Friday, February 20, 2009

It's difficult to imagine the scope of the Heartland Breach. I'm glad some folks are making an effort!

http://www.databreaches.net/?p=1630

Heartland: It’s not just banks

February 19, 2009 by admin Filed under: Breach Reports

Because BankInfoSecurity.com has been doing such a terrific job of trying to identify financial institutions affected by the Heartland Payment Systems breach, it’s easy to forget that there were other types of entities affected.

The Contra Costa Community College District was also affected by the breach because it uses Heartland to process online fee payments, telephone fee payments, and purchases at the college bookstores.

It’s unknown how many educational institutions use Heartland to process student payments, and no one seems to be keeping track of how many educational institutions may be notifying students that their cards are at risk, but if you have a kid who’s in college, you might want to ask if they’ve received any notifications that they need to follow up on.


Related and not-so-related. (Neat pie chart of breach types) Data Mining the public record.

http://blog.wired.com/27bstroke6/2009/02/volunteer-group.html

Group Spots Giant Hacks by Combing Small Newspapers

By Kim Zetter EmailFebruary 19, 2009 | 8:26:42 PM

Days before Heartland Payment Systems admitted to a computer intrusion that likely exposed hundreds of thousands of consumers to fraud, a group of volunteer security professionals sniffed out the truth on their own.



Thanks to Gary Alexander, one of my ace researchers. Note: This is nothing new, as they have been breached repeatedly. Like this: http://www.pogowasright.org/article.php?story=20081116063016945 and this: http://www.pogowasright.org/article.php?story=20081112073444751

http://cbs4.com/local/UF.University.of.2.938671.html

Feb 19, 2009 10:14 am US/Eastern

Major Computer Breach At University Of Florida

Personal Information Of More Than 97 Thousand People At Risk

Files Were From "Grove" Computer System Between 1996 & 2009

Breach Discovered Jan. 14

GAINESVILLE, Fla (CBS4)

Former and current students, faculty and staff of the University of Florida had better watch their bank accounts closely.

… The investigation confirmed unauthorized access to the system, but it could not determine if files containing private information were accessed. [Without logs, were they legally required to notify every potential victim? How much cheaper would it be to actually know what happened? Bob]



Sounds viable. Time will tell. (Potential Seminar Speaker?)

http://www.pogowasright.org/article.php?story=20090219114249383

Secretary Napolitano Appoints Mary Ellen Callahan as DHS Chief Privacy Officer

Thursday, February 19 2009 @ 11:42 AM EST Contributed by: PrivacyNews

U.S. Department of Homeland Security Secretary Janet Napolitano announced today her appointment of Mary Ellen Callahan as the department's Chief Privacy Officer.

... For more than ten years, Callahan has specialized in privacy, security, data protection, consumer protection and e-commerce law, currently as a partner at Hogan & Hartson, LLP. She is the Co-Chair of Online Privacy Alliance, a self-regulatory group of corporations and associations established to create an environment of trust and foster the protection of individuals' privacy online. Callahan also serves as Vice-Chair of the American Bar Association's Privacy and Information Security Committee of the Antitrust Division. She holds a Juris Doctor from the University of Chicago Law School and graduated magna cum laude from the University of Pittsburgh.

Source - Dept. of Homeland Security



Making Breach research easier? Well, in some cases.

http://www.databreaches.net/?p=1627

Congress heard us! (commentary)

February 19, 2009 by admin

I’m first working my way through the provisions in the stimulus bill that relate to breaches and notifications. One of the recommendations that I and other privacy advocates had made was central notification and disclosure on a publicly available web site. They heard us. Here’s part of the new law:

(3) NOTICE TO SECRETARY- Notice shall be provided to the Secretary by covered entities of unsecured protected health information that has been acquired or disclosed in a breach. If the breach was with respect to 500 or more individuals than such notice must be provided immediately. If the breach was with respect to less than 500 individuals, the covered entity may maintain a log of any such breach occurring and annually submit such a log to the Secretary documenting such breaches occurring during the year involved.
(4) POSTING ON HHS PUBLIC WEBSITE- The Secretary shall make available to the public on the Internet website of the Department of Health and Human Services a list that identifies each covered entity involved in a breach described in subsection (a) in which the unsecured protected health information of more than 500 individuals is acquired or disclosed.



One of those interesting ethical dilemmas... (AKA: Oops!)

http://blog.wired.com/27bstroke6/2009/02/wikileaks-force.html

Wikileaks Forced to Leak Its Own Secret Info -- Update

By Ryan Singel February 18, 2009 9:28:41 PM

What's Wikileaks, the net's foremost document leaking site, supposed to do when a whistle-blower submits a list of email addresses belonging to the site's confidential donors as a leaked document?

That's exactly the conundrum Wikileaks faced this week after someone from the controversial whistle-blowing site sent an emergency fund-raising appeal on Saturday to previous donors. But instead of hiding email addresses from the recipients by using the bcc field, the sender put 58 addresses into the cc field, revealing all the addresses to all the recipients.



Oh goodie, we can start this argument again. Are you automatically a Monopoly when you exceed 50% of the market or must you be in a position to influence/control/dictate to the market? (And keep in mind that Google only has 23.7% of the online ad market.) Remember too that Google's CEO was a big Obama supporter.

http://tech.slashdot.org/article.pl?sid=09/02/19/214239&from=rss

Obama Anti-Trust Chief on Google the Monopoly Threat

Posted by CmdrTaco on Thursday February 19, @05:33PM from the it-has-to-be-said dept. Google Politics

CWmike writes

"The blogosphere regularly excoriates Microsoft for being a monopoly, but Google may be in the cross-hairs of the nation's next anti-trust chief for monopolistic behavior, writes Preston Gralla. Last June, Christine A. Varney, President Obama's nominee to be the next antitrust chief, warned that Google already had a monopoly in online advertising. 'For me, Microsoft is so last century. [Sir Bill will be devastated! Bob] They are not the problem,' Varney said at a June 19 panel discussion sponsored by the American Antitrust Institute, according to a Bloomberg report. The US economy will 'continually see a problem — potentially with Google' because it already 'has acquired a monopoly in Internet online advertising.' Varney has yet to be confirmed as antitrust chief, and she said all this before she was nominated. Still, it spells potentially bad news for Google. It may be time for the company to start adding to its legal staff." [Perhaps they could Google “Anti-Anti-Trust guys” Bob]



How would a Defense lawyer deal with strong (but anarchistic) supporters? More general question: Isn't there a huge downside to losing this case?

http://news.slashdot.org/article.pl?sid=09/02/19/1829213&from=rss

Pirate Bay Founder Begs For Hacker Ceasefire

Posted by CmdrTaco on Thursday February 19, @03:17PM from the please-hammer-don't-hurt-'em dept. The Courts

Barence writes

"Pirate Bay's co-founder has pleaded for hackers to stop attacking the sites of those organizations lined up against him. Peter Sunde is on trial with Pirate Bay's three other founders for allegedly distributing copyrighted material. The trial is about to enter its fourth day, and in a gesture of support for the four men hackers have begun assaulting plaintiff websites, beginning with that of the The International Federation of the Phonographic Industry. The campaign has caused concern in the Pirate Bay camp, prompting Sunde to write a post entitled 'We're winning, stop hacking, please' on his blog."


Related But of course, the Prosecutors have some problems too...

http://blog.wired.com/27bstroke6/2009/02/neij.html

Prosecution Baffled by Pirate Bay's Anarchic Structure

By Wired Staff February 19, 2009 4:52:40 PM

Special correspondent Oscar Swartz reports.

STOCKHOLM — Defendant Fredrik Neij took the stand as the landmark trial of Pirate Bay continued Thursday, and left the prosecutor scratching his head over who is in charge of the BitTorrent site.

… The prosecutor became visibly frustrated when he tried to get Neij to identify the kingpin who is ultimately responsible for Pirate Bay and the text and graphics on the site. Neij explained that an extended group of people have privileges on the server, and contribute haphazardly as they see fit. The prosecutor seemed not to grasp the concept.


Related? Ah! That's the question, isn't it?

http://news.cnet.com/8301-1023_3-10168095-93.html?part=rss&subj=news&tag=2547-1_3-0-5

New U2 album makes early debut on P2P networks

by Steven Musil February 19, 2009 9:10 PM PST

Despite extreme measures to prevent U2's new album from appearing prematurely on the Internet, copies of the band's "No Line on the Horizon" have begun circulating on file-swapping networks--a full week before its official release.

CD-quality copies of the band's 12th album, which is slated for release in Ireland on February 27 and worldwide on March 3, started appearing Wednesday on BitTorrent and now reportedly number in the hundreds of thousands.



Might be worth forwarding...

http://www.killerstartups.com/Web-App-Tools/ghotit-com-assistance-for-those-with-dyslexia

Ghotit.com - Assistance For Those With Dyslexia

http://www.ghotit.com/home.shtml

This solution advertises itself as “Your Personal Super Spell Checker”, and it aims to let anybody overcome any writing process’s shortcomings he might have. Specifically, it is geared towards the ones with dyslexia, and it aims to let these individuals convert the texts their produce into mainstream English.

The approach is quite spot on, as average spell checkers tend to address the needs of the general population, whose spelling mistakes actually have a resemblance to the word they intended to convey in the first place. When it comes to those with dyslexia it is a completely different matter, as the words they write quite often stray far away from the correct spelling.



What Social Good does this serve? (Is humor a social good?)

http://www.foxnews.com/politics/2009/02/19/judge-rules-release-spitzer-wiretaps/

Judge Rules to Release Spitzer Wiretaps

A U.S. district judge said tapes of former New York Governor Eliot Spitzer making calls to a prostitution ring can be made public.

FOXNews.com Thursday, February 19, 2009

No comments: