Friday, April 10, 2009

Twisting a simple investigation

http://www.databreaches.net/?p=2909

Prosecuting the Mitsubishi UFJ case: what’s the crime?

April 10, 2009 by admin Filed under: Financial Sector, Insider, Non-U.S., Unauthorized Access

The Yomiuri Shimbun has an article on the Mitsubishi UFJ breach reported earlier this week that suggests difficulties the prosecutors may face.

In this case, a (now-former) employee allegedly used a co-worker’s credentials to access a database to which he already had authorized access. Using the co-worker’s credentials, he accessed and copied data on 1,486,651 clients onto a CD, and then e-mailed data on 49,159 clients from his home computer to three personal list dealers, receiving 328,000 yen ($3,272.11) for the records. When he came under suspicion in March, he reportedly turned the CD over to the company. And therein may lie the prosecutorial rub:

Under the law regulating illegal access to information via computer networks, it is not considered illegal for an individual with the right to access certain information to take this information with them in another form. However, it bans individuals accessing such information using somebody else’s ID or other personal data without permission.

So there may be no charges of data theft, and had he used his own credentials, he might not be facing any charges at all? As it is, he faces up to one year in jail and a $5,000.00 fine, because using his colleague’s credentials made the situation “unauthorized access.”

When a similar situation occurred here in the Certegy breach, the employee faced up to 10 years in prison.

If any reader has some expertise on Japanese law, feel free to comment: is there really so little criminal prosecution and penalty for stealing and selling personal information?



Can a Privacy Policy actually protect Macy's customer data? Wouldn't “We've already notified our customers.” be a better response?

http://www.pogowasright.org/article.php?story=2009040910572510

Macy’s Cites Privacy In Fighting D.A.’s CRM, POS Subpoena

Thursday, April 09 2009 @ 10:57 AM EDT Contributed by: PrivacyNews

Fighting a subpoena for CRM and POS data from the Los Angeles District Attorney, Macy's attorneys are arguing that privacy expectations prevent them from revealing the names of their customers who purchased children's jewelry made with potentially toxic lead. The D.A. argues that it needs the names so that the consumers can be contacted to try and stop the health threat.

Source - StorefrontBacktalk



See, it's not just us second-class citizens... (Commenters are for breaking the system to Google-map the best donut places...)

http://tech.slashdot.org/article.pl?sid=09/04/09/1526254&from=rss

Norfolk Police Officers To Be Tagged To Improve Response Times

Posted by samzenpus on Friday April 10, @01:42AM from the car-54-I-know-exactly-where-you-are dept.

Police in Norfolk, England already have tracking units, The Automatic Vehicle Location System, installed in their cars that allow a control room to track their exact locations. Later this year a similar system will be attached to individual police radios to allow controllers to monitor the position of every frontline officer. Combined with equipment that can pinpoint the locations of 999 callers, the system will allow the force to home in on "shouts" to within yards. The system also lets operators filter a map showing the location of its vehicles and constables to reveal only those with the skills needed for a specific incident, like the closest officer with silver bullets during a werewolf attack.



Today's reading seems to be dominated by “The emperor has no clothes” types of stories. A global community pointing to assertions by management or governments and saying “That's nonsense!” (and sometimes using stronger language.)

http://blog.wired.com/business/2009/04/time-warner-cab.html

Time Warner Cable Earnings Refute Bandwidth Cap Economics

By Ryan Singel April 09, 2009 4:50:55 PM

UPDATE: Since this article was first published, Time Warner Cable has updated its pricing scheme.

Time Warner Cable is pushing some fuzzy math to justify its controversial plan to ditch flat-rate broadband subscriptions in favor of a metered approach that effectively charges customers by the bit.

The company claims its capped rates are fairer than flat rates because people who use less bandwidth stand to get a break as the company shifts its costs to others who use the network more.

There is only one small problem: A close look at Time Warner Cable's books shows no significant link between its high-speed data costs and network usage.

… So why does Time Warner Cable care so much about bandwidth caps? One reasonable theory making the rounds is that bandwidth itself is a red herring, and the real concern is cannibalization. As more broadband customers shift video viewing to the web, cable companies fear a steep drop in TV revenues. Bandwidth caps may not make sense as a cost-saving move for Roadrunner, but they might look tempting to cable executives hoping to save cable TV.


Interesting article. Is there enough here to get my students debating surveillance (keep them awake)?

http://blog.wired.com/business/2009/04/little-brother.html

Little Brother Is Watching You

By Wired Staff April 09, 2009 9:49:01 AM

LONDON — When London's mobile CCTV cameras were shut down by a legal ruling two days before the G20 protests in London, conspiracy theorists suggested that the blackout had been contrived so that the police could be let off the reins. Without CCTV, there would be no record of official wrongdoing.

It was a neat theory, but naively old-fashioned in its assumption that the state had a monopoly on surveillance.

… We've grown used to the idea that amateur footage will trump the professionals in the moments after air crashes, floods and fires, but we haven't yet grasped what that does to the balance of power between the state, the media and the individual.

 Surveillance is still talked of as something done to us by them, but increasingly it's something done to everyone by everyone else. What that means for the authorities is that they can no longer control the flow of information about their actions.

… The story brings to mind Cory Doctorow's novel, Little Brother, which examines how smart, tech-savvy individuals can level the playing field against agents of the state by using their own understanding of digital tools to subvert and confront them. [A free e-book for my hacker friends. Bob]


Related. Sometimes your surveillance is exactly what you feared.

http://news.cnet.com/8301-17852_3-10216518-71.html?part=rss&subj=news&tag=2547-1_3-0-5

Florida woman watches home burglarized live on Web

by Chris Matyszczyk April 9, 2009 4:08 PM PDT

… Jeanne Thomas, 43, put her live feed in last October when her home was burglarized. Which turns out to have been a peculiarly clairvoyant decision.

… The police, having appeared, as police should do, right at the end of the movie, sped back to their place of work and put Ms. Thomas' video on YouTube.


Related. CyberCivilWar? This didn't take long.

http://blog.wired.com/defense/2009/04/activist-charge.html

Activist Charged for Inciting 'Twitter Revolution' (Updated)

By Nathan Hodge April 09, 2009 9:54:00 AM

A Moldovan activist faces criminal charges for organizing demonstrations that were enabled by social networking tools like Twitter and Facebook, the Russian press reports.


Almost related? Paranoia is good up to a point.

http://news.slashdot.org/article.pl?sid=09/04/10/1320211&from=rss

Slashdot Mentioned In Virginia Terrorism Report

Posted by kdawson on Friday April 10, @09:19AM from the true-americans dept.

megamerican alerted us to a leaked document (PDF) from a Virginia Fusion Center titled "2009 Virginia Terrorism Threat Assessment." The document is marked as "Law Enforcement Sensitive," not to be shown to public. Citizens for Legitimate Government has a write-up. Slashdot gets a mention on page 45 — not as a terrorist organization itself, but as one of the places that member of Anonymous may hang out:

"A 'loose coalition of Internet denizens,' Anonymous consists largely of users from multiple internet sites such as 4chan, 711chan, 420chan, Something Awful, Fark, Encyclopedia Dramatica, Slashdot, IRC channels, and YouTube. Other social networking sites are also utilized to mobilize physical protests. ... Anonymous is of interest not only because of the sentiments expressed by affiliates and their potential for physical protest, but because they have innovated the use of e-protests and mobilization. Given the lack of a unifying creed, this movement has the potential to inspire lone wolf behavior in the cyber realms."

According to the report, cell phones and digital music players have been used to transfer plans related to criminal activity, and therefore presumably could be grounds for suspicion. Podcasting is also suspicious.



For the lawyers representing my hacker students. So this wasn't a violation of DMCA?

http://blog.wired.com/27bstroke6/2009/04/dmca-coupon-fla.html

DMCA Coupon Flap Ends — Nobody 'Won'

By David Kravets April 09, 2009 6:06:08 PM

A federal judge on Thursday rejected an online coupon-generating company's bid to reopen a copyright infringement lawsuit against a North Carolina man who posted commands allowing users to print an unlimited number of valid coupons.

… Ironically, Coupons recently filed the secret settlement (.pdf) with the court without sealing it. It says each side agrees to release the other from any litigation.



One of the conundrums of marketing – customers don't want to pay for new technology. So new technology is frequently offered without the “extra expense” of security or privacy.

http://www.pogowasright.org/article.php?story=20090409132036988

U.S. Consumers Leary of Security and Privacy with Mobile Banking, Says KMPG

Thursday, April 09 2009 @ 01:20 PM EDT Contributed by: PrivacyNews

U.S. consumers believe mobile banking is important but do no not want to pay for it and also are wary of using their mobile devices such as cell phones, smartphones, and personal digital assistants (PDAs) for financial transactions and online banking, according to results of a survey conducted by KPMG LLP, the audit, tax and advisory firm.

Source - Wireless and Mobile News Related - KPMG Press Release (pdf)



The wise manager reads audit reports from similar organizations and similar functions because his auditors are going to be asking the same questions.

http://www.pogowasright.org/article.php?story=200904090747111

AU: WA Auditor General finds personal information badly handled

Thursday, April 09 2009 @ 07:47 AM EDT Contributed by: PrivacyNews

THE WA Auditor General has found widespread deficiencies in the way sensitive personal information is handled in government agencies.

The Auditor General’s two-part Information Systems Audit Report, tabled in Parliament today, gives a wake-up call to all government agencies that handle personal and sensitive information.

Source - {erth Now Related - Information Systems Audit Report



Politicians will no doubt try to “solve” this by requiring all citizens to be available for drug tests 24/7/365 (except politicians of course)

http://www.pogowasright.org/article.php?story=20090409104903777

EU says athletes' doping rules breach privacy

Thursday, April 09 2009 @ 10:49 AM EDT Contributed by: PrivacyNews

The European Union says the regulations enforced by the World Anti-Doping Agency (WADA) breach privacy guidelines. WADA demands that athletes be available for drugs tests 24 hours a day throughout the year. This causes problems for athletes and for sporting organisations.

Source - Radio Netherlands



CyberWar? Remember the article claiming that China, Russia and (probably many) others had hacked the US infrastructure? Apparently labor unions have too. Will this be ignored as just another “negotiating tactic” or will Homeland Security treat it as a terrorist act?

http://sandbox.bitgravity.com/blog/2009/04/09/destroy-the-internet-with-a-hacksaw/

Destroy the Internet with a hacksaw?

Thursday, April 9th, 2009 at 10:54 am

This morning many people in Silicon Valley woke up without 911 service, Internet, cellular phones, and in some cases TV. Web sites were impacted and Internet traffic between a few major datacenters stopped flowing. Several of our employees were cut off from the Internet and phone service.

AT&T put out a press release stating that there was a fiber cut, but to make this happen, there had to be several cuts. According to several employees that work at AT&T, it may have been done by the very people that repair this stuff, the Communication Workers of America Union (CWA).



For my Computer Forensics class. Nothing new here – it's an old analyst's trick.

http://www.pogowasright.org/article.php?story=20090409074022858

Software improves p2p privacy by hiding in the crowd

Thursday, April 09 2009 @ 07:40 AM EDT Contributed by: PrivacyNews

Researchers at the McCormick School of Engineering and Applied Science at Northwestern University have identified a new "guilt-by-association" threat to privacy in peer-to-peer (P2P) systems that would enable an eavesdropper to accurately classify groups of users with similar download behavior. To thwart this threat, they have released publicly available, open source software that restores privacy by masking a user's real download activity in such a manner as to disrupt classification.

Source - PhysOrg.com hat-tip, Schneier on Security



For the White Hat Hacker Club. Build an 'off the grid' phone system!

http://www.pocketgadget.org/2009/04/07/turn-your-ipod-touch-into-an-iphone-almost/

Turn your iPod Touch into an iPhone (almost)

April 7, 2009 at 6:16 pm · Filed under USB gadgets, electronic gadgets, groundbreaking gadgets, hacking and modding, timesavers · Posted by Dave

… The great news is that besides having to spend a bit of cash on your microphone solution, all the software used in this tutorial to give your snazzy iPod Touch the functionality of the iPhone is totally free.



Now this is interesting! Learn how to save money (or as my wife says, be really really cheap)

http://digg.com/tech_news/I_Used_to_Blank_But_Now_I_Blank_Free_on_the_Net

I Used to (Blank), But Now I (Blank) Free on the Net

lifehacker.com — A chain of "FrugalFilter" ideas on Metafilter comes from filling in the blanks. e.g. "I used to buy blank CDs to back up my data, but now I use the 2GB free storage/backup system at Mozy" or "I used to fail to ever get a database working in MS Access, now I use Zoho Creator." Junior High jokes aside, it's an intriguing read.

http://ask.metafilter.com/118881/Best-free-services-online



This could be useful (I'll need to fiddle a bit to be sure)

http://www.killerstartups.com/Search/ambiently-com-turn-each-webpage-into-a-search-engine

Ambiently.com - Turn Each Webpage Into A Search Engine

http://ambiently.com/

Ambiently touts itself as the first discovery engine on the WWW. What does that exactly mean? Well, it basically means that instead of answering a search query with a string of web links it will provide you with direct web links from the webpage that you are located in, without having to type anything.

In order to use it, all you have to do is install the provided bookmarklet by dragging and dropping the button which can be found on the main page. Firefox, Safari and Chrome and fully supported along with Explorer, and although dragging and dropping the button should not be a problem three different tutorials are provided to ensure nothing goes wrong.

The main advantage that this site has over search engines is that it is much simpler – you don’t have to dream up a query to fire up the search, you simply click on the Ambiently button to come across related links.



Always looking for shortcuts, this might be very useful to my website students.

http://www.killerstartups.com/Web-App-Tools/file2-ws-convert-any-file-into-a-website

File2.ws - Convert Any File Into A Website

http://www.file2.ws/

This is a new, free service that plays out a concise yet very useful role. In essence, it will let you upload any file and have it transformed into a webpage that anybody can visit.

… It is obviously not going to be converted into a fully-fledged webpage with all the features and functionalities that one expects to see in an online resource, but it will be accessible by all your friends and peers.

The full list of files you can upload to be converted is detailed online. This list includes audio and photo files, programming source code and documents of every kind.

… The one limitation you have to comply with is that files should not exceed 15 MB.

No comments: