Saturday, May 10, 2008

Another big Friday (day when no one reads the news) for Identity Theft announcements. Also a disturbing trend to push notification responsibility to others.



It looks like this SunGard breach will trickle in all summer.

http://www.pogowasright.org/article.php?story=20080509145826822

Former St. John's University students' personal info on stolen laptop (SunGard update)

Friday, May 09 2008 @ 02:58 PM EDT Contributed by: PrivacyNews News Section: Breaches

St. John's University has notified the Maryland Attorney General's office that some of their former students had personal information on the laptop stolen in March from an employee of SunGard Higher Education.

Although the laptop was stolen on March 13, St. John's reports that they were not notified until April 10.

In their notification letter to former students, Joseph J. Tufano, the Vice President of Information Technology, notes that although the university cannot be certain, [Far too common. Suggests they didn't know what SunGard was doing “for them?” Bob] the laptop appears to have contained data on students who were enrolled in 2001, including their name, address, and Social Security number.

The university has offered to reimburse affected students for both one year of credit monitoring from Experian for the cost of freezing and unfreezing their credit report (once each) during the next 12 months if the individual submits an invoice from the three major credit bureaus.


Another college, but no mention of the number of students impacted.

http://www.pogowasright.org/article.php?story=20080509152349221

Bryant & Stratton students told that their data was on stolen laptop (SunGard update)

Friday, May 09 2008 @ 03:23 PM EDT Contributed by: PrivacyNews News Section: Breaches

Bryant & Stratton College in New York reports that its students were among those who had personal information on a laptop stolen from an employee of SunGard HE.

As numbers become available, this entry will be updated.



Looks like SunGard is negotiating with each university individually...

http://www.pogowasright.org/article.php?story=20080509143756841

Software Vendor Has Agreed to Pay for Credit Monitoring for Students (SunGard update)

Friday, May 09 2008 @ 02:37 PM EDT Contributed by: PrivacyNews News Section: Breaches

Richard Blumenthal, Connecticut’s attorney general, said he is encouraged by SunGard’s response this week to his questions regarding the steps the software company has taken to protect students’ personal data.

... In a phone conversation Thursday, Mr. Blumenthal said SunGard has agreed to pay for two years of credit monitoring and $2,500 in identity-theft insurance for each of the affected students in Connecticut. However, SunGard has declined to pay for students to freeze and unfreeze their credit reports, as the attorney general requested. He said officials from his office will be meeting with those from SunGard to discuss the issue.

Source - Chronicle of Higher Education



Another “It's not my job” approach to informing Identity Theft victims.

http://www.pogowasright.org/article.php?story=20080509090821906

Theft of tax data spurs change in process (follow-up)

Friday, May 09 2008 @ 09:08 AM EDT Contributed by: PrivacyNews News Section: Breaches

After 10 days of dealing with the aftermath of a stolen bank courier vehicle, Iredell County officials are changing the way they handle processed tax payments.

... While the information was recovered during a traffic stop May 2, the county is moving toward a more computerized system and reducing the number of unprocessed items transported by courier, Furches said.

Source - Mooresville Tribune

[From the article:

Iredell County Manager Joel Mashburn said First Citizens officials told the county it was the bank’s responsibility to inform taxpayers’ banks, and then it was up to the individual banks to inform the account holder.



She was authorized (from the computer's access rules) to see this information. How do you determine that an individual access was not authorized? Interesting management problem.

http://www.pogowasright.org/article.php?story=20080509144243959

Ex-911 operator accused of illegal database searches

Friday, May 09 2008 @ 02:42 PM EDT Contributed by: PrivacyNews News Section: Breaches

A former city 911 operator faces multiple felony counts for illegally searching state driving records and state police databases that included the FBI's terrorist watch list, officials said Wednesday.

The fired employee, Nadire P. Zenelaj, 32, of Rochester insists she did nothing wrong and is being singled out because she is Muslim.

... Richard Vega, director of the city's Office of Public Integrity, said Zenelaj was "running personal information on herself, on her family and on friends. I think it went beyond curiosity. ... We think she was accessing this information to pass it on to others." [Homeland Security must start with this assumption, but if I remember correctly, they still have to prove it in court. Bob]

At least one of the 227 names that Zenelaj searched for was on the terrorist watch list, [Ted Kennedy? Bob] according to police. She was fired in December, arrested Tuesday and pleaded not guilty Wednesday to misdemeanor official misconduct and 232 felony counts of computer trespass — one for each allegedly illegal search.

Source - Democrat and Chronicle hat-tip, The Jawa Report

[From the article:

In a telephone interview, she said that when she was trained on the database systems, instructors told her that she needed to practice and that was all she was doing.

"It was a common practice in the office," she said of nonofficial searches, adding: "I never disseminated any information to anybody. I kept my obligations to my employer."


Another “insider” job and another potentially huge breach that is staying under the radar?

http://www.pogowasright.org/article.php?story=20080509181226696

SC: Prisoners' ID Theft Scheme Grabs Lawmaker's Attention

Friday, May 09 2008 @ 06:12 PM EDT Contributed by: PrivacyNews News Section: Breaches

A credit card scheme linked to Lee Correctional Facility stretches all the way to California and back. While authorities in Dyer, Indiana investigate one case, SC lawmakers are expressing their concerns.

News 19 continues its investigation into a credit card scheme involving some South Carolina prisoners. The inmates were granted access to the personal information of dozens of Citibank customers.

Source - WLTX

[From the article:

... the case in Dyer was among dozens nationwide. A stolen identity scheme involving Citibank employees and prisoners at Lee Correctional Facility in South Carolina.

... But it doesn't shock Department of Corrections Director, Jon Ozmint. He's known about the scheme for months. [So much for disclosure laws... Bob]

... State and federal agencies are also investigating the case. No charges have been filed and no arrests have been made.



For your Security Manager

http://www.infoworld.com/article/08/05/09/Hackers-find-a-new-place-to-hide-rootkits_1.html?source=rss&url=http://www.infoworld.com/article/08/05/09/Hackers-find-a-new-place-to-hide-rootkits_1.html

Hackers find a new place to hide rootkits

A pair of security researchers has developed a new kind of rootkit, called an SSM, that hides in an obscure part of the processor that is invisible to antivirus apps

By Robert McMillan, IDG News Service May 09, 2008

... Called an SSM (System Management Mode) rootkit, the software runs in a protected part of a computer's memory that can be locked and rendered invisible to the operating system but which can give attackers a picture of what's happening in a computer's memory.

... SMM dates back to Intel's 386 processors, where it was added as a way to help hardware vendors fix bugs in their products using software. The technology is also used to help manage the computer's power management, taking it into sleep mode, for example.



Ditto! Perhaps it's not ready for prime time? (Is this a problem of non-compliant hardware?)

http://www.infoworld.com/article/08/05/09/XP-SP3-cripples-some-PCs-with-endless-reboots_1.html?source=rss&url=http://www.infoworld.com/article/08/05/09/XP-SP3-cripples-some-PCs-with-endless-reboots_1.html

XP SP3 cripples some PCs with endless reboots

Windows blogger has tentatively identified XP SP3's endless reboot problem as involving only machines using processors from AMD

By Gregg Keizer, Computerworld May 09, 2008



Interesting. “Double Secret Probation” rules are in effect!

http://www.pogowasright.org/article.php?story=20080509174418813

EPIC Prevails in Virginia Fusion Center FOIA Case

Friday, May 09 2008 @ 05:44 PM EDT Contributed by: PrivacyNews News Section: In the Courts

Yesterday, Richmond General District Court held that EPIC "substantially prevailed" on the merits of its freedom of information lawsuit against the Virginia State Police. EPIC filed the case after the State Police refused to disclose documents describing the federal government's involvement in efforts to limit Virginia's transparency and privacy laws. Through the litigation, EPIC uncovered a secret contract between the State Police and the FBI that limits the rights of Virginia citizens to learn what information the State Police collect about them. The court's letter opinion requires the State Police to pay EPIC's litigation costs, but not its attorneys' fees.

Source - EPIC.org



I doubt this will have much impact one way or another, but we'll have to wait and see.

http://yro.slashdot.org/article.pl?sid=08/05/09/223219&from=rss

RIAA Lawyer Jumps Ship

Posted by ScuttleMonkey on Friday May 09, @07:22PM from the bigger-better-deal dept. The Courts Media

NewYorkCountryLawyer writes

"The RIAA's top litigation lawyer, who has been personally leading the RIAA's litigation campaign for the past several years, Richard Gabriel, will be leaving his law practice, after getting a job as a state court judge for a 2-year term in Colorado. What this will mean to the RIAA's litigation machine is anyone's guess. Mr. Gabriel has personally argued all of the RIAA's main cases, including Elektra v. Barker, Atlantic v. Howell, Atlantic v. Brennan, Capitol v. Foster, Atlantic v. Andersen, UMG v. Lindor, and London-Sire v. Doe 1, and personally tried the Capitol v. Thomas case, the only RIAA case that has ever gone to trial. He was working directly under the supervision of the RIAA's mysterious 'representative' Matthew Oppenheim."



Truth is stranger than fiction...

http://www.money.co.uk/article/1000390-13-year-old-steals-dads-credit-card-to-buy-hookers.htm

13 Year Old Steals Dad's Credit Card to Buy Hookers

Published on 9 May 2008

A 13 year old from Texas who stole his Dad's credit card and ordered two hookers from an escort agency, has today been convicted of fraud and given a three year community order.

Ralph Hardy, a 13 year old from Newark, Texas confessed to ordering an extra credit card from his father's existing credit card company, and took his friends on a $30,000 spending spree, culminating in playing "Halo" on an Xbox with a couple of hookers in a Texas motel.

The credit card company involved said it was regular practice to send extra credit cards out as long as all security questions are answered.

The escort girls who were released without charge, told the arresting officers something was up when the kids said they would rather play Xbox than get down to business.

Police said they were alerted to the motel by a concerned delivery clerk, whom after delivering supplies of Dr Pepper, Fritos and Oreos had been asked by the kids where they could score some chicks and were willing to pay. They explained they had just made a big score at a "World of Warcraft" tournament and wanted to get some relaxation. On noting the boys age the delivery clerk informed the authorities.

When police arrived at the motel they found $3,000 in cash, numerous electronic gadgets, an Xbox video console with numerous games, and the two local escort girls.

Ralph had reportedly told police that his father wouldn't mind, as it was his birthday last week and he had forgot to get him a present. The father, a lawyer said he had been too busy, but would take him on a surprise trip to Disneyland instead.

Asked why he ordered two escorts, Ralph said he thought it was the thing to do when you win a "World of Warcraft" tournament. They told the suspicious working girls they were people of restricted growth working with a traveling circus, and as State law does not allow those with disabilities to be discriminated against they had no right to refuse them.

The $1,000 a night girls sensing something up played "Halo" on the Xbox with the kids, instead of selling their sexual services.

Ralph's ambition is to one day become a politician.

Friday, May 09, 2008

Small scale, but a failure of Access Management.

http://www.pogowasright.org/article.php?story=20080508190031476

DU Students, Alums Warned Of Security Breach

Thursday, May 08 2008 @ 07:00 PM EDT Contributed by: PrivacyNews News Section: Breaches

Some Dominican University students and alumni were notified this week of a breach in security that could have put their personal information at risk.

The university said two students were able to access records on a staff network storage area in April. The files were three spreadsheets from 2003, 2005 and 2007. The data included the names, addresses, phone numbers, birthdays and Social Security numbers of more than 5,000 students, NBC5's Charlie Wojciechowski reported.

Source - NBC5.com

[From the article:

"Dominican University takes information security very seriously. In April, we discovered that two student workers had accessed Excel files containing limited student data by misusing passwords related to their work-study employment [In other words, their access was too broad. Instead of accessing only the files and programs required to do their work, they had access to files they should not have seen... Apparently no managers were disciplined. Bob]



Interesting hobby? (see next article)

http://www.pogowasright.org/article.php?story=20080508100900334

Teenage Hacking Gang Busted in Bavaria

Thursday, May 08 2008 @ 10:09 AM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

Experts at SophosLabs(TM), Sophos's global network of virus, spyware and spam analysis centers, have welcomed the news that German authorities have apprehended 11 people suspected of running a hacking ring.

According to media reports, police arrested suspects aged between 15 and 22 years old in Baden-Württemberg, Hamburg, Lower Saxony North Rhine-Westphalia and Rhineland-Palatinate and confiscated computers for forensic examination.

According to Ausberg police spokesman Manfred Gottschalk, seven of the suspects are under 18 years of age.

Source - Kansas City InfoZine

[From the article:

The gang is said to have been based around an internet forum called 'hacksector' which boasted more than 33,000 members. Authorities claim that the German-language site principal discussions were around hacking and the exchange of stolen credit card information. There was also information published explaining how to create fake German identity cards within minutes. [Makes you wonder about the security of Real ID... Bob]


...or profitable business? Higher priced than I thought, but volume discounts are probably available...

http://www.news.com/8301-10784_3-9939862-7.html?part=rss&subj=news&tag=2547-1_3-0-5

May 8, 2008 5:52 PM PDT

What is your stolen data worth?

... McAfee Avert Labs has discovered a price list that criminals use to buy and sell credit card numbers, bank account log-ins, and other consumer data that have been filched from unsuspecting Web surfers.

[From the article:

It is also possible to purchase skimmers (for ATM machine) [I knew there had to be an Amazon-like hacker supply store. Bob] and “dump tracks” to create fake credit cards. Here too, cost is in touch with the quality:



I will be interested to see how this can be implemented, but I bet the agreement itself is “confidential” (translation: Don't show this to anyone with technical knowledge!)

http://tech.slashdot.org/article.pl?sid=08/05/09/0421208&from=rss

Facebook Agrees To User Safety Plan

Posted by Soulskill on Friday May 09, @05:18AM from the i'm-like-totally-18 dept.

Facebook has reached an agreement with the attorneys general of 49 states and the District of Columbia to develop and enhance controls to protect minors from inappropriate content. This follows a similar commitment from MySpace several months ago. The lone holdout in each case was Texas. News.com notes:

"In the deal, the social network has agreed to develop age verification technology, send warning messages when an under-18 user may be giving personal information to an unknown adult, restrict the ability for people to change their ages on the site, and keep abreast of inappropriate content and harassment on the site. While the agreement is with U.S. state authorities, Kelly said that the tools deployed will apply to Facebook's international users as well. More than half of the site's 70 million users are outside the U.S."



You can justify anything if your try...

http://www.pogowasright.org/article.php?story=20080508164422468

UK: Database logs 'dishonest' employees

Thursday, May 08 2008 @ 04:44 PM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

Companies have launched a database which allows them to share details of employees accused of dishonesty at work.

The National Staff Dismissal Register lets firms log details of staff caught stealing, committing fraud or damaging company property.

Other companies can then use the database to check job applicants' history.

Trade Unions and Civil Liberties groups condemned the move. GMB General Secretary Paul Kenny said: "There will be an enormous kick back against this and GMB as the major union for shop workers will lead the charge."

Source - Grimsby Telegraph

[I found it at: http://ukpress.google.com/article/ALeqM5i9kmH9G2Z2AI6k44VxUglJnCn8_w Bob]

[From the article:

But organisers Action Against Business Crime said the database complied with data protection laws and said 99% of people logged would have their details removed after three years.

... He said: "This is no blacklist. Not everybody who has been dismissed will go on the database. [But everyone on the database will be blacklisted... Bob]



Today's good news/bad news (which has no effect on us Firefox users) There is a work around...

http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=9083318

Microsoft warns of IE7 lock-in with XP SP3

Gregg Keizer

May 06, 2008 (Computerworld) Microsoft Corp. has warned users updating to Windows XP Service Pack 3 (SP3) that they won't be able to downgrade from Internet Explorer 7 to the older IE6 without uninstalling the service pack.

The warning first appeared in a post Monday to a company blog written by the Internet Explorer development team. Microsoft released Windows XP SP3 to Windows Update as an optional download Tuesday.

... The inability to downgrade to IE6 after installing XP SP3 was by design, said Maliouta, because the service pack includes newer versions of the old browser's files.



Intellectual(?) Property?

http://techdirt.com/articles/20080506/1310251047.shtml

The Happy Birthday Copyright Saga: Generating Millions On A Copyright That May Not Exist

from the but-would-anyone-test-it-in-court? dept

In the past we've joked about the (supposed) fact that the song "Happy Birthday" remains under copyright, due to a copyright originally held by sisters Mildred and Patti Hill, the claimed original authors of the song. However, William Patry points us to a fascinatingly detailed research paper into questions surrounding the copyright. What comes out of it is pretty strong evidence that the copyright is not valid -- but it's never gotten far enough in court to have a decision rendered. Plus, it sounds like many aspects of the "history" of the song really appear to be close to a myth.

The sisters in question may have written the melody, but they almost definitely did not write the lyrics (their original copyright was on a different set of lyrics, "Good Morning to All"). As for the melody, there's plenty of evidence to suggest that it was actually taken from a series of extremely similar songs. So, there's a good chance they wrote neither the melody nor the lyrics. Also, there are numerous questions concerning whether or not the copyright holders correctly followed the various rules required of copyright holders at the time, suggesting that even if there were a legal copyright at some point, it's long since expired. And, of course, there's even some evidence to suggest less-than-legal tactics involved with transferring around some of the interest in the song. Amazingly, however, the legitimacy of the copyright has never been determined in court, and it now generates over $2 million per year. Over 1% of the money that ASCAP distributes to songwriters is for this one song, even though it may not be legitimate. Somehow, I doubt this is what the Founding Fathers intended when they wrote the Constitution.



Not one, but two Digg stories on this. Perhaps this will become the next geek plaything? (I wonder if the Culinary Institute knows this recipe?)

http://www.popularmechanics.com/blogs/science_news/4262690.html

Micro Fueler Is First Ethanol Kit for Brewing Backyard Biofuels on the Cheap

May 8, 2008

NEW YORK — This morning, the E-Fuel Corporation, a Silicon Valley startup, introduced the first ethanol refinery system designed for home use. The Micro Fueler, a backyard fueling station, can create pure E100 ethanol from sugar feed stock. “It’s third-grade science,” says Thomas Quinn, founder and CEO of E-Fuel. “You just mix together water, sugar and yeast, and in a few hours, you start getting ethanol.” The $9995 Micro Fueler has a can fill its own 35-gallon tank in about a week by fermenting the sugar, water and yeast internally, then separating out the water through a membrane filter.

Thursday, May 08, 2008

Enquiring hackers want to know! Being highly visible is not the same as being highly secure. I doubt there was a great loss of treasure, but a certain amount of credibility has clearly gone south.

http://www.pogowasright.org/article.php?story=20080508062418831

Ie: Data Commission subject of security breach

Thursday, May 08 2008 @ 06:24 AM EDT Contributed by: PrivacyNews News Section: Breaches

The office of the Data Protection Commissioner, which aims to protect people's privacy, has been the subject of a security breach.

A blogger succeeded in getting access to information on the commissioner's website, which was not due to be released until later this morning.

Details of the Data Protection Commissioner's Annual Report for 2007 were published on an Irish blog yesterday. The full report will be released at 11am.

Source - RTÉ

[The report is availble here: http://www.dataprotection.ie/docs/Home/4.htm or from your friendly neighborhood hacker... Interesting “Top Ten Threats to Privacy” list Bob]



This is small, but the police comments are new. (My guess is the hardware is made right next to the license plate lines...)

http://www.pogowasright.org/article.php?story=20080507181238775

Word spreads in Los Gatos on ATM thefts (update)

Wednesday, May 07 2008 @ 06:12 PM EDT Contributed by: PrivacyNews News Section: Breaches

From Blossom Manor to Almond Grove, through e-mails, doctor's offices and while dropping off the kids at kindergarten, word spread quickly last week that a massive identity theft crime had hit Los Gatos.

Police say that at least 212 people had their debit card and personal identification numbers stolen while shopping at Lunardi's Supermarket, 720 Blossom Hill Road.

Source - Mercury News

[From the article:

"What we have here is more than one person; they've been able to get in [Lunardi's] and switch out the ATM card reader," Sgt. Tam McCarty said. "Once they've done that they can read the card and PIN numbers and either make a temporary card or sell the numbers over the phone."

... Police chief Scott Seaman said investigating the Lunardi's thefts has been complicated by the fact that there are so many victims and different banks involved. He said the fact that the cash withdrawals have occurred in Southern California is yet another complication. [Not sure why that would be. Bob]

... Kalogeros described the Lunardi's crime as "fairly new," adding, "There's actually going to be another type of crime coming up involving radio frequency identification tags."

"The new cards that you touch to the reader using RFID technology can actually be read from up to 10 feet away," he said. "So, for example, you could go up to a drive-through and use your card, and a criminal sitting in the parking lot could potentially download your information."

Kalogeros said when banks send customers the tap cards, they are shipped in a foil sleeve for protection. He advised people to do the same thing. "You can buy a little wire mesh slipcover for about $8."



This happens when you assign a junior geek to create the portal and assume said geek knows you want it fully secured.

http://www.pogowasright.org/article.php?story=20080508072048718

Adobe portal site exposed edu software users' information

Thursday, May 08 2008 @ 07:20 AM EDT Contributed by: PrivacyNews News Section: Breaches

Lawyers for Adobe Systems Inc. have notified the New Hampshire Attorney General's office of a web security incident that occurred in April. In the notification to the state, Mauricio F. Paez writes: ".... It appears that certain personal information was stored on a server accessed via an Adobe website portal at a time when the server did not contain security or authentication procedures. The server was created to allow customers to upload information in order to enable Adobe to validate a customer's qualification to purchase certain education software." The notification letter did not reveal for how long the security problem existed before it was detected, not how many individuals, total, may have had their data exposed.

The personal information collected by Adobe included pretty much everything except the kitchen sink and the client's first-born child:

"Based on our investigation to date, we believe some combination of the following information may have been exposed for the customers we are notifying: name, address. home and/or cellular phone number, email address, date of birth, school name, partial or full credit card number, credit card expiration date, credit card security code, partial or full bank account number, partial or full social security number, school identification card, driver's license number, government identification, military identification number, and copy of signature."

As in other breaches recently reported in the news such as the WellPoint breach, Adobe apparently did not discover the problem through its own security checks, but was notified of the problem by a customer.



The bad side of having instant brand recognition is that everyone knows who screwed up! Question: Is this really four separate incidents?

http://www.pogowasright.org/article.php?story=20080508073738366

Stolen Saks Fifth Ave. laptops contained customer data

Thursday, May 08 2008 @ 07:37 AM EDT Contributed by: PrivacyNews News Section: Breaches

Department store Saks Fifth Avenue has notified the New Hampshire Attorney General's office that in mid-April 2008, it learned that four company laptops were stolen. Two of the stolen laptops contained "several files that included customer names, addresses, Saks Fifth Avenue credit card account numbers, and/or Saks Fifth venue/MasterCard co-branded credit card account numbers." Approximately 163 New Hampshire residents had data on the laptops; the number of customers nationwide was not indicated. Nor did the notification whether the company laptops were stolen from offices, unattended vehicles, or employees' homes.

Saks reported that, "Based on our investigation, we have confirmed that these files did not include Social Security numbers, the credit cards' expiration dates, pin numbers, codes, or passwords, or any other types of sensitive data."

In its letter to affected customers, Saks did not offer any free services, explaining that they believed the risk of misuse was very low. Somewhat atypically for such disclosures, they included a statement to those affected, "Nor was this a breach of our network, website, or database (as is typical in many company breaches covered by the news)." Whether Saks believes that theft of laptops is somehow not as bad as hacking into a web site is unclear at this time.



When you need a computer, steal a laptop. When you need to host a lot of stolen credit information, you need a server... (“We don't need to encrypt the data, the front door is closed... usually.”)

http://www.pogowasright.org/article.php?story=20080508062546886

HSBC admits huge data loss in Hong Kong

Thursday, May 08 2008 @ 06:25 AM EDT Contributed by: PrivacyNews News Section: Breaches

Banking giant HSBC was under fire Thursday after admitting it had lost the data of 159,000 accounts from a Hong Kong branch.

The data was held on an Internet server which is understood to have gone missing from the Kwun Tong branch of the bank while it was undergoing renovation last month.

The loss was reported to the police and the Hong Kong Monetary Authority April 26, but many customers affected only learnt of the security breach after reading reports in the local media.

In a statement issued Wednesday, the bank acknowledged a server had disappeared containing the account numbers, names and transaction details of 159,000 accounts.

Source - mangalorean.com

[From the article:

However, it said the server did not contain customers PIN numbers or user IDs and insisted that the likelihood of anyone gaining access to the data was low, as the server was protected by multiple security systems. [but not enough to keep it from walking out the door... Bob]



Another small case of a server being stolen. Perhaps the e-crooks are equipping a data center in their secret lair?

http://www.pogowasright.org/article.php?story=20080508081515306

UK: Bank details safe after computer thefts

Thursday, May 08 2008 @ 08:15 AM EDT Contributed by: PrivacyNews News Section: Breaches

THE ORGANISERS of an international music festival say customers' details are safe after their website servers were stolen from a High Wycombe software company.

Burglars broke into the offices of Opal communications company in Cressex Business Park at around 10.30pm on Sunday. They used a stepladder to gain access to a first floor window. [“We put our computers on the second floor. We call that “Heightened Security” Bob]

When inside they stole computer accessories, software and hard drives including those used to power the website of the World of Music, Arts and Dance (WOMAD) music festival.

... Mr Wood said that all of the confidential information of customers who bought tickets to the festival are stored in a secure location, so no bank details have been lost.

Source - Bucks Free Press



Alert the folks at Guinness! It is inevitable that you will care for and improve any tool that makes you money.

http://www.infoworld.com/article/08/05/08/Parasitic-botnet-spams-60-billion-a-day_1.html?source=rss&url=http://www.infoworld.com/article/08/05/08/Parasitic-botnet-spams-60-billion-a-day_1.html

Parasitic botnet spams 60 billion a day

Srizbi botnet is responsible for 50 percent of all spam and is the biggest of its kind in history, researchers say

By Darren Pauli, Computerworld Australia May 08, 2008

The Srizbi botnet has stormed over its competition to become the Internet's biggest spammer.

Researchers claim the botnet is responsible for 50 percent of all spam, and is the biggest of its kind in history.



I have good news and I have bad news...

http://www.pogowasright.org/article.php?story=20080507152103713

UK: 2008 Information Security Breaches Survey

Wednesday, May 07 2008 @ 03:21 PM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

Survey conducted by PriceWaterhouseCoopers in conjunction with Symantec for the Department for Business, Enterprise and Regulatory Reform:

Throughout history, the sea has been the lifeblood of commerce. Today, the Internet is the modern sea, carrying electronic commerce and communications around the world. Since the turn of the century, that sea has been rough, with wave after wave of viruses and hacking attacks crashing into the cyber ports. Over time, the harbour defences have improved, and now within those firewalls, the waters appear calmer.

Yet, there remain some fundamental contradictions. 79% of businesses believe they have a clear understanding of the security risks they face, but only 48% formally assess those risks. 88% are confident that they have caught all significant security breaches, but only 56% have procedures to log and respond to incidents. 81% believe security is a high priority to their board, but only 55% have a security policy. 77% say protecting customer information is very important, but only 11% prevent it walking out of the door on USB sticks. 71% have procedures to comply with the Data Protection Act, but only 8% encrypt laptop hard drives.

Source - Department for Business, Enterprise and Regulatory Reform (UK) [pdf]



Should be interesting.

http://www.pogowasright.org/article.php?story=20080507151305801

FBI Withdraws Unconstitutional National Security Letter After ACLU and EFF Challenge

Wednesday, May 07 2008 @ 03:13 PM EDT Contributed by: PrivacyNews News Section: In the Courts

The FBI has withdrawn an unconstitutional national security letter (NSL) issued to the Internet Archive after a legal challenge from the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF). As the result of a settlement agreement, the FBI withdrew the NSL and agreed to the unsealing of the case, finally allowing the Archive's founder to speak out for the first time about his battle against the record demand.

Source - EFF

Related - Threat Level: FBI Targets Internet Archive With Secret 'National Security Letter', Loses

[From the article:

This lawsuit is the first known challenge to an NSL served on a library since Congress amended the national security letter provision in 2006 to limit the FBI's power to demand records from libraries.

For the newly unsealed documents (still partially redacted):

http://www.eff.org/cases/archive-v-mukasey?docs

For more information about this case:

http://www.eff.org/cases/archive-v-mukasey

For more information on NSLs:

http://www.eff.org/issues/foia/07656JDB



Good Morning, Vietnam! Looks like there are still a few of us older geeks working on Firefox.

http://tech.slashdot.org/article.pl?sid=08/05/08/1236229&from=rss

Firefox Vietnamese Language Pack Infected With Trojan

Posted by timothy on Thursday May 08, @09:16AM from the when-childhood-goes-wrong dept.

An anonymous reader writes "Wired.com is reporting that the Firefox browser has been unknowingly distributing a trojan with the Firefox Vietnamese language pack. Over 16,000 downloads of the pack occurred since being infected. This highlights a risk on relying on user-submitted Firefox extensions, or a lack of peer-review of the extensions, many of which receive frequent upgrades."



http://blog.wired.com/27bstroke6/2008/05/national-intell.html

National Intelligence Agency Breaks Out RSS Feed

By David Kravets May 06, 2008 | 6:29:05 PM

The Office of the Director of National Intelligence, which controls 16 federal agencies that make up the U.S. intelligence community, is engaged in a technological revolution of sorts.

On at least one technological front, the office on Tuesday broke out an RSS feed on its flashy, newly designed public web site.



Did you pay for “Unlimited” Internet access?

http://torrentfreak.com/test-does-your-isp-slow-down-bittorrent-traffic-080507/

Test: Does Your ISP Slow Down BitTorrent Traffic?

Written by Ernesto on May 07, 2008

A while back we posted about the plugin Azureus had developed, which allowed people to check whether their ISP is interfering with their traffic. The results showed that indeed quite a few ISPs were, but the plugin didn’t provide the user with direct feedback.

The new tool developed by the “max planck institute for software systems” can be used without having to run your BitTorrent client, and compares BitTorrent traffic to regular traffic. On top of that, it will give you more information than the Azureus plugin does.



Cool! I'll have to use this as a model for my Computer Security Final Exam! (Doesn't sound like it will be a widespread attack tool...)

http://www.infoworld.com/article/08/05/07/Zero-day-treasure-hunt-researcher-hides-IE-attack-on-Web_1.html?source=rss&url=http://www.infoworld.com/article/08/05/07/Zero-day-treasure-hunt-researcher-hides-IE-attack-on-Web_1.html

Zero-day treasure hunt: Researcher hides IE attack on Web

Aviv Raff has discovered zero-day vulnerability in Internet Explorer that would allow an attacker to take control of a victim's PC

By Robert McMillan, IDG News Service May 07, 2008

Security researcher Aviv Raff has published code that would allow someone to take control of a computer running Internet Explorer, but there's a catch. He's not saying exactly where he's hidden the attack.

"Somewhere in my blog, I embedded a proof-of-concept code that exploits this zero-day vulnerability," Raff wrote in a Wednesday blog posting. A zero-day attack is a previously undisclosed software flaw that has not been fixed by the software maker.



L'il Abner's dream job. Paid for by taxpayers.

http://science.slashdot.org/article.pl?sid=08/05/08/0325252&from=rss

NASA Offers $5000 a Month For You to Lie in Bed

Posted by samzenpus on Thursday May 08, @07:57AM from the I-know-someone-perfect-for-this dept. NASA Science

tracer818 writes

"In order to study a person as if they were in space without gravity, NASA scientists are paying subjects $17,000 to stay in bed for 90 straight days. The study will follow the Bed Rest Project standard model and be conducted at the University of Texas Medical Branch in Galveston, Texas. Participants will live in a special research unit for the entire study and be fed a carefully controlled diet." [Schmoo? Bob]



Dilbert explains statistics... Again.

http://dilbert.com/strips/comic/2008-05-08/

Wednesday, May 07, 2008

“You were serious about that?” Joe Pesci in “My Cousin Vinnie” (Anyone want to take my wager that there is still classified information on these computers?)

http://www.pogowasright.org/article.php?story=20080507062007777

State Department Says ‘Missing’ Laptops Have Been Located

Wednesday, May 07 2008 @ 06:20 AM EDT Contributed by: PrivacyNews News Section: Breaches

The State Department says it has found the 400 laptops that CQ reported were unaccounted for last week.

A senior official in the department’s Office of the Inspector General, speaking only on a not-for-attribution basis, acknowledged that managers in the Diplomatic Security service had lost track of the computers, which are destined for friendly foreign police services.

But he said that they were located “within 24 hours” after CQ reported them missing over the weekend.

“We didn’t start looking until Monday morning, and found that this may have been an internal management count (problem),” the official said. “By the end of the afternoon they found out they were in Springfield or Herndon or wherever [There is noting like specificity to make statements seem credible. Bob] they’re stored before they go overseas.”

Source - CQ Politics



A new crime trend? Willie Sutton robbed banks because “That's where the money is.” Not obviously an Identity Theft article, but their first priority is to get their store back up. Do you suppose they have names and credit card numbers on their servers?

http://hardware.slashdot.org/article.pl?sid=08/05/06/1639257&from=rss

Peter Gabriel's Web Server Stolen

Posted by timothy on Tuesday May 06, @01:14PM from the maybe-just-a-disgruntled-fan dept. Data Storage Music

miller60 writes

"Web servers hosting musician Peter Gabriel's web site have gone missing from their data center. "Our servers were stolen from our ISP's data centre on Sunday night — Monday morning," reads a notice at PeterGabriel.com. The incident is the latest in a series of high-profile equipment thefts in the past year, including armed robberies in data centers in Chicago and London. How secure is your data center?"



Targeting kids?

http://www.infoworld.com/article/08/05/06/Trojan-adware-hiding-in-MP3s-McAfee-says_1.html?source=rss&url=http://www.infoworld.com/article/08/05/06/Trojan-adware-hiding-in-MP3s-McAfee-says_1.html

Trojan adware hiding in MP3s, McAfee says

Once downloaded, these Trojan horse programs disguised as fake MP3 files try to install a shoddy media player and adware on user's computer

By Robert McMillan, IDG News Service May 06, 2008

... On Tuesday, security vendor McAfee reported that it's seen a huge spike in fake MP3 files spreading on peer-to-peer networks. Although the files have names that make them look like audio recordings, they're really Trojan horse programs that try to install a shoddy media player and adware on your computer, said Craig Schmugar, a researcher with McAfee.

"Once you run it, there is no content. You're taken to this site to install this player, which you don't really need," he said.



Another “Trojan” for the kids or something useful...

http://www.9news.com/rss/article.aspx?storyid=91292

Consumer Minute: Chrysler gas deal, smaller soft drinks, iHound cell phone finder

posted by: Mark Koebrich , 9NEWS Consumer Reporter

... A new program tracks missing and stolen iPods.

Dave Schuman of iHound Software created a free program that flashes up a message on the thief's computer when he hooks it to his own computer.

Not only that, the program sends the name of the computer, the name of the person logged in and the IP address back to iHound.

Schuman says iHound has already helped 10 people find their iPods.

The software works on anything with memory, from camera memory cards to flash drives.

You can find the software at www.ihoundsoftware.com.



Reputation management is the top concern. We have seen this in other recent surveys...

http://www.securityfocus.com/brief/732?ref=rss

Study: Security pros look to wireless, biometrics

Published: 2008-05-06

Companies plan to invest in wireless security and biometric technologies over the next year and increasingly view continuing education as a necessity to make their businesses more secure, according to a recently published survey.

The report, published by business-intelligence firm Frost & Sullivan and funded by security-certification group (ISC)2, found that companies in each of three major regions -- the Americas, Europe and Asia -- listed wireless-security, biometric-authentication and business-continuity systems in their top-5 technologies to deploy in the next year.



Interesting comments from the judge. He sees what the defendants can't?

http://blog.wired.com/27bstroke6/2008/05/judge-in-murdoc.html

Judge in Murdoch Hacker Trial Admonishes CEO

By Kim Zetter May 05, 2008 1:47:45 PM

A California judge overseeing the trial against a Rupert Murdoch company for allegedly hacking a competitor and helping pirates steal pay-TV content, admonished the CEO of the Murdoch firm for leaving the court without testifying. As a result of the CEO's action, the judge suggested that if his company loses the trial it could face shareholder lawsuits.



Future implications?

http://hardware.slashdot.org/article.pl?sid=08/05/07/1334246&from=rss

A Yottabyte of Storage Per Year by 2013

Posted by CmdrTaco on Wednesday May 07, @10:23AM from the more-bits-please dept. Data Storage

Lucas123 writes

"David Roberson, general manager of Hewlett-Packard's StorageWorks division, predicts that by 2013 the storage industry will be shipping a yottabyte (a billion gigabytes) of storage capacity annually. Roberson made the comment in conjunction with HP introducing a new rack system that clusters together four blade servers and three storage arrays with 820TB of capacity. Many vendors are moving toward this kind of platform, including IBM, with its recent acquisition of Israeli startup XIV, according to Enterprise Strategy Group analyst Mark Peters."



“Remember, we're a monopoly with the right to change our service agreements at any time...”

http://techdirt.com/articles/20080506/1750001049.shtml

Comcast Thinking About Overage Fees And Tiered Usage

from the please-don't-use-our-broadband dept

Following Time Warner's recent plans to test broadband caps and overage fees, Broadband Reports has the scoop that Comcast is very strongly considering the same thing. Unlike Time Warner Cable's plans to test super low caps, Comcast is looking at 250GB/month -- which it claims will only impact 0.1% of users. Overage fees will be pretty high, however: $15 charge for each 10 GB over the cap. [Who counts? Will there be notice when you reach the “Extra charges apply” level? Bob] Comcast will also give users one free "slip up" month per year, for those who go over just for that one month.

There are some good and bad things to this news. On the good side, it would represent a big step up for Comcast in terms of actually being transparent. The company has always had caps, but they've been totally secret "fuzzy caps." Users would have no idea if they had gone over until Comcast sent them a nasty letter telling them to cut down on usage -- or they would lose their account. That said, the problem with tiered broadband is that it can serve to hold back innovation. It puts a limit on what people can do online, just as ISPs should be encouraging more innovative uses. As higher bandwidth applications are coming, limiting the value of an internet connection doesn't seem particularly wise. Providers who embrace innovation and supply the bandwidth to support it will be rewarded with happy customers.



Clearly the strategy isn't to deter or capture criminals or terrorists. Look at what they have achieved.

http://www.timesonline.co.uk/tol/news/uk/crime/article3877670.ece

May 6, 2008

CCTV boom has not cut crime, says police chief

Billions of pounds spent on Britain’s 4.2 million closed-circuit television cameras has not had a significant impact on crime, according to the senior police officer piloting a new database.

Detective Chief Inspector Mick Neville said it was a “fiasco” that only 3 per cent of street robberies in London were solved using CCTV.

Mr Neville, who heads the Visual Images, Identifications and Detections Office (Viido) unit, told the Security Document World Conference that the use of CCTV images as evidence in court has been very poor.

“Billions of pounds have been spent on kit, but no thought has gone into how the police are going to use the images and how they will be used in court,” he told the conference.

... Viido had launched a series of initiatives including a new database of images that will be used to track and identify offenders using software developed for the advertising industry. [“Oi mate! Before you rob that bloke, wouldn't you like a Pepsi?” Bob]


Another “What makes you think their strategy isn't working?” article. You're not relying on the word of a politician are you?

http://www.phiprivacy.net/?p=364

May-6-2008

Anti-Discrimination Bill Inadvertently Legalizes Sharing of Genetic Information Without Patient Consent

The Institute for Health Freedom has published a new article on its site:

“While authors of the recently passed Genetic Information Nondiscrimination Act of 2008 (H.R. 493) had good intentions, the bill inadvertently legalizes the sharing of genetic information without patient consent,” says Sue Blevins, president of the Institute for Health Freedom (IHF). “It does so by applying HIPAA regulations to genetic data.”

Blevins points out, “HIPAA regulations permit data sharing without patient consent in connection with treatment, payment, and oversight of the health-care system (‘health-care operations’). Thus, by passing a bill that says HIPAA regulations apply to genetic information, Congress unintentionally legalized the sharing of information among many health-care ‘covered entities’ without patient permission.”

The bill passed the Senate late last month, a year after the House approved its own version. Differences between the two were resolved May 1, and the final bill has been sent to President Bush.’

In a letter published in the Baltimore Sun regarding the Senate’s vote on the anti-discrimination bill, Janis G. Chester, M.D., president of the American Association of Practicing Psychiatrists, stressed: “…A person’s genetic test results, and all of his or her medical data, should not be available to anyone without the patient’s consent. One’s employer should not even know he or she has had testing done, let alone know the results. The sad fact is that the regulations under the Health Insurance Portability and Accountability Act [HIPAA], which were intended to extend patient privacy as we moved from a paper-based system of medical records to a digital system, are a sham. HIPAA allows the routine release of personal health information without patient consent or knowledge, and even over a patient’s objection….”

Read the rest of the article on IHF


When does it become obvious that politicians are never influenced by the facts?

http://www.pogowasright.org/article.php?story=20080507061303964

UK: Data fear haunts ID card scheme

Wednesday, May 07 2008 @ 06:13 AM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

THE UK government has been warned that it should deal with the risk of data loss from its Identity Card Scheme before it proceeds any further.

The latest data warning follows repeated requests from the Information Commissioner's Office (ICO), the UK data guardian, that the Identity and Passport Service (IPS) conduct a proper assessment of the risks of data loss from the ID Scheme. That advice was ignored and now, in the wake of the HMRC data fiasco, the IPS has been told that it must improve its data standards across the whole of government to avoid data leaks from the ID scheme.

The 2007 report of the Independent Scheme Assurance Panel (pdf), which provides official oversight of the ID Scheme, said yesterday that the data risks were so serious that they needed ministerial direction and that its precautions ought to be transparent because public trust was vital to the scheme's success.

Source - The Inquirer



Comment: Politicians ask three questions: 1) How will this impact my electability 2) Can I get away with it? 3) Who can I blame if something goes wrong?



New Jersey justice? Ordered to “henceforth obey the law” and fined the amount illegally gained but you don't really have to pay that fine, since you've already spent most of the money...

http://news.slashdot.org/article.pl?sid=08/05/07/0138243&from=rss

First Caller-ID Spoofers Punished

Posted by kdawson on Wednesday May 07, @08:14AM from the what-do-not-call-means dept. The Courts Communications

coondoggie plugs a NetworkWorld story that begins,

"The first telemarketers charged with transmitting false Caller IDs... to consumers were fined and barred from continuing their schemes by a New Jersey District Court judge.... [T]wo individuals and one corporate defendant have been barred from violating the agency's Telemarketing Sales Rule and its Do Not Call requirements... They were also found liable for $530,000 in damages... [T]he case was the first brought by the Commission alleging the transmission of phony caller ID information or none at all."

[From the article:

The order imposes suspended civil penalty judgments of $530,000 against each of the individual defendants and $160,000 against the corporate defendant – representing the total gross revenues resulting from their telemarketing violations. Based on the defendants’ inability to pay, however, the order requires Venkataraman to pay $15,000, Bhupatiraju to pay $10,000, and Software Transformations to pay $20,000. It also contains a right to reopen the case if the FTC later finds the defendants have misrepresented their financial condition.



“You can't use it to cure cancer – we patented it as a cough drop!” (Or do I have the logic wrong?)

http://news.slashdot.org/article.pl?sid=08/05/06/1715213&from=rss

Who Owns Software?

Posted by kdawson on Tuesday May 06, @02:01PM from the can't-interoperate dept.

SeeSp0tRun writes to remind us of Blizzard's lawsuit against MDY Industries over the Glider cheat. It seems that Blizzard is pushing it even further. They're trying out the legal theory that a software creator retains complete control over how a program is used, meaning that anyone who uses it in a different way could be found guilty of copyright infringement, at $750 a pop. The EFF and Public Knowledge are among the organizations trying to assure that the court doesn't set a really bad precedent here.



Do you suppose this is more of that intellectual leadership stuff?

http://techdirt.com/articles/20080504/2148451026.shtml

Oxford Fines Students For Post-Exam Celebrations By Trolling Facebook

from the this-is-the-best-use-of-their-time? dept

We've talked about police trolling sites like YouTube, Facebook and MySpace to catch people posting evidence of their own illegal activities, but it appears that some universities are doing the same thing as well. While we missed the story when it originally came out a couple weeks ago, reader Tom Pritchard writes in to let us know that Oxford University proctors have been scouring Facebook to find any evidence of post-exam "trashings," an (apparent) Oxford tradition of students who have finished their exams spraying each other "with champagne, foam, eggs, flour and any number of other substances." After finding evidence of many such trashings on Facebook the Oxford proctors started fining students, bringing in plenty of cash -- but also plenty of annoyed students who feel their privacy was violated. That's a little tough to support considering they posted such evidence... in public. Though, it does seem a bit overzealous to fine students for blowing off some steam after exams are over.



I think they are starting to get a bad reputation. This kind of action can't help.

http://news.slashdot.org/article.pl?sid=08/05/06/1954237&from=rss

Florida Judge Smacks Down RIAA

Posted by kdawson on Tuesday May 06, @04:11PM from the which-part-of-no dept. The Courts

NewYorkCountryLawyer writes

"The RIAA is going to have to face the music in Tampa, Florida, and answer the charges of extortion, trespass, conspiracy, unlicensed investigation, and computer fraud and abuse that have been leveled against them there. And the judge delivered his ruling against them in in pretty unceremonious fashion — receiving their dismissal motion last night, and denying the motion this morning. The RIAA's unvarying M.O., when hit with counterclaims, is to make a motion to dismiss them The RIAA quickly settled that one. When a new case came up in the same Tampa courthouse before the very same judge, and the same 5 counterclaims were leveled against the record companies, I opined that 'it is highly unlikely that the RIAA will make a motion to dismiss counterclaims,' since I knew they'd be risking sanctions if they did. Well I guess I underestimated the chutzpah — or the propensity for frivolous motion practice — of the RIAA lawyers, as they in essence thumbed their nose at the judge, making the dismissal motion anyway, telling District Judge Richard A. Lazzara that his earlier decision had been wrong. The judge wasted no time telling the record companies that he did not agree (PDF)."

Tuesday, May 06, 2008

I can steal it for you wholesale!

http://www.pogowasright.org/article.php?story=20080506081942789

Finjan Discovers Compromised Business & Customer Data of 40 Top-Tier Global Businesses

Tuesday, May 06 2008 @ 08:19 AM EDT Contributed by: PrivacyNews News Section: Breaches

Finjan Inc., a leader in secure web gateway products, today announced its discovery of a server controlled by hackers (Crimeserver) containing more than 1.4 Gigabyte [less than I have on my thumb drive Bob] of business and personal data stolen from infected PCs. The data consisted of 5,388 unique log files. Both email communications and web-related data were among them.

The compromised data came from all around the world and contained information from individuals, businesses, as well as renowned organizations, including healthcare providers.

To illustrate the scope; the server contained among others 571 log files from the US, 621 from Germany (DE), 322 from France (FR), 308 from India (IN), 232 from Great Britain (GB), 150 from Spain (ES), 86 from Canada (CA), 58 from Italy (IT), 46 from the Netherlands (NL), and 1,037 from Turkey (TR).

Due to the sheer impact, Finjan followed its company guidelines and promptly notified over 40 major international financial institutions [It's not quantity, it'a quality. Bob] located in the US, Europe and India whose customers were compromised as well as various law enforcements around the world.

The report contains examples of compromised data that Finjan found on the Crimeserver, such as:

  • Compromised patient data

  • Compromised bank customer data

  • Business- related email communications

  • Captured Outlook accounts containing email communication

To download the report, please visit http://www.finjan.com/mpom

Source - PR Newswire

[From the Newswire article:

Since the stolen data was left unprotected on the Crimeserver, without any access restrictions or encryption, the data were freely available for anyone on the web, including criminal elements. [Tisk, tisk. Bad OpSec or sample data? Bob]



Is this automatically a terrorism case? Will similar risk apply when RealID is fully implemented?

http://www.pogowasright.org/article.php?story=20080506081227135

FBI notifies customers of Atlanta visa service

Tuesday, May 06 2008 @ 08:12 AM EDT Contributed by: PrivacyNews News Section: Breaches

The FBI is notifying as many as 1,000 customers of a metro Atlanta travel visa service that they may be victims of identity theft.

Warren Fowler, an employee of International Visa Service in Sandy Springs, has been arrested and charged with stealing the personal information of people who were applying for a passport. Fowler allegedly sent the information to his brother, Alvin Fowler, in Miami, who is accused of selling the identities for up to $7,500 each. Alvin Fowler is in federal custody.

Source - WRDW



Fortunately, the Zip was still Locked...

http://www.pogowasright.org/article.php?story=2008050605535628

NC: Officials recover stolen tax information (update)

Tuesday, May 06 2008 @ 05:53 AM EDT Contributed by: PrivacyNews News Section: Breaches

Law enforcement officials in Wingate have recovered personal financial information belonging to more than 400 taxpayers that was stolen last month.

The Iredell County Tax Collector’s Office said in a news release that a shipment of processed tax payments and unprocessed items that was reportedly stolen from a courier April 22 in Charlotte had been found and secured.

Officials said the bags did not appear to have been opened.

Source - statesville.com



The joy of databases – from the county that gave us “Big Brother.” A 40 second video with the sounds of Black Helicopters, police sirens, attack dogs, and a polite voice to remind you to pay you TV License, because...

http://digg.com/television/The_BBC_knows_where_you_live_its_all_in_the

The BBC knows where you live; its all in the

liveleak.com — Wow, is this real or fake? I love the veiled threats...fantastic! What do they do to you if you fail to license your TV? Do they send out the bone-crushers? Do folks show up at your door and take your TV?

http://www.liveleak.com/view?i=8ee_1210010683



An interesting resolution.

http://yro.slashdot.org/article.pl?sid=08/05/05/1617230&from=rss

US Court Orders Company to Use Negative Keywords

Posted by ScuttleMonkey on Monday May 05, @01:11PM from the negative-ghostrider-the-pattern-is-full dept.

A US court has ordered a firm to utilize negative adwords in their internet advertising.

"Orion Bancorp took Orion Residential Finance (ORF) to court in Florida over ORF's use of the word 'Orion' in relation to financial services and products, arguing that it had used the term since 2002 and had held a trade mark for it since then. [...] The judge in the case went further, though, restraining ORF from 'purchasing or using any form of advertising including keywords or "adwords" in internet advertising containing any mark incorporating Plaintiff's Mark, or any confusingly similar mark, and shall, when purchasing internet advertising using keywords, adwords or the like, require the activation of the term "Orion" as negative keywords or negative adwords in any internet advertising purchased or used.'"

[From the article:

By 'negative adword', the judge is referring to the fact that keyword advertising systems allow someone to instruct the system never to display their advert when a certain term is searched for, as well as to pay to have their ad displayed when a certain term is searched for.

... See: The ruling (9-page / 29KB PDF)



Might make for an interesting ethical discussion.

http://www.pogowasright.org/article.php?story=20080506061203573

Using cell phones to find missing persons pushes law

Tuesday, May 06 2008 @ 06:12 AM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy

The call came in to police just after midnight April 16.

Hours before, a distraught young man had phoned his mother, hinting he wanted to kill himself. When he didn't meet her as planned, she telephoned Seattle police and reported her son missing.

Because of increasing advances in technology, officers were able to find the missing man's cellular phone using his wireless network. Two hours after he was reported missing, the man was found alive but unwell lying on his desk and taken to University Hospital for a psychological evaluation.

... "All the officer needs to do is confirm to us that an exigent circumstance exists," she said.

No legal challenges have been filed related to cell locater technology in missing persons cases. But privacy rights advocates say unambiguous guidelines are needed to ensure that the technology isn't misused.

Source - Seattle Post-Intelligencer hat-tip, slashdot

[From the article:

"It's a very, very small percentage of missing persons cases where it turns out that a crime has been committed," Rahr said.

... Masamitsu said Verizon, like other cellular providers, requires detailed follow-up reports from investigators. But she said the company doesn't conduct any independent review of the requests before releasing location information.

"All the officer needs to do is confirm to us that an exigent circumstance exists," she said.



Another ethical question?

http://www.eweek.com/c/a/Security/Kraken-Botnet-Infiltration-Triggers-Ethics-Debate/

Kraken Botnet Infiltration Triggers Ethics Debate

By Ryan Naraine 2008-05-01

Researchers seize control of one of the world's largest spam-spewing botnets, but there is disagreement about what should happen next.

Researchers at TippingPoint Technologies' Digital Vaccine Laboratories have found a way to infiltrate and seize control of one of the world's largest spam-spewing botnets, a breakthrough that has ignited an intense debate over the ethics of "cleaning" infected computers.

... The ability to infiltrate and seize control of Kraken's C&C mechanism left the company with an ethical dilemma that has prompted a discussion of whether infected computers used in denial-of-service attacks and spam runs should be cleansed without the owners' consent.

"On the technical side, we have proven that it can be done. From our proof-of-concept, it would have been one more click of a button to shut down the communication between the people sending commands to these [infected] computers," Pierce said.

... David Endler, director of security research at TippingPoint, is on the other side of the fence. "The reality is that you really don't know what you're modifying," Endler said in an interview. "It's a very tricky situation. What if that end-user system is performing a critical function? What if that target system is responsible for someone's life support? Who is to say what is more beneficial? It really is a moral and a legal quandary."



First, get their attention...

http://www.f-secure.com/weblog/archives/00001431.html

BBB Case #947344536

Posted by Mikko @ 16:05 GMT

We're seeing some new BBB trojan attacks going around.

This attack method is well-known and has been occurring for months: A high-level executive [Always target the most vulnerable... Bob] inside an organization receives an e-mail that mentions a complaint supposedly made to the Better Business Bureau (USA). The e-mail appears to be credible and links to a site in order to download the complaint. The download claims to require IE and ActiveX in order to succeed. Once ActiveX is enabled, the sites drops a backdoor on the system.

The message looks like this:

... The message links to a page under us-bbb.com (the real BBB site is at us.bbb.org).



For my computer security students.

http://news.yahoo.com/s/nm/20080502/od_nm/japan_porn_odd_dc;_ylt=AgStIVFU1Uyx7IdnqesY7yOs0NUE

Official suspended for surfing porn at work

Reuters Fri May 2, 11:09 AM ET

TOKYO (Reuters) - A city bureaucrat in western Japan was suspended from his job after officials discovered he visited porn websites at work almost every day, often spending hours [Interesting that no one noticed a lack of productivity. Perhaps he performed as well as any government employee? Bob] gazing at nude photos, a city official said.

... Angered citizens called city hall all day on Friday, saying the suspension was not enough, he added. [I wonder if there would be as much anger in the US? Bob]

The city only found out about his activities in February when it noticed that his computer had picked up the same virus repeatedly from the sites, Ueyama said. [Better than not noticing at all... Bob]


A safer way to find your porn? What is their liability for a “false positive?”

http://www.techcrunch.com/2008/05/05/yahoo-flags-malware-sites-in-search-results/

Yahoo To Flag Malware Sites In Search Results

Michael Arrington May 5, 2008

Tomorrow Yahoo will launch a partnership with McAfee and will integrate their Site Advisor malware scanning product into Yahoo search.

The most dangerous websites are simply being removed from search results. Yahoo is also flagging less dangerous offending sites to warn users of specific problems that have been reported from those sites. Example warning messages include “Warning: Unsolicited E-mails” and “Warning: Dangerous Downloads.”



For Security Managers. Another option for secure communications?

http://freenetproject.org/news.html

24th Apr, 2008 -

Freenet 0.7.0 release candidate 2 now available

Freenet version 0.7 Release Candidate 2 is now available for public testing. Release Candidate 2 features many bugfixes and a number of usability improvements.

Freenet is a global peer-to-peer network designed to allow users to publish and consume information without fear of censorship. To use it, you must download the Freenet software, available for Windows, Mac, Linux and other operating systems. Once you install and run Freenet, your computer will join a global, decentralized P2P network. [and likely be blocked by your ISP for sharing copyrighted music? Bob] You will be able to publish and consume information anonymously, either through your web browser, or through a variety of third party applications.

Freenet 0.7 is a ground-up rewrite of Freenet. The key user-facing feature in Freenet 0.7 is the ability to operate Freenet in a "darknet" mode, where your Freenet node will only talk to other Freenet users that you trust. This makes it much more difficult for an adversary to discover that you are using Freenet, let alone what you are doing with it. 0.7 also includes significant improvements to both security and performance.

Freenet 0.7 RC2 can be downloaded from: http://freenetproject.org/download.html



One of those business models that couldn't possibly work...

http://www.news.com/8301-13577_3-9936896-36.html?part=rss&subj=news&tag=2547-1_3-0-5

A billion-dollar valuation for LinkedIn?

Posted by Caroline McCarthy May 6, 2008 5:58 AM PDT

On Monday, reports surfaced that business social network LinkedIn is likely looking to raise a round of venture capital (rather than find a corporate parent).

TechCrunch reports that investment bank Allen & Co. is hoping to help LinkedIn pull in that funding at a $1 billion valuation.

... The average user of LinkedIn (there are 20 million total) is reportedly 41 years old and makes about $110,000 annually.

That's made it possible for the social network to charge advertisers $75 per thousand impressions, which is almost unheard of in the social-media world.



To free, or not to free...

http://www.nytimes.com/2008/05/06/technology/06wifi.html?_r=1&partner=rssnyt&emc=rss&oref=slogin

Free Wi-Fi, but Not for All

By SUSAN STELLIN Published: May 6, 2008

The battle between free and paid wireless Internet access is starting to look like a draw. Or more accurately, a third variation is winning — a combination of the two.

... Starbucks is probably the biggest example of that model. In February, the company announced plans to switch to AT&T from T-Mobile as the Internet provider in its 7,000 stores.

When AT&T takes over, customers who use their Starbucks card once a month will get two hours of free Wi-Fi access each day. Otherwise, that same time period will cost $3.99, or $19.99 for a monthly unlimited access plan.

... Denver International Airport switched from a paid to an ad-supported model last November, and has already seen use increase from 600 connections a day to more than 5,000.

... That ad revenue slightly exceeds what the airport used to earn from its share of user fees ($7.95 for 24 hours of access), according to Jim Winston, the airport’s director for telecommunications. [See? Free is good! Bob]



Apparently, it is easy to screw up. Checklists might help...

http://ralphlosey.wordpress.com/2008/05/04/aba-litigation-section-reacts-to-the-qualcomm-case-and-recommends-e-discovery-checklists/

ABA Litigation Section Reacts to the Qualcomm Case and Recommends e-Discovery Checklists

The Litigation Section of the American Bar Association has published an online article on Qualcomm v. Broadcom. Written by Kristine L. Roberts, Litigation News Associate Editor, the article is significant for its glimpse into the thinking of ABA leaders on electronic discovery abuses.



What's in your coffin? (Not every untapped market will be lucrative...)

http://www.wired.com/techbiz/startups/news/2008/05/tributes

Monster.com Founder Starts Social Networking Site for the Dead

By Marty Graham 05.05.08 | 1:00 PM



How could I pass this one up?

http://digg.com/comics_animation/The_Simpsons_Compilation_of_Couch_Gag_Intros

The Simpsons - Compilation of Couch Gag Intros watch!

youtube.com — Love the Evolutionary Couch Gag...lots of good ones in the related videos here.

http://youtube.com/watch?v=aCld99SNg1o&feature=related