Friday, December 05, 2008

Update: They had accused an employee of taking the tape – no indication if they were right.

http://www.pogowasright.org/article.php?story=20081204140710834

C-W Agencies breach update: stolen tape recovered

Thursday, December 04 2008 @ 02:07 PM EST Contributed by: PrivacyNews

Gloria Evans, CEO, C-W Agencies Inc. has written to us in response to our posting a recent story that appeared in the Vancouver Sun. Ms Evans writes:

We noted your interest in recent events at our company and wanted to provide the correct facts:

  • The tape stolen from our premises on Nov. 4 has been recovered.

  • The recovered tape is being examined by forensic experts who will determine whether the information has been accessed. [I'd love to know how they can do that! Bob]

  • Because of encryption, the requirements for specialized equipment, knowledge and facilities, it is our hope that the data has not been compromised.

  • We informed our customers of the theft immediately.

  • The criminal and civil matters that have arisen from this situation are before the courts and we cannot comment further.

We are determined to protect our data and are very confident we are taking all reasonable measures to ensure the security of our customers. Our ability to protect our customer data is at the core of our ability to sustain our company.

We appreciate the opportunity to 'set the record straight.'



Makes for an interesting target, in the Wille Sutton (“That's where the money is.”) kind of way...

http://www.pogowasright.org/article.php?story=20081204100857189

Hackers Hijacked Large E-Bill Payment Site

Thursday, December 04 2008 @ 10:08 AM EST Contributed by: PrivacyNews

Hackers on Tuesday hijacked the Web site CheckFree.com, one of the largest online bill payment companies, redirecting an unknown number of visitors to a Web address that tried to install malicious software on visitors' computers, the company said today.

[...]

It appears hackers were able to hijack the company's Web sites by stealing the user name and password needed to make account changes at the Web site of Network Solutions, CheckFree's domain registrar. Susan Wade, a spokeswoman for the Herndon, Va., based registrar, said that at around 12:30 a.m. Dec. 2, someone logged in using the company's credentials and changed the address of CheckFree's authoritative domain name system (DNS) servers to point CheckFree site visitors to the Internet address in the Ukraine.

[...]

Among the 330 kinds of bills you can pay through CheckFree are military credit accounts, utility bills, insurance payments, mortgage and loan payments. Browsing through the first few letters of the company's alphabetized customer list reveals some big names, including Allegheny Power, Allstate Insurance AT&T, Bank of America, and Chrysler Financial See the full list of companies here.

[...] CheckFree declined to say how many of its customers and companies it handles payments for may have been affected by the attack. But this thread over at an Ubuntu Linux mailing list suggests that U.S. Bank may also have been affected by this attack. U.S. Bank did not return calls seeking comment.

Source - Security Fix



Just more yada yada?

http://www.pogowasright.org/article.php?story=200812050544127

Better privacy for better security

Friday, December 05 2008 @ 05:44 AM EST Contributed by: PrivacyNews

The failure of the government in general and the Homeland Security Department (DHS) in particular to adequately ensure the privacy of personal data undermines the nation’s cybersecurity, a panel of privacy experts and advocates said Wednesday at a congressional forum.

Speakers cited problems in multiple programs for gathering and sharing data by DHS. “All of the initiatives at DHS have privacy issues,” said Carol DiBattiste, senior vice president for security at LexisNexis Group.

Source - GCN

[From the article:

The speakers did not blame DHS completely for the missteps they were concerned about. They said the problem was the reactionary nature of large security programs that are rushed into production with time for the department to get its arms around the issues being created. Security efforts need to be proactive rather than reactive, Cate said.

The impetus to do something should not be stronger than the impetus to do something right,” he said. “A little thought might go a long way here.”

... “Most of our systems have been back-doored by nation states or organized crime,” he said.



1) There are probably more of us than traditional journalists 2) We don't have any supervision 3) We're everywhere

http://news.slashdot.org/article.pl?sid=08%2F12%2F05%2F0532240&from=rss

Online Reporters Now the Journalists Most Often Jailed

Posted by timothy on Friday December 05, @05:29AM from the three-hots-and-cot-and-a-beating dept. The Media Censorship

bckspc writes

"The Committee to Protect Journalists today released the results of its annual survey of journalists in prison. For the first time, they found more Internet journalists jailed worldwide than journalists working in any other medium. CPJ found that 45 percent of all media workers jailed worldwide are bloggers, Web-based reporters, or online editors. Their chart of journalists jailed by year is also interesting."



Perhaps this should be a standard class in every law school – or maybe it's too easy.

http://news.slashdot.org/article.pl?sid=08%2F12%2F04%2F1826210&from=rss

New Hampshire Law Students Take On RIAA

Posted by timothy on Thursday December 04, @01:54PM from the or-die-die-die dept. The Courts

NewYorkCountryLawyer writes

"We have recently learned that another law school legal aid clinic has joined the fight against the RIAA. Student attorneys from the Consumer and Commercial Law Clinic of the Franklin Pierce Law Center in Concord, New Hampshire, working under law school faculty supervision, are representing a lady targeted by the RIAA in UMG Recording v. Roy in New Hampshire. The case is scheduled for trial next Fall. That makes at least 4 law schools providing anti-RIAA defense services: University of Maine, University of San Francisco, Franklin Pierce, and, most recently, Harvard. Hopefully many more will follow. One commentator theorizes that this news 'will ... [encourage] professors and students at other law schools to take on hitherto defenseless people being pilloried by the corporate music industry.'"



Interesting debate. Is it too tough if it is an adoption of “Best Practices?”

http://www.pogowasright.org/article.php?story=20081204110815849

Mass. 201 CMR 17: The Darkness and the Light

Thursday, December 04 2008 @ 11:08 AM EST Contributed by: PrivacyNews

Debate is under way in Massachusetts regarding a tough new data protection law designed to prevent security breaches and identity theft. Specifically, discussion is centered around whether the new law is too tough, just right or too little, too late.

.... CSOonline recently reached out to IT security practitioners in and out of the state to measure the mood. What follows is feedback from three such professionals:

Source - NetworkWorld



I hope they publish the raw data as well as their interpretation of the results. If not, expect the hacker Community to do it for them!

http://yro.slashdot.org/article.pl?sid=08%2F12%2F05%2F0355227&from=rss

Clarifying the Next Step in Australia's Net-Censorship Scheme

Posted by timothy on Friday December 05, @02:43AM from the ah-but-this-is-just-the-proof-of-concept dept. Censorship The Internet

teh moges writes

"I recently received a response from the Minister for Broadband, Communications and the Digital Economy, Senator Stephen Conroy, regarding issues I had with the ISP filtering proposed for Australia. My comment can be summed up by 'Any efficient filter won't be effective and any effective filter won't be efficient.' His response clarifies the issue of using the blacklist for censorship."

Read on for the gist of Conroy's mistakes-were-made response, which seems to sidestep teh moges' critique, but offers Australian Internet users some idea of what they're in for.

From Conroy's email in response: "...concerns have been raised that filtering a blacklist beyond 10,000 URLs may raise network performance issues... The pilot will therefore seek to also test network performance against a test list of 10,000 URLs ... As this test is only being performed to test the impact on network performance against a list of this size, and actual customers are not involved,the make-up of the list is not an issue."

teh moges continues: "My initial query about the lack of effectiveness of the filter still stands, however it is important that the censorship issue is clarified. It seems, at least for now, that the trial that will begin on December 24th for the '10,000' list is for testing purposes, rather then using a list that will be used later. Still, no information on a guarantee of regulation is provided, so there is still a long way to go before this ISP filtering gains support, especially given Senator Stephen Conroy's lack of ability to answer questions in media conferences."



“We're proud to announce the dis-improvement of our product?” Note: there are lots of free password crackers out there.

http://www.infoworld.com/article/08/12/05/Adobe_admits_new_PDF_password_protection_is_weaker_1.html?source=rss&url=http://www.infoworld.com/article/08/12/05/Adobe_admits_new_PDF_password_protection_is_weaker_1.html

Adobe admits new PDF password protection is weaker

Changes to the algorithm used to password-protect PDF documents in Acrobat 9 make it much easier to recover a password and raise concern over the safety of documents

By Jeremy Kirk, IDG News Service December 05, 2008

Adobe made a critical change to the algorithm used to password-protect PDF documents in Acrobat 9, making it much easier to recover a password and raising concern over the safety of documents, according to Russian security firm Elcomsoft. [Is it possible Adobe didn't notice? Bob]

Elcomsoft specializes in making software that can recover the passwords for Adobe documents. The software is used by companies to open documents after employees have forgotten their passwords, and by law enforcement services in their investigations.



For those of us looking for a good RSS tool?

http://mashable.com/2008/12/04/google-reader-gets-a-major-makeover-it-rocks/

Google Reader Gets a Major Makeover; It Rocks

December 4, 2008 - 2:46 pm PDT - by Adam Ostrow

Google Reader has just launched a major redesign to its interface, addressing many of the top concerns of users of the popular RSS reader.

... Google Reader team has a full explanation of the changes available on their blog.




http://www.killerstartups.com/Video-Music-Photo/radiobeta-com-getting-in-tune-with-the-world

RadioBeta.com - Getting In Tune With The World

http://www.radiobeta.com

Do you enjoy radio on the web? If the answer to that question is an affirmative one, a visit to the site is the order of the day. Through the site, you will be able to create an account where you can keep all your favorite radios and access them from anywhere there is a web-enabled computer, as well as making personalized playlists reflecting your tastes.

... Registration to the site is the only requisite that has to be complied with in order to join in the action, and this is a free and uncomplicated process – you simply furnish some account particulars and provide some contact information.



For my website class – start selling online! (I WANT A CUT.)

http://www.killerstartups.com/eCommerce/netrocart-com-e-commerce-solutions

NetroCart.com - E-commerce Solutions

http://www.netrocart.com

Are you in the process of launching your very own online store yet feel not everything is falling into place? If that happens to be the case, help can always be procured online. NetroCart is one of many companies that offers solutions aiming to equip prospective online store owners with the tools for coping with the demands of modern businesses.

... The site includes some very illustrative video tutorials that can be watched in order to have a better appreciation of the services on offer, and these are augmented by a “Demos” category that will enable you to see an e-commerce site in full swing.

All in all, the site bears an interesting number of features that are bound to appeal not just to those who are starting out but also to those who aim to have a better outreach and consolidate the web presence of their businesses.



This could be useful for classes like statistics or data mining

http://developers.slashdot.org/article.pl?sid=08%2F12%2F05%2F1412223&from=rss

Amazon Launches Public Data Sets To Spur Research

Posted by kdawson on Friday December 05, @09:44AM from the put-it-there dept. Databases Science

turnkeylinux writes

"Amazon just launched its Public Data Sets service (home). The project encourages developers, researchers, universities, and businesses to upload large (non-confidential) data sets to Amazon — things like census data, genomes, etc. — and then let others integrate that data into their own AWS applications. AWS is hosting the public data sets at no charge for the community, and like all of AWS services, users pay only for the compute and storage they consume with their own applications. Data sets already available include various US Census databases, 3-D chemical structures provided by Indiana University, and an annotated form of the Human Genome from Ensembl."

No comments: