Thursday, October 22, 2009

Not huge, but it allows me to continue my rant against “security” systems that don't detect breaches for months... (Also I wonder why customer data is stored with their website)

http://www.databreaches.net/?p=7894

The Vernon Company database accessed; customers notified

October 21, 2009 by admin Filed under Breach Incidents, Breach Types, Business Sector, Hack, U.S.

Iowa-based The Vernon Company recently discovered that its system had been accessed via its vernoncompany.com web site. The breach was discovered on October 6, and the company shut down the web site until it could patch the vulnerabilities were patched. Further investigation suggested that the breach originated in Singapore, and may have occurred as early as July 2009. The company notified the FBI of the incident and notified (pdf) the New Hampshire Attorney General’s Office on October 12 that 19 New Hampshire residents were affected by the incident.

The breach may have resulted in access to customers’ names, addresses, credit or debit card numbers, and card expiration dates. The company says it has no evidence that the data have been acquired or misused, and did not offer affected customers any free credit monitoring services.



Harassment on the face? Or is it a crime to get a “B” in a Journalism class?

http://www.pogowasright.org/?p=4684

Northwestern journalism students fight subpoenas

October 21, 2009 by Dissent Filed under Court, Featured Headlines, U.S., Youth

The Student Press Law Center reports:

Journalism students working on the Medill Innocence Project at Northwestern University’s Medill School of Journalism are fighting subpoenas requesting their grades, off-the-record interviews, electronic communications, notes, course syllabi, grading criteria for the course and receipts for expenses that students incurred for their investigation of the case of Anthony McKinney, who was convicted and jailed in 1978 for allegedly shooting a security guard in Harvey, Ill.

Illinois assistant state’s attorneys sent Medill professor David Protess, the instructor of the Innocence Project course, a subpoena May 20 to appear in Cook County’s Circuit Court on June 11 with the requested materials. Protess and his students retained the services of Richard J. O’Brien and Linda R. Friedlieb of Sidley Austin LLP, and they are attempting to quash the subpoena on the grounds that the students are protected by the Illinois Reporter’s Privilege Act and the Family Educational Rights and Privacy Act (FERPA), according to the Medill Innocence Project’s Web site.

Read more on The Student Press Law Center. Professor Protess provides the background and commentary on the McKinney case on the Medill Innocence Project web site.



I can't wait. Well, actually I can.

http://radar.oreilly.com/2009/10/why-google-and-bings-twitter-a.html

Why Google and Bing's Twitter Announcement is Big News

Tweets will finally become first class web citizens

by James Turner

Lurking innocently on Google's blog this afternoon, like many of their big announcements, was the bombshell that they have reached an agreement with Twitter to make all tweets searchable. This followed an earlier announcement at the Web 2.0 conference by Microsoft that Bing has also arranged to make tweets searchable.

This is not only a huge thing for Twitter, it is also well past due. Until now, Twitter really hasn't been a first class web citizen, because you're not really part of Web 2.0 until you're searchable by Google (and, I suppose, Bing).

… The Bing interface is interesting, it seems to be a hybrid of a web search engine and a twitter search.



Has the time for encryption finally come?

http://www.thetechherald.com/article.php/200943/4650/PCI-DSS-and-HIPAA-drive-encryption-projects

PCI DSS and HIPAA drive encryption projects

by Steve Ragan - Oct 21 2009, 16:30

Thales recently released their Key Management benchmark survey, reporting that of all the things that could drive an encryption project in IT, HIPAA and PCI DSS are the top two reasons companies are moving forward with encryption initiatives.

… Their findings show that in Europe, 52-percent of those who answered the survey are planning encryption projects so that they can comply with PCI DSS regulations. In the U.S., 53-percent said their encryption projects are based on compliance needs for HIPAA.

… Another issue with availability is key management, the central part to any encryption project, no matter what the solution is. The Thales survey showed that eight percent of those surveyed have had to deal with a lost encryption key in the last two years. [Compare with the percentage of drivers who lock their keys in the car? Bob] According to the survey report, these losses resulted in business disruptions or permanent data loss for 39-percent of those who’ve dealt with the issue.

… Moreover, when asked about their own company's plans for cloud computing, 47-percent said they would not move to the cloud unless data was encrypted, and another 43-percent said they have no cloud-based plans at all.



Should we wait for congress? (AKA: the next Ice Age)

http://www.eff.org/deeplinks/2009/09/net-neutrality-fcc-perils-and-promise

Is Net Neutrality a FCC Trojan Horse?

Commentary by Corynne McSherry October 21st, 2009

… But Congress has never given the FCC any authority to regulate the Internet for the purpose of ensuring net neutrality. In place of explicit congressional authority, we expect the FCC will rely on its "ancillary jurisdiction," a position that amounts to “we can regulate the Internet however we like without waiting for Congress to act.” (See, e.g., the FCC's brief to a court earlier this year). That’s a power grab that would leave the Internet subject to the regulatory whims of the FCC long after Chairman Genachowski leaves his post.


(Related) Does Canada get it right? I don't think so.

http://yro.slashdot.org/article.pl?sid=09/10/21/2223229

CRTC Issues Net Neutrality Rules

Posted by samzenpus on Wednesday October 21, @07:10PM from the play-fair-eh dept.

An anonymous reader writes

""The CRTC today introduced a new framework to guide Internet service providers in their use of Internet traffic management practices. ISPs will be required to inform retail customers at least 30 days, and wholesale customers at least 60 days, before an Internet traffic management practice takes effect. At that time, ISPs will need to describe how the practice will affect their customers' service. The Commission encourages ISPs to make investments to increase network capacity as much as possible. However, the Commission realizes that ISPs may need other measures to manage the traffic on their networks at certain times. Technical means to manage traffic, such as traffic shaping, should only be employed as a last resort.""



Should we offer classes in Twitter starting in grade school? Probably have replaced it by the time we work out a syllabus.

http://www.bespacific.com/mt/archives/022637.html

October 21, 2009

Pew Report: Twitter and Status Updating, Fall 2009

Twitter and Status Updating, Fall 2009, by Susannah Fox, Kathryn Zickuhr, Aaron Smith - Oct 21, 2009

  • "Some 19% of internet users now say they use Twitter or another service to share updates about themselves, or to see updates about others. This represents a significant increase over previous surveys in December 2008 and April 2009, when 11% of internet users said they use a status-update service. Three groups of internet users are mainly responsible for driving the growth of this activity: social network website users, those who connect to the internet via mobile devices, and younger internet users – those under age 44."



E-discovery in complex litigation. How long does it take to review 1,000,000,000 emails?

http://ralphlosey.wordpress.com/2009/10/18/jason-r-baron-the-movie/

Jason R. Baron – The Movie

Jason R. Baron is well known as a lawyer, writer, editor, and thought leader on e-discovery search. This blog is a 30 minute video excerpt of Jason teaching Bill Hamilton and my law school class this week at the University of Florida. Jason’s talk will give you a better understanding of the problem of search, why it is so difficult, and the latest research and trends in this area.

… Jason Baron’s efforts to bridge the disciplines of law and information science are driven by his desire to help the law cope with the sudden explosion in the volume of information. Jason is on the front line of this problem as the Director of Litigation of the National Archives and Records Administration. NARA, among other things, handles White House email litigation and other federal records disputes. He lives in a world where the management of billions of emails and government records are routine. He understand far better than most the need of law to work with science to cope with these issues.



Hacker news

http://news.slashdot.org/story/09/10/21/141206/Metasploit-Project-Sold-To-Rapid7?from=rss

Metasploit Project Sold To Rapid7

Posted by Soulskill on Wednesday October 21, @11:07AM from the onward-and-upward dept.

ancientribe writes

"The wildly popular, open-source Metasploit penetration testing tool project has been sold to Rapid7, a vulnerability management vendor, paving the way for a commercial version of Metasploit to eventually hit the market. HD Moore, creator of Metasploit, was hired by Rapid7 and will continue heading up the project. This is big news for the indie Metasploit Project, which now gets full-time resources. Moore says this will translate into faster turnaround for new features. Just what a commercial Metasploit product will look like is still in the works, but Rapid7 expects to keep the Metasploit penetration testing tool as a separate product with 'high integration' into Rapid7's vulnerability management products."



For those times you need to play “computer security guy” Lists 27 specific malware titles

http://www.makeuseof.com/tag/remove-a-plethora-of-fake-antivirus-software-with-this-free-app/

Remove A Plethora Of FAKE Antivirus Software With This Free App

Oct. 22nd, 2009 By Karl L. Gechlik



I love lists. This one has some boring sites, but a few Easter Eggs too

http://www.maximumpc.com/article/features/50_awesome_websites

50 Kick-Ass Websites You Need to Know About

Posted 10/21/09 at 11:00:00 AM by Alex Castle, Norman Chan, and Forence Ion

No comments: