Sunday, August 02, 2009

Fortunately (for politicians) they can attack anything to make a point. The fact that no one (including the politician) knows quite what the point is remains irrelevant. Toronto Hydro may not be the data protection equivalent of the Tylenol poisoning incident (still THE textbook example of how to defend a brand) but it is good solid security which, unfortunately, put them head and shoulders above the crowd.

http://www.databreaches.net/?p=6486

Methinks he might protest too much

August 1, 2009 by admin Filed under Breach Incidents, Commentaries and Analyses, Government Sector, Hack, Miscellaneous, Non-U.S.

As someone who routinely makes snarky pronouncements about breaches, I was actually impressed by how Toronto Hydro handled their recent data breach. Yet some people were strongly critical.

The facts of the breach, as I currently understand them are that:

  • 179,000 Toronto Hydro customer account numbers were illegally accessed in the company’s e-billing system.

  • Toronto Hydro detected unusual activity in its electronic billing system, and the system automatically shut itself down due to the abnormal activity.

  • So far, it seems that no financial data were accessed, but names, addresses, account numbers, and amount of last bill were accessed.

  • The company is notifying all customers about the incident and not just those whose data were accessed.

So although the system couldn’t prevent the breach, it detected it quickly and shut itself down, the company quickly notified law enforcement, went public with the disclosure, and is notifying everyone. I’d say that’s pretty damned commendable since most people agree that it’s really impossible to prevent all breaches.

Yet at least one consumer protection advocates was highly critical. As The Toronto Star reported:

“It’s a total outrage when the provincial government has been paying lip service to fighting identity theft and a major public utility has exposed close to 200,000 people to that very sort of thing,” said NDP consumer protection critic Peter Kormos in an interview.

“Clearly there have to be some enforceable standards set…to compel bodies like Toronto Hydro so as to protect the information of their customers.”

With standards comes a need for penalties to encourage compliance, added Kormos, a lawyer.

“There have to be consequences for bodies that don’t protect the standards,” the veteran MPP said.

Was the breach due to failure to patch? Or is he assuming that if there is any breach, that the organization was negligent in its security? Why is he so critical when I was actually favorably impressed? What does he think [Oh, huge assumption here Bob] they should have or could have done differently? Mr. Kormos did not respond to a request for clarification on his comments.


(Related) Contrast the previous story with yet another demonstration of the fragility of the Air Traffic system. Here we have politicians who know there is a problem, but see no political advantage in fixing it.

http://deals.venturebeat.com/2009/08/01/defcon-hacker-excuse-me-while-i-change-your-aircrafts-flight-plan/

Defcon air traffic control hacker: Excuse me while I change your aircraft’s flight plan

August 1, 2009 Dean Takahashi

In a scary presentation at the Defcon hacker conference, a security researcher showed how easy it is to compromise the Federal Aviation Administration’s air traffic control system.

Righter Kunkel was careful not to show exactly how to bring aircraft out of the sky. But he showed how its easy to shut down information going into an air traffic control tower, jam radar, submit a fake aircraft flight plan, get recognized as a pilot even if you aren’t a pilot, and stop planes from taking off at an airport.



It always starts innocently. If challenged, they can dismiss it as “an over-enthusiastic clerk.” After a few months, they can state “We've always done it that way!”

http://www.pogowasright.org/?p=2486

Cars.gov lets feds take control of your computer

August 1, 2009 by Dissent Filed under Featured Headlines, Govt, Internet

Say what you want about the Fox News Channel’s Glenn Beck and his antics, but to give credit where credit is due, he exposed some disturbing language from the Obama administration’s “Cash for Clunker” program Web site Cars.gov.

Beck on his July 31 program hosted a segment about the Car Allowance Rebate System (CARS) Web site, also known as “Cash for Clunkers” and demonstrated what a Web browser would encounter when logging on to the system.

[...]

“A warning box comes up, and it says, ‘This application provides to the DoT CARS system. When logged on to the CARS system, your computer is considered a federal computer system and it is property of the United States government,’” Beck read. “‘Any and all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to authorized CARS, DoT and law enforcement personnel, as well as authorized officials of other agencies, both domestic and foreign.’”

Read more on the Business and Media Institute. The video segment from Glenn Beck is currently available on PogoWasRight.org’s home page.



“We can, therefore we must!” “It's for the children!” “If you're a good parent, you have nothing to worry about!”

http://yro.slashdot.org/story/09/08/02/0725224/UK-Plans-To-Monitor-20000-Families-Homes-Via-CCTV?from=rss

UK Plans To Monitor 20,000 Families' Homes Via CCTV

Posted by timothy on Sunday August 02, @05:02AM from the words-fail-but-pictures-deliver dept.

metrix007 points out a story in the Sunday Express with more surveillance-camera madness from the UK, where the government now wants to place 20,000 CCTV cameras to monitor families ("the worst families in England") within their own homes, to make sure that "kids go to bed on time and eat healthy meals and the like. This is going too far, and hopefully will not pass. Where will it end?"

[From the article:

Private security guards will also be sent round to carry out home checks, while parents will be given help to combat drug and alcohol addiction.

Around 2,000 families have gone through these Family Intervention Projects so far.

… He said: “This is pretty tough and non-negotiable support for families to get to the root of the problem. There should be Family Intervention Projects in every local authority area because every area has families that need support.”

But Shadow Home Secretary Chris Grayling said: “This is all much too little, much too late.

… Mr Balls also said responsible parents who make sure their children behave in school will get new rights to complain [in Communist countries, they called it something else Bob] about those who allow their children to disrupt lessons.



Data Analysis A tool for the Telecom industry is a tool for Big Brother?

http://yro.slashdot.org/story/09/08/01/1946208/IBM-Uses-Call-Detail-Records-To-Identify-Friends?from=rss

IBM Uses Call-Detail Records To Identify "Friends"

Posted by timothy on Saturday August 01, @04:37PM from the that's-comforting dept. patents communications ibm privacy

theodp writes

"Big Blue may know what you did last summer. Or at least who you called. In a move out of the NSA's playbook, IBM Research has been scrutinizing the call-detail records of 'one of the largest mobile operators in the world' (PDF). By analyzing who calls whom, and for how long, IBM claims its patent-pending snooping software can now identify circles of 'friends' who tend to exhibit the same profit-threatening behavior. 'We believe that our analysis is a first of its kind that exploits the underlying social network in a telecom call graph,' boasted a team of IBM researchers and a UMD prof. For now, IBM seems to have focused on using the info to see if your friends are churners, so you can be dealt with pro-actively lest you follow their lead and bolt. However, IBM suggests its SNAzzy data mining technology (Social Network Analysis for Telecom Business Intelligence) has a bright future, noting it 'is also capable of analyzing any kind of social network or graph, not just telecom networks.'"



Perhaps Macs aren't as secure as Apple would like us to believe?

http://it.slashdot.org/story/09/08/01/1658258/Apple-Keyboard-Firmware-Hack-Demonstrated?from=rss

Apple Keyboard Firmware Hack Demonstrated

Posted by Soulskill on Saturday August 01, @01:24PM from the qwerty's-revenge dept. security inputdev apple

Anonymouse writes with this excerpt from SemiAccurate:

"Apple keyboards are vulnerable to a hack that puts keyloggers and malware directly into the device's firmware. This could be a serious problem, and now that the presentation and code (PDF) is out there, the bad guys will surely be exploiting it. The vulnerability was discovered by K. Chen, and he gave a talk on it at Black Hat this year (PDF). The concept is simple: a modern Apple keyboard has about 8K of flash memory, and 256 bytes of working RAM. For the intelligent, this is more than enough space to have a field day. ... The new firmware can do anything you want it to. Chen demonstrated code which, when you put in a password and hit return, starts playing back the last five characters typed in, LIFO. It is a rudimentary keylogger; a proof of concept more than anything else. Since there is about 1K of flash free in the keyboard itself, you can log quite a few keystrokes totally transparently."



Perhaps renewable energy IS a threat to the old school...

http://hardware.slashdot.org/story/09/08/01/1350208/Electric-Company-Wants-Monthly-Fee-For-Solar-Users?from=rss

Electric Company Wants Monthly Fee For Solar Users

Posted by Soulskill on Saturday August 01, @10:21AM from the also-working-on-a-candle-penalty dept. power money

7-Vodka writes

"Xcel Energy customers who have their own solar panels are worried about a new fee being proposed by the company. A monthly fee to pay for transmission and distribution of energy would be charged to customers who have solar panels, irrespective of their energy use for the month. An Xcel Energy spokesman said the fee is to ensure that regular customers don't subsidize the 'connectivity fees' for the solar panel customers who don't pay when they generate as much as they use. When pressed, the spokesman admitted that nobody actually pays a 'connectivity fee,' yet they wanted to prevent the mooching from occurring in the future (presumably when they hit everyone with such a fee). He also called the absence of a connectivity fee for solar customers a 'double subsidy' because many solar customers receive rebates to install the panels."


(Related) If this program had been limited to hybrid or electric vehicles it would never have been this successful. (I wonder if it is creating an “automobile bubble” when consumers who couldn't afford to replace their old cars are now being offered new car loans. Perhaps the $4500 credit applied to a down-payment will be sufficient to keep the loan from going underwater?)

http://tech.slashdot.org/story/09/08/02/0441231/Cash-For-Clunkers-Program-Runs-Out-of-Gas?from=rss

"Cash For Clunkers" Program Runs Out of Gas

Posted by timothy on Sunday August 02, @08:08AM from the spend-all-you-want-they'll-print-more dept. transportation money usa politics

Ponca City, We love you writes

"The Washington Post reports that Transportation Secretary Ray LaHood has called members of Congress to inform them that the 'cash for clunkers' program will be suspended because the program has run out of money, and congressmen say they intend to ask the Obama administration to divert some funding from the existing economic stimulus package to maintain a scheme that they see as genuinely stimulative. 'Clearly, this has been a very stimulative program that's got consumers back into the car market. It's our hope that possibly more funds can be made available,' says Cody Lusk, president of the American International Automobile Dealers Association."

If there is more funding, though, a report on CNET says it may come out of money to have been set aside for renewable energy loans by the US government.



Is running a highly profitable “dot com” sufficient training for running a bankrupt state?

http://news.cnet.com/8301-13578_3-10301482-38.html?part=rss&subj=news&tag=2547-1_3-0-5

Whitman leads in cash for Calif. governor race

by Michelle Meyers August 1, 2009 11:43 AM PDT

California's gubernatorial primary is still 10 months away, but the multimillion-dollar race for campaign cash has already picked up a quick pace, with former eBay CEO Meg Whitman at the front of the pack.

It's no surprise that the billionaire Internet exec, who has never held elected office, has lots of money in the bank to spend on her campaign. According to a tally Saturday, she has some $19 million in cash available--and that's after spending $6.1 million to get her campaign operations up and running. It's also after she contributed first $4 million, then $15 million of her own money to the race.



Download a free copy of Ubuntu and install it for dual boot and away you go! (Interesting that Microsoft is advertising on the Ubuntu Guide download site...)

http://www.makeuseof.com/tag/5-downloadable-books-to-teach-yourself-linux/

5 Excellent Downloadable eBooks To Teach Yourself Linux

Aug. 1st, 2009 By Varun Kashyap



Definitely worth twice the price!

http://www.makeuseof.com/dir/universityofthepeople-free-online-university/

University Of The People: Tuition-Free Online University

University of the People (UoPeople) is the first tuition-free online university and is backed by United Nations Global Alliance for Information and Communication Technology and Development (GAID). UoPeople is non-profit organization and aims to provide higher eduction to people in all countries regardless of their financial means and geographical location.

It uses open-source technology and courseware and incorporates peer-to-peer teaching methods where students form online study groups and help each other with homework assignments and exam preparation. To apply you must have a high-school diploma and sufficient level of English.

www.uopeople.org

  • Fees: $15-50 for enrollment and $10-100 for exams, with students from poorer countries paying lower fees

  • All fees are waived for 2009 Fall semester

No comments: