided search box and carry out a search. Results are there and then displayed on the Google Map that takes up a sizable portion of the main page. By clicking on the placemarks that are displayed on the map, you can easily read news articles from any country that interests you.

Moreover, it is possible to click straight on any country from the map in order to see the latest news in a direct manner. This way, you can focus your search on any given location and save time in the process.

On the other hand, the site also includes a list of the most popular searches that will let you see which topics are attracting the most attention among the online community. Terms such as “Recession”, “Oil process” and “Obama” ride high on that list.



For my students

http://www.killerstartups.com/User-Gen-Content/ajaxcase-com-ajax-examples-demos

AjaxCase.com - Ajax Examples & Demos

http://www.ajaxcase.com

A newly-launched resource that caters for web developers everywhere, the suitably-titled Ajax Case website collects together both Ajax examples and demos that can be tried out and rated.

The site is structured in a way that makes for easy browsing through the most popular Ajax examples that make up the featured collection, while highlighting the ones that have been uploaded more recently at the same time. Moreover, an “Ajax on Digg.com” is featured for additional browsing convenience and further reference.

Other navigation options that merit mentioning include a cloud of tags for random browsing and discovery, and a search tool for narrowing your searches in a concise fashion.

You can also make a contribution to the site by following the “Suggest an Ajax” link and furnishing the information that is requested.



Forensics

http://www.schneier.com/blog/archives/2008/11/reading_a_lette.html

November 11, 2008

Reading a Letter from the Envelope it Was In

Fascinating:

Paul Kelly and colleagues at Loughborough University found that a disulfur dinitride (S2N2) polymer turned exposed fingerprints brown, as the polymer reaction was initiated from the near-undetectable remaining residues.

Traces of inkjet printer ink can also initiate the polymer. The detection limit is so low that details of a printed letter previously in an envelope could be read off the inside of the envelope after being exposed to S2N2.

"A one-covers-all versatile system like this has obvious potential," says Kelly.

"This work has demonstrated that it is possible to obtain fingerprints from surfaces that hitherto have been considered extremely difficult, if not impossible, to obtain," says Colin Lewis, scientific advisor at the UK Ministry of Defence. "The method proposed has shown that this system could well provide capabilities which could significantly enhance the tools available to forensic scientists in the future."

No comments: