Monday, March 23, 2009

Bad news for Heartland Payment Systems?

http://www.pogowasright.org/article.php?story=20090322070453197

FTC Commission Approves Final Consent Order in Matter of Genica Corporation

Sunday, March 22 2009 @ 07:04 AM EDT Contributed by: PrivacyNews

Following a public comment period, the Commission has approved a final consent order in the matter of Genica Corporation and Compgeeks.com. The vote approving the final order was 4-0. The issue concerned Compgeek's failure to provide adequate security for personal information it obtained from its customers.

Source - FTC Previous coverage here.

[From the FTC press release:

The complaint alleges that until at least December 2007, among other security failures, the respondents routinely stored this sensitive information in unencrypted text on their corporate computer network. The complaint also charges that the respondents did not adequately assess whether their Web application and network were vulnerable to commonly known or reasonably foreseeable attacks, such as Structured Query Language (SQL) injection attacks. The respondents also did not implement simple, readily available defenses to these attacks; defenses that were free or inexpensive.

… According to the complaint, the respondents violated federal law by falsely stating that they took reasonable and appropriate measures to protect personal information from unauthorized access. Their privacy policy states in part: “We use secure technology, privacy protection controls, and restrictions on employee access in order to safeguard your information.”



“Don't be silly old boy, the law applies only to regular citizens. Not to those of us in charge.”

http://www.pogowasright.org/article.php?story=20090322073225563

UK: 10 government databases ‘will break the law’

Sunday, March 22 2009 @ 07:32 AM EDT Contributed by: PrivacyNews

At least 10 of the giant government databases built or planned by ministers unlawfully breach privacy, according to a report.

The computer registers — including the DNA database, the national identity register, the Contactpoint child protection database and the health service patients’ register – all breach human rights and data protection laws, the Joseph Rowntree Reform Trust will say in research released tomorrow.

It argues that they should be scrapped or fundamentally redesigned to take privacy objections into account.

Source - RINF Related - BBC



No doubt insurance companies will offer a discount if you allow this. It is also a sure target for subpoenas and Hackers. Eat your heart out, George Orwell

http://science.slashdot.org/article.pl?sid=09/03/22/1619207&from=rss

Body 2.0 — Continuous Monitoring of the Human Body

Posted by Soulskill on Sunday March 22, @01:16PM from the invest-now-before-the-body-bubble-bursts dept.

Singularity Hub has a story about the development of technology that will some day allow for the constant, real-time monitoring of your medical status, and they take a look at current technological advances to that end. Quoting:

"Did you ever stop to think how silly and also how dangerous it is to live our lives with absolutely no monitoring of our body's medical status? Years from now people will look back and find it unbelievable that heart attacks, strokes, hormone imbalances, sugar levels, and hundreds of other bodily vital signs and malfunctions were not being continuously anticipated and monitored by medical implants. ... The huge amounts of data that would be accumulated from hundreds of thousands of continuously monitored people would be nothing short of a revolution for medical research and analysis. This data could be harvested to understand the minute by minute changes in body chemistry that occur in response to medication, stress, infection, and so on. As an example, the daily fluctuations in hormone levels of hundreds of thousands of individuals could be tracked and charted 24/7 to determine a baseline from which abnormalities and patterns could be extracted. The possibilities are enormous."



The economics of fraud.

http://news.cnet.com/8301-1009_3-10200104-83.html?part=rss&subj=news&tag=2547-1_3-0-5

Report: Rogue antivirus software pays off for scammers

by Elinor Mills March 22, 2009 9:01 PM PDT

Online scammers are making a lucrative business out of redirecting visitors from legitimate Web sites to sites that try install rogue antivirus software, according to a report due to be released by security firm Finjan on Monday.

… Members of the "affiliate network" who compromise legitimate Web sites get 9.6 cents for each successful re-direct, Finjan said in its latest Cybercrime Intelligence Report. There were 1.8 million unique users redirected to the rogue antivirus software during 16 consecutive days Finjan was monitoring the network, or about $10,800 for each day, the researchers calculated.

Finjan also discovered that between 7 percent and 12 percent of people end up installing the rogue antivirus software and 1.79 percent of them paid $50 for it.


Related?

http://www.pogowasright.org/article.php?story=20090323053325722

Swiss Banks and the End of Privacy (opinion)

Monday, March 23 2009 @ 05:33 AM EDT Contributed by: PrivacyNews

Since the Middle Ages, Switzerland has stood for bank secrecy -- or bank privacy, as the Swiss would insist. In the past month, this foundation of Swiss banking has collapsed under calls for transparency, making Swiss banks seem as outdated as cuckoo clocks. The nearly universal condemnation of Swiss banking is a sign of how quickly our expectations about privacy have changed.

Source - WSJ

[From the article:

Try as they did, the Swiss could not hold out in an era when the presumption is becoming that information once considered off-limits to others, including personal financial information, is fair game.

… Still, changes in Swiss banking are another sign that the increasingly free flow of information is redefining our view of fundamental concepts such as confidentiality. As the Swiss have learned, what was once considered a right to privacy seems to be transforming into a duty to disclose. We can know more, so we expect to know more.



Am I wrong to believe this is not a traditional “Liberal Cause?” This is because of large campaign contributions, right?

http://news.slashdot.org/article.pl?sid=09/03/22/184221&from=rss

Obama DOJ Sides With RIAA

Posted by timothy on Sunday March 22, @02:22PM from the similar-to-the-old-boss dept. The Courts

NewYorkCountryLawyer writes

"The Obama Administration's Department of Justice, with former RIAA lawyers occupying the 2nd and 3rd highest positions in the department, has shown its colors, intervening on behalf of the RIAA in the case against a Boston University graduate student, SONY BMG Music Entertainment v. Tenenbaum, accused of file sharing when he was 17 years old. Its oversized, 39-page brief (PDF) relies upon a United States Supreme Court decision from 1919 which upheld a statutory damages award, in a case involving overpriced railway tickets, equal to 116 times the actual damages sustained, and a 2007 Circuit Court decision which held that the 1919 decision — rather than the Supreme Court's more recent decisions involving punitive damages — was applicable to an award against a Karaoke CD distributor for 44 times the actual damages. Of course none of the cited cases dealt with the ratios sought by the RIAA: 2,100 to 425,000 times the actual damages for an MP3 file. Interestingly, the Government brief asked the Judge not to rule on the issue at this time, but to wait until after a trial. Also interestingly, although the brief sought to rebut, one by one, each argument that had been made by the defendant in his brief, it totally ignored all of the authorities and arguments that had been made by the Free Software Foundation in its brief. Commentators had been fearing that the Obama/Biden administration would be tools of the RIAA; does this filing confirm those fears?"



People hate change. Not because the new rules/software/paint scheme is bad, rather because they must both learn the new and un-learn the old. I would expect smart organizations to lock change out contractually.

http://news.cnet.com/8301-13641_3-10201715-44.html?part=rss&subj=news&tag=2547-1_3-0-5

Facebook and the downsides of software as a service

by Adam Richardson March 22, 2009 11:34 AM PDT

The tizzy created by Facebook's page design changes point out some valuable lessons that we should keep in mind as we head more into a SaaS and cloud-based world.



A “chicken or the egg” type of question?

http://tech.slashdot.org/article.pl?sid=09/03/22/2336208&from=rss

Places Where the World's Tech Pools, Despite the Internet

Posted by timothy on Sunday March 22, @08:25PM from the pretty-people-pool-in-airports dept. Earth Technology

Slatterz writes

"A decade ago people were talking about the death of distance, and how the internet would make physical geography irrelevant. This has not come to pass; there are still places around the world that are hubs of technology just as there are for air travel, product manufacturing or natural resource exploitation. This list of the ten best IT centres of excellence includes some interesting trivia about Station X during the Second World War, why Romania is teeming with software developers, Silicon Valley, Fort Meade Maryland, and Zhongguancun in China, where Microsoft is building its Chinese headquarters."



This could be useful

http://news.cnet.com/8301-1009_3-10198370-83.html?part=rss&subj=news&tag=2547-1_3-0-5

HP offers free security tool for Flash developers

by Elinor Mills March 22, 2009 9:01 PM PDT

HP is set to announce on Monday a free tool that developers can use to check for holes in the Flash applications they write, which can lead to data leaks and other security problems on Web sites.

HP SWFScan decompiles Flash applications and searches the code for vulnerabilities and violations of Adobe's best security practices guidelines, said Billy Hoffman, manager of HP's Web Security Research Group. The tool works with all versions of Flash.

… Hoffman explains how a Flash app vulnerability can be exploited in this video.



A new model for business models? Everything the neophyte needs but likely has no clue how to do. With a good reputation, this type of site could take off – but it does need to be complete, easy to use and provide extensive “Why do I need this?” documentation. Article links to several other sites.

http://blog.wired.com/underwire/2009/03/beamer-wilkins.html

SXSW: Bandize Puts Web Tools in Musicians' Hands

By Lewis Wallace March 22, 2009 6:29:00 PM

Bandize, a new web service for musicians that's currently in closed alpha, gives bands a suite of online tools to manage everything from tour bookings and social networking to mundane tasks like accounting and monitoring merchandise levels.

No comments: