Wednesday, January 14, 2009

Where does reporting break down? Might be an interesting survey! (I'm not going to list them all either – call me an evil corporation.)

http://www.databreaches.net/?p=546

And yet 21 more breaches we didn’t know about

Posted January 13th, 2009 by admin

Thanks to Dave Shettler of OSF, 131 breach reports submitted to Maine in 2008 are now uploaded and available to the public as primary sources. Our efforts to obtain more breach reports under FOI continue, but OSF could really use some volunteers to help enter all of the newly acquired records in the database. If you’re willing to pitch in, I encourage you to contact Dave or just start reading primary sources and creating entries for them.

I went through the Maine reports last night and found that 85% of the incidents had been previously reported on PogoWasRight.org, this site, or the companion site, PHIprivacy.net. There were 21 incidents that had not been posted previously to any of the PogoWasRight.org family of sites. A recap of those 21 breaches, by sector, with links to the reports filed with Maine, appears below. Maine’s notification law can be found here.


Again?

http://www.databreaches.net/?p=559

CCS Security Breach May Not Be 1st

Posted January 13th, 2009 by admin

Donna Willis provides some additional information on the breach involving Columbus City School employees:

[...]

NBC 4’s Ana Jackson GOT ANSWERS and found out this incident might not have been the district’s first security breach.

NBC 4 found out the district ran into a similar problem last year. [We used to learn from our mistakes... I guess they don't teach that anymore in Columbus. Bob]

A district employee whom detectives believe was a victim in the recent case received a letter last November. It said the private information of 39 district employees enrolled in annuity funds was stolen.

Warner was unavailable to talk about whether the two security issues could be connected.

Read more on NBC4i



Your biometric data is safe with us!”

http://www.databreaches.net/?p=597

Thief steals Continental Airlines laptop with biometric and other personal data

Posted January 13th, 2009 by admin

Sometime between December 31 and January 2, a laptop was stolen from a locked Continental Airlines’ office in Newark. The laptop contained personal information on employees, vendors, and new hire candidates.

The laptop, which was used for background security checks, contained confidential files on 230 individuals, including their names, Social Security numbers, fingerprint images, dates of birth, and other personal information.

Neither the notification letter [pdf] to the New Hampshire Attorney General’s office nor the letter to the affected individuals mentioned anything about whether there was any security at all on the stolen laptop.



I guess it never hurts to ask. But...

http://www.pogowasright.org/article.php?story=20090113112051578

Future of Privacy Forum Issues Recommendations for the New Presidential Administration

Tuesday, January 13 2009 @ 11:20 AM EST Contributed by:PrivacyNews

The Future of Privacy Forum (FPF) today proposed seven privacy recommendations to the upcoming administration. FPF Co-chairs Jules Polonetsky and Christopher Wolf applaud President-Elect Obama for recognizing that the use and development of technology is key to the future of our country. FPF urges the President-elect to also appoint a Chief Privacy Officer (CPO) in order to recognize that responsible use of data by businesses and government is critical to the economy, to protecting civil liberties and to ensuring public safety.

The Future of Privacy Forum recommends the following for the Obama Administration:

1. Appoint a Chief Privacy Officer to Promote Fair Information Practices in the Public and Private Sectors
2. Ensure that Interactive Tools used by Government Provide Users with Enhanced Transparency and Controls
3. Establish a Standard Definition of Personal Information
4. Increase Technology and Research support for the Federal Trade Commission
5. Enhance Criminal Law Enforcement Support for the Federal Trade Commission
6. Provide National Leadership to Resolve the Conflict between Privacy and Online Safety for Youth
7. Encourage Accountable Business Models

Source - RedOrbit


...it may be better to take this approach.

http://www.pogowasright.org/article.php?story=20090113151102629

NIST DRAFT: Guide to Protecting the Confidentiality of Personally Identifiable Information

Tuesday, January 13 2009 @ 03:11 PM EST Contributed by: PrivacyNews

NIST has released DRAFT Special Publication 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII):

SP 800-122 is intended to assist Federal organizations in identifying PII and determining what level of protection each instance of PII requires, based on the potential impact of a breach of the PII's confidentiality. The publication also suggests safeguards that may offer appropriate protection for PII and makes recommendations regarding PII data breach handling.

NIST requests comments on draft SP 800-122 by March 13, 2009. Please submit comments to 800-122comments[at]nist.gov with "Comments SP 800-122" in the subject line.

Thanks to Fergie for letting me know about this.



About bloody time!

http://news.cnet.com/8301-1009_3-10142227-83.html?part=rss&subj=news&tag=2547-1_3-0-5

The rise of security acquisition policy

Posted by Jon Oltsik January 13, 2009 4:26 PM PST

The state of information security is pretty poor, and large organizations have neither the time nor the money to continue to add security safeguards onto their networks to protect them against the latest threat du jour.

I believe we are at a tipping point when CIOs push back on their vendors with a new "enough is enough" acquisition policy. In 2009, expect large organizations to establish a new acquisition policy mandating that their vendors either deliver secure products or lose their business.



I have to admit, this surprised me. Perhaps an article on “Technology that helps stalkers” is such a bad idea...

http://www.pogowasright.org/article.php?story=20090113093200294

Unprecedented US survey tracks scope of stalking

Tuesday, January 13 2009 @ 09:32 AM EST Contributed by: PrivacyNews

An estimated 3.4 million Americans identified themselves as victims of stalking during a one-year span, according to federal crime experts who on Tuesday released the largest-ever survey of the aggravating and often terrifying phenomenon.

About half of the victims experienced at least one unwanted contact per week from a stalker, and 11 percent had been stalked for five or more years, according to the report by the Justice Department's Bureau of Justice Statistics. It covered a 12-month period in 2005-06.

Source - Chicago Sun-Times



Economics of data? Well worth watching the 25 min. video. (Also a description of a self-inflicted “privacy meltdown”) You could think of Clippings as a filter, but that would mean you actually want the nonsense I send you.

http://news.cnet.com/8301-13505_3-10142298-16.html?part=rss&subj=news&tag=2547-1_3-0-5

Shirky: Problem is filter failure, not info overload

Posted by Matt Asay January 13, 2009 6:07 PM PST

… The keynote, "It's not information overload. It's filter failure," is an insightful exploration of Internet economics and an intelligent response to Nick Carr's "Is Google Making Us Stupid?" argument.

If you haven't watched it, you must. It does more to explain the dearth of effective information filters that we wade through today. It has application to open source (180,000-plus projects on SourceForge, but which are useful?), but far broader implications.

Here's what the Internet did: it introduced, for the first time, post-Gutenberg economics. The cost of producing anything by anyone has fallen through the floor. And so there's no economic logic that says that you have to filter for quality before you publish... The filter for quality is now way downstream of the site of production.

What we're dealing with now is not the problem of information overload, because we're always dealing (and always have been dealing) with information overload... Thinking about information overload isn't accurately describing the problem; thinking about filter failure is.

I think there's a billion-dollar business resident in Shirky's thoughts, business that Google is missing with its focus on "search." The best emphasis should be on "finding," not searching. The need is for filters of a more refined, catered kind.


Related?

http://news.slashdot.org/article.pl?sid=09%2F01%2F13%2F1737240&from=rss

MIT Moves Away From Massive Lecture Halls

Posted by timothy on Tuesday January 13, @12:46PM from the at-that-tuition-it-should-be-massage-tutoring dept. Education Science

eldavojohn writes

"The New York Times is reporting on MIT's migration away from large lectures as many colleges and universities have. Attendance at these lectures often falls to 50 percent by the end of the semester. TEAL (Technology Enhanced Active Learning) gives the students a more hands on approach and may signal the death of the massive lecture hall synonymous with achieving a bachelors of science."



Sometimes it's hard to grasp the obvious. Sometimes politics define the problem in advance of (or despite) the facts.

http://tech.slashdot.org/article.pl?sid=09%2F01%2F14%2F0012255&from=rss

Internet Not Really Dangerous For Kids After All

Posted by kdawson on Tuesday January 13, @11:49PM from the nevermind dept. The Internet

Thomas M Hughes writes

"We're all familiar with the claim that it's horribly dangerous to allow our children on to the Internet. It's long been believed that the moment a child logs on to the Internet, he will experience a flood of inappropriate sexual advances. Turns out this isn't an accurate representation of reality at all. A high-profile task force representing 49 state attorneys general was organized to find a solution to the problem of online sexual solicitation. But instead the panel has issued a report (due to be released tomorrow) claiming that 'Social networks are very much like real-world communities that are comprised mostly of good people who are there for the right reasons.' The report concluded that 'the problem of child-on-child bullying, both online and offline, poses a far more serious challenge than the sexual solicitation of minors by adults.' Turns out the danger to our children was all just media hype and parental anxiety."

Those who have aggressively pushed the issue of the dangerous Internet, such as Connecticut's attorney general Richard Blumenthal, are less than happy with the report.



Wow! Something beside books! Even better that learning about art through freerice.com

http://www.bespacific.com/mt/archives/020299.html

January 13, 2009

View Masterpieces of the Prado Museum with Google Earth

Prado news release: "Google launches the Prado layer in Google Earth allowing you to explore highly detailed photographic images of fourteen of the Prado Museum's masterpieces in very high resolution where you can explore the finer-details of the works. With the launching of this Prado layer in Google Earth, you will be able to zoom in on famous paintings such as The Maids of Honor by Velázquez or The Three Graces by Rubens. The Prado Museum has become the first art gallery in the world to provide access to and navigation of its collection in Google Earth. Using the advanced features of Google Earth art historians, students and tourists everywhere can zoom in on and explore the finer details of the artist's brushwork that can be easily missed at first glance. The paintings have been photographed and contain as many as 14,000 million pixels (14 gigapixels). With this high level resolution you are able to see fine details such as the tiny bee on a flower in The Three Graces by Rubens, delicate tears on the faces of the figures in The Descent from the Cross by Roger van der Weyden and complex figures in The Garden of Earthly Delights by Hieronymus Bosch."



Are these guys delusional? (Even worse: they could be Democrats!) Consider this my humorous article for today.

http://www.bespacific.com/mt/archives/020298.html

January 13, 2009

A Visual Guide to the Financial Crisis: The Bailout

A Visual Guide to the Financial Crisis: The Bailout by WallStats.com: "What do you do if you don’t have the money to pay a debt? If you are like most of us, you borrow. The US Government is no different. In order to pay for the $700 billion bailout, it will have to borrow more money, increasing the national debt. But who will pay for this massive bailout? If you are a US taxpayer, you will. Here is a visual guide to understanding how the bailout is funded and a couple of financial experts’ take on how it could be funded."



Some of my database students chose to build recipe databases. This is for them. (and before you say it's totally crazy, remember that the hot new produce in the UK is Squirrel flavored potato chips.)

http://news.cnet.com/8301-17852_3-10142358-71.html?part=rss&subj=news&tag=2547-1_3-0-5

Why Google should make room for raccoon recipes

Posted by Chris Matyszczyk January 13, 2009 10:40 PM PST

No comments: