http://www.pogowasright.org/article.php?story=20080912151617802
TSU says student Social Security numbers have gone missing
Friday, September 12 2008 @ 03:16 PM EDT Contributed by: PrivacyNews
Tennessee State University this afternoon announced that a flash drive containing the financial information and Social Security numbers of more than 9,000 students was reported missing earlier this week.
A financial aid counselor reported the flash drive missing Tuesday morning after discovering that it was no longer in her possession, administrators said. The flash, which contained financial records of TSU students dating back to 2002, was last seen Monday evening. There have been no attempts to use the data. [“We didn't know our data had been copied but we have checked the entire world and are sure nothing has happened...” Riiiight... Bob]
... University officials don't believe the missing flash drive was encrypted or password-protected, although TSU policy requires Social Security numbers be stored in protected data files. The school also no longer uses Social Security numbers as students' primary identification numbers.
The incident is under investigation by TSU's Department of Internal Audit. The employee has been placed on administrative leave with pay pending the outcome of the investigation. [Encouraging, but unlikely to go further. Bob]
Source - Nashville Post
Mellon Bank continues to make headlines – although it looks like they are simply paraphrasing other news stories.
http://www.pogowasright.org/article.php?story=20080913070502759
Lenders say private customer records have been breached
Saturday, September 13 2008 @ 07:05 AM EDT Contributed by: PrivacyNews
Hundreds of thousands of Florida customers of Countrywide Finance Corp. and The Bank of New York Mellon Shareowner Services are at risk after two instances of data being compromised.
... Since January, the Florida attorney general has received 1,646 complaints from residents concerned their identities had been stolen, nearly 200 from security breaches. Only 30 such complaints were reported in 2007.
Source - Miamia Herald
New technology follows the same learning curve previous technologies followed – same with law and regulation. (Think Video Recorders and Napster)
http://yro.slashdot.org/article.pl?sid=08/09/12/2256219&from=rss
Cloud Computing May Draw Government Action
Posted by Soulskill on Friday September 12, @07:31PM from the internet-is-a-series-of-jet-streams dept. Government The Internet
snydeq brings us this excerpt from InfoWorld:
"Cloud computing will soon become an area of hot debate in Washington, as the increasing popularity of cloud-based services is putting pressure on policy makers to answer tough questions on the privacy and security of data in the cloud. For example: Who owns the data that consumers store on the network? Should law enforcement agencies have easier access to personal information in the cloud than data on a personal computer? Do government procurement regulations need to change to allow agencies to embrace cloud computing? So far, US courts have generally ruled that private data stored in the cloud doesn't enjoy the same level of protection from law enforcement searches that data stored on a personal computer does, said Ari Schwartz, COO of the Center for Democracy and Technology. 'I do think government has an almost infinite ability to screw up things when they can't see the future,' former Bill Clinton tech policy adviser Mike Nelson added. 'We have to have leadership that believes in empowering users and empowering citizens.'"
Related?
http://www.pogowasright.org/article.php?story=2008091210283996
Va. court strikes down anti-spam law
Friday, September 12 2008 @ 10:28 AM EDT Contributed by: PrivacyNews
The Virginia Supreme Court declared the state's anti-spam law unconstitutional Friday and reversed the conviction of a man once considered one of the world's most prolific spammers.
The court unanimously agreed with Jeremy Jaynes' argument that the law violates the free-speech protections of the First Amendment because it does not just restrict commercial e-mails.
Source - AP
Why spend big buck getting into a vanishing market? They won't. They will customize a Linux variation.
http://news.cnet.com/8301-1001_3-10040719-92.html?part=rss&subj=news&tag=2547-1_3-0-5
Report: HP trying for 'end-run' around Windows
Posted by Erica Ogg September 12, 2008 3:02 PM PDT
This used to be provided by the news services, but now they copy stories from Google & Yahoo with no fact checking (a la the United Airlines bankruptcy story)
http://news.cnet.com/8301-13578_3-10040939-38.html?part=rss&subj=news&tag=2547-1_3-0-5
Homeland Security lacking 'open source' intelligence
Posted by Stephanie Condon September 12, 2008 4:01 PM PDT
Hack du jour Not even “really smart guys” are able to make security perfect.
http://it.slashdot.org/article.pl?sid=08/09/12/1657211&from=rss
Greek Hackers Target CERN's LHC
Posted by ScuttleMonkey on Friday September 12, @04:18PM from the try-try-again dept. Security Science
Doomsayers Delight writes
"The Telegraph reports that Greek hackers were able to gain momentary access to a CERN computer system of the Large Hadron Collider (LHC) while the first particles were zipping around the particle accelerator on September 10th. 'Scientists working at CERN, the organization that runs the vast smasher, were worried about what the hackers could do because they were "one step away" from the computer control system of one of the huge detectors of the machine, a vast magnet that weighs 12,500 tons, measuring around 21 meters in length and 15 meters wide/high. If they had hacked into a second computer network, they could have turned off parts of the vast detector and, said the insider, "it is hard enough to make these things work if no one is messing with it."'"
[From the article:
The scientists behind the £4.4bn atom smasher had already received threatening emails and been besieged by telephone calls from worried members of the public concerned by speculation that the machine could trigger a black hole to swallow the earth, or earthquakes and tsunamis, despite endless reassurances to the contrary from the likes of Prof Stephen Hawking. [Do you suppose the hackers came from the “flat earthers?” Bob]
... "We think that someone from Fermilab's Tevatron (the competing atom smasher in America) had their access details compromised," said one of the scientists working on the machine. "What happened wasn't a big deal, just goes to show people are out there always on the prowl."
Hack du November? Who do you want to be President and how much money do you have? Of course this wont be as bad as the “Hanging Chad” story since most voters don't understand technology well enough to see the risks.
http://techdirt.com/articles/20080912/1346342255.shtml
Sequoia E-Voting Equipment Allowed Thousands Of Fake Write-In Votes
from the don't-you-feel-great-about-our-upcoming-election? dept
Just this week, we pointed to a rather graphic demonstration of how easy it is to hack an election using Sequoia's e-voting machines. Sequoia's machines have been implicated in numerous problematic elections, such as vote totals in New Jersey that don't add up properly, or the discovery that with a little effort you can vote multiple times on some Sequoia machines. And, of course, Sequoia's usual response to these sorts of things is to deny any and all responsibility and maybe even threaten to sue those who discover the problems.
Well, here they go again. In a Washington DC primary election that used Sequoia's machines, election officials are trying to deal with the fact that the machines seem to have added thousands of votes for a non-existent write-in candidate. [I am not “non-existant!” (Anyone want to be my VP? No experience needed.) Bob] The election board is blaming a "faulty cartridge" (though no one seems to know what that means, exactly). Sequoia, however, denies a faulty cartridge or a faulty database and says that it must be human error or maybe "static discharge." You would think that a company like Sequoia would be quite concerned that its machines could change the course of democracy based on static discharge or basic human error, but it seems more concerned with avoiding any blame:
"There's absolutely nothing wrong with the database," said Michelle Shafer, spokeswoman for California-based Sequoia Voting Systems. "There's absolutely no problem with the machines in the polling places. No. No."
There. Now, doesn't that make you feel oh-so-confident in the ability of these machines to conduct a free and fair democratic election for President this November?
Guiding my hackers. Since we are starting a White Hat Club, this subject interests me.
http://news.slashdot.org/article.pl?sid=08/09/13/0236248&from=rss
University Brings Charges Against White Hat Hacker
Posted by Soulskill on Saturday September 13, @01:40AM from the easier-than-fixing-security-holes dept. Education Security
aqui writes
"A university student at Carleton is learning that no good deed goes unpunished. After hacking into what was probably a not-so-secure university network, this guy took the time to write a 16-page paper on his methods and sent it to the system admins. Sounds like White Hat behavior to me. Yes, he should have asked permission before trying, but throwing the book at the guy and wrecking his life with criminal charges (which stick for a long time) seems a little excessive. The university should spend money on hiring some admins with better computer skills and teaching skills rather than paying lawyers. In the Engineering department at my old university, the unofficial policy was that when you broke in, didn't damage anything, and reported the problem and how you broke in, they didn't charge you (if you maliciously caused damage, you usually faced academic sanctions). In some cases, the students were hired or they 'volunteered' for the summer to help secure the servers or fix the hole they found. The result was that Engineering ended up with one of the most secure systems in the university."
Read on for the rest of aqui's comments.
[From the article:
The writer, who used a pseudonym, claimed he easily broke into the accounts using a program that captures computer keystrokes. [Does that mean I can't give this software to my students any more? Bob]
... The breach allowed access to the Campus Cards that students use as debit cards for campus purchases, including photocopiers, food kiosks and the bookstore.
With the information, the hacker could also have accessed e-mails, course registrations, library records and personal financial information about loans and scholarships.
... Det. Villeneuve said it is unclear whether the suspect could have accessed the student accounts with the programs that he had and the information he had gathered.
I will follow this – it started in July. My recommendation has always been for governments (municipal or state) to create a holding company to lay fiber to the home and then offer it to all comers. No need for monopolies that way.
http://tech.slashdot.org/article.pl?sid=08/09/12/2326251&from=rss
Telco Sues Municipality For Laying Their Own Fiber
Posted by Soulskill on Friday September 12, @09:28PM from the we're-here-to-help-and-we-brought-lawyers dept. Networking Businesses Communications
unreceivedpacket writes
"Ars Technica reports that a company called TDS Telecom is attempting to sue the town of Monticello, Minnesota for deploying their own fiber network. Shortly after the town voted to lay the fiber, TDS Telecom filed suit and notified the town that they would be deploying their own fiber network. The telco has recently responded to Ars Technica, saying they only sued to save Monticello from itself, apparently feeling that the municipality is unprepared for the onerous costs of maintaining such a network, and would lack the expertise to do so."
[From the article:
Its claim: taking out bonds to build a fiber network is illegal.
Bridgewater Telephone argues that the city cannot use tax-exempt bonds to "enter into direct competition with incumbent commercial providers of telephone, Internet, and cable television services." The odd thing about the complaint, a copy of which was seen by Ars Technica, is that it makes almost no argument; instead, the company simply quotes a short bit of Minnesota law and essentially says, "See, it's illegal!" without offering an explanation.
Potential business model or online game?
http://www.killerstartups.com/Web20/exchangep-com-bid-on-startups
ExchangeP.com - Bid On Startups
Do you think you have what it takes to spot a winner amongst the millions of websites that are started every year? If you do, then take a look at Exchangep.com. Through the site, you’ll be able to buy virtual shares of sites you think will be successful, and if the site does become popular, you’ll be able to cash out and make some extra cash. This is a creative take on the Startup finding page. People will be able to play stock market with startups, making it possible for others to find out about new startups and what they do. It’s a very creative site that could give you many cash rewards. Prizes are awarded to the best people who spot good sites, so you should try to do your best in picking sites that you think will make it big. Anyone with a knack for startup spotting should consider using this site.