The Breach Blog does a great job of commenting on the banks assurance that this is no big deal. Read and laugh along, unless you have an account with them. Perhaps we should write an article: “Things you shouldn't say about your Data Breach”
http://breachblog.com/2008/12/22/ncnb.aspx?ref=rss
Laptop stolen from North Cascades National Bank audit firm
Date Reported: 12/09/08
Organization: North Cascades National Bank
Contractor/Consultant/Branch: "the bank’s financial audit firm"
Location: Chelan, Washington* *incident took place in Portland, Oregon
... Commentary:
We read about many breaches, but we rarely read the types of comments we read in this one (in totality). It's very disappointing.
I could understand (and even empathize) with an organization that doesn't understand information security and admits it. Isn't admitting you have a problem the first step? What I have trouble accepting is an organization that doesn't understand information security and tries to justify it. There seems to be some serious education needed.
I could comment much more, but I need to chill out a bit.
http://www.pogowasright.org/article.php?story=20081223063954633
Katrina Applicant Identities Posted On Web
Tuesday, December 23 2008 @ 06:39 AM EST Contributed by: PrivacyNews
KERA has learned that private information of nearly 17 thousand FEMA aid applicants was posted on public websites last week. That secure information apparently first went through the Texas Workforce Commission before it went online. KERA's Bill Zeeble reports.
FEMA says 16 thousand, 857 names, Social Security & telephone numbers and other private information were publicly posted on 2 websites last week. The names belonged to applicants from Hurricane Katrina who'd evacuated to Texas, but now live all across the Gulf Coast. FEMA's Acting press secretary Terry Monrad says when the agency found out, the names were immediately removed.
Source - KERA News
[From the article:
Ann Hatchitt, TWC Communications Director: We don't really know how that information got to a 3rd party website.
Another “old data” case. Suggesting that even if the data isn't used immediately, it still has “value” to crooks.
http://www.pogowasright.org/article.php?story=20081222111112958
'ID-THEFT CELL SCAM' HITS COPS IN B'KLYN
Monday, December 22 2008 @ 11:11 AM EST Contributed by: PrivacyNews
Maybe it wasn't the "Finest" idea.
Two identity thieves ripped off cops at a Brooklyn station house after they got hold of a 15-year-old personnel roster and used the information for a $60,000 cellphone-buying spree, police sources said yesterday.
... Belches allegedly got the list from Edwin White, 51, of Brooklyn, whose late mom, Elaine Moore, had worked as a civilian aide at the station house and took the documents home.
Source - NY Post Thanks to Rob Douglas for sending this link.
Trivial, but perhaps not insignificant.
http://www.pogowasright.org/article.php?story=20081222213158294
IA: Supreme Court says husband must pay for bedroom spying
Monday, December 22 2008 @ 09:31 PM EST Contributed by: PrivacyNews
A Dubuque man who secretly videotaped his wife in their bedroom must pay her $22,500 for invasion of privacy, the Iowa Supreme Court ruled Friday in the couple's divorce case.
The decision upheld two lower-court rulings against Jeffrey Tigges. He contended that his wife, Cathy, had no reasonable expectation of privacy in their home.
Source - Des Moines Register Related - Opinion Related - Commentary by Jonathan Turley
Deny, deny, deny. But expect the truth to come out anyway.
http://www.pogowasright.org/article.php?story=20081223055329147
World Bank Admits Top Tech Vendor Debarred for 8 Years
Tuesday, December 23 2008 @ 05:53 AM EST Contributed by: PrivacyNews
For months, the World Bank has been stonewalling and denying a series of FOX News reports on a variety of in-house scandals, ranging from the hacking of its most sensitive financial data to its own sanctions against suppliers found guilty of wrongdoing.
But last week the world's most important anti-poverty organization suddenly came clean — sort of — in its tough sanctions against a vitally important computer software service supplier that has been linked not only to financial wrongdoing but also to the ultrasensitive data heists.
[...]
The World Bank's denials and quiet admissions about its troubled relations with Satyam also refocuses attention on an earlier set of bank denials, after FOX News in October reported that the Satyam-supervised computer network of the World Bank Group had been hacked repeatedly by outsiders for more than a year.
According to FOX News sources, one of the worst breaches apparently occurred last April in the network of the bank's super-sensitive treasury unit, which manages $70 billion in assets for 25 clients — including the central banks of some countries.
Sources told FOX News that bank investigators had discovered that spy software had been covertly installed on workstations inside the bank's Washington headquarters — allegedly by one or more contractors from Satyam.
Source - FOX News
If they couldn't find this guy, they could have created a clone to serve his sentence in Jurassic Prison!
http://science.slashdot.org/article.pl?sid=08%2F12%2F22%2F2118249&from=rss
Blood From Mosquito Traps Car Thief
Posted by ScuttleMonkey on Monday December 22, @06:46PM from the plausible-deniability dept. Medicine Science
Frosty Piss writes
"Police in Finland have made an arrest for car theft based on a DNA sample taken from the blood found inside a mosquito. 'A police patrol carried out an inspection of the car and they noticed a mosquito that had sucked blood. It was sent to the laboratory for testing, which showed the blood belonged to a man who was in the police registers,' a police officer told reporters. The suspect, who has been interrogated, has insisted he did not steal the car, saying he had hitchhiked and was given a lift by a man driving the car. I'm wondering if the suspect should have denied any association with the car at all. After all, who knows where that mosquito had been?"
So... Who won?
http://www.itworld.com/security/59666/lawsuit-settled-hackers-now-working-mbta
With lawsuit settled, hackers now working with MBTA
by Robert McMillan
December 22, 2008, 03:32 PM — IDG News Service —
Three Massachusetts Institute of Technology students who were sued earlier this year by the Massachusetts Bay Transit Authority (MBTA) said Monday that they are now working to make the Boston transit system more secure.
... Anderson, along with Russell "RJ" Ryan and Alessandro Chiesa, was prevented from giving a talk entitled "The Anatomy of a Subway Hack: Breaking Crypto RFIDs & Magstripes of Ticketing Systems" at the Defcon hacker conference last August.
... The MBTA had argued that the presentation could have caused "significant damage" to the transit system, but the students had said that they had no intention of releasing key pieces of information that would have allowed people to hack the system.
On Aug. 19, a judge threw out the MBTA's gag order, but the transit authority could have brought new motions against them, and so the case had been hanging over the MIT researchers.
... The case against the three was finally settled on Oct. 7, but this was not publicly announced until Monday, because it took two months for all parties to schedule a public announcement [Image how long it would take to decide what toppings to get on your pizza! Bob] of the settlement, Granick said.
Interesting, even the volume of words. Search by state or keyword (but not both?)
http://www.killerstartups.com/Web20/capitolwords-org-taking-congress-at-its-word
CapitolWords.org - Taking Congress At Its Word
http://www.capitolwords.org
The tagline of this new website is “Taking Congress at its word”, and that is in itself quite a good definition of the provided service. In general terms, through the site it is possible to see the word frequency from the congressional record, and access that information in several manners.
For instance, the main page includes a “Top Words” cloud that will let you see the words that come up more frequently, whereas an interactive heat map of vocal States is featured for you to click about and see what you find.
On the other hand, a “10 Most Vocal Lawmakers” list is featured, and by clicking on any of the featured names you can easily access additional information. This includes a full list of the words employed by that Congressman more frequently for you to peruse and analyze.
Conversely, a “10 Quietest Lawmakers” list can also be accessed, and (as it was the case with their counterparts) you can click on that representative’s name to see his or her performance.
At the end of the day, a website like this one can give the people a better representation of which topics are recurrent the most among their chosen representatives, and ponder on that information.
Some interesting perspectives. I'll have to think about this...
http://news.cnet.com/8301-19413_3-10127654-240.html?part=rss&subj=news&tag=2547-1_3-0-5
The great paradigm shift of cloud computing is not self-service...
Posted by James Urquhart December 22, 2008 11:57 AM PST
... Some of these have been anticipated for some time, but as I talk to more and more people about what could happen here, more and more use cases crop up. For example:
Follow the Sun: Move workloads to where they are being most utilized at a given time, usually the "day" side of the planet.
Follow the Moon: Move workloads to where power is cheapest, usually the "night" side of the planet.
Follow the Law: Move workloads to where the legal and regulatory environment is optimal for the task being executed or the data being stored.
Optimize Latency: Move workloads to where network routing is optimized for a system of components.
Optimize Utilization: Move workloads to where the optimal use of compute and/or storage utilization is achieved.
Optimize Cost: Move workloads to where the cost of computing is as cheap as possible for the workload at hand.
E-Conomics?
http://news.cnet.com/8301-1023_3-10128131-93.html?part=rss&subj=news&tag=2547-1_3-0-5
Google, Microsoft, Yahoo as Ford, GM, and Chrysler
Posted by Larry Dignan December 22, 2008 12:33 PM PST
... Buick, Oldsmobile, and Chevrolet were the high-tech industry of the early 20th century. They were gobbled up to become GM. I thought Lindsay was stretching a bit when I read through his research note. But then I pondered Yahoo, which has Flickr, Delicious, Rivals.com, Zimbra and a bunch of other properties in its collection. Are these properties really any different than the nameplates and brands that GM and Ford have?
Microsoft and Google are similar stories. Any company that may be a threat someday is gobbled up. In the last two years, Microsoft has made an acquisition every three weeks, according to a Wikipedia tally. Google has made an acquisition every five weeks over the last two years. And why are all of these acquisitions happening? Microsoft, Google, and Yahoo all have too much dough that theoretically should be returned to shareholders.
For my Computer Security classes
http://it.slashdot.org/article.pl?sid=08%2F12%2F22%2F1616234&from=rss
NSA Patents a Way To Spot Network Snoops
Posted by CmdrTaco on Monday December 22, @12:15PM from the welcome-to-the-holidays dept. Security
narramissic writes
"The National Security Agency has patented a technique for figuring out whether someone is messing with your network by measuring the amount of time it takes to send different types of data and sounding an alert if something takes too long. 'The neat thing about this particular patent is that they look at the differences between the network layers,' said Tadayoshi Kohno, an assistant professor of computer science at the University of Washington. But IOActive security researcher Dan Kaminsky wasn't so impressed: 'Think of it as — if your network gets a little slower, maybe a bad guy has physically inserted a device that is intercepting and retransmitting packets. Sure, that's possible. Or perhaps you're routing through a slower path for one of a billion reasons.'"
Fodder for my proposed Data Mining class – automating that “first look”
http://www.bespacific.com/mt/archives/020132.html
December 22, 2008
SEC Approves Interactive Data for Financial Reporting by Public Companies, Mutual Funds
News release: "The Securities and Exchange Commission has voted to require public companies and mutual funds to use interactive data for financial information, which has the potential to increase the speed, accuracy and usability of financial disclosure and eventually reduce costs for investors. With interactive data, all of the facts in a financial statement are labeled with unique computer-readable "tags," which function like bar codes to make financial information more searchable on the Internet and more readable by spreadsheets and other software. Investors will be able to instantly find specific facts disclosed by companies and mutual funds, and compare that information with details about other companies and mutual funds to help them make investment decisions...Investors can begin seeing this new information at http://idea.sec.gov." [thanks to Peggy Garvin]