Sunday, November 02, 2008

There was no Clippings Email/Blog post yesterday. A brief “Honey do” turned into a major “Hubby Test.” Don't ask...



The TJX saga continues!

http://blog.wired.com/27bstroke6/2008/10/fed-blotter-new.html

Fed Blotter: New York Coder Charged With Helping TJ Maxx Hacker

By Kevin Poulsen October 31, 2008

A New York man was hit with a federal conspiracy charge this week for allegedly lending his programming expertise to the head of a hacking gang accused of stealing and selling over 40 million credit and debit card numbers.

Stephen Watt, 25, allegedly customized a packet-sniffing program called "blabla" for use by Albert Gonzalez, a former Secret Service informant who was indicted earlier this year as the mastermind of a 2005-2007 intrusion into clothier T.J. Maxx, as well as breaches at BJ’s Wholesale Club, Boston Market, Barnes & Noble, Sports Authority, Forever 21, DSW and OfficeMax.

Gonzalez allegedly used sniffers to scoop up credit and debit card numbers from hacked networks as they sped from cash registers to processing servers. Watt modified blabla "on diverse dates" to meet Gonzalez's evolving needs, according to the one-count federal information (.pdf) filed in federal court in Boston on Wednesday.

Watt is charged with conspiracy to commit computer fraud, wire fraud, identity theft and money laundering.

Ten other defendants have previously been charged with Gonzalez in the hack attacks. Last month one of them, Damon Patrick Toey of Miami, pleaded guilty and agreed (.pdf) to cooperate against the other defendants in exchange for a recommendation of a reduced sentence.

Toey was released to electronic monitoring, then nearly returned to jail when his pretrial services officer discovered a computer in his home (.pdf), in violation of his release conditions. When Toey had the computer removed to a storage unit, he was allowed to remain free pending sentencing, currently set for December.



Perhaps stealing from someone with a lower profile is advised?

http://www.pogowasright.org/article.php?story=20081102053454745

French police cuff six over Sarkozy bank fraud

Sunday, November 02 2008 @ 05:34 AM EST Contributed by: PrivacyNews

French police have arrested six people on suspicion of fraud involving the bank account of French president Nicolas Sarkozy.

... Meanwhile, the inquiry has widened after it emerged that around 50 victims have been hit including Sarkozy's father and his first missus, Marie-Dominique Culioli. The thefts from these individuals is being treated as linked to the Sarkozy bank fraud case.

Source - The Register



Most interesting story. I particularly like the bit where they require the SSN to cancel the account.

http://www.chicagotribune.com/business/investing/bal-bz.ml.consuming02nov02,0,6524069.column

You don't (or shouldn't) have to show them no stinkin' SSNs

Dan Thanh Dang Consuming Interests November 2, 2008

Sometimes, there is just no explanation

... We can't tell you when American Express began asking customers for an SSN. Murray said he never had to share his digits before April. But Lisa Gonzalez, an American Express spokesman, said, "I'm not sure the exact date, but we've been asking for Social Security numbers for years."

We also can't tell you if SSNs are mandatory to hold an account with AmEx.



If enough people try, someone is going to write a good one. (Infinite monkey theory)

http://www.pogowasright.org/article.php?story=20081101145002440

NYS Consumer Protection Board Issues Business Privacy Guide to Reduce Risk to Identity Theft and Security Breach

Saturday, November 01 2008 @ 02:50 PM EDT Contributed by: PrivacyNews

From a press release sent to this site: [Someone knows how to reach interested people! Bob]

Many businesses collect and retain sensitive personal information such as names, addresses, Social Security numbers (SSn), credit card and other account numbers. New laws at the federal and State levels make it imperative that businesses protect such personal information and limit retention and usage. Therefore, to culminate Identity Theft Awareness Week in the Empire State as declared by Governor David A. Paterson, the New York State Consumer Protection Board (CPB) issued its first Business Privacy Guide: How to Handle Personal Identifiable Information and Limit the Prospects of Identity Theft (Guide).

Source - The New York Consumer Protection Board’s Business Privacy Guide: How to Handle Personal Identifiable Information and Limit the Prospects of Identity Theft [pdf] October, 2008

[At least this one includes this advice: “Password protect laptops and encrypt sensitive information.”

Bob]



Makes sense. Why pay to install your own surveillance tools when cameras are everywhere?

http://www.schneier.com/blog/archives/2008/10/keeping_america.html

October 31, 2008

Keeping America Safe from Terrorism by Monitoring Distillery Webcams

Really:

We had an email recently from an observer "curious as to why the webcam that was inside the shop/bar is no longer there, or at least, functional". The email was from the Defense Threat Reduction Agency [Who? Bob] in the United States.

When we replied that it was simply a short term technical problem, we asked why on earth they could be interested in the comings and goings of a small Distillery off the West Coast of Scotland. Were there secret manoeuvres taking place in Loch Indaal, or even a threat of terrorists infiltrating the mainland via Islay?

The answer we received was even more surreal. Evidently the mission of the DTRA is to safeguard the US and its allies from weapons of mass destruction -chemical, biological, radiological, nuclear and high explosives. The department which contacted the Distillery deals with the implementation of the Chemical Weapons Convention, going to sites to verify treaty compliance. Funnily enough chemical weapon processes look very similar to the distilling process and as part of training there is a visit to a brewery for familiarization with reactors, batch processors and evaporators. As they said, it just goes to show how "tweaks" to the process flow or equipment, can create something very pleasant (whisky) or deadly (chemical weapons). [Don't ever tell these guys about home brewing... Bob]



Tools & Techniques – Warranty voiding chips? (Video too) Attach a cell phone and it can call Apple and rat on you.

http://news.cnet.com/1606-2_3-50004311.html?tag=rsspr.6247451&part=rss&subj=news

Video: Water sensors confirm you're a klutz

As klutzy Apple laptop users know, damage from spilt water, coffee, or other liquids is not covered under the standard warranty. To uncover any potential for warranty fraud, it's rumored the Cupertino, Calif.-based company has installed liquid sensors in its new line of MacBooks and MacBook Pros. CNET's Kara Tsuboi looks into the rumored move and the potential for false-positives.



Happy Anniversary?

http://it.slashdot.org/article.pl?sid=08/10/31/187258&from=rss

Morris Worm Turning 20

Posted by Soulskill on Friday October 31, @02:40PM from the malware-what-is-that dept. Security Software The Internet

netbuzz writes

"The Internet will mark an infamous anniversary Sunday, when the Morris worm turns 20. Considered the first major attack on the 'Net, Morris served as a wake-up call about the risk of software bugs, and it set the stage for network security to become an important area of computer science. It was also the first time many non-techies heard of the 'Net, as the mainstream media covered the story extensively."

Reader maximus1 contributes a brief ITWorld story about Robert Morris himself.



Geeky One for the Swiss Army Thumbdrive Toolkit... NOTE: For a limited time Undelete Plus is FREE Software for general non-commercial use.

http://www.killerstartups.com/Web-App-Tools/undelete-plus-com-free-file-recovery-software

Undelete-Plus.com - Free File Recovery Software

http://www.undelete-plus.com

This is the typical software application that everybody deems as surplus until disaster strikes and it’s too late. As its name unequivocally implies, this program will recover any files that you deleted and wish to retrieve. One of its most noteworthy points is that not only can it recover files from a hard drive, but also from any existing network.

The site includes a very exhaustive FAQ file that in addition to explaining how to best use Undelete-Plus provides general troubleshooting advice about computer maintenance in relation to file recovery (IE, defragmenting your hard drive often, and advice like that).

Screenshots are provided for reference purposes, and links for downloading the latest version (both as a standalone executable and as compressed file that comes with an installer) are provided. A link for registering for online updates is also provided on the main page.

Finally, you can learn more about related corporate products (such as online backup systems) by following the provided links.



Also geeky.

http://dev.emcelettronica.com/hacking-network-attached-storage-nas

Hacking a Network Attached Storage (NAS)

Submitted by allankliu on October 30, 2008

I try to find some candidate hardware platforms and Linux distributions in this article, so the fans can build their own Network Attached Storage (NAS) or expand their NAS with more features by hacking an existing NAS (Network Attached Storage).



One of many “Guidebooks” I've been suggesting. Probably a coincidence though, no one listens to me...

http://tech.slashdot.org/article.pl?sid=08/10/31/1842237&from=rss

Tasks of a Free Software Legal Department

Posted by Soulskill on Friday October 31, @03:23PM from the right-ways-and-wrong-ways dept. Software The Courts

H4x0r Jim Duggan writes

"For anyone curious about what the legal department in a free software organisation does, I spent some time with my co-worker in FSFE and have put a summary online with the status of the main projects: developing a legal network, producing documentation, GPL enforcement, copyright consolidation, and training courses."



Another significant risk of Cloud Computing

http://developers.slashdot.org/article.pl?sid=08/10/31/2243245&from=rss

Windows Azure Offers Developers Iron-Clad Lock-in

Posted by Soulskill on Friday October 31, @07:18PM from the keep-looking-for-that-silver-lining dept. Microsoft Businesses

snydeq writes

"Microsoft's move to the cloud is certain to create a whole new kind of developer partner, Fatal Exception's Neil McAllister writes. But as much as Microsoft ISVs will likely go along with the shift to Windows Azure to keep revenue streams going, the kind of lock-in they will experience will be worlds away from what they face today. Rather than being able to ignore the new version of a key framework, developers will have no other option than to update their code to suit Microsoft's latest platform. That kind of lock-in will leave customers in the lurch, subject to their vendors' bottom lines, as ISVs that can't afford to rework code to keep up with Microsoft's latest platform will begin dropping services, and customers will have little choice but to accept the new terms of service their vendors send along."



Useful! (You will need to rename your video)

http://www.killerstartups.com/Video-Music-Photo/catchyoutube-com-download-videos-from-youtube

CatchYouTube.com - Download Videos From YouTube

http://www.catchyoutube.com

There are more than a handful of applications to download videos from YouTube and saving them to your computer, and the suitably-titled “CatchYouTube” is one of these.

This particular application is very easy to put into practice, not to mention that it is inexpensive. [Free Bob] In general terms, all you have to do is pick the video of your choice and paste the YouTube URL into the CatchYouTube website. When doing so, you can also choose the desired format for the output file. These include .MPG, .MOV, .FLV and .DVD among others. Once all this information has been provided you can proceed to convert and download the video.

The conversion and download process itself is actually handled entirely online - that is, you don’t need to worry about installing and maintaining any additional program or software.



I wonder if I could declare myself a library?

http://tech.slashdot.org/article.pl?sid=08/10/31/1719204&from=rss

Google Book Search Settlement Receiving Criticism

Posted by Soulskill on Friday October 31, @01:55PM from the not-everyone-is-on-the-same-page dept. Google Books

waderoush writes

"While James Gleick, Lawrence Lessig, and other pundits have reacted positively to this week's proposed settlement of the publishing industry's lawsuit against Google over the Google Book Search project, a deeper study of the agreement turns up some worrisome provisions that could make online access to books much more costly and difficult than it needs to be. Harvard University's libraries, for example, declined to endorse the settlement over concerns that it provides no mechanism for keeping the cost of access to books reasonable. And while the parties to the settlement have made much of the clause providing public libraries with free full-text access to Google's database of over 7 million out-of-print books, Xconomy has a post pointing out that this access is restricted to exactly one Google terminal per library. So, you can read books for free — as long as you're the first person to get to your public library's computer room in the morning."



An interesting idea! “Press One for Obama, Press Two for McCain....Press Ninty-Nine for Ron Paul...”

http://blog.wired.com/27bstroke6/2008/10/bogus-robocall.html

Bogus Robocall Tells Floridians They Can Vote By Phone

By Sarah Lai Stirland October 31, 2008 | 6:37:34 PM

The residents of Broward County, Florida have recently received misleading robocalls telling them that they can vote by phone on Election Day, according to a report in the South Florida Sun-Sentinel on Friday.



Global Warming! Global Warming!

http://www.theregister.co.uk/2008/10/29/commons_climate_change_bill/

Snow blankets London for Global Warming debate

How Parliament passed the Climate Bill

By Andrew Orlowski Posted in Government, 29th October 2008 12:35 GMT

Snow fell as the House of Commons debated Global Warming yesterday - the first October fall in the metropolis since 1922.

No comments: