http://www.pogowasright.org/article.php?story=20081127161453185
Ca: Fate of missing personal banking data remains mystery (Talvest follow-up)
Thursday, November 27 2008 @ 07:14 PM EST Contributed by: PrivacyNews
Nearly half a million Canadians will likely never know whether fraudsters had access to their personal information because of inadequate security procedures at the Canadian Imperial Bank of Commerce, the office of the federal privacy commissioner said Thursday.
The investigation, launched 23 months ago after the disappearance of a hard drive containing the personal information and financial data 470,752 clients, revealed the bank could not confirm whether that personal information was ever transferred to a hard drive in the first place.
Source - The Gazette Related - PIPEDA Case Summary #395 Other Coverage - CBC.ca National Post
[From the article:
The air-shipped package arrived without incident, but the land-shipped package was empty when it was opened at its destination. There was no sign the empty package had been tampered with.
... "If CIBC had followed its policies and processes or had a technical means to determine whether the transfer to a second disk drive had actually taken place, quite possibly, no further action would have been necessary," said Denham. "Whether or not the personal information of more than 470,000 people was transferred to a disk drive should not be a mystery."
The investigation also revealed that the personal information being sent had not been encrypted....
Not big, just local...
http://www.pogowasright.org/article.php?story=20081127181521630
CO: Longmont ID theft case may have 100 victims (update)
Thursday, November 27 2008 @ 07:15 PM EST Contributed by: PrivacyNews
Longmont police say thieves may have used up to 100 stolen credit or debit card numbers to rack up more than $100,000 in fraudulent charges.
Between 80 and 100 people have reported their account numbers were stolen after they used their cards at up to five local restaurants.
Source - cbs4denver.com
[From the article:
Authorities have declined to identify all of the restaurants but say one [What response should we expect from A) a local small business B) a national franchise Bob] has asked police for help in protecting its customers.
Another guideline. Enough of these and we may begin to see commonalities!
http://www.pogowasright.org/article.php?story=200811280611461
UK: Data security breaches: How to respond
Friday, November 28 2008 @ 06:11 AM EST Contributed by: PrivacyNews
When data controllers are faced with reporting a security breach - especially with regards to notifying the Information Commissioner's Office (ICO) - it will be in the best interests of the company to examine the conflicting elements of legal and regulatory disclosure requirements as the interests of the company may not wholly be served by following the directives of the Information Commissioner's Office (ICO), [An indication of a weak law/regulation? Bob] writes Bob Lewis, head of systems assurance at The Risk Advisory Group.
... The plan set out below should not be considered a definitive response to a data security breach, nor should it negate any other legal responsibilities of the organisation. Rather it is the phased and considered approach. The top ten actions listed in each phase are designed to protect the individuals whose data has been lost and, where possible, the reputation and security of the data of an organisation.
Source - ComputerWeekly.com
[Note: Part of step one is to determine if the breach can be “linked back to the company.” In other words, could they deny it ever happened. Probably not the most ethical of actions. Bob]
Reinforces my belief that citizen are becoming more aware AND more active in Privacy matters. Also suggests that there are political reasons not to make the laws too strong.
http://www.pogowasright.org/article.php?story=20081127161909148
Citizen safeguards striked out in EU Council
Thursday, November 27 2008 @ 07:19 PM EST Contributed by: PrivacyNews
The EU Council reached a political agreement on the telecommunication reform ("Telecoms Package") on Thursday, Nov. 27th. On one hand, crucial modifications to the text finally doom Nicolas Sarkozy's project to impose graduated response to the whole Europe. On the other hand, important safeguards to citizen's fundamental rights and freedoms were deleted. The agreed text lowers the protection of privacy in the EU, in the name of "security".
Source - Newropeans Magazine Press Release
[From the article:
During last weeks, citizens from many European countries[1] raised awareness of their ministers representatives in Council on the Telecoms Package, by meeting them, sending letters, alerting the press, etc. This intense activity undoubtedly helped modifying critical parts of the text agreed by the ministers of the twenty-seven Member States.
... But the agreed text contains major problems:
The game continues. Where an when will the pop up next? Stay tuned... Perhaps they will buy a small country?
http://it.slashdot.org/article.pl?sid=08/11/28/137238&from=rss
Estonian ISP Shuts Srizbi Back Down, For Now
Posted by kdawson on Friday November 28, @08:16AM from the informal-pressure dept. Security The Internet
wiedzmin writes
"In response to the recent resurrection of the Srizbi botnet, an Estonian ISP has shut down the hosting company that was housing its new control servers. Starline Web Services, based in Estonia's capital Tallinn, had become the new home for the Srizbi botnet control center after the McColo hosting company (which was taken down earlier this month) has briefly come back to life last week, allowing the botnet to hand-off control to the Estonian network. After Estonia's biggest ISP Linxtelecom demanded that Starline Web Service be taken offline, the newly acquired Srizbi control servers went down with it. However, as the rootkit is armed with an algorithm that periodically generates new domain names where the malware then looks for new instructions, it is only a matter of time before a new set of control servers is created and used to manipulate one of the biggest spam botnets in the world."
This is just a marketing tactic. It's not about pricing, it's about controlling the pricing discussion.
http://news.slashdot.org/article.pl?sid=08/11/28/0857213&from=rss
HP Seeks to Block Competitor From Revealing Its Pricing
Posted by timothy on Friday November 28, @07:08AM from the whaddya-mean-the-price-tag's-showing? Dept. HP Businesses The Almighty Buck Linux Business
Matt Asay writes
"On October 13, 2008, Hewlett-Packard sent a complaint to an open-source competitor, GroundWork, asking GroundWork to stop revealing HP's 'confidential' pricing. CNET has posted the letter, which indicates that HP doesn't want its pricing revealed, but which doesn't question the veracity of the pricing (which, not surprisingly, is 82 percent higher than the open-source vendor's). Does HP think its pricing is really a secret? It's publicly available at GSA Advantage. Guess what? HP software costs a lot of money, but presumably feels that it can justify the high prices. Why try to hide the pricing information?"
One of my favorite target markets (the Grandparent/Grandkids interface)
http://tech.slashdot.org/article.pl?sid=08/11/27/1710231&from=rss
Grandma's On the Computer Screen This Thanksgiving
Posted by kdawson on Thursday November 27, @01:14PM from the candid-webcam dept. Communications The Internet
Pickens writes
"Video calling, long anticipated by science fiction, is filtering into everyday use, and two demographic groups not usually thought of as high-tech are among the earliest adopters — the nursery school set and their grandparents. According to the AARP, nearly half of American grandparents live more than 200 miles from at least one of their grandchildren, and about two-thirds of grandchildren see one set of grandparents only a few times a year, if that. Internet companies are also promoting video chat as an enhancement to standard IM and Internet phone services; for example, this month Google introduced bare-bones video capability in Gmail. Some veterans of the technology fear that the video cam has started to substitute, rather than supplement, actual time together. And no one quite knows what it means to a generation of 2-year-olds to have slightly pixelated versions of their grandparents as regular fixtures in their lives."
My take is that this is too broad. A site targeted to lawyer-client communication for example would allow very specific training for the “two clicks is too technical” crowd.
http://www.killerstartups.com/Comm/sendinc-com-free-secure-e-mail-service
SendInc.com - Free Secure E-mail Service
... Send will enable you to compose an e-mail and address it to any person you wish, with the attachments you want to upload. When the actual message is sent, the same is encrypted using the algorithm employed by the NSA itself for encrypting information.
The recipient can then open the message and decrypt it using his own Send account. Incidentally, an account can be created at the site in an inexpensive manner by following the link that is featured.
All in all, this is a viable option for those who are concerned about the security of the messages and files they send over the World Wide Web. If you couple the practical service on offer with the clear layout of the site, it has the potential to attract and form a loyal fanbase.
These are always interesting (and I like to check one against the other)
http://www.killerstartups.com/Web-App-Tools/frengly-com-a-new-free-translation-tool
Frengly.com - A New Free Translation Tool
A very young startup, Frengly joins the world of free online translation tools, a market that seems dominated by giants such as the powerful Babel Fish.
This particular endeavor will let you copy and paste the text of your choice and then select the language you wish to translate it into. One of the most remarkable features is that there is no need to specify the source language – it is automatically detected, and that is a nice touch indeed.
No comments:
Post a Comment