Thursday, August 06, 2009

Seems like they don't pay on a 'per victim' basis. Shouldn't they?

http://www.databreaches.net/?p=6577

Heartland says breach has cost $32 million so far

August 6, 2009 by admin Filed under Financial Sector, Of Note

Heartland Payment Systems on Tuesday (Aug. 4) said it spent $32 million this year paying for costs related to the major data breach it disclosed in January, including $22.1 million to cover fines from key payment card brands and a settlement offer. Heartland did not say how the $22.1 million was split between the fines and the settlement offer, but it did provide clues.

For example, the breach costs of just the second quarter came to $19.4 million and it said that the “majority” of those costs was for the settlement offer, suggesting that the settlement was more than $9.7 million. Legal fees make that precise calculation tricky as well as the lack of a percentage of that majority. “The remainder of the expenses and accruals related to the Processing System Intrusion recorded in the three and six months ended June 30, 2009 were primarily for legal fees and costs the Company incurred for investigations, remedial actions and crisis management services,” Heartland said.

Read more on StorefrontBacktalk.



It's not Identity Theft. It's Inappropriate Branding (in the cattle rustler sense) No doubt a number of scams will arise from this. “We can clear your pedophile record for $29.95!” “We can help you get even with that neighbor you don't like!”

You can trust us to protect your personally identifiable information. Act I

http://www.pogowasright.org/?p=2578

Paedophile database ‘will catch people unnecessarily’

August 6, 2009 by Dissent Filed under Breaches, Govt, Non-U.S., Surveillance, Workplace

The Government’s new database of paedophiles must be reviewed because some people will be caught up in it unnecessarily, according to Sir Michael Bichard.

[...]

His comments come as it was disclosed that the controversial database has suffered a security breach even before its official launch.

A message containing confidential data was sent to the wrong email address by a worker at the Independent Safeguarding Authority.

Its annual report also discloses that “information risks” and “weaknesses” have been discovered in the organisation, which is being set up to check the backgrounds of more than 11million people who want to work with children and vulnerable adults.

It comes just days after The Daily Telegraph disclosed that the Criminal Records Bureau, from which the ISA will take most of its data, had made 1,570 errors over the past year, in many cases wrongly branding innocent people as criminals. [Statistically, a small error rate time a large volume equals “a whole bunch of errors” (statistical term) Bob]

Read more in The Telegraph.

[From the article:

In an interview with The Independent, Sir Michael said the idea that people like actors, authors or entertainers, who only occasionally visit a school, should register with the scheme should be reconsidered. [Offer your services, get entered in the database? Bob]

… "The ISA is founded on a suspicion of absolutely everyone, and a blind faith in bureaucrats: these errors show that this faith is misplaced."


(Related) You can trust us to protect your personally identifiable information. Act II (and you can write anything you want on the cloned card...)

http://www.pogowasright.org/?p=2590

UK national ID card cloned in 12 minutes

August 6, 2009 by Dissent Filed under Breaches, Featured Headlines, Non-U.S., Surveillance

The prospective national ID card was broken and cloned in 12 minutes, the Daily Mail revealed this morning.

The newspaper hired computer expert Adam Laurie to test the security that protects the information embedded in the chip on the card.

Using a Nokia mobile phone and a laptop computer, Laurie was able to copy the data on a card that is being issued to foreign nationals in minutes.

Read more in Computer Weekly.

[From the article:

According to the paper, Home Office officials said the foreign nationals card uses the same technology as the UK citizens card that will be issued from 2012.

Guy Herbert, general secretary of privacy lobby group NO2ID, said it was a mistake to assume that the Home Office cared about the card, or identity theft or citizens' benefit.

He said the Home Office wanted the central database to record citizens' personal details in one place for official convenience.


(Related) You can trust us to protect your personally identifiable information. Act III

http://www.pogowasright.org/?p=2599

Passwords stolen for tax returns

August 6, 2009 by Dissent Filed under Breaches, Non-U.S.

Gangs are stealing taxpayers’ passwords and submitting claims for tax refunds to be paid to them, HM Revenue and Customs has warned.

A series of attempted fraudulent claims through the self-assessment repayments system has been discovered.

No figures have been released outlining the extent of the fraud, but a HMRC spokesman said this was a new method of trying to extract money.

Read more on BBC. Thanks to Brian Honan for this link.

[From the article:

When people apply to use the system they are sent a password through the mail which is then used when the taxpayer logs onto the HMRC website over the following 30 days.

However, fraudsters have been getting hold of these passwords and other personal details. This could have been by stealing the mail, tricking people out of the details or even finding the letters discarded in bins.



How would you do it?

http://www.pogowasright.org/?p=2585

Regulators rethink approach to online privacy

August 6, 2009 by Dissent Filed under Govt, Internet

Regulators are rethinking their approach to online privacy and security, asking academics, public interest groups and industry to suggest ways to overhaul rules to better protect consumers.

As part of the review, David Vladeck, the Federal Trade Commission’s new head of consumer protection, is considering whether to throw out current privacy protections that revolve around lengthy disclosure statements that consumers rarely read. What’s unclear is what the FTC would propose instead.

Read more in The Wall Street Journal.

[From the article:

Beginning next year, participating Web sites will have a clickable icon that will show what data are being collected about a consumer, and who will be allowed to use that data, according to the new guidelines.

Participating Web sites will also be required to provide consumers with the choice of opting out of having their information collected and used for "behavioral targeting," or steering specific ads toward individual consumers.


(Related) Privacy is becoming visible?

http://www.pogowasright.org/?p=2574

YouTube clarifies ban on privacy invasions

August 6, 2009 by Dissent Filed under Businesses, Internet

YouTube has … increased the range of activities that are barred to include, amongst other things, invasions of privacy.

“If a video you’ve recorded features people who are readily identifiable and who haven’t consented to being filmed, there’s a chance they’ll file a privacy complaint seeking its removal,” say its new guidelines. “Don’t post other people’s personal information, including phone numbers, addresses, credit card numbers, and government IDs. We’re serious about keeping our users safe and suspend accounts that violate people’s privacy.”

Read more on Out-Law.com

[From the article:

Those guidelines banned videos containing sex or nudity; hate speech; shocking or disgusting content; dangerous or illegal acts; copyright violations or inappropriate material involving children.

The company has now increased the range of activities that are barred to include, amongst other things, invasions of privacy. [Privacy is never the first thing provider think of. Is that because other areas make for easier lawsuits? Bob]

See: The guidelines (viewable when user setting is set to 'worldwide')



Interesting statistical

http://www.techcrunch.com/2009/08/05/ec-13-of-europeans-have-never-used-the-web/

EC: 1/3 Of Europeans Have Never Used The Web

by Robin Wauters on August 5, 2009

Close to half of Europeans use the internet every day but one third have never used the web, according to a new report (PDF) published by the European Commission.

… Half of all households and more than 80 percent of businesses had a broadband connection last year and with 114 million subscribers the EU is in fact the largest world market for fixed broadband access.



A quick reference for my forensic students

http://www.pogowasright.org/?p=2565

CDT report on privacy controls for browsers

August 5, 2009 by Dissent Filed under Internet

From CDT.org:

CDT today released an update to the browser report it issued in October of 2008. The report includes updated information about privacy tools available in five Web Browsers: Firefox 3.5, Internet Explorer 8, Google Chrome, Safari 4, and Opera 10. The report compares browser offerings in three key areas: privacy mode, cookie controls and object controls. Each of those, when used correctly, can greatly reduce the amount of personal information users transmit online.

Browser Privacy Features Report, Version 2.0 [PDF], August 05, 2009:

http://www.cdt.org/privacy/20090804_browser_rpt_update.pdf


(Related) For my Security students it's “know and avoid” for my Forensic students it's “a roadmap”

http://www.pogowasright.org/?p=2570

Who knows where you are, and why?

August 5, 2009 by Dissent Filed under Featured Headlines, Surveillance

In a report released today, the Electronic Frontier Foundation (EFF) documents how your location information is collected by various popular electronic devices and services, and argues for concrete technological solutions that would allow you to enjoy these systems’ benefits without sacrificing your privacy in your everyday life.

“There are nifty new location-based technologies like electronic road-toll tags and cell-phone apps that alert you when your friends are nearby — but these systems often create and store records of your movements,” said EFF Staff Technologist Peter Eckersley, one of the co-writers of the white paper. “This could make it possible for others to know when you visited a health clinic, what church or bar you spend time in, or who you go to lunch with. It is essential that privacy-protecting algorithms are built into these devices and services, so we can enjoy their convenience without making our private lives into open books.”

For the full white paper “On Locational Privacy, and How to Avoid Losing it Forever”:

http://www.eff.org/wp/locational-privacy

To read EFF’s full press release: http://www.eff.org/press/archives/2009/08/05



Think of the SCO saga as a guidebook for delaying the inevitable.

http://yro.slashdot.org/story/09/08/05/2229245/Chapter-11-Trustee-Appointed-For-SCO?from=rss

Chapter 11 Trustee Appointed For SCO

Posted by timothy on Wednesday August 05, @06:46PM from the why-not-a-trusty-instead dept. court caldera

I Don't Believe in Imaginary Property writes

"The judge overseeing the SCO Chapter 11 bankruptcy case has issued an order appointing a chapter 11 trustee to oversee SCO's operations. However, the judge's reasoning is far from clear. While the judge believes that SCO has 'abandoned rehabilitation' to bet its future on litigation, he doesn't think it appropriate to convert their case to Chapter 7 liquidation. So SCO's management hasn't been fired yet, but they're no longer fully in charge either. It's not clear why the bankruptcy judge opted for this solution, when even the US Trustee was pushing to fire SCO's management and convert the case to Chapter 7. In short, SCO is still only mostly dead, rather than all dead, and in desperate search of a miracle worker."



It's not just lawyers who will find these useful.

http://www.bespacific.com/mt/archives/021983.html

August 05, 2009

New on LLRX.com: Law Practice Technology Information Sources and Tools

Law Practice Technology Information Sources and Tools - Ken Strutin identifies core sources to learn about new technologies that apply to legal research and law practice. In addition, he has identified specific tools that will contribute to managing research, communication and information-based tasks.



Tools & Techniques Oh too bad, it's broken. Can I have it?

http://www.makeuseof.com/tag/how-to-make-corrupt-usb-jump-drives-work/

How To Make Corrupt USB Jump Drives Work Again

Aug. 5th, 2009 By Guy McDowell



So my websire students can make their sites reeeeely annoying.

http://www.makeuseof.com/dir/soundbible-wav-sounds-free-to-download/

SoundBible: Collection of Mp3 & Wav sounds, free to download

www.soundbible.com

Similar websites: SoundJay, FindSounds, Soungle and SoundSnap.



Something for my fellow teachers since we probably have the information on our thumb drives anyway. (I don't find many sites for them)

http://www.makeuseof.com/dir/knowledge-genie-publish-your-knowledge-profit-from-what-you-know/

Knowledge Genie: Publish Your Knowledge & Profit From What You Know

Knowledge Genie is an online publishing platform which lets you organize your knowledge of a certain topic into a dedicated learning portal (Genie) and share it with other people. For each different topic you can create a separate Genie. It doesn’t require technical skills and takes care of the process of building and centralizing the information, sharing it online, building user community and charging for access.

… They offer a free account, which lets you create 1 Genie, store up 15 MB of content and unlimited users. Paid account accounts starting from 24$/month let you build more Genies, more storage and Google/PayPal resale options.

www.myknowledgegenie.com

No comments: