Thursday, February 26, 2009

When you have a security breach, the fun never stops! It's bad enough to face all those lawsuits. Now they want to blame the recession on you too!

http://www.databreaches.net/?p=1854

SEC, FTC investigating Heartland after data theft

February 26, 2009 by admin

Robert McMillan reports:

Federal agencies, including the U.S. Federal Trade Commission (FTC) and the U.S. Securities and Exchange Commission (SEC), have begun investigating Heartland Payment Systems following a massive data breach at the payment processing company.

Company President and CFO Robert Baldwin Jr. disclosed the investigations during Heartland’s quarterly conference call with investigators Tuesday, saying that the SEC had launched an informal inquiry into the company and that there is a related investigation by the Department of Justice. The U.S. Department of the Treasury’s Office of the Comptroller of the Currency (OCC), which regulates national banks and their service providers, has launched an inquiry, as has the FTC, he said.

Read more in Computerworld

[From the article:

The Treasury's OCC may be taking an interest in the breach because it could be part of a larger problem for the banking industry, said Avivah Litan, an analyst at Gartner Inc. "I think that the criminal gang that targeted Heartland is targeting multiple payment processors, and it's a serious threat to the integrity of the payment systems," she said.

Reached Wednesday, a Heartland spokesman could not say why the SEC is investigating the company.

However, the investigation may relate to stock trades made by Heartland Chairman and CEO Robert Carr after Visa notified Heartland of suspicious activity on Oct. 28, 2008. According to insider trade filings, Carr sold just under $8 million worth of stock between Oct. 29 and the day the breach was disclosed. Heartland's stock was trading in the range of $15 to $20 per share for most of these transactions, but it dropped following the breach disclosure. It closed Wednesday at $5.49 per share.

During the conference call, Carr said that his trades were part of a 10b5-1 plan initiated in August -- months before Heartland knew of any problems [but months after they should have known Bob] -- to pay off his personal debt, and that he stopped selling shares as soon as the company discovered malicious software on its systems on the night of Jan. 12. "I had no discretion regarding the terms or timing of the sales," he said.



So, at least two.

http://www.databreaches.net/?p=1807

No, the unnamed processor breach is not another Heartland breach

February 25, 2009 by admin

Despite what some people might have suggested, Heartland Payment Systems has flatly denied that it is in any way responsible for the newest reports of another payment processor breach.

In response to a blog entry on The Consumerist, Nancy Gross, Heartland’s Executive Director of Marketing, replied:

We, too, have heard of a new breach. But, we can say with confidence that it is not at Heartland.

Although I could not reach Nancy to confirm the statement with her, Jason Maloni, Heartland’s spokesperson, kindly got back in touch with me to confirm that she had posted that statement and that Heartland is not the source of the second breach that is making the news.

And because I realize that some people may not trust denials under such circumstances, I can say that other information I’ve obtained from a confidential and reliable source strongly points away from Heartland.


Related My wife found out her card had been canceled as she tried to buy gas. The first replacement card was returned even though they claim they had the address right. She is not amused.

http://www.databreaches.net/?p=1791

Notifications reduced to green slips

February 25, 2009 by admin

More than one month after Heartland’s disclosure of a major breach, some customers are first finding out about it and that their card or account was affected. In some cases, however, all they are being given by way of explanation is a green slip enclosed with a replacement card. Steve Wartenberg of the Columbus Dispatch reports:

A green slip of paper accompanied each new Huntington card.

We’ve been informed that your bank card may have been recently exposed by a third party to possible fraudulent activity,” it read in part. “Please destroy your old card and begin using your enclosed new card immediately.”

At least one customer was dissatisfied with the bank’s handling of the incident:

They heard about it in January,” he said. “They should have alerted me immediately so I could monitor my account.”

Indeed, all over the internet, one can read comments from irate consumers, most of whom are blaming their banks or credit unions. For their part, the banks and credit unions feel like the victims of the Heartland breach because they bite the bullet on any fraudulent charges. Even though many of them have insurance to cover any losses, they may not file insurance claims out of concern that their insurance premiums will rise even more or because filing insurance claims just takes up more of their personnel’s time. [So why have insurance you won't use? Bob]

… One bank, Lone Summit Bank, headquartered in Lake Lotawana, Missouri, has already filed a lawsuit against Heartland over the breach.


Related. The pros and cons of press releases that can't say too much.

http://www.databreaches.net/?p=1798

Sifting through the tea leaves

February 25, 2009 by admin

In what appears to be a reaction to an article by Kim Zettner of Wired, “Clues to Massive Hacks Hidden in Plain Sight,” the folks at Sûnnet Beskerming posted, “A Data Breach In The Tea Leaves, Or Tilting At Windmills?” today.



The simple questions: Why was this data on a portable computer that was not being used as a portable computer? Why was the computer in a conference room rather than an office or locked cabinet? Will these people learn to search for these types of questions as they plan their security for the next sensitive-data-containing laptop?

http://www.databreaches.net/?p=1836

CO: Stolen computer contained 1,300 Social Security numbers

February 25, 2009 by admin

Zach Fridell reports:

Ten years’ worth of Social Security numbers for 1,300 past and present employees was compromised Tuesday night when a laptop was stolen from the Steamboat Springs School District office.

Read more on Steamboat Today & Pilot


Almost related? Always worth a read.

http://www.wired.com/politics/security/commentary/securitymatters/2009/02/securitymatters_0226

How Perverse Incentives Drive Bad Security Decisions

Commentary by Bruce Schneier



These hacks are just too simple... and pay too well.

http://www.pogowasright.org/article.php?story=20090226052758307

Hacker Claims He Used Celeb E-mail, MySpace Accounts to Send Spam

Thursday, February 26 2009 @ 05:27 AM EST Contributed by: PrivacyNews

A teenager who claims he hacked the e-mail and MySpace accounts of Miley Cyrus earned more than $100,000 by accessing other celebrity accounts and using them to send spam, according to an FBI affidavit.

..... [Josh] Holly told ABC News that he was the one who took racy personal photos of Cyrus from her e-mail account and posted them on the Internet last year, which caused a minor scandal for the previously squeaky-clean teen star.

Source - ABC

[From the article:

The newly filed search warrant affidavit sought permission to perform a forensic search of the computers. In the affidavit, the FBI says Holly made $110,000 between November 2007 and July 2008 from sending spam through hacked accounts. [Reasonable return for a trivial investment. Bob]

… Holly said he was able to access Cyrus' account by hacking MySpace's administrative panel to learn the teen star's MySpace user name and password. He said Cyrus used the same password for her e-mail account.

According to the affidavit, Holly also admitted to the FBI that he had been spamming since 2005. He claimed he used celebrity accounts because they generated high volume traffic, according to the affidavit.

… According to the affidavit, Holly communicated over the course of several months last year with MySpace's head of security about "system weaknesses and potential intrusions" and explained how he had accessed Cyrus' account.

Hacker: Might Go to Prison

In exchange for that information, Holly asked to have his MySpace account, which had been suspended for "suspicious or inappropriate behavior," reactivated, according to the affidavit. [and was it reactivated? Bob]



e-Pimping – ain't technology wonderful?

http://blog.wired.com/27bstroke6/2009/02/pimping.html

Pimps Go Online to Lure Kids Into Prostitution

By Kevin Poulsen February 25, 2009 11:30:00 PM

"I don't put girls on the blade," he wrote an associate in a chat log recovered by police. "It's Y2K pimpin'."



Not to sound negative, but: WE'RE DOOMED!

http://www.bespacific.com/mt/archives/020674.html

February 25, 2009

The Swedish model for resolving the banking crisis of 1991 - 93. Seven reasons why it was successful

The Swedish model for resolving the banking crisis of 1991 - 93. Seven reasons why it was successful (EUROPEAN ECONOMY. ECONOMIC PAPERS. 360. February 2009. European Commission. Brussels. 27pp. Tab. Graph. Ann. Bibliogr. Free) "This study presents the main features of the Swedish approach for resolving the banking crisis of 1991-93 by condensing them into seven policy lessons. The main features of the Swedish approach to the banking crisis of 1991-93 concern:

  • political unity,

  • a government blanket guarantee,

  • swift policy action,

  • an adequate legal and institutional framework,

  • full disclosure of information,

  • a differentiated resolution policy, and

  • the proper design of macroeconomic policies.

  • Related postings on financial system



Remember when an email outage would happen at least once a week?

http://tech.slashdot.org/article.pl?sid=09/02/25/2217243&from=rss

Google Blames Gmail Troubles On Maintenance Goof

Posted by timothy on Wednesday February 25, @05:43PM from the well-that's-reassuring dept. Communications The Internet

Slatterz writes

"Google has apologised for the two-and-a-half-hour Gmail outage on Tuesday morning, and admitted that the cause was down to data center maintenance. 'Lots of people around the world who rely on Gmail were disrupted during their waking and working hours, and we are very sorry. We did everything we could to restore access as soon as possible, and the issue is now resolved,' said Gmail site reliability manager Acacio Cruz in a blog post. Google had been testing new code designed to keep data geographically closer to its owner, which brought about disruption when maintenance in one data center caused another facility to be overloaded. This had a cascade effect, according to Google, and it took the company an hour to get it back under control."



Why I've been teaching my students about Cloud Computing. (And don't forget that Google is tied to Obama.)

http://news.cnet.com/8301-13578_3-10172259-38.html?part=rss&subj=news&tag=2547-1_3-0-5

Is Washington ready for cloud computing?

by Stephanie Condon February 25, 2009 3:31 PM PST

WASHINGTON--Bureaucrats in Washington looking for a silver lining to the economic downturn may want to try looking at the cloud itself.

The financial downturn, momentum from the private sector, and a new Web-savvy administration have come together to create the perfect climate for government adoption of cloud computing, said software as a service vendors, federal information technology purchasers, and others at a cloud-computing conference here Wednesday.


Related There is money to be made.

http://news.cnet.com/8301-1001_3-10172234-92.html?part=rss&subj=news&tag=2547-1_3-0-5

Salesforce.com squeezes $1B from the cloud

by Stephen Shankland February 25, 2009 3:29 PM PST

Salesforce.com showed Wednesday that cloud computing can produce serious money--but also that it's not immune from the current unpleasant economic climate.



Unfortunately, in my remedial math classes, what works for a third grader might be too much for some students. Still, hope springs eternal and if nothing else it gives me more videos for my Math Resources folder.

http://www.killerstartups.com/Web20/edutagger-com-k-12-social-bookmarking

Edutagger.com - K-12 Social Bookmarking

http://www.edutagger.com/

Simply put it, Edutagger is a social bookmarking site that is aimed at a specific range of users – K-12 learners and educators. As it is pointed out online, the objective of this solution is to create a platform where these individuals can openly share the many quality resources available on the Internet, and do so in a centralized location.

There is not a lot to say about a links aggregator that has not been said before. Items are displayed in the section entitled “New links”, and a voting system will let anybody propel them into the “Popular” page.

As regards the categories on offer, these encompass all the subjects that K-12 students and educators have to deal with such as “Art & Design”, “Science” and “Maths”, whereas the most popular keywords are garnered underneath the “Top Tags” banner.

Other than that, it is important to mention that a widget is included for you to add to your website. By cutting and pasting a string of code, you will be able to add a button reading “Edutag this” to make others become aware of your site and what it does.



A tool for HD video

http://www.killerstartups.com/Video-Music-Photo/keephd-com-downloading-hd-videos-off-youtube

KeepHD.com - Downloading HD Videos Off YouTube

http://www.keephd.com/

As the title of the review puts it, this is a tool that plays out a very specific role, namely letting you download these HD videos you come across the popular hosting service and wish to keep for posterity. And you not simply download them – you can always specify the version you want to get, according to the device that you intend to use to reproduce the file later on. As a result, you can download 3GP videos to be played on your mobile, and also MP4 and FLV files for viewing in handheld devices.

The dynamics of the site are simplicity in itself – you simple provide the URL of the video that you want to grab and hit the provided button to start the process. There is no registration to get in the way, and no need to procure or install any plug-in either.

Lastly, the site includes some interesting links that are related to the overall concept such as a link to the Relist.tv site, an online resource that can be used to embed YouTube playlists wherever you want. In that sense, it can be said that the site covers every angle of the process, and it is certain to cater for your online video needs one way or the other.

No comments: