Monday, March 16, 2009

Would you rather learn this today from a team of White Hat Hackers, or sometime next year from the Secret Service?

http://www.databreaches.net/?p=2398

Stolen-data trove offers look inside a botnet

March 15, 2009 by admin Filed under: Financial Sector, Government Sector, Malware, U.S.

Jordan Robertson of the Associated Press reports on what researchers from Prevx found on a Ukrainian web site used as to store data from 160,000 infected computers. What they found included data from a Georgia bank that exposed customer details and credentials for the bank’s wire-transfer system, and data from two states’ systems. Read more.

[From the article:

It also shows the difficulty in shuttering criminals' ID-theft beachheads: The Web site Prevx found, which was operating on a server in Ukraine, was still online for nearly a month after security researchers alerted the Internet service provider and law-enforcement authorities. The site was sucking up data from 5,000 newly infected computers each day.

… Such finds are becoming more common as the barrier lowers for crooks to jump into the online identity-theft racket. Top-of-the-line viruses, also known as Trojans, can be had for under $1,000.

… "The level of amateurness speaks to how widespread it is," Stewart said. "Literally anybody with a little bit of computer knowledge at all, if they have the criminal bent, can get access to one of these Trojans and get it out there and start stealing people's data."



An example of “Undue Reliance?” It's one thing to use technology, quite another to assume it is infallible.

http://yro.slashdot.org/article.pl?sid=09/03/16/1227227&from=rss

Service Via Facebook Shouldn't Always "Count"

Posted by CmdrTaco on Monday March 16, @09:35AM from the one-two-threeee-ah-ah-ah dept.

Frequent Slashdot contributor Bennett Haselton writes

"A New Zealand court has allowed a plaintiff to serve papers on a defendant via Facebook, following a similar ruling from an Australian court last year. But as these rulings do not necessarily mean, as Facebook announced in a press release, that the courts have endorsed Facebook 'as a reliable, secure and private medium for communication.' The trend could lead to abuses if courts start taking 'Facebook service' too seriously."

For more of the many words written by Bennett, hop on that curiously named link right below.



Oops! Can you say, “Lawsuit?” Perhaps a 'targeted news service' business model would have been wiser...

http://www.pogowasright.org/article.php?story=20090316050835228

UK: The Consulting Association database

Monday, March 16 2009 @ 05:08 AM EDT Contributed by: PrivacyNews

“Some people who have worked in the construction industry may want to know whether their personal details were held on Ian Kerr’s database. Following our intervention Mr Kerr has ceased trading and as people may have been denied employment because of the activities of The Consulting Association, the ICO has taken the unusual step of taking control of the database. From today we will be able to provide people with the records held about them, and in order to allow people enough time to contact us to get their information we will hold the material for the next six months.

Source - The Information Commissioner's Office Press Release



This article calls for more video cameras in police cars. My entrepreneurial side calls for video cameras in my car! Anyone want to invest? (See: http://en.wikipedia.org/wiki/Sousveillance )

http://www.pogowasright.org/article.php?story=20090316053454249

Smile, You're On Cop-Car Camera

Monday, March 16 2009 @ 05:34 AM EDT Contributed by: PrivacyNews

One night last summer Raymond Bell was pulled over by a Chicago cop and arrested for driving under the influence. Officer Joe D. Parker, a 23-year veteran, reported that upon getting out of his car, Bell was stinking of alcohol, lurching, and unable to walk a straight line or stand on one foot.

An officer with his stellar record would normally prevail against a DUI suspect. But in this case, Bell had something on his side: a video camera mounted on the dashboard of Parker's squad car that told a radically different story.

Source - Reason Online

[From the article:

Spending $13 million looks extravagant only until you compare it to the cost of losing lawsuits over police misconduct. From 2005 through the middle of 2008, says the Chicago Reader, the city paid out $155 million in police cases. Dashboard cameras don't have to prevent many million-dollar judgments to be a bargain.


Related? I use many short, specifically targeted videos in class, but I too doubt a 2 ½ hour video would be of consistent quality.

http://www.pogowasright.org/article.php?story=20090316053334568

Caught (Unfortunately) on Tape

Monday, March 16 2009 @ 05:33 AM EDT Contributed by: PrivacyNews

Recording class sessions so students can review them online is becoming routine on many campuses. But all that taping can lead to "uh-oh moments," such as when a professor's joke about the college dean ends up on YouTube, or a private comment to a student after class is inadvertently broadcast.

Source - Chronicle of Higher Education



Articles like this one point to questions that should be included in a Guideline for Investigating Security Failures. Also make you wonder who was “managing” security?

http://www.pogowasright.org/article.php?story=20090316053640273

DC Tech Arrests Raise Security Issues

Monday, March 16 2009 @ 05:36 AM EDT Contributed by: PrivacyNews

After being arrested on bribery charges Thursday, the District of Columbia's top information security official is being held without bail, partly because of uncertainty about whether he still has the ability to access the district's IT systems.

That's just one of many potential security issues facing D.C. government officials after the FBI raided the district's IT offices and arrested Yusuf Acar, its acting chief security officer, and a second man in connection with an alleged bribery scheme.

For instance, Acar had access to personnel data and other confidential information in the district's systems as part of his job. Court documents submitted by the FBI claim that several other district employees were also involved in the bribery scheme. Security analysts warn that Acar and his alleged accomplices could have created backdoors into systems.

Source - PC World

[From the article:

The bribery case is getting even more attention than it normally would because President Obama last week appointed Vivek Kundra, who until then was the district's chief technology officer, to be the federal government's first-ever CIO.



It's what they don't say that's interesting.

http://www.pogowasright.org/article.php?story=20090316051218501

FEMA adds safeguards to secure laptops

Monday, March 16 2009 @ 05:12 AM EDT Contributed by: PrivacyNews

The Federal Emergency Management Agency is putting new safeguards in place to protect sensitive information stored on its laptops, officials say, and prevent personal information like Social Security numbers and birth dates from falling into the wrong hands.

... The issue surfaced here this month when federal officials acknowledged that a FEMA-issued laptop containing personal information for "roughly 50" victims from last September's floods was stolen Nov. 4 from a FEMA inspector's car in Griffith.

Source - Post-Tribune

Related - Another stolen FEMA laptop highlights data protection problems within the agency

[From the article:

FEMA is installing more protection software on all laptops it manages, and now uses additional encryption software and data tracking software in all portable data storage devices, officials say -- two of the key recommendations in a critical 2007 report by the Homeland Security Department, FEMA's parent agency. [Note the exquisite wording. They have encryption software, but not on their laptops! L they track data on the laptops. They are also careful to say they will “install” software, but make no promise to actually “use' it. Bob]



Comcast hits 16MBPS and Qwest goes to 20MBPS. This is 600 times faster!

http://hardware.slashdot.org/article.pl?sid=09/03/16/0237240&from=rss

Europe Is Testing 12.5 Gbps Wireless

Posted by kdawson on Monday March 16, @05:01AM from the not-to-be-confused-with-iphone-hack dept.

Lorien_the_first_one brings word that in Europe, a breakthrough for post-4G communications has been announced. A public-private consortium known as IPHOBAC has been developing new communications technology that is near commercialization now. Quoting:

"With much of the mobile world yet to migrate to 3G mobile communications, let alone 4G, European researchers are already working on a new technology able to deliver data wirelessly up to 12.5Gb/s. The technology — known as 'millimeter-wave' or microwave photonics — has commercial applications not just in telecommunications (access and in-house networks) but also in instrumentation, radar, security, radio astronomy and other fields."



More support for my Data Mining/Data Analysis course proposal. Beware the “Quantity v. Quality”problem. (The Comments mention a few subversive techniques I'll have to address.)

http://science.slashdot.org/article.pl?sid=09/03/15/120203&from=rss

Data Mining Moves To Human Resources

Posted by Soulskill on Sunday March 15, @09:28AM from the incrementing-your-workplace-post-count dept. Math Businesses IT

theodp writes

"Just when you thought annual reviews couldn't get worse, BusinessWeek reports that HR departments at companies like Microsoft and IBM are starting to use mathematical analysis to determine the value of each employee. At an undisclosed Internet company, analysis of (non-verbal) communications was used to produce a circle to represent each employee — those determined to generate or pass along valuable info were portrayed as large and dark-colored circles ('thought leaders' and 'networked curators'), while those with small and pale circles were written off as not adding a hell of a lot. 'You have to bring the same rigor you bring to operations and finance to the analysis of people,' explains Microsoft's Rupert Bader. Hey, who could argue with what Quants did for finance?"



They are missing the story here. The Information Age has changed the banking paradigm from “Banks in countries with cooperative governments” to “eBanks that move your money faster than regulators can follow.” (For complete safety and tax-free income, you can always trust the First Bank of Bernie Madoff)

http://news.slashdot.org/article.pl?sid=09/03/15/1810239&from=rss

Swiss Banks Making Concessions On Secrecy

Posted by kdawson on Sunday March 15, @02:29PM from the next-stop-panama dept.

Aryabhata writes in with news that should chill the hearts of evil dictators and tax cheats everywhere: one of the last bastions of strong banking secrecy, Switzerland, is bowing to international pressure and agreeing to cooperate with some foreign investigations of wrongdoing.

"...the Swiss government announced on Friday that it would cooperate in international tax investigations, breaking with its long-standing tradition of protecting wealthy foreigners accused of hiding billions of dollars. Austria and Luxembourg also said they would help. [Help destroy Swiss banks? Bob] … The famed 'numbered accounts' that do not bear the owner's name will still be available for clients willing to pay for added anonymity. ... Over the past month, leaders have made similar promises in Singapore, Liechtenstein, Bermuda, the British islands of Jersey and Guernsey, and tiny Andorra... other 'offshore' banking centers are still available in the Caribbean, Panama, Dubai and elsewhere."



I looked carefully and didn't find my name. Looks like I'll have to keep hacking...

http://www.bespacific.com/mt/archives/020841.html

March 15, 2009

Graphical Database Tracks Bailout Funds to Specific Banks

Nicolas Rapp, Art Director for the multimedia and graphic department at AP, posted a link to one of his many outstanding infographics of special value to financial researchers. As noted on his site, since November 2008 he has been tracking the financial sector bailout, and the resulting infographic, [Flash application developed by Sean McDade], is titled: Bailout Breakdown - Who's getting how much from government, updated twice daily.



I wonder if they saw it the same way I did?

http://www.bespacific.com/mt/archives/020844.html

March 15, 2009

CIA Releases Six Declassified Vietnam Histories

Vietnam Histories: "This release consists of six declassified histories volumes and describes the CIA's role in Indochina during the Vietnam War. These histories written by Thomas L. Ahern, Jr., are based on extensive research in CIA records and on oral history interviews of participants. The release totals some 1,600 pages and represents the largest amount of Vietnam-era CIA documents yet declassified."



Didn't “trickle down” very far, did it. This project must have been “shovel ready” but that's not the same as saying it was the best choice as one of the first stimulus projects.

http://news.slashdot.org/article.pl?sid=09/03/15/1821227&from=rss

"Bridge To Microsoft" Gets Federal Stimulus Funds

Posted by kdawson on Sunday March 15, @03:44PM from the them-as-has dept. Microsoft Government The Almighty Buck

theodp writes

"Among the first to benefit from the investment in roads and bridges from Obama's stimulus plan is Microsoft, which has $20B in the bank. Local planners have allotted $11M to help pay for a highway overpass to connect one part of Microsoft's wooded campus with another. Microsoft will contribute almost half of the $36.5M cost; other federal and local money will pay the rest. 'Steve Ballmer or Bill Gates could finance this out of pocket change,' griped Steve Ellis of the Taxpayers for Common Sense. 'Subsidizing an overpass to one of the richest companies in the country certainly isn't going to be the best use of our precious dollars.' Ellis called the project 'a bridge to Microsoft,' alluding to Alaska's infamous 'Bridge to Nowhere.'"

A White House spokesman said this bridge project is still under review.

No comments: