Saturday, May 17, 2008

Here's how they do it down under...

http://www.pogowasright.org/article.php?story=20080516122853418

AU: 'Hacker shuts down government computers'

Friday, May 16 2008 @ 12:28 PM EDT Contributed by: PrivacyNews News Section: Breaches

AN EXPERT hacker allegedly shut down the Northern Territory Government computer system and deleted thousands of employees' identities, a Darwin court heard yesterday.

And the court heard the Government could still be at risk of another cyber attack.

David Anthony McIntosh, 27, allegedly hacked in and shut down several NT Government databases on May 5, including servers for the Health Department, Royal Darwin Hospital, Berrimah Prison and Supreme Court using his laptop at a Palmerston home.

... She said police contested Mr McIntosh's bail application yesterday, as there were fears he made copies of passwords and data. [...and we don't want to change those passwords, we've been using the same ones for years! Bob] If they existed, the court heard the alleged hacker could possibly access these "anywhere in the world".

IT security consultant Anthony Ashbury said there was no proof copies existed "at this stage", but they were examining the logs of a number of servers. [There are programs that can do this in minutes – what method are they using, trained Kola bears? Bob]

"We believe it may have occurred," he said.

Source - news.com.au hat-tip, Fergie's Tech Blog

[From the article:

Prosecutor Sergeant Erica Sims told the Darwin Magistrates Court yesterday the Sydney IT expert allegedly deleted the independent user accounts of 10,475 NT public servants.

She said many workers had to be "stood down", and experts had been working "24 hours, seven days a week" to repair the damage. [That happens only when you have no backup/recovery plan Bob]

But Sgt Sims said it could take months to fix, with the repair cost estimated to run into the "hundreds of thousands of dollars".



Here's how it's done in America. Why no arrest?

http://www.pogowasright.org/article.php?story=20080517062549930

PA: Student hacks district files

Saturday, May 17 2008 @ 06:25 AM EDT Contributed by: PrivacyNews News Section: Breaches

Police are investigating a computer hacking by a 15-year-old student who authorities say broke into an office [looking for passwords on post-it notes? Bob] at Downingtown High School West and downloaded files containing restricted information on several dozen teachers and thousands of district taxpayers.

School officials said they discovered the breach of the school's computer network by the student, whose name was withheld because of his age, on May 9, and reported it to Downingtown police.

Police said the files contained information on 71 teachers from a school within the Downingtown Area School District. The school was not identified because of the sensitivity of the case. The downloaded information included the teachers' W-2 forms, which listed their Social Security numbers and home addresses, among other things.

Investigators said the student also downloaded information, including Social Security numbers, on possibly as many as thousands of school district taxpayers. [Why would the school have that information? Bob]

"We are still early in the investigation and cannot provide further details," Lt. Steven J. Plaugher of the Downingtown Police Department said in a statement last night. "No arrests have been made at this time."

Source - Philadelphia Inquirer Related - DailyLocal.com



Perhaps it is the low journalistic standards of TV News, but this article leaves a lot of unanswered (and probably un-asked) questions..

http://www.pogowasright.org/article.php?story=20080516112950698

8,000 Students' Personal Information Stolen

Friday, May 16 2008 @ 11:29 AM EDT Contributed by: PrivacyNews News Section: Breaches

Nearly 8,000 students' identities were at risk after a laptop containing their personal information was stolen, KPRC Local 2, Your Education Station, reported Thursday.

The laptop has "Property of Spring ISD" written across the cover. [No other security mentioned, not even passwords! Bob] Inside the laptop was personal information about students from around the district, including names, Social Security numbers and dates of birth.

... It was recently stolen out of the district testing coordinator's car after school.

Source - Click2Houston.com

[From the article:

Curry said the school district is responsible for keeping information confidential, but the woman who had the laptop needed it to get TAKS test scores.

"That information can come at any time, and she needs to be available 24/7."

[TAKS is Texas Assessment of Knowledge and Skills. Do they wake students in the middle of the night to take the test? Bob]



Your cell phone is spying on you...

http://www.pogowasright.org/article.php?story=20080516071002822

UK: Shops are tracking their customers via mobile phone

Friday, May 16 2008 @ 07:15 AM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy

Customers in shopping centres are having their every move tracked by a new type of surveillance that listens in on the whisperings of their mobile phones.

The technology can tell when people enter a shopping centre, what stores they visit, how long they remain there, and what route they take as they walked around. [It's just like having your own “Personal Stalker” Bob]

The device cannot access personal details about a person’s identity or contacts, but privacy campaigners expressed concern about potential intrusion should the data fall into the wrong hands.

Source - Times Online

[From the article:

In the case of Gunwharf Quays, managers were surprised to discover that an unusually high percentage of visitors were German - the receivers can tell in which country each phone is registered - which led to the management translating the instructions in the car park.

The Information Commissioner's Office (ICO) expressed cautious approval of the technology, which does not identify the owner of the phone but rather the handset's IMEI code - a unique number given to every device so that the network can recognise it. [You know, like your phone number... Bob]

... Only the phone network can match a handset's IMEI number to the personal details of a customer. [Bullish! Bob]

... Other types of wireless technology, such as wi-fi and Bluetooth, can be used to locate devices, but the regular phone network signal is preferable because it is much more powerful and fewer receivers are needed to monitor a given area.



I must admit that I fail to see the logic in claiming that images that do not involve harm to a child are the same as those that do. Earlier laws made the same argument about cartoon characters. Are we protecting children or “prosecuting perverts?”

http://yro.slashdot.org/article.pl?sid=08/05/16/1836246&from=rss

Senators OK $1 Billion for Online Child Porn Fight

Posted by ScuttleMonkey on Friday May 16, @04:30PM from the blinded-by-the-children dept.

A Bill that could allocate more than $1 billion over the next eight years to combat those who trade in child pornography has been unanimously approved by a Senate panel. "The Senate Judiciary Committee on Thursday voted to send an amended version of the Combating Child Exploitation Act, chiefly sponsored by Sen. Joe Biden (D-Del.), to the full slate of politicians for a vote. [...] An amendment adopted Thursday also adds new sections to the original bill that would rewrite existing child pornography laws. One section is designed to make it clear that live Webcam broadcasts of child abuse are illegal, which the bill's authors argue is an "open question." Another change is aimed at closing another perceived loophole, prohibiting digital alteration of an innocent image of a child so that sexually explicit activity is instead depicted."



When the world gives you lemons, make lemonade. When Big Brother gives you ubiquitous video surveillance, make a music video!

http://www.npr.org/templates/story/story.php?storyId=90425187

In Surveillance Video, Band Rocks Big Brother

The Bryant Park Project, May 14, 2008 - When Manchester, England's The Get Out Clause didn't have enough money to make a video for their new single, the group conjured up a novel idea: Why pay for cameras when cameras are everywhere?

With the help of the country's 4.2 million closed-circuit TV security cameras and an armload of information requests, the band had a rock video.

"We tried to position ourselves right in front of these cameras, to make sure the CCTV footage was the best shot we could get," guitarist Tony Churnside says. "We had no idea at all how it would look."

Churnside says they played for 80 to 100 cameras over a period of a week. Then they spent three weeks asking individual businesses to release the footage. That was a task made easier by a British law that requires all public cameras to feature a sign listing contact information for the owner of any public camera.

The result — partly mesmerizing, partly chilling — has gained the band widespread attention.

"I think this was just a nice, original idea that we're pleased to do before anyone else," Churnside says. "Now we have to top it with the next video."

Listen Now NPR Story watch now Music Video



Tools & Techniques You terminate an employee, but let him keep the key to the front door and the office safe combination? See why I say most managers don't understand security?

http://www.eweek.com/c/a/Security/Old-User-Accounts-Pose-Current-Security-Risks-for-Enterprises/

Old User Accounts Pose Current Security Risks for Enterprises

By Brian Prince 2008-05-16

A new study by eMedia USA found 27 percent of respondents had more than 20 orphaned accounts currently within their organization. More alarming, more than 38 percent of respondents said they had no way of determining whether a current or former employee used an orphaned account to access information, and 15 percent said this has occurred at least once.

... In addition to the other findings, the report noted approximately 30 percent of respondents said it takes longer than three days to terminate an account after an employee or contractor leaves the company - 12 percent said it takes more than a month.



http://www.pogowasright.org/article.php?story=20080517062046408

A First Principles Approach to Communications' Privacy

Saturday, May 17 2008 @ 06:20 AM EDT Contributed by: PrivacyNews News Section: Other Privacy News

Freiwald, Susan, "A First Principles Approach to Communications' Privacy" . Stanford Technology Law Review, 2007 Free full-text article available at SSRN: http://ssrn.com/abstract=1132421

Abstract:

Under current doctrine, parties to a communication enjoy robust constitutional protection against government surveillance only when they have a reasonable expectation of privacy in those communications. This paper suggests that the surprising dearth of case law applying the reasonable expectations of privacy test to modern electronic communications reflects courts' discomfort with the test's necessarily normative analysis. That discomfort also likely explains courts' use of shortcuts based on Miller v. United States and Smith v. Maryland in those few cases that have considered online surveillance practices. In particular, the government has argued that a broad third party rule deprives electronic mail of Fourth Amendment protection merely because Internet Service Providers (ISPs) may access those e-mails. Similarly, some courts have denied Fourth Amendment protection to information stored on computer systems other than e-mail contents, by over reading Smith to provide a bright line at contents/non-contents. Both analytical shortcuts not only miss the point of the Katz v. United States, which established the reasonable expectations of privacy test, but also dramatically under protect privacy, with pernicious results. This paper articulates a first principles approach to constitutional protection that focuses instead on the reasons electronic surveillance requires significant judicial oversight. In particular, it argues that electronic surveillance that is intrusive, continuous, indiscriminate, and hidden should be subject to the heightened procedural requirements imposed on government wiretappers. Because surveillance of stored e-mail, such as the type at issue in the case of Warshak v. United States, often shares the characteristics of this four factor test, it should be subject to the highest level of constitutional regulation.



Sense or semantics?

http://www.pogowasright.org/article.php?story=20080517061739327

Dignity as a New Framework, Replacing the Right to Privacy

Saturday, May 17 2008 @ 06:17 AM EDT Contributed by: PrivacyNews News Section: Other Privacy News

Miller, Jeremy M., "Dignity as a New Framework, Replacing the Right to Privacy" . Thomas Jefferson Law Review, Vol. 30, No. 1, 2007 Free full-text article available at SSRN: http://ssrn.com/abstract=1127986/

Abstract:

Privacy if not now, will soon be a dead letter in legal analysis. However, the related concept of dignity will fill the void; and make sense out of a tangled area of law.

... Privacy can promote crime, but dignity promotes only goodness.

... The continued use of the fiction privacy, places our glorious country in danger.



Linux is making itself easy to use (something Microsoft can't duplicate) First Ubuntu allows you to create a dual-boot machine, now Fedora makes it easy to carry with you.

http://lifehacker.com/391067/fedora-9-puts-your-desktop-on-a-usb-drive

Fedora 9 Puts Your Desktop on a USB Drive

This week's release of the Fedora 9 Linux distribution makes putting a full-fledged desktop on a portable USB thumb drive a three-click affair.

Friday, May 16, 2008

What are they actually looking for? A student reported that TSA confiscated his laptops (personal and business) when he was boarding a domestic flight. Perhaps a more complete article on the 9 million ways to avoid carrying anything of interest to the government would be useful? We could copy it from any terrorist guidebook...

http://yro.slashdot.org/article.pl?sid=08/05/15/1551246&from=rss

Securing Your Notebook Against US Customs

Posted by timothy on Thursday May 15, @12:21PM from the best-interests-at-heart dept.

Nethemas the Great points out a piece from Bruce Schneier running in the UK's Guardian newspaper with some tips for international travelers on securing notebook computers for border crossings. A taste of the brief article: "Last month a US court ruled that border agents can search your laptop, or any other electronic device, when you're entering the country. They can take your computer and download its entire contents, or keep it for several days. ... Encrypting your entire hard drive, something you should certainly do for security in case your computer is lost or stolen, won't work here. The border agent is likely to start this whole process with a 'please type in your password.' Of course you can refuse, but the agent can search you further, detain you longer, refuse you entry into the country and otherwise ruin your day."



This should be throwing gasoline on the “Network Neutrality” debate, but it seems to be kept rather low key. I wonder when it will explode?

http://techdirt.com/articles/20080515/1756281127.shtml

Latest Study Confirms Cox Traffic Shaping; Comcast Misleading Again

from the sounds-familiar dept

A bunch of folks have been submitting various news reports claiming the "news" that Cox is traffic shaping just like Comcast is -- but that's hardly news. We had a story about that last November. What is a bit more interesting out of the same study (though, not very surprising) is the news that Comcast has been less than forthright in explaining what it's doing. While Comcast denied any traffic shaping for the longest time, when it finally 'fessed up (just a bit) it said that it only used traffic shaping during peak hours. However, the research suggests otherwise. After testing a bunch of users at various times, this new study found no noticeable difference in blockages based on time.



What did you expect, software modeled on Neville Chamberlain?

http://tech.slashdot.org/article.pl?sid=08/05/15/1654235&from=rss

Air Force Aims for Control of 'Any and All' Computers

Journal written by Jeremiah Cornelius (137) and posted by timothy on Thursday May 15, @01:40PM

from the we'd-rather-kill-them-off-by-peaceful-means dept.

Noah Shachtman on Wired.com's Danger Room reports that Monday, the Air Force Research Laboratory at Wright-Patterson AFB introduced a two-year, $11 million effort to put together hardware and software tools for 'Dominant Cyber Offensive Engagement.' 'Of interest are any and all techniques to enable user and/or root level access,' a request for proposals notes, 'to both fixed (PC) or mobile computing platforms ... any and all operating systems, patch levels, applications and hardware.' This isn't just some computer science study, mind you; 'research efforts under this program are expected to result in complete functional capabilities.' The Air Force has already announced their desire to manage an offensive BotNet, comprised of unwitting participatory computers. How long before they slip a root kit on you?



Tools & Techniques (or perhaps Toys for Techies)

http://www.cnet.com/8301-13880_1-9945662-68.html?part=rss&tag=feed&subj=Workers'Edge

A Windows utility that control freaks will love

Posted by Dennis O'Reilly May 16, 2008 12:01 AM PDT

... For a limited time, the Vista version of the program costs $30, and the XP version is priced at $20. You can try either one 15 times for free. That's plenty to determine whether the utilities are worth the investment. If you're the type of person who likes to have total control over your system settings, you'll likely consider those prices a bargain.

Pinpoint control over hardware, software, Web browsing

Here's a partial list of the settings you can change via the utilities:

Disable USB storage devices

Disable CD burning and auto-run

—Prevent writing to USB storage devices

—Disable the Windows key

Disable file downloads in IE

—Disable password caching

—Disable Registry editing tools

—Restrict access to Windows Update

—Disable Control Panel

—Control access to Windows' appearance settings

—Limit the applications users can run

—Restrict access to Taskbar and Start Menu Properties

—Disable Recent Documents history, or clear the list on exit

—Disable System Restore, or restrict access to System Restore settings

Thursday, May 15, 2008

Can we conclude that TJX has established the model for dealing with a Security Breach?

http://www.pogowasright.org/article.php?story=20080514133055839

TJX Earnings Suggest that Data Security Doesn’t Worry Consumers

Wednesday, May 14 2008 @ 01:30 PM EDT Contributed by: PrivacyNews News Section: Breaches

Ben Worthen is singing my tune -- Dissent

TJX today reported increased sales for its fiscal 2009 first quarter, a sign that the public just doesn’t care about data breaches.

... For those of us who care about tech security – admittedly a smaller group than those who care about cheap clothes – the results are disheartening. And they raise two questions: 1) Why don’t customers avoid businesses that mishandle their personal data? 2) Why should businesses care about protecting customer information if the public doesn’t care?

Source - WSJ Blog


Peanuts!

http://www.pogowasright.org/article.php?story=2008051418364672

Banks agree to TJX breach settlement with Mastercard

Wednesday, May 14 2008 @ 06:36 PM EDT Contributed by: PrivacyNews News Section: Breaches

TJX Cos. has won support from Mastercard-issuing banks for a settlement that will pay them as much as $24 million to cover costs from a massive data breach.

The discount retailer said Wednesday it has won support from financial institutions representing more than 99 percent of MasterCard accounts affected in the breach worldwide. The settlement announced April 2 required at least 90 percent support to take effect.

A similar agreement reached in November with Visa-card issuing banks also was overwhelmingly approved.

Source - interactive investor

[From the article:

A similar agreement reached in November with Visa-card issuing banks also was overwhelmingly approved. That agreement set aside as much as $40.9 million to help banks cover costs including replacing customers payment cards and covering fraudulent charges. [I make that about $0.68 per card. Bob]


On the other hand...

http://www.pogowasright.org/article.php?story=20080515060240346

Data Breaches Mean More Than Bad Publicity

Thursday, May 15 2008 @ 06:02 AM EDT Contributed by: PrivacyNews News Section: Breaches

Over the last several years, corporate data breaches have been regularly splashed across the front pages of the nation's newspapers, causing nightmares for corporate executives. Ever-increasing digitization in areas such as business, banking and accounting has led multinationals to collect and retain inestimable quantities of personal information about employees, customers and counterparties.

.... Data-breach litigation typically alleges causes of action grounded in tort and contract: negligence, breaches of fiduciary duty, breaches of real and implied contracts, invasion of privacy and emotional distress. Some causes of action are grounded in state law, such as consumer protection acts, unfair trade practices acts and state data breach notification laws. Plaintiffs in these lawsuits seek damages arising from the fear of potential identity theft, including fraudulent charges to their accounts, credit monitoring costs, identity theft insurance costs, credit report costs, emotional distress from fear of fraud, damage to credit history and loss of privacy. Courts have been hesitant to permit suits for such speculative damages, thus dismissing suits where plaintiffs had not yet been victims of any identity fraud.

... While it is too soon to accurately predict the litigation landscape, the trend seems to be grounding more lawsuits in state law statutes, and for common law allegations, alleging more specific and provable damages. The better plaintiffs get on the damages front, the farther along the cases will be able to move. This could mean the potential for more costly discovery before a suit is resolved or settled. While the hurdles for plaintiffs remain high, these lawsuits have become a fact of life in today's litigious society. Corporations suffering data breaches thus must now routinely face an onslaught of civil litigation in addition to the negative publicity and regulatory scrutiny coming from data breaches and their announcements. Given the increasing digitization of the economy and society, companies should brace for these lawsuits when the almost inevitable data breach occurs.

Source - Law.com

[From the article:

As an initial and immediate matter, a thorough forensic investigation [discoverable? Bob] is critical to ascertain the scope and nature of the data breach. Only a complete assessment of the digital evidence will help to determine how the breach occurred, how recurrences can be prevented, and precisely what data -- and in what form -- was compromised, all of which will contribute to ascertaining the best course of action.



You know, this stuff is getting complicated.

http://www.pogowasright.org/article.php?story=20080515060541620

Theft Of Laptop Imperils School Employees' Data

Thursday, May 15 2008 @ 06:05 AM EDT Contributed by: PrivacyNews News Section: Breaches

A BB&T Insurance [Third party Bob] laptop containing the personnel information of some Harrisonburg City Schools employees was stolen May 1, according to company officials.

The information came from employees enrolled in the system's dental plan, although the company does not know how many employees' information is on the computer. [I wonder if other client data was on the laptop as well? (The do have other clients, right?) Bob]

The laptop, used by an outside sales representative [Not an employee of the third party Bob] to develop an insurance proposal for the school system, was stolen from a car in Ohio.

"It's a portion of the employees," said A.C. McGraw, BB&T's media relations manager, who added that several security methods are used for the laptops, including passwords. [If it had been encrypted, you wouldn't be reporting this! Bob] "The information contained names, dates of birth, Social Security numbers, and, in some cases, medical history."

Source - DNRonline.com



Hummm... Someone copied the password file?

http://www.pogowasright.org/article.php?story=20080514132845183

Photobucket Requests Password Change After Security Issue

Wednesday, May 14 2008 @ 01:28 PM EDT Contributed by: PrivacyNews News Section: Breaches

An unknown security issue on Photobucket earlier this month has prompted the photo Web site to request that all its users change their passwords.

"Photobucket has identified and immediately resolved an isolated security incident," according to a spokesman. "There was no impact to any financial information related to Photobucket Pro subscribers, and we have no reason to believe that any photos or video from private Photobucket accounts have been accessed."

Source - AppScout

[From the article:

The company also upgraded its policy to require passwords that are at least six characters long. [A passwords should start with “Insecure...” Bob]



http://www.pogowasright.org/article.php?story=20080514183742849

OSU admits computer security breach

Wednesday, May 14 2008 @ 06:37 PM EDT Contributed by: PrivacyNews News Section: Breaches

A breach in an Oklahoma State University computer server exposed names, addresses and Social Security numbers of about 70,000 students, staff and faculty who bought parking and transit services permits in the past six years.

OSU announced the breach and began notifying permit holders today, even though it was discovered in March. The server was shut down at that time and Social Security numbers removed from the site.

After a two-month investigation, OSU officials say they think an intruder's purpose was to use the server for storage and bandwidth capacity to distribute illegal content but they can't rule out that student information was accessed. [Turn on the logging that comes free with the system! Bob]

Source - NewsOK.com Related - KOCO.com



“If it's digital, we can hack it!”

http://www.pogowasright.org/article.php?story=20080514120120569

Identity fraud hits net telephony

Wednesday, May 14 2008 @ 12:01 PM EDT Contributed by: PrivacyNews News Section: Breaches

A new type of identity fraud, which sees hackers tapping into voice-over IP telephony accounts, has been highlighted by a VoIP equipment maker.

Usernames and passwords from voice-over IP (VoIP) phone accounts are selling online for more than stolen credit cards, Newport Networks has found.

The information allows someone to use the telephone service for free.

Net telephony fraud is still in its infancy, with eavesdropping on calls being the most common security flaw. [How crude. Bob]

Source - BBC

[From the article:

"90% of carriers don't offer a secure VoIP service," said Mr Gladwin. [Think there might be a market there, Sparky? Bob]

... "Most of the software out there has the capability of running in secure mode if the service providers would accept it," he said.



Not everyone learns from their mistakes, but it is encouraging to note that some do...

http://www.pogowasright.org/article.php?story=20080514114146722

OH: NBC 4 Investigates Stolen State-Owned Computers

Wednesday, May 14 2008 @ 11:41 AM EDT Contributed by: PrivacyNews News Section: Breaches

.... Four months before the now-infamous state intern vehicle break-in, Target 4 questioned what the state was doing to protect state-owned equipment and data.

At the time, the Ohio Department of Job and Family Services led state agencies in computer-related thefts.

In the course of three years, the agency had lost a total of nine laptops, three desktops, a tablet PC and a hard drive – one device contained Medicaid information on 20 people.

... Fifteen months later, NBC 4 came back to find ODJFS has lost five more laptops, a desktop and a flash drive. Two thefts took place inside employees' cars. One laptop was stolen in a home burglary.

But ODJFS isn't alone in losing electronics. In 2007, nine laptops were stolen from the Ohio Department of Transportation.

"There was one incident in which a number of laptops were stolen. So really maybe three thefts, but in one of those cases, six laptops were stolen at one time," said ODOT Deputy Director Scott Varner.

Surprisingly, ODOT's nine laptop thefts pale in comparison to the loss leader among state agencies, the Ohio Department of Health, where 26 laptops disappeared last year. The total value was nearly $40,000.

.... We searched through Ohio State Highway Patrol records and counted more than 80 computers and hard drives stolen from the state in 2007. More than we found in 2004, 2005 and 2006 combined.

So how many agencies have done something to recover the stolen computers? Only one -- the Department of Health -- which began electronically tracking more than 2,200 ODH laptops and desktops last summer.

Source - NBC4i.com

[From the article:

Reporter: "Why doesn't the state have this type of service in place for all computers?"

Edmondson: "We have been taking a serious look at that." [Translation: “I have no idea.” Bob]



Hey, stuff happens... The fact that I've had 286 checks deposited in my Swiss account (so far) has nothing to do with the hacking class I'm teaching – or the fact that some students have already locked in their “A”

http://www.pogowasright.org/article.php?story=20080514184206646

IRS: Some stimulus checks sent to wrong accounts

Wednesday, May 14 2008 @ 06:42 PM EDT Contributed by: PrivacyNews News Section: Breaches

Through the wonders of modern technology, some of those federal economic stimulus checks are being deposited directly into recipients' bank accounts.

But some are not -- and are instead winding up in the bank accounts of complete strangers.

"We do know of instances of problems; we've heard of situations where stimulus checks have gone to the wrong people's bank accounts," conceded Kevin McKeon, the Internal Revenue Service spokesman for the New York region. "We're getting a lot of calls to the toll-free number."

One local taxpayer, who asked not to be identified, reported that he had discovered an unexpected deposit of $1,800 in his bank account. He said a review of his bank records revealed that it was a deposit from the IRS bearing another taxpayer's Social Security number. He said he contacted the IRS and was told by an IRS agent that the deposit was one of 15,000 misrouted checks sent out incorrectly as a result of a computer programming glitch. [Don't blame the poor computer, fire the manager that relied entirely on it! Bob]

Source - Newsday



Tools & Techniques Another biometric

http://www.physorg.com/news129994737.html

Scientists are building database of bite marks

By TODD RICHMOND, Associated Press Writer Published: 20 hours ago, 14:38 EST, May 14, 2008

(AP) -- It has sent innocent men to death row, given defense attorneys fits and splintered the scientific community. For a decade now, attorneys and even some forensic experts have ridiculed the use of bite marks to identify criminals as sham science and glorified guesswork.



Is this a wise strategy? Probably will result in a “Hacker war” that will cost the ISPs a fortune and mess up the customer experience for everyone... (With the industry magazines egging both sides on...)

http://tech.slashdot.org/article.pl?sid=08/05/14/2227200&from=rss

Elude Your ISP's BitTorrent Blockade

Posted by samzenpus on Wednesday May 14, @09:13PM from the impossible-task dept. The Internet

StonyandCher writes

"More and more ISPs are blocking or throttling traffic to the peer-to-peer file-sharing service, even if you are downloading copyright free content. Have you been targeted? How can you get around the restrictions? This PC World report shows you a number of tips and tools can help you determine whether you're facing a BitTorrent blockade and, if so, help you get around it."



Interesting to say the least.

http://blogs.barrons.com/techtraderdaily/2008/05/14/at-the-churchill-club-the-top-10-tech-trends/

At The Churchill Club: The Top 10 Tech Trends

Posted by Eric Savitz May 14, 2008, 10:57 pm

I’m at the Fairmont Hotel in San Jose tonight, for the Churchill Club’s annual Top 10 Tech Trends Dinner. This is the club’s 10th annual tech trend panel.

... 7. Khosla: Fossilizing fossil energy. Oil and coal will have trouble competing with biofuels. 99% of discussion on the topic is completely irrelevant to the topic. In 4-5 years will have production proof that can sell biofuel at well below $2 a gallon at today’s tax structure and no subsidy. Can’t imagine how big oil can stay in business if that is an alternative. Zero land needed to replace 100% of our gasoline. The other major issue is electrical power generation, which is coal and natural gas. One of his companies signed deal for 175 MW solar plant at costs below natural gas. Cheaper and less subject to commodity pricing. All of the panelists agree on that one.



Asymmetric warfare. The return of the Computer Bug? Global warming? Illegal aliens?

http://news.slashdot.org/article.pl?sid=08/05/15/129244&from=rss

Swarming Ants Destroy Electronics in Texas

Posted by timothy on Thursday May 15, @08:34AM from the where's-tiny-ender-when-you-need-him dept. Bug United States IT

AntOverlords writes

"Voracious swarming ants that apparently arrived in Texas aboard a cargo ship are invading homes and yards across the Houston area, shorting out electrical boxes and messing up computers. They have ruined pumps at sewage pumping stations, fouled computers and at least one homeowner's gas meter, and caused fire alarms to malfunction. They have been spotted at NASA's Johnson Space Center and close to Hobby Airport, though they haven't caused any major problems there yet."

Wednesday, May 14, 2008

It looks like the “journalistic formula” for reporting is starting to change to include more negative reaction to the security failures the organization admits to. See the article

http://www.pogowasright.org/article.php?story=2008051405595341

Ca: Customer data on stolen laptop

Wednesday, May 14 2008 @ 05:59 AM EDT Contributed by: PrivacyNews News Section: Breaches

The theft of a laptop computer containing hundreds of clients' confidential information from a Calgary bank employee's vehicle has raised concerns for Alberta's privacy commissioner.

In a letter sent yesterday to its customers, First Calgary Savings said a vehicle parked in a secured underground parkade was vandalized and the bank employee's laptop and cellphone stolen last month.

... Soon after the theft occurred, police were notified and potentially vulnerable accounts numbering "in the hundreds, not thousands" had been red-flagged to prevent abuse and there's been no unusual activity detected, said First Calgary privacy officer Rod Banman.

And while he said the data was protected by a password, it doesn't appear to have been encrypted [Translation: We don't know Bob] and could be vulnerable to a determined computer hacker.

Source - Calgary Sun

[From the article:

A recipient of the letter, 14-year First Calgary client Doug Gablehaus, said he was "livid" to hear personal information would have been left in a vehicle.

"It's unacceptable ... that's the way identity theft goes," said Gablehaus, adding he might now take his business elsewhere.

"In today's society, I don't think confidential information should be on someone's laptop and kept in their car."



I still don't recall this one, and with the Colorado connection I probably should.

http://www.pogowasright.org/article.php?story=20080513132150264

Statement from Dave & Buster's (follow-up)

Tuesday, May 13 2008 @ 01:21 PM EDT Contributed by: PrivacyNews News Section: Breaches

Dave & Buster's has learned that the United States Department of Justice has charged and will prosecute the individuals responsible for the theft of credit and debit card numbers from 11 of our locations. These thefts occurred on an intermittent basis from May through August of 2007. Although the stolen data was never retained or stored by Dave & Buster's, the data was illegally accessed from the Dave & Buster's computer systems during the card verification and transmission process. No personal information such as names, addresses, phone numbers, bank account numbers, pin numbers, or social security numbers was stolen. The data that was captured consists of "track 2" data that includes the credit or debit card number and expiration date, but no other identifying data.

Dave & Buster's was alerted to the potential [“Minimize, minimize, minimize.” PR bad news mantra Bob] data intrusion in late August 2007, and immediately contacted the United States Secret Service. Dave & Buster's worked closely with both the Secret Service and Department of Justice and assisted them in their investigation. In addition, Dave & Buster's immediately retained outside security experts who identified the source of the data compromise. As a result the Company has implemented additional security measures to prevent any such incident from occurring in the future. The stores that were compromised were: Westminster, CO; Islandia and West Nyack, NY; Utica, MI; Downtown Chicago, IL; Columbus, OH; Jacksonville, FL; Frisco, Dallas (2) and Austin, TX.

Source - PR Newswire



Drive-by ID Theft? Took mail from mailboxes and processed it right in their car! Lesson: Drive more carefully!

http://www.pogowasright.org/article.php?story=20080514061531646

NE: Metro Mail-Theft Ring

Wednesday, May 14 2008 @ 06:15 AM EDT Contributed by: PrivacyNews News Section: Breaches

For the second time in a week, authorities in Nebraska say they've caught crooks, who steal identities and cash. The latest bust was in Saunders County, but the victims are from all over the metro.

"This is some of the equipment they used for manufacturing the fake IDs," Sheriff Kevin Stukenholtz points out. What looked like another couple of criminals creating false identities, turned out to be a bust into a massive ID theft ring. "We found bags that literally include thousands of pieces of correspondence that belonged to individuals other than the people that were in the car."

Thousands of stolen bank statements, checks, and credit card payments were found in the suspect's car. All documents that were ripped off from mailboxes across the metro.

Source - Action3 News



Another change in procedure?

http://www.pogowasright.org/article.php?story=20080513201908838

Five IRS Employees Charged With Snooping on Tax Returns

Tuesday, May 13 2008 @ 08:19 PM EDT Contributed by: PrivacyNews News Section: Breaches

Five workers at the Internal Revenue Service's Fresno, California, return processing center were charged Monday with computer fraud and unauthorized access to tax return information for allegedly peeking into taxpayers' files for their own purposes.

"The IRS has a method for looking for unauthorized access, and it keeps audit trails, and occasionally it will pump out information about who's done what," says assistant U.S. attorney Mark McKoen, who's prosecuting the cases in federal court in Fresno.

... The five charged this week are Corina Yepez, Melissa Moisa, Brenda Jurado, Irene Fierro and David Baker. Only 13 taxpayers were compromised -- each worker allegedly peeked at one to four tax returns, in incidents from 2005 through last year.

Source - Wired

[From the article:

The age of some of the incidents suggests the Inspector General's office is breaking out new algorithms to find anomalies in audit trails going back years. The office declined to comment, as did the IRS.

Workers caught in a UNAX are typically subject to disciplinary measures like unpaid leave, and less commonly charged with misdemeanor violations of the Taxpayer Browsing Protection Act and the Computer Fraud and Abuse Act.


Related? Did the UCLA 'scandal' prompt others to look at what employees were doing? If so, good! (Oops, they did it again...)

http://www.pogowasright.org/article.php?story=20080514062410693

13 more involved in file breach

Wednesday, May 14 2008 @ 06:24 AM EDT Contributed by: PrivacyNews News Section: Breaches

The UCLA Medical Center has been in the spotlight lately for its recent issues with patient privacy, and a fourth report on the issue recently revealed new information.

The California Department of Health Services report revealed that 13 additional people, ranging from physicians to a volunteer, have been identified as accessing Britney Spears’ health records without proper authorization.

Source - Daily Bruin

[From the article:

Spears had an alias while in the hospital, but after her stay there the alias was abandoned so that all of her medical information would remain together, according to the department’s report. [“We will protect your identity until it becomes inconvenient.” Bob]



Social engineering – so easy a convict can do it... (What happened to the “This is a collect call from jail “ message?)

http://www.pogowasright.org/article.php?story=20080513131046755

NY: Upstate jail inmate charged with identity theft scam

Tuesday, May 13 2008 @ 01:10 PM EDT Contributed by: PrivacyNews News Section: Breaches

... Cayuga County authorities are charging 24-year-old Eddie Camacho with conspiracy, criminal impersonation and unlawful possession of personal identification information.

. Camacho is accused of telephoning people from the jail and impersonating members of the district attorney’s office to obtain personal information, including Social Security numbers. Deputies say Camacho used the information to obtain credit and services in the names of six victims.

Source - pressconnects.com



Tools & Techniques Attention stalkers!

http://online.wsj.com/public/article/SB121063460767286631.html?mod=blog

New Sites Make It Easier To Spy on Your Friends

By VAUHINI VARA May 13, 2008; Page D1

If you are still relying on Google to snoop on your friends, you are behind the curve.

Armed with new and established Web sites, people are uncovering surprising details about colleagues, lovers and strangers that often don't turn up in a simple Internet search. Though none of these sites can reveal anything that isn't already available publicly, they can make it much easier to find. And most of them are free.

Zaba Inc.'s ZabaSearch.com turns up public records such as criminal history and birthdates. Spock Networks Inc.'s Spock.com and Wink Technologies Inc.'s Wink.com are "people-search engines" that specialize in digging up personal pages, such as social-networking profiles, buried deep in the Web. Spokeo.com is a search site operated by Spokeo Inc., a startup that lets users see what their friends are doing on other Web sites. Zillow Inc.'s Zillow.com estimates the value of people's homes, while the Huffington Post's Fundrace feature tracks their campaign donations. Jigsaw Data Corp.'s Jigsaw.com, meanwhile, lets people share details with each other from business cards they've collected -- a sort of gray market for Rolodex data.

... Zaba CEO Nick Matzorkis says the dissemination of public information online is "a 21st century reality with or without ZabaSearch." [Good point. Bob]



Perhaps perception has progressed from impossible to probable? I believe that a web site (even a 'kill-a-tree' book) would be an extremely useful resource for organizations. Might make a simple business model...

http://www.eweek.com/c/a/Security/Preparation-Key-to-Managing-Data-Breaches/

Preparation Key to Managing Data Breaches

By Darryl K. Taft 2008-05-14



Great quotes if you are looking for a grant, but somehow I doubt the basis for such claims...

http://www.pogowasright.org/article.php?story=20080514061140169

One in four data breaches involves schools

Wednesday, May 14 2008 @ 06:11 AM EDT Contributed by: PrivacyNews News Section: Breaches

Cyber criminals are becoming bolder and more sophisticated in their operations, federal computer security experts say. And that's bad news for schools, because educational institutions reportedly account for approximately one of every four data security breaches.

... "The education sector accounts for the majority of data leakages with 24 percent of all breaches, followed closely by the government," revealed Foster. " And unfortunately, theft and loss are still the [top] reasons that data leakages occur."

Source - eSchool News

[From the article:

"Threats are becoming more sophisticated and are occurring on a global level," said Garcia. According to DHS statistics, more than 1 million malicious codes have been written, an increase of 500 percent since last year. On any given day, 40 percent of those codes are "botnets"--a collection of software robots, or bots, that run autonomously and on groups of "zombie" computers controlled remotely.

In fact, according to these same statistics, more malicious code is written than regular code--and more than 80 percent of organizations affected by botnets are not aware they've been compromised.

... Foster said companies and organizations today send more than 70 percent of their intellectual property through eMail, which is risky, considering that 40 percent of all malicious code trends deal with the sharing of executable files and 32 percent with eMail file attachments.

... DHS plans to provide ongoing professional development to all IT staff in the nation with a new resource in development called the "Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development." [Already out there, at: http://connect.educause.edu/Library/Abstract/InformationTechnologyITSe/45241?time=1210770042

Bob]



On the other hand, you could just give away your information...

http://www.bespacific.com/mt/archives/018332.html

May 13, 2008

Harvard Law faculty votes for 'open access' to scholarly articles

News release: "In a move that will disseminate faculty research and scholarship as broadly as possible, the Harvard Law School faculty unanimously voted last week to make each faculty member’s scholarly articles available online for free, making HLS the first law school to commit to a mandatory open access policy." [John Palfrey via Darlene Fichter]



This article points to a letter criticizing the 'opt out' process, but my concerns would be: what information do they keep; how long do they keep it; who do they share it with? Not to mention that this method does not segregate my personal and professional uses of the Internet, so I'll get adds for math textbooks... Ugh.

http://www.pogowasright.org/article.php?story=20080513130451896

Charter To Begin Tracking Users' Searches And Inserting Targeted Ads

Tuesday, May 13 2008 @ 01:04 PM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy

Charter Communications is sending letters to its customers informing them of an "enhanced online experience" that involves Charter monitoring its users' searches and the websites they visit, and inserting targeted third-party ads based on their web activity. Charter, which serves nearly six million customers, is requiring users who want to keep their activity private to submit their personal information to Charter via an unencrypted form and download a privacy cookie that must be downloaded again each time a user clears his web cache or uses a different browser. [At least they left out that “dance naked every full moon” bit Bob]

Source - The Consumerist



It is extremely difficult to unlearn an old procedure while learning a new one. Here is a crutch for those of us who need it... (No one could have anticipated this?)

http://www.cnet.com/8301-13880_1-9943428-68.html?part=rss&tag=feed&subj=Workers'Edge

New Office 2007 add-on makes commands easier to find

Posted by Dennis O'Reilly May 13, 2008 3:00 PM PDT

Microsoft claims that Office 2007's ribbon interface saves time by putting the features people use most often closer at hand. For those of us who spent years learning where those functions were in previous versions of Word, Excel, and PowerPoint, the changes aren't the productivity boosters Microsoft envisioned.

I've done more than my share of rummaging around the ribbon in Office 2007 trying to find a particular command, and I've even used Microsoft's user-interface guides to hunt down the feature I needed. Now Microsoft Office Labs has developed the free Search Commands add-on for Office 2007 that lets you type in a command and access it in an instant.



I have no idea what this study foretells, but I find it interesting. Makes me think I must belong to the “Unconnected” or perhaps the “Disconnected”

http://www.infoworld.com/article/08/05/13/Study-says-hyperconnected-users-growing_1.html?source=rss&url=http://www.infoworld.com/article/08/05/13/Study-says-hyperconnected-users-growing_1.html

Study: 'Hyperconnected' users growing

Enterprises will have to accommodate new wave of information workers who use multiple devices and applications

By Paul Krill May 13, 2008

Enterprises are facing an exploding "culture of connectivity," with global information workers using an increasing number of devices and applications, according to an IDC study released on Tuesday.

In a worldwide study sponsored by Nortel, IDC found a considerable number of what it calls "hyperconnected" users -- those using at least seven devices and nine applications. The survey covered nearly 2,400 working adults in 17 countries.

Employers will need to make accommodations for the new wave of hyperconnected persons as these people become the next-generation workforce, IDC and Nortel argued.

The hyperconnected accounted for 16 percent of the population in the study. They are using gadgets ranging from phones to laptops to PDAs and even car-based systems. Applications being used on these devices include Web 2.0 applications, such as Twitter, Second Life, and wikis. Also prominent are applications like text messaging, instant messaging, and Web conferencing.

Behind the hyperconnected were the "increasingly connected," who use four devices and as many as six applications and account for 36 percent of the population.



Attention Linux geeks!

http://linux.slashdot.org/article.pl?sid=08/05/13/2328239&from=rss

Videos and Report From Embedded Linux Conference

Posted by kdawson on Wednesday May 14, @12:40AM from the for-posterity dept. Education Linux

Thomas Petazzoni writes

"The fourth edition of Embedded Linux Conference was held from April 15 to 17 in Mountain View, California. With more than fifty talks and tutorials around the use of Linux in embedded devices, this conference covered a wide range of topics: power management, debugging techniques, system size reduction, flash filesystems, embedded distributions, real-time, graphics and video, security, etc. For those who could not attend the conference, Free Electrons has published under a free license videos of nineteen talks and an extensive report of them. You can for example watch Andrew Morton's keynote, Klaas van Gend's talk about the real-time version of the Linux kernel, or Mike Anderson's tutorial on the use of JTAG probes for kernel debugging."

Tuesday, May 13, 2008

We didn't understand the first few times, so we asked them to do it again, only slower.”

http://www.pogowasright.org/article.php?story=20080512125921999

Another Laptop Stolen from Pfizer, Employee Information Compromised (updated)

Monday, May 12 2008 @ 12:59 PM EDT Contributed by: PrivacyNews News Section: Breaches

About 13,000 employees at Pfizer Inc., including about 5,000 from Connecticut, had their personal information compromised when a company laptop and flash drive were stolen, the pharmaceutical giant confirmed today.

The data breach, which occurred about a month ago, was the second this year affecting Pfizer Inc. employees and the sixth made public in a one-year span dating back to May 2007. More than 65,000 data-breach notifications have been sent out by Pfizer over the past year, including more than 10,000 to employees from Connecticut

Source - The Day Updated 5-13-08: The Day

[From the article:

The company said late Friday in an e-mail to affected employees, including many at Pfizer Global Research and Development campuses in Groton and New London, that no Social Security numbers were on the encrypted laptop, but names, home addresses, home telephone numbers, employee identification numbers, positions and salaries were possibly compromised by an unencrypted flash drive. [“Next time we may encrypt the sensitive data and not bother to encrypt the junk data. But it may take a few more breaches to get it worked out...” Bob]



When bureaucracy designs security...

http://www.pogowasright.org/article.php?story=20080512122027751

UK: Crooks access NHS database

Monday, May 12 2008 @ 12:20 PM EDT Contributed by: PrivacyNews News Section: Breaches

THE £12billion NHS computer system lay in tatters last night — as it emerged CROOKS may have accessed patient records.

A security card flaw has left the system open to abuse for two years.

Sensitive medical details, addresses and National Insurance numbers of every patient in the country could have been seen by ANYONE in a GP surgery or hospital without using the special swipe card.

.... the controversial Choose and Book system allows GPs to view patient records online, book appointments and order medicines through their computer.

But a GP in Hornchurch, Essex, found he could log on to the system without inserting his "smart card" into the reader device.

Source - The Sun



In the category: “No good deed goes unpunished”

http://www.infoworld.com/article/08/05/12/Phishers-scamming-IRS-rebates_1.html

Phishers scamming IRS rebates

A new scheme sends a fraudulent IRS that directs users to a Web site that asks for their bank account information in order to direct deposit their stimulus checks

By Tim Greene, Network World May 12, 2008

Scammers want your IRS refund checks and have devised at least one phishing scheme to get it, according to the FBI.

The e-mail, which purports to be from the IRS advises recipients that the best way to get their economic stimulus rebate money is by direct deposit. It then directs them to a Web site that asks them to enter bank account information and other personal data.

To encourage recipients to respond, the e-mail warns that not filling out the form will mean a delay in receiving the check.



Have I missed something? When did these guys get 'promoted' to criminal mastermind? (Add Dave & Buster's to the breach list in May 2007...)

http://www.pogowasright.org/article.php?story=20080512201234592

TJX credit card heist suspect, 2 others, accused of new scam

Monday, May 12 2008 @ 08:12 PM EDT Contributed by: PrivacyNews News Section: Breaches

Three men - one of them suspected of playing a role in the heist of 45.6 million credit cards from retailer TJX Companies - have been accused of hacking into cash register terminals belonging to a restaurant chain and installing software that sniffed credit card numbers.

According to a 27-count indictment unsealed Monday, the scheme was carried out in part by Maksym Yastremskiy. In July, the Ukrainian was arrested in a Turkish resort town for allegedly selling large quantities of credit card numbers, many of which were siphoned out of TJX's rather porous network. He remains incarcerated in Turkey, where an application for extradition to the US is pending. Yastremskiy also went by the name Maksik.

Source - The Register

[From the article:

According to a 27-count indictment unsealed Monday, the scheme was carried out in part by Maksym Yastremskiy. In July, the Ukrainian was arrested in a Turkish resort town for allegedly selling large quantities of credit card numbers, many of which were siphoned out of TJX's rather porous network.

... The men managed to install the packet sniffers remotely by socially engineering individuals, according to the indictment, which didn't elaborate. [“Hello, we is your computers service men. Give us access so we can fix all your problemz. Bob]

[From article two:

"We don't have any information that suggests this person was the one who committed the attack on TJX, but at some point he did come into possession of the (stolen TJX) card accounts."



This would be unbelievable except for things like the Pfizer article.

http://www.pogowasright.org/article.php?story=20080512131157657

UK companies: Leaking like a sieve?

Monday, May 12 2008 @ 01:11 PM EDT Contributed by: PrivacyNews News Section: Breaches

Most UK companies are losing data every month a survey has found.

The majority of UK businesses, 79 per cent, are losing data at least once per month, according to the survey of 250 senior IT staff at businesses larger than 1,000 staff.

More than a quarter, 28 per cent, suffered data loss on a weekly or more frequent basis the report by IT management company CA found.

Source - Silicon.com



Tools & Techniques (For the “we don't need no stinking encryption” crowd.)

http://arstechnica.com/news.ars/post/20080512-deep-packet-inspection-under-assault-from-canadian-critics.html

Deep packet inspection under assault over privacy concerns

By Nate Anderson | Published: May 12, 2008 - 12:03PM CT

Add the Canadian Internet Policy and Public Interest Clinic (CIPPIC) to the list of groups concerned about the privacy implications of widespread deep packet inspection (DPI) by ISPs. CIPPIC has filed an official complaint with Canada's Privacy Commissioner, Jennifer Stoddart, asking her office to investigate Bell Canada's use of DPI (and we're flattered to be quoted as an expert source in the complaint). In addition, the group would welcome a wider investigation into possible DPI use at cable operators Rogers and Shaw, as well.

In writing up this morning's announcement of a massive new 80Gbps DPI appliance from Procera Networks, I noted that privacy concerns were one of the storm clouds in DPI's bright blue skies. Because DPI can drill down into packet headers and then further into the actual content being pumped through the tubes, it raises all sorts of questions from privacy advocates concerned about the easy collection of private personal information. Current gear is so sophisticated that it can reconstitute e-mails and IM conversations out of asymmetric traffic flows and it can essentially peek "under the hood" of any non-encrypted packet to take a look at what it contains.

... The issues go beyond just IP addresses, encompassing attorney/client privilege, trade secrets, and other protected communications, but DPI vendors have assured Ars that they have little interest in examining content; most traffic information can be gleaned from packet headers, destination IP addresses, flow patterns, handshakes, and the like. Given the sheer capabilities of these devices, though, it seems at least worthwhile to have a detailed discussion about the potential privacy implications.

Further reading:



At last! A firm grasp of the obvious!

http://www.pogowasright.org/article.php?story=20080512121101577

U.K. defence department adopts encryption after data breaches

Monday, May 12 2008 @ 12:11 PM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

Following a spate of high profile data breaches, the U.K. Ministry of Defence is set to install encryption software on 20,000 of its laptops.

It will install BeCrypt's Disk Baseline software across Royal Airforce, Army and Navy laptops, and users will need to be authenticated before they can access encrypted data. [Up 'till now, anyone could access the data? Bob] The MoD said the new BeCrypt software would be easily integrated with future technology too.

It will protect data across a range of levels, from 'Classified' to 'Secret' levels, and in some cases 'Top Secret' data.

Source - InterGovWorld.com



Selling a remedy for anything you fear...

http://www.pogowasright.org/article.php?story=20080512121233653

West Virginia Class Action Lawsuit Filed Against LifeLock Alleging Deceptive Marketing Practices

Monday, May 12 2008 @ 12:12 PM EDT Contributed by: PrivacyNews News Section: In the Courts

Marks & Klein, LLP today filed its third class action lawsuit against LifeLock, Inc., a provider of identity theft protection services, and its CEO Richard "Todd" Davis. The lawsuit was filed in the Circuit Court of Jackson County, West Virginia (Docket No. 08-C-69), on behalf of Kevin Gerhold of Falling Rivers, as well as all other LifeLock subscribers in West Virginia.

This latest action followed suits filed by the firm in April on behalf of Dr. and Mrs. Gerald Falke of Hagerstown, Md., as well as all other LifeLock subscribers in Maryland; and in March on behalf of Dr. and Mrs. Warren Pasternack of East Brunswick, N.J., as well as all other New Jersey LifeLock subscribers.

Source - PR Newswire

[From the article:

The lawsuits allege that LifeLock and its multi-million-dollar advertising campaign provided false and misleading information about the limited level of identity protection the company provides, and failed to warn them about the potential adverse impact the company's services could have on their credit profiles. The complaints also allege that the CEO has himself been a victim of identity theft by multiple offenders while a customer of LifeLock's services.

...

Beyond the charges leveled in the Complaints, lead counsel Paris related the story of a Wisconsin consumer who contacted the firm regarding her accidental experience with LifeLock. "Her debit card was stolen and the thief had the audacity to use the card to buy a subscription to LifeLock," he noted. "Most disturbingly, LifeLock issued the subscription to the thief in the thief's name, clearly failing to verify the appropriate information."



No you don't understand, it's secret evidence in our “Double Secret Probation” case, and even if we made the whole thing up, it's private!”

http://cbs4denver.com/local/greeley.school.video.2.721808.html

May 12, 2008 9:40 am US/Mountain

Greeley Schools Won't Let Parent See Bus Video

GREELEY, Colo. (AP) ― Greeley school officials say privacy laws prevent them from letting a parent see a surveillance videotape after his son was disciplined for a fight on a school bus.

Mike Moskalsk says he asked to see the video taken on the bus after his son was suspended for 10 days after the April fight. Moskalsk says his son didn't start the fight but was defending himself.

Greeley-Evans School District officials say that to release the tape, they would have to get permission from the parents of all the children shown, or digitally blur their faces. They say either option would cost too much.

About 80 percent of the district's buses have surveillance cameras. Officials say surveillance tapes are reviewed only if problems are reported on a run.



Tools & Techniques: Arming for Cyberwar?

http://www.f-secure.com/weblog/archives/00001434.html

Tuesday, May 13, 2008

US Air Force Colonel Proposes Skynet

This month's issue of Armed Forces Journal features an article by Col. Charles W. Williamson III titled: Carpet bombing in cyberspaceWhy America needs a military botnet

It's a provocative essay… that fails to convince us of the need for an AF.MIL botnet.


On the other hand...

http://ask.slashdot.org/article.pl?sid=08/05/13/1313249&from=rss

Just How Effective is System Hardening?

Posted by timothy on Tuesday May 13, @09:31AM from the how-large-is-your-facade dept.

SkiifGeek, pointing to our recent coverage of what the NSA went through to create SELINUX, wants to know just how effective system hardening is at preventing successful attack, and writes

"When Jay Beale presented at DefCon 14, he quoted statistics (PDF link) that Bastille protected against every major threat targeting Red Hat 6, before the threats were known. With simple techniques available for the everyday user which can start them on the path towards system hardening, just how effective have you found system and network hardening to be? The NSA does have some excellent guides to help harden not only your OS but also your browser and network equipment."



Tools & Techniques: It will never replace SuperGlue! (but it does let us treat kids like sex offenders!)

http://yro.slashdot.org/article.pl?sid=08/05/12/1633251&from=rss

To Curb Truancy, Dallas Tries Electronic Monitoring

Posted by ScuttleMonkey on Monday May 12, @01:15PM from the kids-aren't-people dept.

The New York Times is reporting that a school district in Texas is trying a new angle in combating truancy. Instead of punishing students with detention they are tagging them with electronic monitoring devices.

"But the future of the Dallas program is uncertain. Mr. Pottinger's company, the Center for Criminal Justice Solutions, is seeking $365,000 from the county to expand the program beyond Bryan Adams. But the effort has met with political opposition after a state senator complained that ankle cuffs used in an earlier version were reminiscent of slave chains. Dave Leis, a spokesman for NovaTracker, which makes the system used in Dallas, said electronic monitoring did not have to be punitive. 'You can paint this thing as either Big Brother, or this is a device that connects you to a buddy who wants to keep you safe and help you graduate.'"



...and it only took 109 pages to do it!

http://www.pogowasright.org/article.php?story=20080512125329740

FTC Approves New Rule Provision Under The CAN-SPAM Act

Monday, May 12 2008 @ 12:53 PM EDT Contributed by: PrivacyNews News Section: Fed. Govt.

The Federal Trade Commission has approved four new rule provisions under the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM or the Act). The provisions are intended to clarify the Act’s requirements. The provisions and the Commission’s Statement of Basis and Purpose (SBP) will be published in the Federal Register shortly. The new rule provisions address four topics: (1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail [confirming that the email address was active... Bob] message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender; (2) the definition of “sender” was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Act’s opt-out requirements; ['cause we wouldn't like to stop them all... Bob] (3) a “sender” of commercial e-mail can include an accurately-registered post office box ['cause physical addresses were too easy to locate Bob] or private mailbox established under United States Postal Service regulations to satisfy the Act’s requirement that a commercial e-mail display a “valid physical postal address”; and (4) a definition of the term “person” was added to clarify that CAN-SPAM’s obligations are not limited to natural persons. [It applies to Republicans too? Bob]

Source - FTC Related - Text of the Federal Register Notice



Is the telephone industry doomed? (I think so...)

http://tech.slashdot.org/article.pl?sid=08/05/13/1225259&from=rss

Homemade VoIP Network Over Wi-Fi Routers

Posted by timothy on Tuesday May 13, @08:53AM from the warms-the-cochleas-of-the-heart dept. Communications Hardware Hacking Networking Wireless Networking

AnInkle writes

"A blogger on The Tech Report details his research and testing of wireless voice communication options for remote mountainous villages in rural undeveloped areas. The home-built project involves open-source software, low-cost wireless routers, solar power, mesh networking, unlicensed radio frequencies and VoIP technology. Although his research began several months ago, he has concluded the first stage of testing and is preparing to move near one of the sites where he hopes to eventually install the final functional network. Anyone with experience or ideas on the subject is invited to offer input and advice."


Related

http://hosted.ap.org/dynamic/stories/A/ANDROID_CLASS?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

MIT students show power of open cell phone systems

By BRIAN BERGSTEIN May 12, 2:52 PM EDT

CAMBRIDGE, Mass. (AP) -- What do you want your cell phone to be able to do?

Massachusetts Institute of Technology professor Hal Abelson put that question to about 20 computer science students this semester when he gave them one assignment: Design a software program for cell phones that use Google Inc.'s upcoming Android mobile operating system.



I know a few lawyers who would dispute this. But then, they dispute everything...

http://science.slashdot.org/article.pl?sid=08/05/12/205217&from=rss

First Space Lawyer Graduates

Posted by ScuttleMonkey on Monday May 12, @05:11PM from the great-more-lawyers dept. Space Education

PHPNerd writes

"Over at space.com is an interesting article about the first space lawyer. He graduated from the University of Mississippi. ' Any future space lawyer might have to deal with issues ranging from the fallout over satellite shoot-downs to legal disputes between astronauts onboard the International Space Station. The expanding privatization of the space sector may also pose new legal challenges [...] "We are particularly proud to be offering these space law certificates for the first time, since ours is the only program of its kind in the U.S. and only one of two in North America," said Samuel Davis, law dean at the University of Mississippi.'"



Tools & Techniques: Recovery is pricey (esp. compared to backups) but much more 'doable' than even the manufacturers think.

http://hardware.slashdot.org/article.pl?sid=08/05/12/2330200&from=rss

A Walk Through the Hard Drive Recovery Process

Posted by kdawson on Monday May 12, @08:02PM from the it's-dead-jim dept. Data Storage Hardware Hacking

Fields writes

"It's well known that failed hard drives can be recovered, but few people actually use a recovery service because they're expensive and not always successful. Even fewer people ever get any insights into the process, as recovery companies are secretive about their methods and rarely reveal any more information that is necessary for billing. Geek.com has an article walking through a drive recovery handled by DriveSavers. The recovery team did not give away many secrets, but they did reveal a number of insights into the process. From the article, "'[M]y drive failed in about every way you can imagine. It had electro-mechanical failure resulting in severe media damage. Seagate considered it dead, but I didn't give up. It's actually pretty amazing that they were able to recover nearly all of the data. Of course, they had to do some rebuilding, but that's what you expect when you send it to the ER for hard drives.'"

Be sure to visit the Museum of Disk-asters, too.



Fun! YouTube for Physicists! (You could do this in any field)

http://news.slashdot.org/article.pl?sid=08/05/13/0350215&from=rss

Lectures On the Frontiers of Physics Online

Posted by kdawson on Tuesday May 13, @08:14AM from the current-perimeter dept. Education Science

modernphysics writes

"The Outreach Department at Canada's Perimeter Institute for Theoretical Physics offers a wide array of online lecture playbacks examining hot topics in modern physics and beyond. Presentations include Neil Turok's 'What Banged?,' John Ellis with 'The Large Hadron Collider,' Nima Arkani-Hamed with 'Fundamental Physics in 2010,' Paul Steinhardt with 'Impossible Crystals,' Edward Witten with 'The Quest for Supersymmetry,' Seth Lloyd with 'Programming the Universe,' Anton Zeilinger with 'From Einstein to Quantum Information,' Raymond Laflamme with 'Harnessing the Quantum World,' and many other talks. The presentations feature a split-screen presentation with the guest speaker in one frame and their full-frame graphics in the other."



I'll have to see if there is a “student” registration available.

http://www.infoworld.com/article/08/05/12/Hackers-create-their-own-social-network_1.html?source=rss&url=http://www.infoworld.com/article/08/05/12/Hackers-create-their-own-social-network_1.html

Hackers create their own social network

'Ethical hacking' group has signed up more than 1,000 members for the House of Hackers network since its launch

By Matthew Broersma, IDG News Service May 12, 2008

Hackers now have their own social network, backed by GnuCitizen, a high-profile "ethical hacking" group.

The network, called House of Hackers, has signed up more than 1,000 members since its launch earlier this week, according to the site.

GnuCitizen set up the network in order to promote collaboration among security researchers. The site's founders said they use "hacker" in the complementary sense.

... GnuCitizen is encouraging businesses to use the site to seek out security researchers for jobs or particular projects.



Here is a 'How to' (along with a bit of Why), but I can see this as a simple e-business model. “Click here and remove unwanted software and free up disk space.” Note: there are many similar tools out there...

http://www.cnet.com/8301-13880_1-9941808-68.html?part=rss&tag=feed&subj=Workers'Edge

Identify mystery apps installed on your PC

Posted by Dennis O'Reilly May 12, 2008 12:00 PM PDT

I'm always looking for a little bit more performance from my PCs, so I regularly use Piriform's free CCleaner utility to clear out the clutter on my systems' hard drives.

... The last time I ran CCleaner on my XP test machine, it freed up almost 2GB of hard-drive space by removing temporary Internet files, sweeping out the Recycle Bin, and deleting various Windows updates and other system and application files I no longer needed. Then I clicked the program's Tools option to view the applications installed on the PC.

... It would be nice if Windows provided some clues about the programs it lists in XP's Add or Remove Programs and Vista's Programs and Features. For example, Programs and Features on my Vista system lists the Viewpoint Media Player, but it offers no hint as to where the program came from, apart from the date it was installed. From what I was able to gather after a Web search, the utility is related to the display of 3D effects in AIM.

Since I use Trillian and Google Talk for my IM sessions, I don't need the Viewpoint player. A bigger question is how the program got on my PC in the first place. [and this is (presumably) legitimate software. Imagine if it was malware and didn't want to be found? Bob] It didn't come preinstalled on the machine, and no other programs were loaded on the same date as it was. Still, the next most recent software installation was AIM itself, which had an installation date one month later than the Viewpoint player.

However the program managed to slip onto my PC, removing it freed up more than 7MB of hard-disk space.



Business model. Act as the meeting place for people who put on seminars and those who want to attend.

http://www.killerstartups.com/Web-App-Tools/Markthisdatecom---Share-Your-Favorite-Events/

Markthisdate.com - Share Your Favorite Events

Markthisdate is a Holland-based site that allows you to download the calendars of your favorite events directly to your favorite calendar program and thereby keep tabs on your favorite things. There are a number of calendars to choose from, for example, the Beijing Olympics, and you simply have to click “add to my calendar” when you would like to download the times and dates of an event to your icalendar. You can also add calendars to Markthisdate, something that is especially handy for those looking to self-promote their act.

http://www.markthisdate.com/info/faq.html



Business Model: Find a niche and become an expert

http://www.killerstartups.com/Web20/VinoGustocom---Interactive-Community-for-Wine-Lovers/

VinoGusto.com - Interactive Community for Wine Lovers

Vinogusto, launched in January last year, is an interactive community website aimed at promoting the enjoyment of wine, including through oenotourism. [TSA will perform a cavity search if you wear this t-shirt when entering the country. Bob] Registered users have their own page where they can share wine experiences, such as by reviewing a visit to a particular winery or rating a wine they drank. You can search wines by name, country of origin, color, and price, or browse by tags or “Hot wines.” Wine professionals can use the site as a promotion tool, with prices ranging from 50 to 450 Euros per year for various promotion plans. Vingogusto.com is currently available in four languages: English, French, Spanish, and Dutch. It features around 24,000 wines and over 37,000 wineries, with numbers growing regularly as users contribute.

http://www.vinogusto.com/