http://www.databreaches.net/?p=342
TJX Maxx hacker banged up for 30 years
Posted January 8th, 2009 by admin
John E. Dunn reports:
Maksym Yastremskiy, the Ukrainian accused of being a key figure in the infamous TJX Maxx Wi-Fi hack of 2005, has been sentenced to 30-years in prison by a Turkish court.
Yastremskiy - or ‘Maksik’ as he was sometimes identified - was one of 11 people eventually arrested at the request of the US Department of Justice, with the Ukrainian reportedly being apprehended in undignified fashion outside a Turkish nightclub in 2008.
Yastremskiy’s part in the crime was allegedly to have purchased credit card numbers stolen during the huge crime, providing the gang with an economic hub for its activities.
Read more in Network World and The Register.
[From the Register article:
US authorities filed extradition papers against Yastremskiy, but he still ended up standing trial in the Turkey over separate offences, where he received one of the longest cybercrime sentences ever handed down. If he ever makes it to the US it's a reasonable bet that he'll become a star witness for the prosecution, possibly in exchange for assurances of a shorter spell behind bars in a comparatively comfortable US prison.
Something about their statements tells me they don't much care...
http://www.databreaches.net/?p=352
IN: State unemployment accounts breached
Posted January 8th, 2009 by admin
[...]
According to the Indiana Department of Workforce Development, some 1000 Hoosiers’ accounts were compromised.
Marc Lotter with Workforce Development says, “The company that is contracted to handle the ATM portion of those cards, there was a security breach of some sort early last year.”
The state did send out letters at that time and 200 immediately changed cards. They are now looking to see if what happened to Rick and Tom is still part of that breach.
Read more on FOX28
N.B. I think that this may be the first we are learning about any incident involving Indiana Department of Workforce Development last year.
The cost of a breach...
http://www.databreaches.net/?p=347
Delaware Insurance Commissioner fines Blue Cross $150,000 for privacy violations
Posted January 8th, 2009 by admin
Keith L. Martin provides a follow-up to a breach reported at the beginning of December. Delaware’s insurance commissioner seems to have moved quickly on this case:
BlueCross BlueShield of Delaware is hoping to return an early Christmas gift by state insurance commissioner Matt Denn: a fine of $150,000.
Following a Dec. 24 hearing, Denn levied the fine, the maximum permitted under state law, against the Wilmington, Del.-based insurer for mistakenly disclosing the private medical information of 3,800 of its members.
Denn said his department is willing to consider reducing the fine if BlueCross can provide proof of measures in place to prevent the incident from occurring again before Feb. 1.
[...]
In his opinion, Denn found that the insurer violated two state insurance regulations: one that prohibits disclosure of “any nonpublic personal financial information about a consumer” and another that requires insurers to have a system to safeguard customer information.
Read more in Insurance & Financial Advisor
[From the article:
Following a Dec. 24 hearing, Denn levied the fine, the maximum permitted under state law,
Interesting. The Mayor now uses a non-city email account – I bet that complicates things. Apparently the city doesn't keep logs of access to their emails. Probably a good case study.
http://www.databreaches.net/?p=360
Ca: Vaughan mayor wants to re-open e-mail snooping report
Posted January 8th, 2009 by admin
Caroline Grech reports:
A report looking into how Mayor Linda Jackson’s e-mails ended up on the doorstep of former Mayor Michael Di Biase’s doorstep during the heated 2006 municipal election campaign has finally been made public.
The report, obtained by the Vaughan Citizen, concluded the hacking of Ms Jackson’s e-mail was not due to an outside breach of the city’s system, but it also could not conclude how the inside job was done.
According to the report, conducted by Deloitte Touche Investigative Services Inc., former commissioner of economic/technology development and communications Frank Miele had asked the city’s chief information officer, Dimitri Yampolsky, to review the mayor’s e-mails for the months of April and August 2006.
Read more on YorkRegion.com
Hook this into the on-board computers and you could really bug people! “Oh look! You need gas! What luck that there's a Quicky Mart on the next corner! Hey! Are you trying to drive past the Quicky mart? I can't let you do that, Dave.”
http://it.slashdot.org/article.pl?sid=09%2F01%2F08%2F2038216&from=rss
Lexus To Start Spamming Car Buyers In Their Cars
Posted by timothy on Thursday January 08, @04:14PM from the even-as-they-sleep dept. Spam Transportation
techmuse writes
"Lexus has announced plans to send targeted messages to buyers of its cars based on the buyer's zip code and vehicle type. Unlike regular spam, these messages will be delivered directly to the buyer's vehicle, and will play to the vehicle's occupants as audio. Lexus has promised to make the messages relevant to the car buyers."
Imagine the fun that some targeted malware could do — not that such a thing could happen to a Lexus.
Related: Anything the Japanese can do, we can do badder!
http://news.cnet.com/8301-13772_3-10138054-52.html?part=rss&subj=news&tag=2547-1_3-0-5
Ford touts its leadership in in-car connectivity
Posted by Daniel Terdiman January 8, 2009 10:17 PM PST
LAS VEGAS--Ford on Thursday announced a series of innovations aimed at giving drivers more a higher degree of Internet connectivity as well as a slew of tools devoted to helping them get to where they're going [i.e. The Quicky Mart Bob] in the most efficient way possible.
… Ford hopes to bring a never-offline state of existence to the owners of its vehicles.
Related? You thought cell phones in cars were a distraction?
Broadcasts to mobile devices to start in 22 cities
By PETER SVENSSON AP Technology Writer Jan 9, 7:27 AM EST
LAS VEGAS (AP) -- TV stations in 22 U.S. cities announced Thursday that they will start broadcasting their signals this year in a format designed to be received by mobile devices like cell phones, MP3 players, GPS units and in-car entertainment systems.
I wonder if these guys have any real clout? It looks to me like they require independent audits, but don't require much in the way of management controls. How can that work?
http://www.databreaches.net/?p=358
UK: BSI proposes new data protection standard
Posted January 8th, 2009 by admin
Phil Muncaster reports:
Standards body BSI British Standards has invited the public to submit their comments on a new draft standard designed to help firms comply with the Data Protection Act.
The DPC BS 10012, which was devised by a group of experts from academia, government and industry, applies to any organisation which holds the personal information of living individuals.
The standard is expected to be published in June this year and once in place will help organisations put in place a framework to help manage personal information in compliance with the Data Protection Act, according to BSI.
Read more in Computing.co.uk
N.B. To view the draft, you will need to register for the site.
We can, therefore we must?
http://www.pogowasright.org/article.php?story=20090109053610564
UK e-mail law 'attack on rights'
Friday, January 09 2009 @ 05:36 AM EST Contributed by:PrivacyNews
Rules forcing internet companies to keep details of every e-mail sent in the UK are a waste of money and an attack on civil liberties, say critics.
From March all internet service providers (ISPs) will by law have to keep information about every e-mail sent or received in the UK for a year. Human rights group Liberty says it is worried what will happen next.
[...]
Reports have suggested the government has even bigger plans for data retention called the Interception Modernisation Programme.
It could involve one central database, gathering details on every text sent, e-mail sent, phone call made and website visited.
Consultation on the plans is due to begin later this year.
Source - BBC
Not sure I agree with the technology assessment, but new technologies always force Security to play catch up.
http://www.pogowasright.org/article.php?story=20090109054533154
Unseen communications violate PCI DSS compliance
Friday, January 09 2009 @ 05:45 AM EST Contributed by: PrivacyNews
One of the key requirements for compliance with PCI DSS (the Payment Card Industry Data Security Standard) is that organisations block all non-approved channels of communication, screen all traffic and prohibit direct routes for inbound and outbound internet traffic. The trouble is many organisations forget about the communication traffic they cannot see, ones that use highly evasive techniques and are easily able to circumvent traditional security methods used to control the network.
.... The problem is Web 2.0 applications like IM, Skype and the chat functions within Facebook can easily traverse the network without being seen, potentially allowing credit card information to leave the organisation unauthorised. If they cannot be seen then they cannot be managed or secured, resulting in a significant risk of violating PCI compliance.
Source - Out-Law.com
Interesting. I wonder how many states will adopt this? Will the Feds?
http://www.bespacific.com/mt/archives/020263.html
January 08, 2009
Maryland Launches Funding Accountability & Transparency Website
Governor O'Malley Launches Website Aimed at Government Transparency and Accountability: "Welcome to the Maryland Funding Accountability web site. This is a public web site which allows citizens of Maryland and visitors to search and view summary information on payments made to vendors that received $25,000 or more for the respective fiscal year. Information is currently available for Fiscal Year 2008."
See also this recentnews release: "Governor Martin O’Malley today announced the launch of www.problemsolver.maryland.gov – a new state webpage that provides access to state and federal resources during these challenging economic times... Marylanders looking for information on heating or utility assistance can click on the utilities and energy icon to find information and resources on programs such as weatherization assistance, telephone services, and utility service protection in addition to the Maryland Energy Assistance program and the Electric Universal Service Program. The webpage also provides information for job seekers, including links to local employment agencies, vocational training centers, and information on unemployment compensation and how to file a claim. Information for senior citizens including in home aide services, assisted living programs, respite and attendant care, medical assistance and prescription drug price assistance is also available on the site."
Related postings on financial system
Is this how newspapers will survive in the post-Gutenberg era?
http://news.cnet.com/8301-13578_3-10137528-38.html?part=rss&subj=news&tag=2547-1_3-0-5
'New York Times' API tracks congressional votes
Posted by Stephanie Condon January 8, 2009 3:00 PM PST
The New York Times on Thursday rolled out its latest political application program interface, just as members of the 111th Congress are settling into their new offices.
The Congress API will enable developers to keep close eye on their elected representatives with data on specific congressional roll call votes and members' most recent positions on roll call votes. The API also provides lists of House and Senate members in specific years, as well as biographical and role information about specific members.
The tool is one of a series of APIs the Times is developing to let its readers dissect the data it uses in its reporting. In October, it released an API to track campaign donations. The newspaper also released a movie review API and is working on several more, including a Times Best Sellers tool.
Great unanswered questions of the universe! (You can do all of this entirely in software – no hardware required.)
http://www.wired.com/gadgets/gadgetreviews/magazine/17-01/st_burningquestion
Burning Question: Why Are Faxes Still Around?
By Eric Hagerman 12.22.08
… Patented in 1843 and mainstreamed sometime between the 8-track and the CD, the technology is like a B-movie zombie that keeps lurching forward—clumsily, relentlessly—long after it should be in the ground.
… The fax's real rival today is the PDF—essentially the same idea, but with far more complex hardware. But even with the prevalence of email, the number of people who can send and receive faxes is still increasing. According to market research firm Gartner, sales of stand-alone fax machines may have plummeted, but sales of multifunction printers—which also copy, scan, and, yes, fax—increased 340 percent from 2001 to 2007.
Can a well done website replace a human teacher completely?
http://news.cnet.com/8301-17939_109-10137335-2.html?part=rss&subj=news&tag=2547-1_3-0-5
Learn how to play guitar in your browser (in 3D)
Posted by Josh Lowensohn January 8, 2009 3:12 PM PST
Apple's Macworld announcement about professional and celebrity music instruction as part of Garageband '09 may have been impressive, but what might be a little more eye catching (and ultimately useful) is iPerform3D. This browser-based music learning system shows users how to play guitar in 3D, and works on both Macs and PCs.
Related Here's the Disney version...
Finally, Guitar Hero for Actual Guitar
Added: January 8, 2009
Button-pushing rock star wannabes now have a tiny glimmer of hope thanks to Disney Star Guitarist. The game uses an actual guitar with color-coded strings to teach aspiring guitarists to learn new songs, while still featuring competitive game modes.
Related: ...and once you are a guitar master...
http://www.wired.com/entertainment/music/magazine/17-01/pl_music_mix_maestro
Yo-Yo Ma Brings Remix Culture to Music's Ivory Tower
By David Downs 12.22.08
Radiohead, Deerhoof, Nine Inch Nails, Public Enemy, Mariah Carey—plenty of indie, hip hop, and pop artists have welcomed others to remix their songs online. Now classical music aficionados can get in on the act. Renowned cellist and 15-time Grammy winner Yo-Yo Ma is hosting an online competition, inviting listeners to add their own accompaniment to his performance of the traditional hymn "Dona Nobis Pacem," from his latest album, Songs of Joy & Peace. "Just releasing a CD is constraining to an artist," Ma says. "You know: 'I'm the product, you're the consumer'—it's no longer like that." In October, he posted his cello solo to the online site Indaba Music. Since then, scores of Indaba's 125,000 users—amateur noodlers, music teachers, and pros alike—have used the site's free Flash-based mixing board to add their own variations and countermelodies. In January, Indaba users will vote for their favorite arrangements, with the winner scoring a coveted recording session with Ma that will be featured on both Indaba and the cellist's own site.
These exist. Therefore they will be available in the underground (undernet?) soon.
http://entertainment.slashdot.org/article.pl?sid=09%2F01%2F08%2F2342259&from=rss
Attempt To "Digitalize" Beatles Goes Sour
Posted by timothy on Thursday January 08, @08:19PM from the when-you're-64-and-probably-not-even-then dept. Music Entertainment
An anonymous reader points to this article at exclaim.ca, which begins
"Just when Beatles fans thought the band were finally going digital, the Norwegian national broadcaster has been forced to call off the deal. Broadcasting company NRK has had to remove a series of 212 podcasts, each of which featured a different Beatles song and would have effectively allowed fans to legally download the entire Fab Four catalogue for free."
Meanwhile... I have enough trouble with students boping to their headphones...
http://www.killerstartups.com/Mobile/flycast-fm-streaming-music-from-your-mobile
FlyCast.fm - Streaming Music From Your Mobile
As you know, there's more ways than one to stream music from your mobile device. The one we are discussing right now adds a little spice: you can preload music while online, and then listen to it even when there is not an Internet connection available.
The channel themselves work on low bandwidth connections, and as well as listening to music ranging far and wide you can access news and sports information on the fly.
For its part, supported devices include iPhones (of course) and Android phones like the T-Mobile G1. A recent update enables you to listen to FlyCast channels on your computer, using a player quite similar to the one featured in the phone version. Both Macs and PCs are supported so far.
If you think this solution is what you have been looking for in your pursuit of a better aural experience, you can always download the pertinent version from the iTunes Store and get started in no time at all. The service is constantly updated, too, so also make a point of checking the site to see how things evolve.
Geek Alert! Should we skip Vista entirely?
http://blog.wired.com/business/2009/01/how-to-get-your.html
How to Get Your Windows 7 Beta 1 on Friday
By Michael Calore January 08, 2009 5:21:33 PM
Microsoft will make the first public beta of Windows 7, the next version of its desktop operating system, available as a free download on Friday.
Sports fans! Now you can sound like a geek!
http://slashdot.org/article.pl?sid=09%2F01%2F09%2F025203&from=rss
The Technology Behind the Magic Yellow Line
Posted by timothy on Friday January 09, @02:33AM Media
CurtMonash writes
"Fandome offers a fascinating video explaining how the first-down line on football broadcasts actually works. Evidently, theres a lot of processing both to calculate the exact location being photographed on the field — including optical sensors and two steps of encoding — and to draw a line in exactly the right place onscreen. For those who don't want to watch the whole video, highlights are here."
A list (I love lists) of site for those of you with huge piles of cash to invest.
http://news.cnet.com/8301-17939_109-10137566-2.html?part=rss&subj=news&tag=2547-1_3-0-5
Five useful places to find financial data online
Posted by Don Reisinger January 8, 2009 4:50 PM PST
At last! Proof that video games are educational!
http://idle.slashdot.org/article.pl?sid=09%2F01%2F08%2F2242211&from=rss
6-Year-Old Says Grand Theft Auto Taught Him To Drive
Posted by timothy on Thursday January 08, @11:24PM from the buck-beats-scapegoat dept.
nandemoari writes "A six-year-old who recently stole his parents' car and drove it into a utility pole has passed the buck onto a familiar scapegoat: the video game, Grand Theft Auto. Rockstar Games' controversial Grand Theft Auto video game has been criticized by parent groups and crusaders (or in the eyes of gamers, nincompoops) like former lawyer Jack Thompson for years (Thompson once tried to link the Virginia Tech slayings to late-night Counterstrike sessions. He's since been disbarred). However, not as of yet has anyone under the age of, oh, ten, blamed the game for a car theft."
I ran across this while reading the articles. What a straight line...
http://idle.slashdot.org/article.pl?sid=09/01/08/1428257
Porn Industry Looks For a Bailout
Posted by samzenpus on Thursday January 08, @01:35PM from the a-little-heavy-breathing-room dept.
An anonymous reader writes "From the CNN Political Ticker: "Hustler publisher Larry Flynt and Girls Gone Wild CEO Joe Francis said Wednesday they will request that Congress allocate $5 billion for a bailout of the adult entertainment industry."" I guess these hard economic times are a bit too much to swallow for everyone.
No comments:
Post a Comment