Thursday, February 05, 2009

Sounds startling, until you remember that sending a copy of my medical records to you is counted a one breach and TJX is counted as one breach.

http://www.pogowasright.org/article.php?story=2009020409075326

Most Data Breaches Involve Paper

Wednesday, February 04 2009 @ 09:07 AM EST Contributed by: PrivacyNews

If current headlines are to be believed, data breaches involving electronic devices occur with mind-numbing frequency. Stories about missing laptops and stolen passwords appear daily, yet a recent study debunks the conventional wisdom that the majority of data breaches occur electronically.

"The Security of Paper Documents in the Workplace" study, commissioned by the Alliance for Secure Business Information (ASBI), reveals that most breaches involve paper. In fact, 49 percent of respondents whose companies have been affected by a data breach said that one or more of the breaches involved the loss or theft of paper, not electronic, documents. Even more surprising, 80 percent of respondents polled indicated their company had experienced one or more data breaches in the past 12 months alone.

Source - Top Tech News

[The study:

http://www.fellowes.com/asbi/content/ASBI_SecurityofDocuments_Report.pdf


Related? This one “involves paper” in a way I haven't seen before...

http://it.slashdot.org/article.pl?sid=09/02/04/183237&from=rss

Malware Spreading Via ... Windshield Fliers?

Posted by timothy on Wednesday February 04, @01:12PM from the right-at-home-with-the-bug-guts dept. Security IT

wiedzmin writes

"Another interesting article published by the SANS ISC Handler's Diary is describing a very unusual vector for malware distribution — windshield fliers and fake parking tickets. A website URL provided for "disputing a ticket" actually leads to a malicious website, and a "toolbar" required to find the photo of your violation is, you guessed it, a trojan posing as a fake antivirus. The best part is — according to the VirusTotal report, it doesn't look like most antiviruses have signatures for this one yet."



I haven't seen many of these cases...

http://www.databreaches.net/?p=1280

Woman Sentenced For Unlawful Access To Stored Communications.

Posted February 4th, 2009 by admin

This was a January 12th press release that never got picked up in my usual searches…

United States Attorney Karen P. Hewitt announced that today Tina Kafka pled guilty and was sentenced in federal court in San Diego by United States District Judge M. James Lorenz to serve two years of probation, and a special assessment of $25. Judge Lorenz accepted Ms. Kafka’s plea of guilty to a charge of unlawful access to stored communications, in violation of Title 18, United States Code, Section 2701.

According to Assistant U.S. Attorney Nicole Acton Jones, who prosecuted the case, in connection with her guilty plea Ms. Kafka admitted that between December 2006 and November 7, 2007, she intentionally accessed Explorer Elementary Charter School’s email server without authorization. Specifically, Ms. Kafka admitted that she accessed the email server by logging into email accounts assigned to at least 16 other employees, without their permission. Ms. Kafka further admitted that after she gained unauthorized access to the email server, she obtained access to both opened and unopened email messages that were stored on the server.

Source - U.S. Attorney’s Office, Southern District of California



For my Security students: Who needs this access? When do they use it? Do you match use of the Admin logon to specific problems being worked? (or do they always use that logon?) Simple concept.

http://tech.slashdot.org/article.pl?sid=09/02/05/0221211&from=rss

Users' Admin Logins Make Most Windows Malware Worse

Posted by samzenpus on Thursday February 05, @01:09AM from the protect-yourself-at-all-times dept. Microsoft Security Windows

nandemoari writes

"A new analysis claims that over 90% of the Windows security vulnerabilities reported last year were made worse by users logged in with administrative privileges — an issue Microsoft has been hotly debating recently. According to BeyondTrust Corp., the result of the analysis of the 154 critical Microsoft vulnerabilities indicated that a full 92% could have been prevented if users were not logged into their systems with administrator status. BTC believes that restricting the number of users who can log in with these privileges will 'close the window of opportunity' for attackers. This is particularly true for users of Internet Explorer and Microsoft Office."

[A cute comment:

"Polite [clem-digital.net]", a virus for Microsoft Word, already did this back in the mid 90's! When you try to save a file the virus macro asks "Shall I infect the file?", and kindly refrains from doing so if you click say no.



Obviously, the larger the database you match against the better your odds of finding a match. This is related to the face recognition software used (with little or no success) at the SuperBowl.

http://www.pogowasright.org/article.php?story=20090205074649254

CA: DMV proposal for face-detection technology irks privacy groups

Thursday, February 05 2009 @ 07:46 AM EST Contributed by: PrivacyNews

Even as cost-conscious Gov. Arnold Schwarzenegger looks to trim state spending every way he can, officials at the Department of Motor Vehicles are planning to spend tens of millions of dollars on new driver's license technology.

And privacy advocates say finances are the least of the plan's problems.

Source - Mercury News

Related - EFF: California Action Alert - Say No to Biometrics in CA Driver's Licenses Related - Consumer Federation of California: Dmv End Run Threatens Our Privacy

[From the article:

Similar software is used in Oregon, New Mexico, Texas, Colorado and Georgia. California DMV officials say that by flagging applicants who already have a license under a different name, the software has led to a reduction in fraudulent licenses and identification cards by as much as 10 percent in those states. [Is that the same as saying: It doesn't work 90% of the time? Bob]



ATTABOY! It's rare that I have anything good to say about Microsoft, but this looks like a great idea! (Rather than the phrase “We can, therefor we must!” that I use to deride managers who don't think of implications, here I would suggest the phrase “We can, so why don't we?” as an innovation model.

http://news.cnet.com/8301-13860_3-10157210-56.html?part=rss&subj=news&tag=2547-1_3-0-5

Microsoft offers to just 'Fix it'

Posted by Ina Fried February 5, 2009 4:00 AM PST

When people encounter a problem with their PC, they often go to the Web and do a search to see if others have had the problem. If they are lucky, someone has found a fix and listed the steps on either a support document or within a user forum.

Now, they may have an even better option.

Over the past six weeks, Microsoft has quietly added a "Fix it" button to a few of the thousands of help documents on its Web site. When clicked, the computer then takes all the recommended steps automatically.

… The "Fix it" option is still fairly rare, showing up in around 100 different help documents. The effort is growing rapidly, though, up from just four such fixes when the program quietly began in December.



Why do I get the distinct impression that failure to be on the White List (and assuming I'm not on the Black List) leaves me in a gray area? Must the government always work at the extreme ends of the bell curve?

http://blog.wired.com/27bstroke6/2009/02/house-approves.html

House Approves Whitelist of People Who Aren't Terrorists

By David Kravets February 04, 2009 4:02:24 PM

… Under the new plan, approved late Tuesday 413-3, innocent victims of the terrorist watchlist must prove to the Department of Homeland Security, through an undetermined appeals process, that they are not terrorists. They would then get their names put on what the legislation calls the "Comprehensive Cleared List."



Perhaps they could ask for help from the public?

http://it.slashdot.org/article.pl?sid=09/02/05/0223220&from=rss

UK Can't Read Its Own ID Cards

Posted by samzenpus on Thursday February 05, @04:11AM from the forest-for-the-trees dept. Security IT

An anonymous reader writes

"Despite the introduction of ID cards last November, it has emerged that Britain has no readers that are able to read the cards' microchips, which contain the person's fingerprints and other biometric information. With cops and border guards unable to use the cards to check a person's identity, critics are calling the £4.7bn scheme 'farcical' and a 'waste of time.'"


Related. For terrorist who want to find the weak link in the EU's border security? (Will this lead to standards? Probably not.)

http://www.pogowasright.org/article.php?story=20090205072536981

Disparate privacy features devalue ID cards, warns EU security agency

Thursday, February 05 2009 @ 07:25 AM EST Contributed by: PrivacyNews

The failure of European Union nations to co-ordinate the privacy features of identity cards will be a major barrier to their usefulness, an EU agency has said. The EU's network security agency hopes countries will co-ordinate cards' privacy features.

The European Network and Information Security Agency (ENISA), which is funded by the EU, has studied all 10 ID card systems in the EU and the 13 in development and has found that they each adopt different standards of privacy and methods of protecting it.

Source - Out-Law.com



Do we risk losing a whole generation of gamers who believe they can defy the laws of physics because their game avatars can?

http://games.slashdot.org/article.pl?sid=09/02/05/1136228&from=rss

First-Person Shooter Modified For Fire Drill Simulation

Posted by Soulskill on Thursday February 05, @06:52AM from the crap-where's-a-medkit dept. First Person Shooters (Games) The Military United States Games

Hugh Pickens writes

"Researchers at Durham University have modified a video game and turned it into a fire drill simulator using the Source engine (the 3D game engine used to drive Half-Life 2), and created a virtual model of one of the university's departments. Dr. Shamus Smith said that although 3D modeling software was available, modifying a video game was faster, more cost effective, and had better special effects. 'We were interested in using game technology over a customized application and the Source Engine, from Half-Life, is very versatile,' said Smith. 'We used the simulation to see how people behaved in an actual fire situation and to train people in "good practice" in a fire.' The team says the virtual environment helped familiarize people with evacuation routines and could also help identify problems with a building's layout. One problem, however, was that while the simulation worked for most people, those who played a lot of video games did some unusual things when using the simulation. 'If a door was on fire, [the gamers] would try and run through it, rather than look for a different exit,' said Smith."

This makes me wonder to what extent entertainment software will fill the role of non-entertainment software as the tools and engines become more and more powerful. Ars mentions related news that the US Dept. of Naval Research is dumping millions of dollars into "virtual reality-like simulations of small-scale urban conflicts." It's unclear whether this is related to the US Army's similar program.



Keeping up with technology

http://blog.wired.com/defense/2009/02/peter-singers-w.html

Inside the Rise of the Warbots

By Noah Shachtman February 04, 2009 2:16:58 PM

Peter Singer's Wired for War has been praised by everyone from former National Security Advisor Anthony Lake to Jon Stewart as a definitive look at the growing use of robots on the battlefield. Just before his talk at TED 2009, we chatted with Singer, a Brookings Institution senior fellow and Danger Room contributor, about the rise of the machines. [Why does that phrase ring a bell? Bob]


Gates demonstrates new way to spread computer virus!

http://news.cnet.com/8301-10805_3-10157380-75.html?part=rss&subj=news&tag=2547-1_3-0-5

Gates spreads malaria message with mosquitoes

Posted by Steven Musil February 4, 2009 10:20 PM PST

Bill Gates opened a jar of mosquitoes on stage at an elite tech conference Wednesday to draw attention to the plight of malaria victims.



For my website students. Very interesting.

http://www.killerstartups.com/Web-App-Tools/doculicious-com-fillable-documents-made-easy

Doculicious.com - Fillable Documents Made Easy

http://www.doculicious.com/do/home?

This is a new service enabling any person who has a website to add forms that can be filled out online by his visitors by providing embeddable PDF documents. Whenever anyone completes any of these forms, they will receive a PDF download that can be printed easily, whereas the information is stored securely on the webmaster’s account.

In addition to that, whenever a form is completed a notification is sent to the webmaster, so that he can be ready to process it straightaway. This makes for easily tracking, managing and processing form entries, and the implementation of such a system doesn’t entail any significant structural change to the way a business is run.

Moreover, these forms are entirely customizable, so that the webmaster can make them match the style and design of his site in a more or less immediate way, and reflect his brand as much as possible.

Lastly, it must be mentioned that a quote for a custom built template can be requested through the site in order to have the team handle the process. Check the site out if you wish to see some template examples for yourself, and how they could complement your website.


Cute, but not as useful

http://www.killerstartups.com/Web-App-Tools/yourfonts-com-turn-your-handwriting-into-fonts

YourFonts.com - Turn Your Handwriting Into Fonts

http://www.yourfonts.com/

Is your handwriting something to be proud of? Well done, I wish I could tell a similar story – if only because I am a writer myself, and it is a bit embarrassing to create manuscripts that only I can understand. In a certain sense, it makes me feel like someone who can speak without talking. It is a bit hard to explain – I am afraid only those who are in a similar position will understand it.

Coming back to this site, the ones who have been bestowed with a fine calligraphy can turn it into a TrueType font using the provided service. The one use of such a solution is giving any blog or website a more affable (or at least personalized) touch, and establishing a different connection with visitors.

Other than that, the service is somehow limited in its appeal, yet the ones who can put it to good use are going to be truly satisfied. If you wish to see where it stands for you, you can start by directing your web browser to www.yourfonts.com and start drawing away.

No comments: