Even those who know better can be breached. I hope they had a “What to do when (not if) we get breached” guideline written...
http://www.pogowasright.org/article.php?story=20080607060721545
Stanford alerts employees that stolen laptop had personal data
Saturday, June 07 2008 @ 06:07 AM EDT Contributed by: PrivacyNews News Section: Breaches
Stanford University determined yesterday that a university laptop, which was recently stolen, contained confidential personnel data. The university is not disclosing details about the theft as an investigation is under way.
The university is sending e-mails and letters to current and former employees whose personal information may be at risk, as well as posting information on the Stanford homepage at: http://www.stanford.edu, and notifying the media. Officials estimate that the problem could extend to as many as 72,000 people currently or previously employed by Stanford.
Source - Stanford News Service Related - Mercury News
[From the article:
Livingston said: “The university has guidelines that prohibit keeping sensitive information on unsecured computers. [At once an admission that the policy had been violated and that there was no security on the laptop. Bob] This effort will be redoubled after this incident.” [“We're gonna write even more guidelines!” Bob]
It is embarrassing to discover that you have been breached. It is worse to have an outsider (police, credit card issuers, etc.) tell you about the breach. It must be really bad when the data turns up on eBay and your investors start screaming...
http://www.pogowasright.org/article.php?story=20080606090259516
Personal data of thousands compromised
Friday, June 06 2008 @ 09:02 AM EDT Contributed by: PrivacyNews News Section: Breaches
Damac Properties has launched an investigation into how thousands of its customers personal details ended up for sale on Ebay for 750 pounds ($1,466), a senior company official told ArabianBusiness.com on Thursday.
Ten copies of a database with personal information on over 8,000 of the Dubai-based developer's customers were put on the website on May 28.
According to the posting, the database includes information such as email addresses and phone numbers of “investors, VIPs, agents and high net worth individuals based in Dubai and across the world”.
Source - itp.net
Long post (for this blog) pointing out some of the unanswered questions about this breach. Perhaps Wellpoint has learned too much from TJX?
http://www.phiprivacy.net/?p=459
Jun-6-2008
Unanswered questions for WellPoint and Congress (commentary)
On April 7, PogoWasRight.org exposed two previously unreported incidents involving WellPoint, Inc. The story was not the end of that site’s investigation, however, and subsequent statements by their spokespeople and a notification by UniCare’s lawyers to the New Hampshire Department of Justice only raised additional questions about what happened and why.
... These were WellPoint’s third and fourth incidents involving unencrypted files since October 2006. While WellPoint is not the only HIPAA-covered entity to experience breaches involving unencrypted data or breaches involving contractors, the four incidents of theirs that we know about comprise millions of records and affected approximately 400,000 people (or more). If the largest commercial health insurance company can keep experiencing problems in securing the privacy and security of our data, how is the public to have trust in the system?
This isn't the first state to run into this problem. Makes you wonder how the licenses were issued in the first place. If this problem is common in all 50 states, there could be thousands of illegal aliens in this country with drivers licenses!
http://www.pogowasright.org/article.php?story=20080607060621584
BMV suspends license revocation letters
Saturday, June 07 2008 @ 06:06 AM EDT Contributed by: PrivacyNews News Section: REAL ID
Thousands of Indiana residents who lost their driving privileges appeared to win a reprieve Friday when judges temporarily blocked the state from revoking licenses that don’t match Social Security records.
The Indiana Court of Appeals granted a preliminary injunction staying the Indiana Bureau of Motor Vehicles’ invalidation of driver’s licenses or identification cards on the sole basis of mismatched records while a lawsuit challenging the policy works itself through appeals.
Source - IndyStar.com
[From the article:
Falk said the state policy affects not only the plaintiffs’ legal right to drive but also their family lives, ability to support themselves, access to federal buildings and even their right to vote, given the U.S. Supreme Court’s April decision upholding an Indiana law requiring government-issued photo IDs at the ballot box.
“The impact is fairly broad,” Falk said.
We knew this was coming, but wasn't there a promise that it would be done openly and only to replace frisking travelers?
http://yro.slashdot.org/article.pl?sid=08/06/07/0042248&from=rss
Full Body Scanners Installed In 10 US Airports
Posted by Soulskill on Saturday June 07, @12:00AM from the too-cheap-to-hire-superman dept.
Lapzilla brings word that airports around the US are beginning to use a new type of body-scanning machine which records pictures of travelers underneath their clothing. The process takes roughly 30 seconds, and the person viewing the pictures is located in a separate room. We've discussed similar scanners in the past. From USAToday:
"[Barry Steinhardt, head of the ACLU technology project] said passengers would be alarmed if they saw the image of their body. 'It all seems very clinical and non-threatening -- you go through this portal and don't have any idea what's at the other end,' he said. Passengers scanned in Baltimore said they did not know what the scanner did and were not told why they were directed into the booth. Magazine-sized signs are posted around the checkpoint explaining the scanners, but passengers said they did not notice them."
I guess we know who wrote this...
http://tech.slashdot.org/article.pl?sid=08/06/06/211236&from=rss
Leaked ACTA Treaty to Outlaw P2P?
Posted by ScuttleMonkey on Friday June 06, @05:37PM from the coming-at-you-from-every-side dept.
miowpurr writes to tell us that a draft of the ACTA (Anti-Counterfeiting Trade Agreement) has been posted on Wikileaks. Among others, Boing Boing's Cory Doctorow has weighed in on the possible ramifications of this treaty.
"Among other things, ACTA will outlaw P2P (even when used to share works that are legally available, like my books), and crack down on things like region-free DVD players. All of this is taking place out of the public eye, presumably with the intention of presenting it as a fait accompli just as the ink is drying on the treaty."
Related I'll repeat my forecast that cable monopolies need to be eliminated in favor of an independent (city/state owned?) “connection service” that reaches every house and is open to anyone for a nominal fee.
http://tech.slashdot.org/article.pl?sid=08/06/06/226225&from=rss
Is Streaming Video the Real Throttling Target?
Posted by Soulskill on Friday June 06, @07:08PM from the don't-give-them-too-much-credit dept. Networking Communications Media The Internet
snydeq writes
"Responding to legal pressure over its throttling of P2P traffic and other dubious practices, Comcast says it will now punish the most abusive users rather than particular applications. Yet its pilot tests in Pennsylvania and Virgina, which would 'delay traffic for the heaviest users of Internet data without targeting specific software applications,' raise greater concerns over net neutrality, ones that belie a potential preemptive strike against the cable company's chief future competition: streaming video. 'Despite the industry's constant invocation of the P2P bogeyman, at present, the largest bandwidth hog is actually streaming video,' writes Mehan Jayasuriya at Public Knowledge. 'Clearly, the emergence of online video is something that cable video providers find very threatening and by capping off bandwidth usage, they're effectively killing two birds with one stone; discouraging users from using their Internet connections for video while increasing the efficiency of the network. Is this anti-competitive? It sure seems like it.'"
For my Business Continuation class
http://tech.slashdot.org/article.pl?sid=08/06/06/199211&from=rss
US Amazon.com Website Down For Over 1 Hour
Posted by ScuttleMonkey on Friday June 06, @03:10PM from the there-goes-the-bottom-line dept. The Internet Businesses
CorporalKlinger writes
"CNET News is reporting that Amazon's US website, Amazon.com, has been unreachable since 10:30 AM PDT today. As of posting, visiting www.amazon.com produces an 'Http/1.1 Service Unavailable' message. According to CNET, "Based on last quarter's revenue of $4.13 billion, a full-scale global outage would cost Amazon more than $31,000 per minute on average." Some of Amazon's international websites still appear to be working, and some pages on the US Amazon.com site load if accessed using HTTPS instead of HTTP."
What could possibly be better than an iPhone Software Developer's Kit?
http://gadgetsinternet.com/2008/06/06/iphone-hacking-101-xeni-takes-one-for-the-team/
IPhone Hacking 101: Xeni Takes One for the Team
Posted on Jun 6, 2008 03:07:44 PM
[The video is a pitch for O’Reilly’s new book, iPhone Hacks, but still interesting to see how easily the iPhone can be hacked. Bob]
When we start using Kindles for textbooks, we'll still need the ability to provide “handouts”
How to hack your Amazon Kindle to read all your ebooks and documents including .pdf, .doc, .xls, chm, .lit, etc..
By Mike on May 4, 2008
Want to hack further?
http://www.livevideo.com/video/8C0565E0589E4D5081248870FE76E3AE/amazon-kindle-review-kindle-t.aspx
Amazon Kindle Review, Kindle Tips and Hacks (1 of 11)