Wednesday, March 18, 2009

Remember, when it comes to the adequacy of your security, it's not just the CIO or the CEO or the Board of Directors you need to convince. A massive data loss might be seen as an indicator that something isn't quite up to par...

http://www.databreaches.net/?p=2458

Heartland’s annual report to SEC reveals more investigations

March 17, 2009 by admin Filed under: Breach Reports

Heartland Payment Systems filed its annual Form 10-K report with the Securities and Exchange Commission yesterday. The Legal Proceedings section lists all of the consumer, financial institution and stockholder lawsuits against it, and also indicates that it is under investigations in addition to ones previously reported:

… The report also provides some additional detail on how Heartland’s sponsoring banks may try to recoup any fines and that they anticipate that other card brands may also impose fines:



Watching basketball is a major security risk?

http://www.atthebreach.com/news/march-madness-scam-using-seo-poisioning/

March 17, 2009

March Madness Scam Using SEO Poisioning

With March Madness in the air, you should be aware of a new scam to get your users to get malware installed on their system. It involved the search engine manipulation of Google and others to present malicious and compromised websites at the top of the search results.

… First, it allows criminals to compromise systems on the inside of the network while completely bypassing traditional security solutions such as firewalls and IDS/IPS. Second, when successful, it has the capacity to compromise many more systems than traditional vulnerability exploit where you compromise one system at a time.



Someone sees the risks as well as the benefits? How unusual.

http://www.pogowasright.org/article.php?story=20090317145714921

Dutch payment by fingerprint initiative stopped

Tuesday, March 17 2009 @ 02:57 PM EDT Contributed by: PrivacyNews

Dutch supermarket chain Albert Heijn has decided not to follow up on a trial with payment via fingerprint. The trial was conducted in an Albert Heijn branch in the town of Breukelen, near Amsterdam, where 580 participants were able to pay for their daily groceries using their finger print instead of cash or debit cards.

.... Albert Heijn has currently decided not to follow up on the trial, citing ‘security issues and vulnerability to fraud’.

Source - The Paypers

[From the article:

During the first weeks of the trial, experts already pointed out a number of security issues arising from the use of the fingerprint payment method. A security expert managed to pay using someone else’s finger print.

… The participants however were enthusiastic about the payment method and applauded the fact that they could complete their purchases without needing their debit cards, cash or loyalty cards.



Jefferson never said they were covered either...

http://blog.wired.com/27bstroke6/2009/03/obama-administr.html

Obama Administration: Constitution Does Not Protect Cell-Site Records

By David Kravets EmailMarch 17, 2009 | 2:21:35 PM

… "Because wireless carriers regularly generate and retain the records at issue, and because these records provide only a very general indication of a user's whereabouts at certain times in the past, the requested cell-site records do not implicate a Fourth Amendment privacy interest," the Obama administration wrote (.pdf) Feb. 13 to the federal appeals court.


Related? “We're politicians, so we gotta do something, even if we don't know what we're doing!”

http://yro.slashdot.org/article.pl?sid=09/03/17/2321252&from=rss

UK Gov. Clueless About Own Internet Blacklist

Posted by kdawson on Wednesday March 18, @04:56AM from the get-me-someone-with-a-clue dept. Censorship The Internet Politics

spge writes

"Computer Shopper magazine has interviewed the UK Home Office about its relationship with the Internet Watch Foundation and discovered that the government doesn't actually know what the IWF does, although it still plans to force UK ISPs to subscribe to the IWF's blacklist. The main story makes for interesting reading, but the best bit is the full transcript of the interview. Short version: the IWF investigates suspected child porn websites and adds any it finds to a list that ISPs can use to block these sites; uk.gov wants ISPs to use this list; however, the IWF is not an official government organization, does not appear to have legal permission to view child pornography, and quite possibly is breaking the law by doing so."



Another example of “clueless.” Does no one consider what will happen with someone outside of the marketing department finds out what you did? Shouldn't this be on the state's certification checklist?

http://blog.wired.com/27bstroke6/2009/03/diebold-admits.html

Diebold Admits Systemic Audit Log Failure; State Vows Inquiry

By Kim Zetter March 17, 2009 6:29:04 PM

SACRAMENTO, California — Premier Election Solutions (formerly Diebold Election Systems) admitted in a state hearing Tuesday that the audit logs produced by its tabulation software miss significant events, including the act of someone deleting votes on election day.

The company acknowledged that the problem exists with every version of its tabulation software.



I had my Computer Security students do this last year – not limited to Google. Interesting (but not surprising) results.

http://www.pogowasright.org/article.php?story=20090317172008966

EPIC asks FTC to investigate Google's cloud computing security

Tuesday, March 17 2009 @ 05:20 PM EDT Contributed by: PrivacyNews

Alexei Oreskovic of Reuters reports that EPIC has asked the FTC to investigate the adequacy of Google's cloud computing security after a problem resulted in unintended file sharing last month.

EPIC's request (pdf) includes Gmail, Google Docs, and Picasa.


Related

http://news.cnet.com/8301-10787_3-10198848-60.html?part=rss&subj=news&tag=2547-1_3-0-5

Sun's new mantra: Call us the 'cloud company'

by Charles Cooper March 17, 2009 10:39 PM PDT

Update 8:49 a.m. PDT: Sun has made its official announcement and provided a link to its cloud computing site.

During the Internet bubble era, Sun Microsystems profited as one of the big suppliers of networking computing technology to IT. Now it's hoping to similarly benefit from another tech trend as the computer industry slowly migrates toward cloud computing.


Related. IBM is still profitable...

http://news.cnet.com/8301-1001_3-10198901-92.html?part=rss&subj=news&tag=2547-1_3-0-5

Why an IBM purchase of Sun would make sense

by Larry Dignan March 18, 2009 4:45 AM PDT

IBM is reportedly in talks to buy Sun Microsystems for $6.5 billion and the deal is long overdue. The companies mesh on the open-source software front, Sun is struggling, and IBM can consolidate some server market share.

First, the headlines. The Wall Street Journal is reporting that IBM could acquire Sun as early as this week. IBM would pay all cash for Sun. The Journal also reported that Sun has approached a number of large companies about an acquisition; a move that throws cold water on CEO Jonathan Schwartz's everything-is-fine video.



Another “new economics”

http://blog.wired.com/underwire/2009/03/anderson-kawasa.html

SXSW: Wired Editor Chris Anderson's Free Will Be Free

By Chris Kohler March 17, 2009 4:57:00 PM

In a keynote Q&A with former Mac marketer and venture capitalist Guy Kawasaki on the final day of the SXSW Interactive conference here, Wired magazine's editor-in-chief said that you'll be able to read his new book on the economics of giving things away without paying a dime. But, he said, publisher Hyperion asked him to not reveal the specific details of how that will work.

… The "freeconomics" theory Anderson laid out in "Free! Why $0.00 Is the Future of Business," his 2008 cover article in Wired, posits that in the internet era, giving goods away has moved from marketing gimmick to fundamental strategy that's changing the way the world does business.



“We need UAVs and better wiretap tools and drug sniffers in schools and P2P taps and the Total Information Awareness system and ...” Hey, they asked. I'd ask for the moon too.

http://www.bespacific.com/mt/archives/020868.html

March 17, 2009

DOJ: High-Priority Criminal Justice Technology Needs

High-Priority Criminal Justice Technology Needs, NCJ 225375, 2009, by National Institute of Justice



Interesting that one of last year's top scams involves this years economic stimulus plan. Now will you believe that criminals move quickly?

http://www.bespacific.com/mt/archives/020862.html

March 17, 2009

Phishing Scams, Frivolous Arguments Top the 2008 “Dirty Dozen” Tax Scams

News release: "The Internal Revenue Service issued its 2008 list of the 12 most egregious tax schemes and scams, highlighted by Internet phishing scams and several frivolous tax arguments. Topping this year’s list of scams is phishing, which encompasses numerous Internet-based ploys to steal financial information from taxpayers. New to the “Dirty Dozen” this year is a scheme, which IRS auditors discovered, that relates to unreasonable and/or excessive fuel tax credit claims."



An example of news that is hard to report in paper form...

http://www.bespacific.com/mt/archives/020864.html

March 17, 2009

Investigative Reporting Workshop's BankTracker

"The unprecedented bet that many banks made on mortgages, real estate development and other real estate related lending during the middle part of this decade has produced a payoff no one imagined just a few years ago -- a huge increase in loan defaults, a soaring number of foreclosures and a plunge in bank profits. And now, a new analysis of bank financial statements by the Investigative Reporting Workshop [American University School of Communication], sheds new light on just how dangerous conditions have become in many banks across the nation. We also created a search tool that permits you to check the financial health of any bank in the nation. And we have provided detailed information about the banks that have received bailout money from the federal government. This project was done in cooperation with msnbc.com. See the full story." [thanks Peggy Garvin]


Related I bet they don't analyze this as closely as the banks. It's easier to just hate highly paid executives.

http://www.bespacific.com/mt/archives/020861.html

March 17, 2009

NY AG Cuomo Releases Details on AIG Bonuses to Financial Services Committee

Letter to Rep. Barney Frank from Andrew M. Cuomo, Attorney General of the State of New York re: AIG 2008 Retention Bonuses

  • "We learned over the weekend that AIG had, last Friday, distributed more than $160 million in retention payments to members of its Financial Products Subsidiary, the unit of AIG that was principally responsible for the firm's meltdown...The top recipient received more than $6.4 million; The top seven bonus recipients received more than $4 million each; The top ten bonus recipients received a combined $42 million; 22 individuals received bonuses of $2 million or more, and combined they received more than $72 million; 73 individuals received bonuses of $1 million or more; and Eleven of the individuals who received "retention" bonuses of $1 million or more are no longer working at AIG, including one who received $4.6 million..."



For the Surgical Tech students in my website class...

http://blog.wired.com/wiredscience/2009/03/medarchives.html

Rare Trove of Army Medical Photos Heads to Flickr

By Alexis Madrigal March 17, 2009 7:16:36 PM

An archivist has begun a massive project to make public a newly digitized collection of unique and sometimes startling military medical images, from the Civil War to Vietnam, without the Army's blessing.

This previously unreported archive at the National Museum of Health and Medicine in Washington, D.C., contains 500,000 scans of unique images so far, with another 225,000 set to be digitized this year.

Mike Rhode, the museum's head archivist, is working to make tens of thousands of those images, which have been buried in the museum's archive, available on Flickr. Working after hours, his team has posted a curated selection of almost 800 photos on the service already, without the express permission of the Army.



For my CS and IT students

http://news.slashdot.org/article.pl?sid=09/03/17/1754239&from=rss

Computer Science Major Is Cool Again

Posted by kdawson on Tuesday March 17, @02:08PM from the on-average-we-all-have-jobs dept.

netbuzz sends along a piece from Network World reporting that the number of computer science majors enrolled at US universities increased for the first time in six years, according to new survey data out this morning. The Taulbee Study found that the number of undergraduates signed up as computer science majors rose 8% last year. The survey was conducted last fall, just as the economic downturn started to bite. The article notes the daunting competition for positions at top universities: Carnegie Mellon University received 2,600 applications for 130 undergrad spots, and 1,400 for 26 PhD slots.

"...the popularity of computer science majors among college freshmen and sophomores is because IT has better job prospects than other specialties, especially in light of the global economic downturn. ... The latest unemployment numbers for 2008 for computer software engineers is 1.6%... That's beyond full employment. ... The demand for tech jobs may rise further thanks to the Obama Administration's stimulus package, which could create nearly 1 million new tech jobs."

No comments: