Wednesday, June 10, 2009

The mystery deepens, the plot thickens, the hack evaporates? Note that they are careful not to say :Our security is perfect.” That would be a major challenge to hackers.

http://www.databreaches.net/?p=5534

T-Mobile Hacked? Yes. Maybe. No.

June 9, 2009 @ 8:00 pm by admin Filed under: Breach Incidents, Business Sector, U.S.

It’s been a confusing few days for those trying to understand what T-Mobile press releases were really saying about what they found when they investigated claims on the Full Disclosure mail list. Their somewhat terse statements led some of us to conclude that they were saying that they had some evidence of data theft, while others had headlines blaring that the company had confirmed it was hacked. Now it turns out that they are saying no hack, no breach.

Kudos to Bob McMillan of IDG News Service, who managed to get a clearer statement from the company. To cut to the chase from his story:

The hackers did manage to get legitimate T-Mobile data, but they didn’t do it by hacking into the company’s network, the company said. “The document in question has been determined to be a T-Mobile document though there is no customer information contained in the document,” the company said in a statement. “There is no evidence to indicate that the T-Mobile security system was hacked into nor any evidence of a breach.”



Is this now a normal cost of doing business?

http://www.databreaches.net/?p=5506

Class action lawsuit filed over Aetna hack (updated)

June 9, 2009 @ 8:29 am by admin Filed under: Breach Incidents, Hack, Healthcare Sector, U.S.

Courthouse News Service reports that a class action claim has been filed against insurance giant Aetna as a result of the recent security breach in which hackers gained access to personal information about 450,000 employees, former employees and potential employees. At the time, Aetna stated that the incident exposed the SSN of approximately 65,000 people.

The plaintiff is Corneilus Allison of Pennsylvania. Allison is a former employee of Aetna who had used the web site in January to apply for another position and was subsequently notified of the breach. Allison is represented by Sherrie Savett with Berger & Montague.

The lawsuit (pdf), which was filed in U.S. District Court for the Eastern District of Pennsylvania, alleges negligence, breach of implied contract, negligent misrepresentation, and invasion of privacy.

At the time of Aetna’s announcement of the breach, the only known misuse of the information appeared to be that some people received phishing attempts. It is not known at this time whether data were misused in any other way, and the claim does not include any information that would suggest that the plaintiff is aware of any ID theft or misuse other than the previously reported phishing attempts.

Previous class action lawsuits have generally not been successful, with courts dismissing suits against Wells Fargo, Acxiom, and Hannaford Bros. in the absence of showing of unreimbursed financial harm to plaintiffs.

Neither Allison’s attorney nor Aetna were available for comment on the lawsuit at the time of this publication.

Update: I received the following statement from Aetna spokesperson Cynthia Michener:

Aetna did the right thing by proactively notifying people about this incident and offering free credit monitoring, even though our independent IT security consultant has not determined that any information was accessed beyond email addresses. It’s unfortunate that we’re being sued for acting with integrity and honesty.



If you can warp their little minds while they are young, you've got them for life. (A conspiracy theorist might suggest that this is the government's way of “persuading” their citizens that they need to monitor all Internet communications to catch these bad guys. A security manager would suggest they merely have lousy security.)

http://www.backup-technology.com/hundreds-of-uk-government-school-university-websites-hacked/

Hundreds of UK Government, School & University Websites Hacked

June 9th, 2009

Hundreds of websites operated by the UK government appear to have been hacked to include links and references to illicit websites selling viagra, hardcore pornography, cialis and other dubious products.

The hacked sites, which include primary schools, universities, the DSA, Forestry Commission and various local government websites and forums, have fallen victim to a variety of exploits including cross site scripting and hackers exploiting loopholes in badly designed and outdated software.

The hacks present considerable danger to innocent members of the public who find these infected web pages via search engines or spam emails. Users trust .gov.uk websites and happily click through to the page only to have their PC infected with spyware or a virus or redirected to a website selling viagra or cialis.

… The problem doesn’t restrict itself to .gov.uk domains - we found an even bigger issue with .ac.uk websites which are reserved for academic institutions such as universities and colleges.

… Perhaps even worse than this is the hacking of primary and secondary school websites which students are actively encouraged to visit. We found that over 30 domains had been infected with content that could direct children away from the safety of a school site to a third party site owned by the hacker. This could host spyware and all manner of adult content.



Too monopolistic?

http://news.cnet.com/8301-1023_3-10261580-93.html?part=rss&subj=news&tag=2547-1_3-0-5

Reports: DOJ steps up Google Books settlement probe

by Steven Musil June 9, 2009 8:05 PM PDT

The Justice Department appears to be stepping up its antitrust probe of Google's settlement last year of a class-action lawsuit filed by groups representing authors and publishers, according to reports in The New York Times and The Wall Street Journal.



Another Outer Limits (“We control you video”) action by Comcast. What else will they choose to “eliminate?” (Comments suggest this isn't happening.)

http://tech.slashdot.org/story/09/06/09/1731238/Comcast-Intercepts-and-Redirects-Port-53-Traffic?from=rss

Comcast Intercepts and Redirects Port 53 Traffic

Posted by kdawson on Tuesday June 09, @02:11PM from the why-we-need-ipv6 dept. networking internet

An anonymous reader writes

"An interesting (and profane) writeup of one frustrated user's discovery that Comcast is actually intercepting DNS requests bound for non-Comcast DNS servers and redirecting them to their own servers. I had obviously heard of the DNS hijacking for nonexistent domains, but I had no idea they'd actually prevent people from directly contacting their own DNS servers."

If true, this is a pretty serious escalation in the Net Neutrality wars. Someone using Comcast, please replicate the simple experiment spelled out in the article and confirm or deny the truth of it. Also, it would be useful if someone using Comcast ran the ICSI Netalyzr and posted the resulting permalink in the comments.



Doesn't this make you all warm and fuzzy. See what happens while we waste time arguing over Darwin?

http://news.slashdot.org/story/09/06/09/2014239/China-Dominates-In-NSA-Backed-Coding-Contest?from=rss

China Dominates In NSA-Backed Coding Contest

Posted by kdawson on Tuesday June 09, @05:23PM from the now-to-get-the-security-clearance dept. education security

The Narrative Fallacy writes

"With about 4,200 people participating in a US National Security Agency-supported international competition on everything from writing algorithms to designing components, 20 of the 70 finalists were from China, 10 from Russia, and 2 from the US. China's showing in the finals was helped by its large number of entrants, 894. India followed at 705, but none of its programmers was a finalist. Russia had 380 participants; the United States, 234; Poland, 214; Egypt, 145; and Ukraine, 128. Participants in the TopCoder Open was open to anyone, from student to professional; the contest proceeded through rounds of elimination that finished this month in Las Vegas. Rob Hughes, president and COO of TopCoder, says the strong finish by programmers from China, Russia, Eastern Europe and elsewhere is indicative of the importance those countries put on mathematics and science education. 'We do the same thing with athletics here that they do with mathematics and science there.'"



Seems like today is economic reporting day...

http://games.slashdot.org/story/09/06/09/2038248/How-Much-Money-Do-Free-To-Play-MMOs-Make?from=rss

How Much Money Do Free-To-Play MMOs Make?

Posted by Soulskill on Tuesday June 09, @06:17PM from the insert-coin-for-funny-hat dept. pcgames money games

simoniker writes

"Over at Gamasutra, a new feature article discusses how much money free-to-play MMO games make, with specific real-world stats from game developers willing to discuss how they make money with microtransaction-based PC games. In particular, Puzzle Pirates co-creator Daniel James reveals that 'the average revenue per user (ARPU) is between one and two dollars a month, but only about 10% of his player base has ever paid him anything. As a result, he says, approximately 5,000 gamers are generating the $230,000 in revenue he sees each month.' It's obviously quite a different model from the regular $15/month for World Of Warcraft, but it evidently works for some companies."


Related

http://news.cnet.com/8301-17852_3-10261593-71.html?part=rss&subj=news&tag=2547-1_3-0-5

Craigslist revenue flirting with $100 million, report says

by Chris Matyszczyk June 10, 2009 4:14 AM PDT

If your children ask you what profession they should go into when they grow up, tell them "relative non-commerce."

You see, according to a study in the Classified Intelligence Report, a publication of the AIM Group, a media and Web consultancy organization, Craigslist's 2009 revenue is projected to rise above $100 million.

The New York Times reported that the AIM Group regards the conclusions of its study, which show a projected 23 per cent revenue increase over last year, as "conservative." AIM Group counted how many paid ads there on Craigslist in a given month and then calculated what this might mean on an annual basis.



Take it with you on your thumb drive.

http://www.makeuseof.com/tag/liberkey-200-portable-software-wherever-you-go/

Liberkey: 200+ Portable Apps Wherever You Go [Windows]

Jun. 9th, 2009 By Leon

Liberkey (probably a play off of liberty, heh) is a freely downloadable program that groups a lot of portable apps together to make life that much simpler for people who need simplicity.

http://www.liberkey.com/en/



Instant handouts? Imagine the joy of skimming through my blog to select all (Okay, both) the humorous comments.

http://www.killerstartups.com/Web-App-Tools/zinepal-com-create-printable-magazines-ebooks

Zinepal.com - Create Printable Magazines & eBooks

http://www.zinepal.com/

This is a new service that will enable you to create your very own printable magazine taking any kind of online content as the basis. That is, you provide a blog or feed URL and then select the content that you want to use for the magazine. Alternatively, you can add content from any website, and even from Technorati search results in a similar fashion.

On the other hand, the zines that have been created by others can be procured and read through the site since you can provide keywords and see what comes up. Moreover, if you like the zines that a user has created it is always possible to receive their new zines the moment they are published.

Needless to say, busy readers looking for the best of the web and those who wish to read online content offline are going to make the best out of Zinepal. Besides, individuals like journalists and editors can use it to crawl alternative media. If any of these definitions apply to you, it might be a good idea to check the site out.


Related

http://www.makeuseof.com/dir/loopapps-pdf-utility/

LoopApps: Multi-Functional PDF Utility

LoopApps is a new web based PDF utility that performs a number of tasks. First, it converts your two or more PDF files or other documents into a combined single document. Second, it converts other file types into PDFs and third, it produces combined PDFs of any URL or URLs you enter.

Check out LoopApps @ apps.drawloop.com/loop/upload

Similar tools: MergePDF, SplitMergePDF, HTML to PDF Converter and PDF Generator

No comments: