Tuesday, November 25, 2008

Update It seems no one knows the extent of a breach without months of analysis. (This one occurred in April)

http://www.pogowasright.org/article.php?story=20081125054458549

Thousands At Risk After Hacker Breaches (update and follow-up)

Tuesday, November 25 2008 @ 05:44 AM EST Contributed by: PrivacyNews

In October, this site reported that Cole National Group, Inc. (a Luxottica Group company) had disclosed a breach involving Things Remembered employees. More information has now been made public -- Dissent

Thousands of people could be affected after a massive security breach at a local company.

A routine check by the information technology department of Luxottica Retail, the former owner of the Things Remembered stores, discovered the breach in mid-September.

A hacker got inside a computer mainframe and downloaded the personal information of more than 59,000 former workers. [Up from 9,000 Bob]

.... Investigators were allegedly able to trace the hacker’s IP address to Molly Burns, of Glendale, Ariz.

"You not only see the criminal history this suspect has, but you see the ties that they have and that is much more worrisome,” Braley said.

Source - WLWT



Cyber War: Why are we waiting for a formal declaration?

http://news.cnet.com/8301-1009_3-10107323-83.html?part=rss&subj=news&tag=2547-1_3-0-5

Report: U.S. vulnerable to Chinese cyber espionage

Posted by Elinor Mills November 24, 2008 5:12 PM PST

China is actively conducting cyber espionage as a warfare strategy and has targeted U.S. government and commercial computers, according to a new report from the U.S.-China Economic and Security Review Commission.

"China's current cyber operations capability is so advanced, it can engage in forms of cyber warfare so sophisticated that the United States may be unable to counteract or even detect the efforts," according to the annual report (PDF) delivered to Congress on Thursday.

... A spokesman for the Chinese foreign ministry, Qin Gang, said the report was misleading, impeding cooperation between the U.S. and China, and "unworthy of rebuttal," according to an article published late Monday in Secure Computing Magazine. [Ah! So it IS true! Bob]


Related: For your Security Manager. Is this wise? Allowing a Chinese company to build in a shut-off protocol? What else have they built in?

http://it.slashdot.org/article.pl?sid=08/11/25/0330250&from=rss

Lenovo Service Disables Laptops With a Text Message

Posted by kdawson on Tuesday November 25, @08:10AM from the say-the-magic-word dept. Security Portables Cellphones Hardware

narramissic writes

"Lenovo plans to announce on Tuesday a service that allows users to remotely disable a PC by sending a text message. [Die, PC, die! (Apple suggested that phrase...) Bob] A user can send the command from a specified cell phone number — each ThinkPad can be paired with up to 10 cell phones — to kill a PC. The software will be available free from Lenovo's Web site. It will also be available on certain ThinkPad notebooks equipped with mobile broadband starting in the first half of 2009. 'You steal my PC and ... if I can deliver a signal to that PC that turns it off, hey, I'm good now,' said Stacy Cannady, product manager of security at Lenovo. 'The limitation here is that you have to have a WAN card in the PC and you must be paying a data plan for it,' Cannady added."



How significant?

http://www.pogowasright.org/article.php?story=20081125053653435

Muslim Charity's Ex-Leaders Convicted

Tuesday, November 25 2008 @ 05:36 AM EST Contributed by: PrivacyNews

... Earlier yesterday, the convictions of three men with ties to al-Qaeda were upheld in New York. They were convicted for their roles in the 1998 bombings of embassy buildings in Kenya and Tanzania. The plots killed 224 people, including a dozen Americans, and injured thousands.

The panel of the U.S. Court of Appeals for the 2nd Circuit, led by Judge José A. Cabranes, unanimously rejected defense claims of insufficient evidence and violations of the Classified Information Procedures Act. Cabranes was joined by Judges Jon O. Newman and Wilfred Feinberg.

... Attorneys for Hage, who had been a close associate of al-Qaeda leader Osama bin Laden, asserted that government investigators improperly collected evidence through wiretaps of his land-based and cellular phones from August 1996 to August 1997. They also argued that federal agents did not secure appropriate warrants to search his apartment in Nairobi. Because Hage is a naturalized U.S. citizen, the defense said, the government should have sought court permission before taking such intrusive steps.

The appeals court panel disagreed, ruling that "we see no merit in this challenge" and finding that the search was "reasonable under the circumstances presented here."

In a conclusion that legal experts say could have implications for other challenges to the Foreign Intelligence Surveillance Act, the panel ruled that U.S. courts could admit evidence obtained through warrantless overseas searches of American citizens, but that the searches must be reasonable under the Fourth Amendment.

Source - Washington Post



Is ephemeral a right?

http://www.schneier.com/blog/archives/2008/11/the_future_of_e.html

November 24, 2008

The Future of Ephemeral Conversation

When he becomes president, Barack Obama will have to give up his BlackBerry. Aides are concerned that his unofficial conversations would become part of the presidential record, subject to subpoena and eventually made public as part of the country's historical record.

This reality of the information age might be particularly stark for the president, but it's no less true for all of us. Conversation used to be ephemeral. Whether face-to-face or by phone, we could be reasonably sure that what we said disappeared as soon as we said it. Organized crime bosses worried about phone taps and room bugs, but that was the exception. Privacy was just assumed.

This has changed. We chat in e-mail, over SMS and IM, and on social networking websites like Facebook, MySpace, and LiveJournal. We blog and we Twitter. These conversations -- with friends, lovers, colleagues, members of our cabinet -- are not ephemeral; they leave their own electronic trails.


Related? If you don't have the resources to tap them, jam them? The alternative would be to tap and identify the caller, them add a few months per call to their sentences – but the jails are already overcrowded.

http://mobile.slashdot.org/article.pl?sid=08/11/24/1354224&from=rss

South Carolina Wants To Jam Cell Phone Signals

Posted by CmdrTaco on Monday November 24, @09:22AM from the oooo-oooo-me-too dept. Cellphones

Corey Brook writes

"The South Carolina state prison system wants the FCC to grant them and local officers permission to block cell phone signals. News has been out about the growing problem of them perps smuggling cell phones into prisons for a while now. Inmates use cell phones as commerce, to implement fraud, smuggle drugs and weapons, and to order hits. Of course, some may use it to just talk to a loved one any time they can."

Hopefully movie theaters and restaurants do it next.



Is this enough?

http://news.slashdot.org/article.pl?sid=08/11/25/0026201&from=rss

Judge Quashes RIAA Subpoena As To 3 John Does

Posted by kdawson on Tuesday November 25, @05:43AM from the sue-doe-actions dept. The Courts Music

NewYorkCountryLawyer writes

"In one of the RIAA's 'John Doe' cases targeting Boston University students, after the University wrote to the Court saying that it could not identify three of the John Does 'to a reasonable degree of technical certainty,' Judge Nancy Gertner deemed the University's letter a 'motion to quash,' and granted it, quashing the subpoena as to those defendants. In the very brief docket entry (PDF) containing her decision, she noted that 'compliance with the subpoena as to the IP addresses represented by these Defendants would expose innocent parties to intrusive discovery.' There is an important lesson to be learned from this ruling: if the IT departments of the colleges and universities targeted by the RIAA would be honest, and explain to the Courts the problems with the identification and other technical issues, there is a good chance the subpoenas will be vacated. Certainly, there is now a judicial precedent for that principle. One commentator asks whether this holding 'represents the death knell to some, if not all, of the RIAA's efforts to use American university staff as copyright cops.'"



In case you didn't notice this in the report...

http://tech.yahoo.com/news/ap/20081124/ap_on_hi_te/hands_off_hackers

Hands-off hackers: Crooks opt for surgical strikes

(AP) * Posted on Mon Nov 24, 2008 7:16AM EST

... Hackers are sometimes breaking into online businesses and not stealing anything. Gone are the bull-in-the-China-shop days of plundering everything in sight once they've found a sliver of a security hole.

Instead of swiping all the customer data they can get their hands on, a small subset of hackers have concerned themselves with stealing only a very specific thing from the vendors they breach — they want access to the compromised companies' payment-processing systems, and nothing else, according to the "Symantec Report on the Underground Economy," slated for release Monday.

Those systems allow the bad guys to check whether credit card numbers being hawked on underground chat rooms are valid, the same way the store verifies whether to accept a card payment or not.

It's a service the crooks sell to other fraudsters who don't trust that the stolen card numbers they're buying from someone else will actually work, and it's good business.

... That fee is about $10 per card checked. Considering they're typically checked in batches of 10 or more, the revenue can add up fast.



Not that difficult in theory, but expect lots of errors if IT sets the definitions. Opportunity for very detailed analysis of financial statements.

http://www.infoworld.com/article/08/11/25/48FE-xbrl-tech-requirements_1.html?source=rss&url=http://www.infoworld.com/article/08/11/25/48FE-xbrl-tech-requirements_1.html

The XBRL mandate is here: Is IT ready?

The first stage of the reporting requirement isn't tech-heavy, but IT's involvement will need to grow

By Ephraim Schwartz November 25, 2008

Given all the pressures IT is under, another compliance initiative may seem to be one too many. There is such a mandate: to submit financial reports using XBRL (Extensible Business Reporting Language) tags. How much will the XBRL mandate add to IT's burden? At first, the burden will be small, but it will increase over time -- as will the opportunity to use XBRL for better internal operations, not just for reporting compliance.

The purpose of the XBRL mandate is to make corporate financial information more easily available to stockholders -- and to make sure companies are really reporting the same things, the federal government has mandated the use of XBRL (Extensible Business Reporting

The first SEC deadline for public companies with a market cap of $5 billion or more to submit financial reports in interactive data, aka XBRL format, is set for Dec. 15, 2008. A year later, most Fortune 1500 companies must provide interactive XBRL data, and a year after that, all public companies will be required to submit the annual 10-K and quarterly 10-Q financial reports as interactive data.



Would this be the patent world equivalent of sub-prime mortgages?

http://yro.slashdot.org/article.pl?sid=08/11/24/1713259&from=rss

Groklaw Says Microsoft Patent Portfolio Now Worthless

Posted by CmdrTaco on Monday November 24, @01:01PM from the along-with-most-patents dept. Patents Microsoft

twitter writes

"P.J. concludes her look at the Bilski decision: 'you'll recall patent lawyer Gene Quinn immediately wrote that it was bad news for Microsoft, that "much of the Microsoft patent portfolio has gone up in smoke" because, as Quinn's partner John White pointed out to him, "Microsoft doesn't make machines." Not just Microsoft. His analysis was that many software patents that had issued prior to Bilski, depending on how they were drafted, "are almost certainly now worthless." ... He was not the only attorney to think about Microsoft in writing about Bilski.'"



Something for my Small Business class

http://www.killerstartups.com/Web20/kookyplan-pbwiki-com-a-wiki-for-entrepreneurs

KookyPlan.pbwiki.com - A Wiki For Entrepreneurs

http://kookyplan.pbwiki.com

Those who are looking for information such as strategy theories and management skills along with practical financial applications are certain to find this website useful. Broadly speaking, KookPlan is a wiki for entrepreneurs that anyone can edit and make a contribution to.

The objective of this site is to create a database that can be resorted to by any individual who is hoping to leave his or her mark, as well as forming a community where entrepreneurs can collaborate in the creation of the ultimate guide for startups. In this sense, it can be said that KookyPlan is a community-generated guide for starting up innovative companies.

The site itself features a table of contents that touches upon the points that were mentioned above, alongside others such as funding and human talent. What’s more, there is a section named “Tech trends to watch” that will give anybody a good umbrella knowledge of where is the industry headed to, and act in consequence. Some of these include “Blogging as a business” and “Convergence of Internet and television”.

Lastly, different business models are discussed on the site, and the aspects that should be avoided are brought into consideration along with the risks at play, while the essence of how they make money is explained in clear terms.



Something for everyone? Perhaps we could televise seminars?

http://www.killerstartups.com/Video-Music-Photo/zaplive-tv-your-very-own-tv-station

Zaplive.tv - Your Very Own TV Station

http://www.zaplive.tv

Zaplive.tv gives anybody the chance to have their very own webtv station. Through the site, it is possible to broadcast live via the Internet, and reach a worldwide audience. All you need to get started is a camera and an Internet connection. As a matter of fact, it is even possible to stream and broadcast using nothing but a mobile phone.

There is also a strong community spirit in evidence, as Zaplive.tv users can vote on the videos that are published on the site and interact with each other thanks to the provided live chat feature.

Registration to the website is inexpensive, and it gives the user full access to all the features that make up Zaplive.tv. Featured videos are prominently displayed on the main page, whereas live broadcasts also have their own space.

Guidance on how to get started is provided online, and different users are duly catered for. What’s more, you can procure a free add-on that makes for higher video quality and less bandwidth usage.


Related

http://news.cnet.com/8301-1023_3-10107536-93.html?part=rss&subj=news&tag=2547-1_3-0-5

YouTube videos get widescreen treatment

Posted by Steven Musil November 24, 2008 11:40 PM PST

YouTube announced Monday that it has expanded the viewable width of all videos appearing on the site, creating an image that viewers will likely associate more with a movie theater screen or high-definition television.

No comments: