Monday, August 17, 2009

Gibberish is as gibberish does. “Allow me to explain, when we deezle the frum, kassele is a natural result.” It's just so technical!

http://www.databreaches.net/?p=6724

MP’s password accidentally leaked

August 17, 2009 by admin Filed under Breach Incidents, Exposure, Government Sector, Non-U.S.

Dizzy of the Dizzy Thinks blog was searching on Google for information on an article by Gisela Stuart MP for Birmingham Edgebaston and found a lot more than he expected. The results returned a link to an entry on the MP’s own web site which included her user name and password for managing the sites CMS.

According to the web design company responsible, the messages were the result of a data migration from a previous system resulting in the creation of twenty five rogue entries.

Read more on The H. Thanks to Brian Honan for this link.

[From the article:

The company says that the passwords were not valid on the new system, but that they had instituted an immediate security review to ensure such credential leaks do not occur again.

[From the Blog:

I called Gisela Stuart's Parliamentary office, then her constituency office, then handily I spotted the web design company was linked on the site so called them, The Social Media Partnership.

They took the matter seriously and have fixed it and changed the login credentials in less than half an hour - good work. [If they were invalid, why change them? Why not just delete them? Bob]



Ubiquitous Surveillance Everyone hates/fears/distrusts sex offenders, so they make a perfect test population. GPS monitoring is also used for “house arrest” and others not kept locked up. (and for cell phones, passports, drivers licenses, and the fillings in your teeth.)

http://www.pogowasright.org/?p=2864

Determining anchor points for sex offenders using GPS

August 17, 2009 by Dissent Filed under Govt, Surveillance

The California Department of Corrections and Rehabilitation (CDCR) has begun tracking more than 6,000 sex offender parolees by using global positioning system (GPS) anklets. Sex offender parolees are allowed to travel only through certain areas and must keep away from other people. The GPS device lets parole agents know when parolees are somewhere they should not be by logging GPS coordinates every minute and sending coordinates to a central server every 10 minutes. This information about parolee location is compared to law enforcement incident data through crime-scene correlation reports. Regular e-mail reports keep analysts notified of any incidents that are close to an offender’s tracks in time and space. The features are accessible through an online mapping application, and analysts can review a parolee’s GPS data for up to 4 hours at a time, or view data in real time (with a 15- minute delay). [No doubt to protect their “Privacy” Bob]

Read more on Corrections.com

[From the article:

Parolees must charge the anklet twice a day, [Batteries? Bob] and parole agents must respond to notifications if the parolee enters or leaves an inclusion zone during the prescribed times. Furthermore, the parole agent must keep track of a parolee’s location in relation to new crimes and discuss any possible infractions with the parolee. This keeps the parolee notified that his or her movements are being watched.



A simple example of the Dossier Problem. If our personal information is scattered in many databases on many sites, our perception is that no one would bother to make the effort to find it. Collect all that information in one place and you're a terrorist.

http://yro.slashdot.org/story/09/08/16/1146242/Woman-With-Police-Monitoring-Blog-Arrested?from=rss

Woman With Police-Monitoring Blog Arrested

Posted by Soulskill on Sunday August 16, @09:29AM from the there-are-better-hobbies dept.

Kris Thalamus writes

"The Washington Post reports that a Virginia woman is being held in custody by police who allege that information she posted on her blog puts members of the Jefferson area drug enforcement task force at risk. 'In a nearly year-long barrage of blog posts, she published snapshots she took in public of many or most of the task force's officers; detailed their comings and goings by following them in her car; mused about their habits and looks; hinted that she may have had a personal relationship with one of them; and, in one instance, reported that she had tipped off a local newspaper about their movements. Predictably, this annoyed law enforcement officials, who, it's fair to guess, comprised much of her readership before her arrest. But what seems to have sent them over the edge — and skewed their judgment — is Ms. Strom's decision to post the name and address of one of the officers with a street-view photo of his house. All this information was publicly available, including the photograph, which Ms. Strom gleaned from municipal records.'"



Suspicions confirmed! Not a tech problem, but the requirement to allow third party audit seems to be a deal breaker...

http://it.slashdot.org/story/09/08/17/0438207/Amazon-Confirms-EC2S3-Not-PCI-Level-1-Compliant?from=rss

Amazon Confirms EC2/S3 Not PCI Level 1 Compliant

Posted by timothy on Monday August 17, @02:31AM from the division-of-resources dept.

Jason writes

"After months of digging though speculation and polar opposite opinions from PCI experts, I finally sent a direct request to Amazon's AWS sales team asking if they are in fact PCI compliant and will provide documentation attesting that they are as is required by PCI guidlines. I fully expecting them to dodge the question and refer me to a QSA, but to my relief, they replied with a refreshingly honest and absolute confirmation that it is currently impossible to meet PCI level 1 compliance using AWS services for card data storage. They also very strong suggest that cardnumbers never be stored on EC2 or S3 as those services are inherently noncompliant. For now at least, the official verdict is if you need to process credit cards, the Amazon cloud platform is off the table."



Marketing Department Law. Any hacker knows, the trick is to use a neighbor's unsecured wireless connection to download anything likely to be traced by “those who sue”

http://www.pogowasright.org/?p=2855

UK Gov to prosecute parents of file sharers

August 17, 2009 by Dissent Filed under Featured Headlines, Internet, Legislation, Non-U.S.

The UK’s Peter Mandelson says that parents and other internet account holders must pay for illegal downloads of copyright material. But, in a move typical of the Labour party’s pandering to vested interests and potentially large supporters, the rights will be enforced in favour of the film and music industries. Independent producers of other copyright materials will be left out in the cold.

The move has dubious legality in any case: in principle, it is the same as the owner of a car being held liable for actions taken by a driver who uses it with the owner’s consent but the owners is not present.

Under Mandelson’s scheme, internet account holders will be liable if a user downloads covered copyright material.

Read more on The Chief Officers’ Network



Law West of the Pecos... Building alternate realities for jurors is a viable strategy, but you have to be a bit more subtle...

http://yro.slashdot.org/story/09/08/17/0449250/Microsoft-Trial-Misconduct-Cost-40-Million?from=rss

Microsoft Trial Misconduct Cost $40 Million

Posted by timothy on Monday August 17, @08:12AM from the at-least-he-wasn't-feeling-vindictive dept.

SpuriousLogic writes

"The judge who banned Microsoft from selling its Word document program in the US due to a patent violation tacked an additional $40 million onto a jury's $200 million verdict because the software maker's lawyers engaged in trial misconduct, court records reveal. In a written ruling, Judge Leonard Davis, of US District Court for Eastern Texas, chastised Microsoft's attorneys for repeatedly misrepresenting the law in presentations to jurors. 'Throughout the course of trial Microsoft's trial counsel persisted in arguing that it was somehow improper for a non-practicing patent owner to sue for money damages,' Davis wrote. The judge cited a particular incident in which a Microsoft lawyer compared plaintiff i4i, Inc. to banks that sought bailout money from the federal government under the Troubled Asset Relief Program. 'He further persisted in improperly trying to equate i4i's infringement case with the current national banking crisis implying that i4i was a banker seeking a "bailout,"' Davis said."



Hey! My Blog is for sale, make me an offer!

http://news.slashdot.org/story/09/08/16/1915219/Comcast-Seeking-Control-of-Both-Pipes-and-Content?from=rss

Comcast Seeking Control of Both Pipes and Content?

Posted by timothy on Sunday August 16, @03:32PM from the some-of-each-perhaps dept.

techmuse writes

"Reuters reports that Comcast may be attempting to use its huge cash reserves to purchase a large media content provider, such as Disney, Viacom, or Time Warner. This would result in Comcast controlling both the delivery mechanism for content, and the content itself. Potentially, it could limit access to content it owns to subscribers to its own services, thus shutting out competing services (where they still exist at all)."



September 19th is “Talk like a pirate” day. Anyone want to announce a Pirate Party in Colorado?

http://www.pogowasright.org/?p=2869

New UK Pirate Party “overwhelmed” by file sharing response

August 17, 2009 by Dissent Filed under Govt, Internet, Non-U.S.

New political party the Pirate Party UK said today it has been overwhelmed by the response to its formation, as the public gets behind its pro-file sharing agenda.

The organisation was registered as an official political party on 11 August by the Electoral Commission and has three core policies: the reform of copyright and patent law; the end of excessive surveillance by government and business; and to ensure freedom of speech.

Reports from various quarters have suggested that around 100 new members are signing up every hour to the party, but Eric Priezkalns, party treasurer, said he still needed to validate the figures about memberships received to date.

Read more on v3. Thanks to Brian Honan for this link.

No comments: