Thursday, April 23, 2009

Build this into your “Disaster Planning”

http://www.databreaches.net/?p=3220

FL: SunTrust Banks first replacing cards due to Heartland breach

April 22, 2009 by admin Filed under: Financial Sector, Hack, Malware, U.S.

WESH reports that SunTrust Banks sent out letters this week to customers informing them that their cards were being replaced due to the Heartland breach.

WESH’s reporter asked what I would have asked: why are notifications first being sent now? The news station reports, “When asked why it took SunTrust so long to find out and notify customers, the representative said it takes months to sort it all out and SunTrust was probably part of the last wave of banks to learn that they could be affected.” [That alone would cause me to sue. Bob]

The value of breach notifications in reducing the risk or extent of identity theft has been a matter of research and debate in the past year. Certainly, however, if notification is to reduce the risk of misuse, it needs to be timely. The Heartland breach was announced three months ago. In this day and age, three months seem too long to notify. Yes, I know that consumers have no liability in some situations, but eventually we all pay for the fraudulent charges. The Heartland breach may have challenged card issuers and financial institutions due to the scale of the breach, but hopefully someone will do an analysis of the response to the incident to determine how quickly all affected institutions were notified and provided with necessary information, and how quickly financial institutions notified affected individuals and/or replaced cards.

[From the article:

"They took the measures to cut it off immediately and send me new cards. The question is, 'Why?' Because they don't say why in any of the letters."


Related. More factoids for planning

http://news.cnet.com/8301-13924_3-10225626-64.html?part=rss&subj=news&tag=2547-1_3-0-5

Intel finds stolen laptops can be costly

by Brooke Crothers April 22, 2009 10:35 PM PDT

A laptop's value is more than meets the eye. Intel says stolen laptops cost corporate owners more than $100,000 in some cases, in a study announced Wednesday.

The study on notebook security, commissioned by Intel and conducted by the Ponemon Institute, states that laptops lost or stolen in airports, taxis, and hotels around the world cost their corporate owners an average of $49,246 "reflecting the value of the enclosed data above the cost of the PC," Intel said.

Analyzing 138 instances of lost and stolen notebooks, the study based the $49,246 price tag on costs associated with replacement, detection, forensics, data breach, lost intellectual property, lost productivity, and legal, consulting and regulatory expenses, Intel said. Data breach alone represents 80 percent of the cost.

Who owns a missing notebook is important, Intel said. It is not the CEO's computer that is the most valued, but a director or manager, according to the study. A senior executive's notebook is valued at $28,449, while a director or manager's notebook is worth $60,781 and $61,040, respectively.

The average cost if the notebook is discovered missing the same day is $8,950, according to the study. After more than one week, this figure can reach as high as $115,849.



If you're cool (and deserve a larger budget), you're being hacked by China.

http://www.nydailynews.com/news/2009/04/22/2009-04-22_international_hackers_lauching_attack_against_nypd_computers.html

International hackers, many from China, are attacking NYPD computers

BY Alison Gendar and Bill Hutchinson DAILY NEWS STAFF WRITERS Updated Wednesday, April 22nd 2009, 7:07 PM

A network of mystery hackers, most based in China, have been making 70,000 attempts a day to break into the NYPD's computer system, the city's top cop revealed Wednesday.

… Sources said it appears the hackers have devised a automated system in which computers around the world make up to 5,000 attempts a day at pinpointing unsecured portals into the NYPD's files.

[University of Toronto's report on Ghost Net:

http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network



...and this looks bigger than initially reported. And the infrastructure looks less resilient.

http://it.slashdot.org/article.pl?sid=09/04/22/2043235&from=rss

A Cyber-Attack On an American City

Posted by timothy on Wednesday April 22, @05:02PM from the if-by-one-day-you-mean-already dept. Security The Internet United States

Bruce Perens writes

"Just after midnight on Thursday, April 9, unidentified attackers climbed down four manholes in the Northern California city of Morgan Hill and cut eight fiber cables in what appears to have been an organized attack on the electronic infrastructure of an American city. Its implications, though startling, have gone almost un-reported. So I decided to change that."



When you don't know what to do: reorganize!

http://news.cnet.com/8301-13578_3-10225415-38.html?part=rss&subj=news&tag=2547-1_3-0-5

White House may relieve DHS of cybersecurity role

by Declan McCullagh April 22, 2009 4:47 PM PDT

SAN FRANCISCO--The federal official overseeing a 60-day review of the U.S. government's cybersecurity efforts indicated Wednesday that the final report recommends shifting more responsibilities to the White House.

… Hathaway said her report--which has not yet been made public--was finished on Friday and has been sent to President Obama for his approval.

… Any effort by the Obama administration to reshuffle cybersecurity responsibilities will face a significant challenge: the protocols and hardware that make up today's Internet are created and maintained by the private sector. Companies like Cisco Systems, Microsoft, Google, AT&T, and Verizon--not Washington bureaucracies--operate today's Internet, and it's not clear that outside help will be useful.

"Protecting cyberspace requires strong vision and leadership and will require changes in policy, technology, education, and perhaps law," Hathaway said. "Achieving this vision requires leadership and commitment from the highest levels of government, industry, and civil society."



I can find no support for the numbers quoted, but they are correct to say we didn't win the exchange...

http://www.tgdaily.com/content/view/42101/108/

Nefarious Conficker worm racks up $9.1 billion bill

Security By Aharon Etengoff Tuesday, April 21, 2009 12:46



Another endorsement of my “power to the people” Internet Provider scheme. Perhaps we could use some of the Economic Stimulus money to build a community owned network in Centennial? In any case, it appears that no cable company has a strategy for dealing with this ttrend.

http://www.engadget.com/2009/04/22/time-warner-and-embarq-cant-compete-with-city-owned-isp-trying/

Time Warner and Embarq can't compete with city-owned ISP, trying to outlaw it

by Nilay Patel, posted Apr 22nd 2009 at 7:03PM

Man, Time Warner Cable -- you are some shady players. Hot on the heels of the ISP's decision to withdraw DOCSIS 3.0 trials from areas that have rejected its tiered billing plan, we're hearing that TWC's teamed up with Embarq to persuade the North Carolina state government into banning community-owned broadband services. Why? Well, turns out the 47,000 residents of Wilson, NC got tired of paying for slow broadband, so the city government launched its own fiber ISP called Greenlight that offers some pretty solid packages ranging from $99 for 81 cable channels, unlimited phone service, and 10Mbps (down and up) internet to $170 for every single channel including premiums and 20Mbps up/down internet. (There's even a "secret" 100Mbps up/down internet plan.) Of course, these prices blow TWC and Embarq out of the water -- the comparable basic Time Warner plan has fewer channels and less bandwidth for an "introductory rate" of $137 -- and rather than compete, the two giants decided to lobby the North Carolina legislature into proposing bills that outlaw community services like Greenlight. The argument is that the big companies can't turn a profit and compete against a community-owned enterprise that essentially sells service for cost, but we're not buying it -- if anything, TWC and Embarq can invest the extra profits they've been earning in other areas into building services that would blow Greenlight out of the water. Yep, it's definitely some dirty pool -- does anyone have any positive feelings left for these behemoths?


Related? Sure looks like Comcast is trying to get ready for the more competitive future. Too little too late?

http://news.cnet.com/8301-1023_3-10225358-93.html?part=rss&subj=news&tag=2547-1_3-0-5

Comcast tries to stay relevant in online world

by Marguerite Reardon April 22, 2009 4:27 PM PDT

As more entertainment content makes it way online, Comcast is looking for new ways to remain relevant to its subscribers.



That'll teach her to besmirch the name of a fine purveyor of pornography!

http://www.pogowasright.org/article.php?story=2009042215305025

Blogger who claimed online pornography security breach by N.J. company faces slander suit

Wednesday, April 22 2009 @ 03:30 PM EDT Contributed by: PrivacyNews

A Washington State hockey mom who accused a N.J.-based web firm that serves the pornography industry of a security breach that may have exposed customers' private information to hackers faces a hearing Thursday alleging she slandered the company.

The case against Shellee Hale focuses on forum posts she made about Too Much Media LCC, of Freehold, in a message board frequented by those in the online adult entertainment business. Too Much Media has sued Hale for slander claiming that while there was a security breach, no customer information was leaked.

Source - NJ.com

[From the article:

Litigation like the lawsuit against Hale's has so far been uncommon in New Jersey, but that may change as blogs, chat rooms and networking sites become ubiquitous.

"It's rare, but I think it's going to become more common as that becomes the primary way of people communicating," said Tom Cafferty, counsel to the New Jersey Press Association.

… He said a court will most likely look at whether she was disseminating the information through a publication or for her own purpose, because judges realize they have to be careful who gets the protection. If the newsperson's shield is extended to everyone who posts items on the Internet, "then everyone is a journalist and the privilege becomes meaningless," he said. [or does it become a “Right?” Bob]



Most surveilled nation on earth says, “What's wrong with a little more?”

http://www.pogowasright.org/article.php?story=20090423051322286

UK: All clear for Google Street View

Thursday, April 23 2009 @ 05:13 AM EDT Contributed by: PrivacyNews

Google's Street View technology carries a small risk of privacy invasion but should not be stopped, the UK's Information Commissioner has ruled.

Source - BBC Related - Common sense on Street View must prevail, says the ICO (pdf)

[Correct BBC link: http://news.bbc.co.uk/2/hi/technology/8014178.stm

[From the article:

Dr Ian Brown, a privacy expert at the Oxford Internet Institute, said: "The phrase 'small risk of privacy detriment' betrays the slightly wrong mindset at the Information Commissioner's office as they are having to adopt a reactive approach when it's far too late to really do anything about it.



Maybe there is no real copyright infringement verdict...

http://news.cnet.com/8301-1023_3-10224201-93.html

Sorting out the Pirate Bay verdict

by Mats Lewan April 21, 2009 12:44 PM PDT

In the aftermath of the Pirate Bay trial, many Swedish law experts say they consider Friday's high-profile guilty verdict severe but fair. Very few had predicted the verdict before it was handed out.

Complicating the case in many observers' eyes was the fact that no copyright-protected files were stored or distributed on the Pirate Bay Web site. But reading the 107-page sentence from Stockholm's Tingsratt district court offers a clearer picture of the grounds on which the court found all four defendants guilty of having assisted in making 33 copyright-protected files accessible for illegal file sharing via Piratebay.org.

The reasoning makes clear that the principal crime was committed by individual file sharers.

… The four defendants--Peter Sunde, Gottfrid Svartholm Warg, Fredrik Neij, and Carl Lundström--were accused of having assisted in this crime, and according to Swedish law, it's not necessary to know who committed the infraction in such a case, only that it was committed.

… He referred, as precedent, to a case several decades ago when a person was sentenced for assisting in a case of mayhem, only for having held the culprit's coat.

In its verdict, the Stockholm court states that "responsibility for assistance can strike someone who has only insignificantly assisted in the principal crime," then goes on to show how the defendants participated to a sufficient extent to be considered guilty.


Related? They must have really different rules over there...

http://yro.slashdot.org/article.pl?sid=09/04/23/1159216&from=rss

Judge In Pirate Bay Trial Biased

Posted by CmdrTaco on Thursday April 23, @08:48AM from the aren't-we-all dept. The Courts The Internet

maglo writes

"The judge who handed down the harsh sentence to the four accused in the The Pirate Bay trial was biased, writes Sveriges Radio (Sweden Public Radio): sr.se (swedish). Google translation. The judge is member of two copyright lobby organizations, something he shares with several of the prosecutor attorneys (Monique Wadsted, Henrik Pontén and Peter Danowsky). The organizations in question are Svenska Föreningen för Upphovsrätt (SFU) and Svenska föreningen för industriellt rättsskydd (SFIR)."


Completely unrelated? Inevitable extension of the Pirate Bay suit, but this doesn't look that similar to me – but then again, logic isn't part of their strategy. (Viable business model here?)

http://yro.slashdot.org/article.pl?sid=09/04/23/0323202&from=rss

Copyright Lobby Targets 'Pirate Bay For Books'

Posted by samzenpus on Thursday April 23, @05:10AM from the what-about-the-library dept. Books

An anonymous reader writes

"TTVK, a Finnish national copyright lobby, is threatening a book rental service called Bookabooka for allegedly running the 'Pirate Bay for Books'. Bookabooka however does not offer a torrent tracker service, nor does it enable a user in any way to download eBooks; it simply provides a place for book owners to rent textbooks to each other via the traditional mail service. [Could I rent my music collection the same way? Bob] It is mandatory that all textbooks must be originals. The service is used by a lot of School and University students, and it does not handle the shipping or returns of the textbooks. Nevertheless, the Finnish book publishers' association (Suomen Kustannusyhdistys) is convinced the service is breaching the copyright laws and threatening their business. TTVK has given Bookabooka until Friday to cease operations or face a lawsuit. Bookabooka's founders have vowed to keep the service online and ignore the threat."



Hey, trust us! We're only gonna block illegal things things you don't want to see It's for the children!

http://yro.slashdot.org/article.pl?sid=09/04/23/0319217&from=rss

Germany Institutes Censorship Infrastructure

Posted by samzenpus on Thursday April 23, @03:06AM from the not-for-your-eyes dept. Censorship Government

An anonymous reader writes

"Germany's government has passed a draft law for censorship of domains hosting content related to child pornography. A secret list of IPs will be created by the BKA, Germany's federal police; any attempted access to addresses on this list is blocked, logged (the draft seems to contradict press reports on this point) and redirected to a government page featuring a large stop sign. The law has not yet passed the assembly, however five of the largest ISPs have already agreed to voluntarily submit to the process even without a law in place. Critics argue that with the censorship infrastructure in place, the barrier for blocking access for various other reasons is very low. The fact that the current block can easily be circumvented may lead to more effective technologies to be used in the future. There are general elections as well as elections in several of the states later this year."



Wouldn't you like ot advertise on Oprah?

http://blogs.usatoday.com/technologylive/2009/04/oprah-effect-43-jump-in-twitter-traffic.html

Oprah effect: 43% jump in Twitter traffic

… According to market tracker Hitwise, traffic to Twitter went up 43% in a before and after survey of the Oprah Effect.

Additionally, on April 17th, the day of Winfrey’s first Tweets, 37% of visits to Twitter.com were new visitors, Hitwise says. By comparison, Hitwise says Facebook’s ratio of new visitors in March were 8%.

Hitwise also looked at top search terms for the week, and found that “Oprah,” was no. 7, and “Oprah Twitter,” no. 35.



While my statistics students complain about all the hard work they must do to punch a few buttons in Excel, imagine the screaming if I asked them to build a map like this as a mid-term.

http://www.bespacific.com/mt/archives/021178.html

April 22, 2009

Slate: An interactive map of vanishing employment across the country

When Did Your County's Jobs Disappear? An interactive map of vanishing employment across the country, by Chris Wilson

  • "The economic crisis, which has claimed more than 5 million jobs since the recession began, did not strike the entire country at once. A map of employment gains or losses by county tells the story of how those job losses first struck in the most vulnerable regions and then spread rapidly to the rest of the country. As early as August 2007, for example—several months before the recession officially began—jobs were already on the decline in southwest Florida; Orange County, Calif.; much of New Jersey; and Detroit, while other areas of the country remained on the uptick. Using the Labor Department's local area unemployment statistics, Slate presents the recession as told by unemployment numbers for each county in America."



It might be nice to have all my videos in the same format. (Or at least, one I can play at the school)

http://www.makeuseof.com/tag/5-easy-to-use-freeware-video-converters/

5 Easy-to-use Freeware Video Converters

Apr. 22nd, 2009 By Israel Nicolas



For my White Hatters...

http://www.bauer-power.net/2009/04/looking-for-free-cloud-computing-look.html

Apr 22, 2009

Looking For Free Cloud Computing? Look No Further!

… I have found a free cloud computing service! The service is called iCloud. True, you do get what you pay for.

… You get 3GB of "cloud" storage (There is that buzz word again) for your important documents which you can access anywhere there is an internet connection with a web browser. You also get a full suite of office applications, web browser (Yes, another way around Websense), instant messenger, RSS feed reader, and some other basic computing applications that you might find on a standard desktop.



You can never have enough serious academic research.

http://science.slashdot.org/article.pl?sid=09/04/22/2127216&from=rss

Designing DNA Circuits To Brew Tastier Beer

Posted by timothy on Wednesday April 22, @05:51PM from the but-can-they-make-beer-taste-good? Dept. Biotech

Al writes

"Researchers at Boston University have developed a way to predict the behavior or different DNA segments and make synthetic biology a little bit more reliable. James Collins and colleagues have built libraries of component parts and a mathematical modeling system to help them predict the behavior of parts of a gene network. Like any self-respected bunch of grad students, they decided to demonstrate the approach by making beer. They engineered gene promoters to control when flocculation occurs in brewers yeast, which allowed them to finely control the flavor of the resulting beer."

No comments: