Wednesday, July 29, 2009

Indications of a well designed security system! The breach was detected and the target was immediately (almost immediately) shut down. Bravo!

http://www.databreaches.net/?p=6460

Toronto Hydro admits customer data breach

July 28, 2009 by admin Filed under Breach Incidents, Business Sector, Hack, Non-U.S., Of Note

Toronto police have launched an investigation after as many as 179,000 Toronto Hydro customer account numbers were illegally accessed in the company’s e-billing system.

Toronto Hydro says it contacted police early last week after detecting unusual activity in its electronic billing system.

“We saw some unusual activity on our systems, and whenever there is more than the normal use of our system, the system shuts down and notifies IT staff,” said David O’Brien, president and CEO of Toronto Hydro.

“What was being accessed was the file that contained the customer account number, their name and address. We’re very confident it doesn’t go deeper than that, no financial information was obtained,” said O’Brien.

Read more on TheStar.com

[From the article:

O'Brien added that the company was concerned the e-billing information would be used to contact customers to improperly obtain personal financial information or payment by credit card.

… "We think it's an important enough issue for all our customers to be aware of, not just those who were affected," said O'Brien.



But even organizations that are serious about security make “boo-boos”

http://www.wired.com/threatlevel/2009/07/nyse/

Data Detailing New York Stock Exchange Network Exposed on Unsecured Server

By Kim Zetter Email Author * July 28, 2009 | * 1:51 pm

Sensitive information about the technical infrastructure of the New York Stock Exchange’s computer network was left unsecured on a public server for possibly more than a year, Threat Level has learned.

The data, which was removed after Threat Level disclosed the situation to the NYSE, included several directories of files containing logs; server names; IP addresses; lists of hardware; lists of software versions running on the network; and configuration and patch histories, including what patches have not yet been installed.

… The information could allow an intruder to map the NYSE’s network architecture and determine what vulnerabilities exist in the system.



From the “1984 Collection”

http://www.pogowasright.org/?p=2296

CDT report on privacy concerns surrounding “Einstein”

July 28, 2009 by Dissent Filed under Govt, Surveillance, U.S.

The Center for Democracy & Technology today released a report outlining a series of privacy and legal questions that surround the government computer monitoring system known as “Einstein.” The report calls on the Administration to release information about the legal authority for Einstein, the role of the nation’s top spy agency, the National Security Agency, in its development and operation, and the impact of Einstein on the privacy.

CDT’s Report on Einstein Cybersecurity System [PDF], July 28, 2009: http://www.cdt.org/security/20090728_einstein_rpt.pdf

[From the report:

However, Einstein 3, unlike its predecessor, will have the added capability of reading the content of email and other Internet traffic, according to the Wall Street Journal story.


(Related)

http://www.wired.com/dangerroom/2009/07/air-force-on-the-hunt-for-subversive-behavior-online/

Air Force on the Hunt for ‘Subversive’ Behavior Online

By Shelley Dubois Email Author * July 28, 2009 | * 11:51 am

The Air Force’s geek squad wants the technology to monitor government employees’ deviant online behavior. And they want you to build it.

Today, the Air Force issued a call for proposals from small businesses, with this objective: “Define, develop, and demonstrate innovative approaches for determining ‘good’ (approved) versus ‘bad’ (disallowed/subversive) activities, including insiders and/or malware.”



Automated crime does seem to pay. Compare a 3% success rate with an almost zero percent arrest rate.

http://news.cnet.com/8301-27080_3-10298253-245.html?part=rss&subj=news&tag=2547-1_3-0-5

Report finds fake antivirus on the rise

by Elinor Mills July 29, 2009 12:57 AM PDT

Malware posing as antivirus software is spreading fast with tens of millions of computers infected each month, according to a report to be released on Wednesday from PandaLabs.

PandaLabs found 1,000 samples of fake antivirus software in the first quarter of 2008. In a year, that number had grown to 111,000. And in the second quarter of 2009, it reached 374,000, Luis Corrons, technical director of PandaLabs said in a recent interview.

About 3 percent of the people who see the fake warnings fall for it, forking over $50 for an annual license or $80 for a lifetime license, according to Corrons.



What are their lawyers advising?

http://yro.slashdot.org/story/09/07/28/1655240/Real-World-Consequences-of-Social-Networking-Posts?from=rss

Real-World Consequences of Social Networking Posts

Posted by kdawson on Tuesday July 28, @01:47PM from the world-is-watching dept.

gbulmash sends in a classic Streisand Effect story of a Chicago landlord suing a tenant over a tweet complaining of mold in her apartment. The landlord claims that the tweet caused $50,000 damage to their reputation. If it didn't, then the fallout from their own ill-advised lawsuit surely will. The woman's Twitter account is now gone (possibly on advice of counsel), but the tweet that started it all lives on. [Click here to contribute to the Streisand Effect Bob] And in a similar vein, reader levicivita notes a firing over a political comment on a Facebook page.

"Lee Landor, who had been the deputy press secretary to Manhattan Borough President Scott M. Stringer since May, posted comments on her Facebook page criticizing Mr. Gates [Harvard scholar Henry Louis Gates Jr.] and the president, whom she referred to at one point as 'O-dumb-a.' ... The borough president has accepted Ms. Landor's resignation, effective immediately."


(Related) Would this be the equivalent of a male teacher asking the girls to share their diary? No indication of the reason behind this was given

http://www.pogowasright.org/?p=2305

Pearl district sued over alleged Facebook incident

July 29, 2009 by Dissent Filed under Court, Internet, U.S., Youth

The family of Mandi Jackson, a Pearl High School student in Mississippi, is reportedly suing the school district for $50 million, alleging that their daughter is being shunned after a cheerleading coach read e-mails on her Facebook account two years ago and shared the emails with others.

On Sept. 10, 2007, Hill allegedly asked members of the squad to give her their user names and passwords to Facebook, a social networking Web site.

Mandi was sidelined from cheerleading after a coach read an exchange between her and another student that contained profanity — and has allegedly been sidelined ever since.

The family alleges the district violated Mandi Jackson’s constitutional rights to free speech, due process and privacy by reading her e-mails. The family also is accusing the district of defamation of character and cruel and unusual punishment by not allowing her to participate in cheerleading.

Read more in The Clarion Ledger.



What is Apple saying here? “Our iPhones are a threat to National Security unless everyone plays by our rules?” Does the FCC know about this? Did Homeland Security approve putting a WMD in the hands of the public? Should we make Apple recall the iPhone?

http://www.wired.com/threatlevel/2009/07/jailbreak/

iPhone Jailbreaking Could Crash Cellphone Towers, Apple Claims

By David Kravets Email Author July 28, 2009 4:18 pm |

The nation’s cellphone networks could suffer “potentially catastrophic” cyberattacks by iPhone-wielding hackers at home and abroad if iPhone owners are permitted to legally jailbreak their shiny wireless devices — that’s what Apple claims. [If terrorists jailbreak illegally there is no threat? Bob]

The Copyright Office is considering a request by the Electronic Frontier Foundation to legalize the widespread practice of jailbreaking, in which iPhone owners hack their devices to accept software that hasn’t been approved for distribution through the iPhone App Store. Apple made the claim in comments filed last week (.pdf) with the agency.

The company’s filing explained that jailbreaking could allow hackers to altering the iPhone’s BBP — the “baseband processor” software, which enables a connection to cell phone towers.

By tinkering with this code, “a local or international hacker could potentially initiate commands (such as a denial of service attack) that could crash the tower software, rendering the tower entirely inoperable to process calls or transmit data,” Apple wrote the government. [Most likely the tower would reboot. Bob]

… Threat Level had no idea the iPhone was so dangerous. We’re gratified that Apple locked down this potential weapon of mass disruption before hackers could unleash cybarmageddon.

… Apple also claimed that jailbreaking would pave the way for hackers to alter the Exclusive Chip Identification number that identified the phone to the cell tower, which could enable calls to be made anonymously. Apple said “this would be desirable to drug dealers.”


(Related) “Yes, it is probably illegal or immoral, but it allows us to hold onto market share until the government makes us stop.”

http://www.wired.com/epicenter/2009/07/apple-rejects-google-voice/

Apple Rejects Google Voice App, Invites Regulation

By Ryan Singel Email Author * July 28, 2009 | * 1:29 pm

… The official explanation is that these apps duplicate features on the iPhone, but the real reason is that these particular “duplications” strike at the core of the services offered by exclusive U.S. partner AT&T.



Undo reliance or merely user error? Nothing new though, Columbus was looking for India but typed in Indiana.

http://news.yahoo.com/s/nm/20090728/od_nm/us_lost_odd

Tourists miss isle after GPS blunder

Tue Jul 28, 8:36 am ET

ROME (Reuters) – Two Swedes expecting the golden beaches of the Italian island of Capri got a shock when tourist officials told them they were 650 km (400 miles) off course in the northern town of Carpi, after mistyping the name in their GPS.



Forrester needs to revise its methodology. It recognizes that radio and nwespapers have on online and offline component, but isn't treating TV the same way.

http://news.cnet.com/8301-1023_3-10297935-93.html?part=rss&subj=news&tag=2547-1_3-0-5

Overall time spent online remains static

by Dara Kerr July 28, 2009 5:16 PM PDT

The amount of time people spend online has not increased since last year, according to a report released by Forrester on Monday. Perhaps more interesting, however, is the reason for the trend: people's online behavior has changed.

"Engagement with the online channel has deepened," writes Forrester analyst Jackie Anderson. "Web users are becoming savvier and are better multi-taskers. Many know exactly where they want to go when they log in."

The report, titled "Consumer Behavior Online: A 2009 Deep Dive," shows that overall time spent on the Internet has remained at 12 hours per week. This bucks the trend from 2004 to 2007, when Internet use grew significantly.



Tools & Techniques Avoid those pesky RIAA Torrent detectors

http://www.makeuseof.com/dir/hid-im-hide-torrents/

Hid.im: Hide Torrents Inside PNG Images



Tools & Techniques Something for the avid reader. Add these RSS feeds to your Reader and you get notified when new books hit the market!

http://www.makeuseof.com/tag/how-to-track-your-favourite-authors-new-book-releases-online/

How To Track Your Favourite Author’s New Book Releases Online

Jul. 28th, 2009 By Mark O'Neill

… I am a big fan of Fantastic Fiction – my reading list is so huge that FF helps me to keep on top of new releases by the best in the business. But up until now, the only way to check up on each author was to individually go to their FF page.

This as you can imagine was very time-consuming and I silently hoped that one day they would introduce RSS feeds. That hoping seems to have worked as each FF page now has its own unique RSS feed which will alert you to that author’s new book releases.

Using the site is simple.

First, just use the search engine to find the author’s page.

You’ll then be taken to his page and part of the way down, on the right hand side, is a small RSS icon.

Click on the icon and you will be taken to your default RSS reader (mine is Google Reader) and you will then see his new book scheduled for release in a couple of months.

No comments: