Wednesday, March 04, 2009

Perhaps they will steal all those bad loans and the banks will suddenly be solvent!

http://it.slashdot.org/article.pl?sid=09/03/03/1951222&from=rss

Tigger.A Trojan Quietly Steals Stock Traders' Data

Posted by kdawson on Tuesday March 03, @04:37PM from the where-the-money-is dept.

**$tarDu$t** recommends a Washington Post Security Fix blog post dissecting the Tigger.A trojan, which has been keeping a low profile while exploiting the MS08-66 vulnerability to steal data quietly from online stock brokerages and their customers. An estimated quarter million victims have been infected. The trojan uses a key code to extract its rootkit on host systems that is almost identical to the key used by the Srizbi botnet. The rootkit loads even in Safe Mode.

"Among the unusually short list of institutions specifically targeted by Tigger are E-Trade, ING Direct ShareBuilder, Vanguard, Options XPress, TD Ameritrade, and Scottrade. ... Tigger removes a long list of other malicious software titles, including the malware most commonly associated with Antivirus 2009 and other rogue security software titles... this is most likely done because the in-your-face 'hey, your-computer-is-infected-go-buy-our-software!' type alerts generated by such programs just might... lead to all invaders getting booted from the host PC."



Clearly something to point my “Intro to Computer Security” class to...

http://www.pogowasright.org/article.php?story=20090303094330706

EFF Releases How-To Guide to Fight Government Spying

Tuesday, March 03 2009 @ 09:43 AM EST Contributed by: PrivacyNews

The Electronic Frontier Foundation (EFF) launched its Surveillance Self-Defense project today -- an online how-to guide for protecting your private data against government spying. You can find the project at http://ssd.eff.org.

EFF created the Surveillance Self-Defense site to educate Americans about the law and technology of communications surveillance and computer searches and seizures, and to provide the information and tools necessary to keep their private data out of the government's hands. The guide includes tips on assessing the security risks to your personal computer files and communications, strategies for interacting with law enforcement, and articles on specific defensive technologies such as encryption that can help protect the privacy of your data.

Source - EFF Press Release



Would you steal if you had a 99% chance of getting away with it?

http://news.cnet.com/8301-1009_3-10186176-83.html?part=rss&subj=news&tag=2547-1_3-0-5

Gartner: Financial fraud hits 7.5 percent of U.S. adults

by Elinor Mills March 3, 2009 9:01 PM PST

About 7.5 percent of U.S. adults lost money as a result of financial fraud last year, mostly due to data breaches, according to a new Gartner study to be released on Tuesday night.

In the survey of nearly 5,000 consumers, 70 percent said they had never been a victim of identity theft fraud. Meanwhile 14 percent said they had had their credit card information used to charge purchases or get money, 7 percent said their debit card was used, 6 percent said a new account had been opened in their name, 5 percent had money transferred out of their account, and 4 percent had had checks forged.

… "The chances of a criminal getting arrested and convicted for identity theft-related fraud are much less than a half of 1 percent," the study said.



Analyzing and interpreting the data is going to be important. What liability would an employer or provider assume? i.e. Will they recognize a terrorist website when their employees connect to one?

http://www.pogowasright.org/article.php?story=20090304064506644

Fi: Parliament Passes "Lex Nokia" BIll

Wednesday, March 04 2009 @ 06:45 AM EST Contributed by: PrivacyNews

Parliament has passed the controversial reforms to the data protection law, the so-called "Lex Nokia" bill. The vote was 96 for, 56 against. [and 47 abstentions! Bob]

... The law allows employers and other organisations that provide users with Internet service and e-mail to monitor IP traffic data. In practice, this means that employers can see who workers are e-mailing, when the message was sent, and the size of the e-mails and attachments. It will not allow them to read the contents of e-mails.

Source - YLE.fi


Related “All that is not forbidden is mandatory!” The Once and Future King

http://yro.slashdot.org/article.pl?sid=09/03/04/0028227&from=rss

Should Job Seekers Tell Employers To Quit Snooping?

Posted by kdawson on Wednesday March 04, @01:14AM from the easy-for-you-to-say-you-have-a-job dept.

onehitwonder writes in with a CIO opinion piece arguing that potential employees need to stand up to employers who snoop the Web for insights into their after-work activities, often disqualifying them as a result.

"Employers are increasingly trolling the web for information about prospective employees that they can use in their hiring decisions. Consequently, career experts advise job seekers to not post any photos, opinions or information on blogs and social networking websites (like Slashdot) that a potential employer might find remotely off-putting. Instead of cautioning job seekers to censor their activity online, we job seekers and defenders of our civil liberties should tell employers to stop snooping and to stop judging our behavior outside of work, writes CIO.com Senior Online Editor Meridith Levinson. By basing professional hiring decisions on candidates' personal lives and beliefs, employers are effectively legislating people's behavior, and they're creating an online environment where people can't express their true beliefs, state their unvarnished opinions, be themselves, and that runs contrary to the free, communal ethos of the Web. Employers that exploit the Web to snoop into and judge people's personal lives infringe on everyone's privacy, and their actions verge on discrimination."



Similar to above? Is this becoming too common to resist? (It ain't the weather, we can do something about it! Can't we?)

http://www.pogowasright.org/article.php?story=20090304065408817

Behavioral Targeting: Not That Bad?! TRUSTe Survey Shows Decline in Concern for Behavioral Targeting

Wednesday, March 04 2009 @ 06:54 AM EST Contributed by: PrivacyNews

Consumers are more conscious of behavioral targeting than ever before, according to a recent survey conducted by TNS for TRUSTe, the leading internet privacy trustmark: two out of three consumers are aware that their browsing information may be collected by a third party for advertising purposes.

Additionally, consumer discomfort with behavioral advertising declined year over year (from 57 percent in 2008 to 51 percent in 2009), suggesting that although consumers worry about protecting their private information online, they are growing more accustomed to behavioral targeting, with some even preferring to be served targeted advertisements from brands they know and trust over irrelevant, intrusive advertisements. In fact, 72 percent of those surveyed said they found online advertising intrusive and annoying when the products and services being advertised were not relevant to their wants and needs.

Source - TRUSTe Press Release via MarketWire



Perhaps the certification testing isn't everything we were led to believe.

http://news.slashdot.org/article.pl?sid=09/03/03/182230&from=rss

Diebold Election Audit Logs Defective

Posted by kdawson on Tuesday March 03, @01:28PM from the worse-than-we-thought dept. Government Politics

mtrachtenberg writes

"Premier Election Solutions' (formerly Diebold) GEMS 1.18.19 election software audit logs don't record the deletion of ballots, don't always record correct dates, and can be deleted by the operator, either accidentally or intentionally. The California Secretary of State's office has just released a report about the situation (PDF) in the November 2008 election in Humboldt County, California (which we discussed at the time). Here's the California Secretary of State's links page on Diebold. The conclusion of the 13-page report reads: 'GEMS version 1.18.19 contains a serious software error that caused the omission of 197 ballots from the official results (which was subsequently corrected) in the November 4, 2008, General Election in Humboldt County. The potential for this error to corrupt election results is confined to jurisdictions that tally ballots using the GEMS Central Count Server. Key audit trail logs in GEMS version 1.18.19 do not record important operator interventions such as deletion of decks of ballots, assign inaccurate date and time stamps to events that are recorded, and can be deleted by the operator. The number of votes erroneously deleted from the election results reported by GEMS in this case greatly exceeds the maximum allowable error rate [There's an acceptable error rate? Bob] established by HAVA. In addition, each of the foregoing defects appears to violate the 1990 Voting System Standards to an extent that would have warranted failure of the GEMS version 1.18.19 system had they been detected and reported by the Independent Testing Authority that tested the system.'"



Isn't this what the xenophobes wanted? We scream that immigrants are coming to the US to steal our jobs, now we want them to stay?

http://news.slashdot.org/article.pl?sid=09/03/03/2219256&from=rss

Smart Immigrants Going Home

Posted by kdawson on Tuesday March 03, @07:04PM from the no-longer-the-only-land-of-opportunity dept. Education United States Politics

olddotter writes

"A 24-page paper on a reverse brain drain from the US back to home countries (PDF) is getting news coverage. Quoting: 'Our new paper, "America's Loss Is the World's Gain," finds that the vast majority of these returnees were relatively young. The average age was 30 for Indian returnees, and 33 for Chinese. They were highly educated, with degrees in management, technology, or science. Fifty-one percent of the Chinese held master's degrees and 41% had PhDs. Sixty-six percent of the Indians held a master's and 12.1% had PhDs. They were at very top of the educational distribution for these highly educated immigrant groups — precisely the kind of people who make the greatest contribution to the US economy and to business and job growth."

Adding to the brain drain is a problem with slow US visa processing, since last November or so, that has been driving desirable students and scientists out of the country.



Viable business model? Looks like it to me.

http://news.cnet.com/8301-1023_3-10187655-93.html?part=rss&subj=news&tag=2547-1_3-0-5

Start-up offers alternative to subscription TV

by Marguerite Reardon March 4, 2009 6:00 AM PST

… The plan is to offer streaming movies and TV shows directly to TVs using a broadband connection.

… Users will choose one of three options for viewing the content. They can either pay a small rental fee for the movie or episode they want to view without commercials; they can "buy to own" the content, or they can view the video for free by watching targeted advertising.

No comments: