Thursday, April 16, 2009

Isn't there a risk (to your credibility) if you don't tell the press?

http://www.databreaches.net/?p=3095

North Carolina breach data, 2007- March, 2009

April 15, 2009 by admin Filed under: Breach Reports, U.S.

Between January 2007 and March 19, 2009, North Carolina received 231 notifications of breaches under their breach reporting requirements. NC’s statute includes breaches involving paper records as well as electronic records, but only breaches requiring notification of 1,000 individuals or more must be reported to NC’s Consumer Protection Division of the Attorney General’s Office. Hence, smaller breaches are not included in these statistics.

In response to a request, NC provided a summary log of all incidents, which I have uploaded to this site, here (.xls). Inspection of their summary indicates a number of breaches that had not been reported in the media.

The Open Security Foundation has requested the underlying documents for the breaches reported in the log and will be uploading the documents to their Primary Sources files.



I know these tend to run together, but didn't I point to this about two weeks ago?

http://www.identitytheftblog.info/identity-theft/data-breach-organized-crime/1366

Rise in Data Breaches, Organized Crime Involved

April 15th, 2009 Rob Douglas

… Today, Verizon has released this year’s edition of the report - the 2009 Verizon Business Data Breach Investigations Report examining data breaches that occured in 2008.

[The Report: http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf



I wonder if some law school students and my tech students could write an article answering this question? Perhaps a series of similar questions: Technology for the Non-Technical Professional? (Note that the comments include many suggestions for storing lawyers...)

http://ask.slashdot.org/article.pl?sid=09/04/15/1743215&from=rss

Online Storage For Lawyers?

Posted by timothy on Wednesday April 15, @02:19PM from the due-diligence-best-practices dept. Data Storage Privacy The Courts

alharaka writes

"I have a relative that has been a lawyer for over two decades. In passing conversation, he revealed to me that he has a great deal of his data stored on floppies. Naturally, as an IT guy, I lost it on him, telling him that a one-dimensional storage strategy of floppies was unacceptable. If he lost those files, his clients would be enraged. Since I do not know much about online data storage for lawyers, I read a few articles I found on Google. A lot of people appear to recommend CoreVault, since a few bar associations, including Oklahoma, officially endorsed them. That is not enough for me. Do any Slashdotters have info on this topic? Do you have any companies you would recommend for online data storage specifically for lawyers? As a lawyer with recognition in NJ, NY, CA, and DC, are there any rules and regulations you know of regarding such online storage he must comply with? I know IT and not law. I am aware this is not a forum for legal advice, but do any IT professionals who work for law firms know about such rules and regulations?"



How to win friends (and new customers) and influence people (wait... are politicians people?)

http://www.pogowasright.org/article.php?story=20090416052030434

Se: ISP sabotages file sharing law

Thursday, April 16 2009 @ 05:20 AM EDT Contributed by: PrivacyNews

Broadband operator Bahnhof has begun destroying the IP address details of its customers in an open and fully legal bid to undermine Sweden's new anti-file sharing laws.

Source - The Local (Sweden)

[From the article:

The new file sharing law is based on the European Union's Intellectual Property Rights Enforcement Directive (IPRED) and allows courts to order internet operators to hand over details that identify suspected illegal file sharers.

As such, the law enables Internet Service Providers (ISPs) to retain the IP addresses of file sharers. But ISPs also remain at liberty to destroy information about their users if they so wish.


How to lose friends and (negatively) influence people.

http://www.pogowasright.org/article.php?story=20090415080553682

UK: Britons lose confidence in insurance company data protection

Wednesday, April 15 2009 @ 08:05 AM EDT Contributed by: PrivacyNews

Recent research undertaken by DQM Group indicates that public confidence in the ability of insurance companies to keep personal data secure has fallen away in the past year. According to the study, only 32.6% of respondents claimed they trusted the insurance industry to look after their personal data. This compares to 62% in 2008 and represents a move from above average to below average, when compared with all sectors.

Source - Insurance Daily



“Surprise, surprise, surprise!” G. Pyle

http://www.pogowasright.org/article.php?story=20090416051600660

N.S.A.’s Intercepts Exceed Limits Set by Congress

Thursday, April 16 2009 @ 05:16 AM EDT Contributed by: PrivacyNews

The National Security Agency intercepted private e-mail messages and phone calls of Americans in recent months on a scale that went beyond the broad legal limits established by Congress last year, government officials said in recent interviews.

Source - NY Times



Wouldn't this fit precisely into the “newspapers are dying” school?

http://www.bespacific.com/mt/archives/021123.html

April 15, 2009

Pew Report - The Internet's Role in Campaign 2008

"Some 74% of internet users--representing 55% of the entire adult population--went online in 2008 to get involved in the political process or to get news and information about the election. This marks the first time that a Pew Internet & American Life Project survey has found that more than half of the voting-age population used the internet to get involved in the political process during an election year. Several online activities rose to prominence in 2008. In particular, Americans were eager to share their views on the race with others and to take part in the online debate on social media sites such as blogs and social networking sites."



For my Computer Security students

http://www.bespacific.com/mt/archives/021116.html

April 15, 2009

Symantec Internet Security Threat Report Volume XIV: April, 2009

"The Symantec Internet Security Threat Report offers analysis and discussion of threat activity over a one-year period. It covers Internet threat activities, vulnerabilities, malicious code, phishing, spam and security risks as well as future trends. The fourteenth version of the report, released April 14, 2009, is now available."



Geeky stuff.

http://books.slashdot.org/article.pl?sid=09/04/15/1327247&from=rss

The Rootkit Arsenal

Posted by samzenpus on Wednesday April 15, @01:53PM from the protect-ya-neck dept. thumbnail

Nicola Hahn writes

"One of the first things I noticed while flipping through this hefty book is the sheer number of topics covered. Perhaps this is a necessity. As the author puts it, rootkits lie "at the intersection of several related disciplines: computer security, forensics, reverse-engineering, system internals, and device drivers." Upon closer inspection, it becomes clear that great pains have been taken to cover each subject in sufficient depth and to present ideas in a manner that's both articulate and well organized. This accounts for the book's girth; it weighs in at roughly 900 pages."

No comments: