Tuesday, January 20, 2009

Another biggie? No mention of the retailer's name, but 8500 customers from one bank suggests this could be huge!

http://www.databreaches.net/?p=748

KY: Hackers break into STAR and ATM Network

Posted January 19th, 2009 by admin

Forcht Bank disabled 8,500 customer debit cards this week after learning they could have potentially been hacked into by persons creating duplicate cards.

Eddie Woodruff, chief operations officer for the bank, confirmed that 8,500 of the bank’s roughly 22,000 total debit cards had been deactivated, but the move was primarily a precaution.

“Right now, none of our customers have reported any fraudulent activity on the cards,” Woodruff said. “We’re just trying to take every precaution.”

The cards were comprised when a retail merchant’s computer system was hacked, Woodruff said. The breach affected customers of multiple banks whose cards are processed by the STAR Debit and ATM Network.

[...]

Woodruff said other banks were affected by the problem, but First Data Corporation, which operates the STAR Debit and ATM Network, would not comment on how many were affected.

The STAR system is used by 2 million ATM and retail locations across the country, according to its Web site.

Read more in The Times-Tribune



Wouldn't you like to know what approach works? Think of it as an online version of those TV “reality shows” (It's only “security through obscurity” if the website owners knew about it. Otherwise it's “lack of security through stupidity.”) Attention Class Action lawyers?

http://www.databreaches.net/?p=754

Move Over, Client #9

Posted January 19th, 2009 by admin

Brain Krebs reports:

A popular Web site that helps connect young women with so-called “Sugar Daddies” has fixed a major security hole that - apparently since its inception two years ago — allowed anyone with a Web browser to view the private negotiations between site members.

[...]

Seekingarrangement.com, an adult social networking site that boasts some 300,000 registered users, contained a weakness that allowed anyone to view any conversation thread between two members of the site merely by manipulating one or two characters in the Web site’s Internet address.

Worse yet, potential snoops did not need to be logged into the site to read members’ private messages. In addition, identifying the parties on either end of the transaction also was simple and could be done by non-members.

Security Fix alerted the Web site on Friday, after being contacted by a security professional who asked not to be named. Several days later, the hole was fixed.

Read more on Security Fix

Comment: this one poses another interesting challenge. Will seekingarrangement.com notify registered users of the breach, and if so, how? And how will their registered users and perhaps states attorney general respond in light of the TOS and Privacy Policy for the site.

Seekingarrangement.com did not respond to an inquiry about their intention to notify registered users or states attorney general as of the time of this posting.


Similar, but not related? Look at what was revealed and think if you could be identified by a similar disclosure of information.

http://www.pogowasright.org/article.php?story=2009011909320476

Question: Someone else's Google searches show up in my Google Web History

Monday, January 19 2009 @ 09:32 AM EST Contributed by: PrivacyNews

Saw this posted on a Google support forum and will be following this to see the explanation...

I've discovered the existence of a shadowy Other whose Google wanderings are mysteriously—and inappropriately—showing up in the web history of my Google account. His/her passage is marked by a trail of cyber-crumbs leading to searches for free pornography, dachshund/rat terrier puppies and unemployment benefits in Tuscon, Arizona. How are the Internet searches of an out-of-work, self-stimulating Arizonian aficianado of bizarre dog breeds wind up documented in my Google account?

[...]

I can see the address used as the starting point for several driving direction searches, did a reverse lookup, and got a name associated with the address. This is obviously a significant security breach for the Other. My big concern is that the breach is reciprocal—that the Other can see my searches (and addresses), too, although whoever it is seems to be a pretty unsophisticated user. I would very much appreciate hearing from a Google rep about this security breach—this forum appears to be the only way to contact Google. I've blogged about this--no one seems to know the answer.

Source - Google



“When Class Action Lawyers Attack!” This one hits a lot of hot buttons.

http://www.pogowasright.org/article.php?story=20090120065633470

9th Circuit ruling bolsters class action suit against AOL

Tuesday, January 20 2009 @ 06:56 AM EST Contributed by: PrivacyNews

Thousands of California residents can sue AOL in their home state for invasion of privacy despite agreements they signed requiring all legal disputes to go before "courts of Virginia" and be guided by Virginia law.

A federal appellate court on Friday cleared a path for a class-action lawsuit to proceed against AOL.

On July 31, 2006, AOL (formerly America Online) placed on a public Web site 20 million search inquiries by 658,000 of its members over a three-month period.

Source - SacBee

[From the article:

Citing a 1972 U.S. Supreme Court opinion and a 2001 California court of appeal decision, the circuit panel ruled "enforcement of the forum selection clause violates the (California) Consumer Legal Remedies Act," and is unenforceable against California residents. The state's public policy would be violated if its residents were forced to waive their rights to a class action and remedies available under California consumer law, the panel declared.



Bruce is always interesting

http://www.pogowasright.org/article.php?story=20090119092148162

Safe, But Also Sorry

Monday, January 19 2009 @ 09:21 AM EST Contributed by: PrivacyNews

Security expert Bruce Schneier talks about privacy and property in the information state

Source - Reason Thanks to Rob Douglas for this link.



I didn't even know this was a question. My students suggested this after only a few hours of Cloud study.

http://news.cnet.com/8301-19413_3-10145450-240.html?part=rss&subj=news&tag=2547-1_3-0-5

The argument for private clouds

Posted by James Urquhart January 19, 2009 1:13 PM PST

… The argument is that straightforward. In a few more words, I argue that:

  • Disruptive online technologies have almost always had an enterprise analog. The Internet itself had the intranet: the use of HTTP and TCP/IP protocols to deliver linked content to an audience through a browser. The result was a disruptive technology similar to its public counterpart but limited in scope to each individual enterprise.

  • Cloud computing itself may primarily represent the value derived from purchasing shared resources over the Internet, but again there is an enterprise analog: the acquisition of shared resources within the confines of an enterprise network. This is a vast improvement over the highly siloed approach IT has taken with commodity server architectures to date.

  • The result is that much of the same disruptive economics and opportunity that exists in the "public cloud" can be derived at a much smaller scale from within an enterprise's firewall. It is the same technology, the same economic model and the same targeted benefits, but focused only on what can be squeezed out of on-premises equipment.



If true, then RIAA was going after their best customers!

http://yro.slashdot.org/article.pl?sid=09%2F01%2F19%2F1440254&from=rss

Dutch Study Says Filesharing Has Positive Economic Effects

Posted by CmdrTaco on Monday January 19, @11:18AM from the like-helping-kids-save-money-for-college dept. Media

An anonymous reader writes

"In a study conducted by TNO for the Dutch government the economic effects of filesharing are found to be positive. According to the 146 page report (available for download, but in Dutch) filesharing is good for the prosperity of the Dutch: with filesharing more media are available, even though this costs the media industry some profit. One of the most noticeable conclusions is that downloading and buying are not mutually exclusive: downloaders on average buy just as much music as non-downloaders, but they buy more DVDs and games then people who don't download. They also tend to visit more concerts and buy more merchandise."



For my website class This works both ways. You can scan the tags for a tool and see examples of sites that use it.

http://www.killerstartups.com/Web20/appliedstacks-com-web-development-powered-by-wiki

AppliedStacks.com - Web Development Powered By Wiki

http://www.appliedstacks.com

Applied Stacks is a structured wiki dealing with the software systems and tools used to build specific websites. That is, it can be thought of as a unified/centralized variant of the 'Powered By X' or 'Build using Y' lists on specific languages and web frameworks that make up the World Wide Web as a whole.

More than 16,000 websites are already documented, so that it can be said that a lot of ground is covered, and designs ranging far and wide can be found and perused.

All in all, Applied Stacks is your one-stop destination when it comes to seeing the system behind any site on the Net, and for sharing your knowledge with the world at large by submitting your very own website.


More for my websiters.

http://www.killerstartups.com/Web-App-Tools/clickmeter-com-free-link-tracking-service

ClickMeter.com - Free Link Tracking Service

http://www.clickmeter.com

A resource that goes by a suitable name, ClickMeter will enable you to monitor the amount of clicks any link that you specify beforehand receives. Furthermore, this service will allow you to know where the users who click on your links come from, and whenever a person is clicking on more than one link from the ones you set down.

The implementation of this service is quite simple, as all you have to do is key in or cut and paste the relevant link. This link becomes then known as the destination link, and upon submitting it you will receive what is termed a “monitor link” for you to include in your site or blog.

From that point onwards, whenever a user clicks on this link he will be redirected to the destination link, and ClickMeter will collect the data necessary for its analysis.

This service is provided free of charge, but note that a paid version is likewise featured and it includes advanced management options as well as being entirely ad-free. In any case, the free edition acts as a good appetizer, and you will a have a satisfactory idea of what this browser-based tool can do through it.

No comments: