http://www.pogowasright.org/article.php?story=20090508040820344
Phished Facebook accounts become spammer's tool
Friday, May 08 2009 @ 04:08 AM EDT Contributed by: PrivacyNews
Cybercriminals who went after Facebook users with a number of phishing attacks last week have now turned around and begun sending spam messages from the Facebook accounts they cracked.
Source - Computerworld
[From the article:
"Some of it points to a site where users are hit with drive-by downloads of adware," he said in an e-mail message. " We’ve started blocking all of this spam this morning, have been deleting it, and resetting the passwords of accounts that sent it." [That would be the users who were phished. Bob]
… but the company won't say how many users have been affected, because that would let the bad guys know how effective its security measures have been. [Let's calculate. If I phish 1000 accounts (a number Facebook can't know) and Facebook blocks 12 accounts, I would calculate that their security measures STINK! Bob]
The comments suggest that the judge could have been a bit more specific in his instructions (and that the commenters don't trust RIAA at all)
http://yro.slashdot.org/article.pl?sid=09/05/07/1627201&from=rss
Court Sets Rules For RIAA Hard Drive Inspection
Posted by Soulskill on Thursday May 07, @01:51PM from the this-far-and-no-farther dept. Privacy Music The Courts
NewYorkCountryLawyer writes
"In a Boston RIAA case, SONY BMG Music Entertainment v. Tenenbaum, the Court has issued a detailed protective order establishing strict protocols for the RIAA's requested inspection of the defendant's hard drive, in order to protect the defendant's privacy. The order (PDF) provides that the hard drive will be turned over to a computer forensics expert of the RIAA's choosing, for mirror imaging, but that only the forensics expert — and not the plaintiffs or their attorneys — will be able to examine the mirror image. The forensics expert will then issue a report which will describe (a) any music files found on the drive, (b) any file-sharing information associated with each file, and any other records of file-sharing activity, and (c) any evidence that the hard-drive has been 'wiped' or erased since the initiation of the litigation. The expert will be precluded from examining 'any non-relevant files or data, including ... emails, word-processing documents, PDF documents, spreadsheet documents, image files, video files, or stored web-pages.'"
What are the strategic issues here? Cost of the laptop and numbers of students certainly. Would a textbook publisher use this to “lock in” their line of e-textbooks? Would Pepsi and Coke bit for the right to design the laptop color scheme?. Could I get rich running a foundation promising to “Give every Colorado school child a computer?”
http://news.slashdot.org/article.pl?sid=09/05/08/1249238&from=rss
South Carolina To Give 1 Laptop Per School Child
Posted by kdawson on Friday May 08, @08:57AM from the begins-at-home dept
ruphus13 sends in an OStatic article outlining the plans of the state of South Carolina, inspired by the One Laptop Per Child project, to provide laptops to local elementary school children.
"The South Carolina Department of Education and the non-profit Palmetto Project have teamed up to get a laptop in the hands of every elementary school student in South Carolina... The OLPC/SC hopes to distribute as many as 50,000 laptops this spring to eligible students. The effort is underwritten and managed by the Palmetto Project, whose mission is to 'put new and creative ideas to work in South Carolina.' While low-performing school districts with limited resources are a special focus for the OLPC/SC, the group is adamant on one point: There are no free laptops. In order to receive a laptop, children need to give a small monetary donation — the project coordinators say a dollar or two is sufficient."
It's not obvious from browsing around the OLPC/SC site what software the XO laptops will be running; but by following links one gets the impression that they will be powered by Linux, not XP.
I know I've posted articles on this before, but I'm just realizing that it would be much simpler if manufacturers built GPS trackers into the cars at the factory. Is that part of the “save the auto industry” deals? Question two: Does this require police to ensure that the driver of the car is the person of interest each time GPS data is recorded? After all “That's not our target” is also something visual surveillance would disclose.
http://www.pogowasright.org/article.php?story=20090507150902758
WI: GPS tracking is not "search and seizure"
Thursday, May 07 2009 @ 03:09 PM EDT Contributed by: PrivacyNews
The District 4 Court of Appeals held that police can secretly attach a GPS to anyone's vehicle without a warrant because GPS tracking does not constitute a "search and seizure." Although their decision was unanimous, even the judges seemed to realize the potential for serious abuse and asked the state legislature to regulate its use.
Source - Associated Press, via Chicago Tribune
Defining Privacy What is Privacy? Is it the sum of all the privacy policies on the Internet? I hope not! Law School Students: Here's an easy and interesting paper – what do the top 100 sites agree on?
http://www.pogowasright.org/article.php?story=2009050715150735
Why Facebook Shut Down the Only Useful App it Ever Had
Thursday, May 07 2009 @ 03:15 PM EDT Contributed by: PrivacyNews
It was inevitable, but we’re still disappointed.
Facebook has shut down the single most useful application ever to grace its tightly restricted platform. The Newsfeed RSS app was built using the recently unveiled Open Stream API, a set of tools developers can use to build apps that let users read, interact with and write to their Facebook stream.
.... According to the restrictions in the new Open Stream API, applications can not cache or otherwise store data. What this means is, according to Facebook, the simple act of keeping track of your friends through RSS is a violation of their privacy.
Source - webmonkey
Defining Privacy
http://www.pogowasright.org/article.php?story=20090508040312959
AU: Commissioner publishes case notes
Friday, May 08 2009 @ 04:03 AM EDT Contributed by: PrivacyNews
The Office of the Privacy Commissioner of Australia has published its first six case notes/rulings for 2009.
As part of Privacy Awareness Week, they have also released the Autumn issue of Privacy Matters.
Source - Case Notes
Phishing for phemales? Do you believe these stats?
http://news.cnet.com/8301-1009_3-10236214-83.html?part=rss&subj=news&tag=2547-1_3-0-5
Women more affected by ID fraud, study finds
by Elinor Mills May 7, 2009 6:00 PM PDT
Women are more affected by identity fraud then men are, according to a new survey that also found that it takes women longer to restore their identities but they also tend to change their behavior afterward.
In a survey of 808 U.S. households, half of which reported fraud, 28 percent of women said they had been victims of identity fraud compared with 21 percent for men.
This corresponds with a report in February from Javelin Research that found that women were 26 percent more likely to be victims of identity fraud than men.
In the latest survey, from fraud protection service provider Affinion Security Center, 17 percent of women said they lost $1,000 or more from the fraud compared 10 percent for the men.
Wholesale destruction. It's not just the odd employee any more. Something for the risk analysis class.
http://it.slashdot.org/article.pl?sid=09/05/08/0349222&from=rss
When Hacked PCs Self-Destruct
Posted by timothy on Friday May 08, @03:26AM from the fate-blesses-you-with-a-chance-to-reinstall dept. Security Windows
An anonymous reader writes
"From The Washington Post's Security Fix blog comes a tale that should make any Windows home user or system admin cringe. It seems the latest version of the Zeus Trojan ships with a command that will tell all infected systems to self-destruct. From the piece: 'Most security experts will tell you that while this so-called "nuclear option" is an available feature in some malware, it is hardly ever used. Disabling infected systems is counterproductive for attackers, who generally focus on hoovering as much personal and financial data as they can from the PCs they control. But try telling that to Roman Hüssy, a 21-year-old Swiss information technology expert, who last month witnessed a collection of more than 100,000 hacked Microsoft Windows systems tearing themselves apart at the command of their cyber criminal overlords.'"
[From the article:
Researchers at the S21sec blog have their own theory: that maybe attackers wield the nuclear option to buy themselves more time to use the stolen data.
Once again Gary Alexander has “discovered” an article ripe with useful information – in this case, it's Security Frameworks.
http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202430431390
Frameworks for IT Security
By Sean Doherty Law Technology News May 5, 2009
[N.B. The IT Governance Institute's "Control Objectives for Information Technology," [FOOTNOTE 9] is a collection of industry best practices to secure an organization's computer and network processes.
… COBIT version 4.1 is available as a free download, but to dive deep into the standard you may need to join the Information Systems Audit and Control Association for a nominal fee.
For the Hacker folder. Remember, these work best in series – put several anonymizers between you and your target.
Anonymouse
This service allows you to surf the web without revealing any personal information. It is fast, it is easy, and it is free!
For the Swiss Army folder?
http://singlefunction.com/converticious/
Converticious
Converticious makes the conversion of units a snap. The newly launched service utilizes the power of Ajax to convert units, hence eliminating the need to reload the page. Categories of units are clearly displayed, and clicking on one will display a list of units, a textbox to enter the value you need to convert, and even a selector of the number of decimals to display.
No comments:
Post a Comment