Thursday, October 15, 2009

This could be another record setter! Inevitable, I suppose. Why bother with the TJX's of the world, when you can go directly to the source.

http://www.databreaches.net/?p=7811

Card firm hacking hits thousands of Swedes

October 14, 2009 by admin Filed under Financial Sector, Non-U.S., Of Note

David Landes reports:

Debit card information for tens of thousands of Swedish banking customers may have fallen into the wrong hands following a security breach at card manufacturers MasterCard and Visa.

Computer systems at both card makers were breached recently, allowing hackers to get away with data on thousands of banking cards, the Aftonbladet newspaper reports.

The hacking at Visa took place in Spain and the company won’t say exactly how many cardholders may have been affected.

Nevertheless, a number of Swedish banks have begun notifying customers about the incident.

“Where there is a risk that the cards may be misused, we contact customers and ask them to block their cards so that we can exchange them,” said SEB spokesperson Kerstin Ottosson to the TT news agency.

“For us, there are about 28,000 cards which have been affected, but I can’t say how many of them will need to be exchanged.”

Swedbank spokesperson Jenny Clevström said the bank was aware of the breach, but that no Swedbank customers were affected.

But we’re going to exchange a few cards as a precautionary measure,” she told TT. [That sounds illogical Bob]

Helena Östman of Nordea said the bank had been notified by both MasterCard and Visa about the problem.

A customer with ICA Bank told Aftonbladet that he had been informed by the bank that his card had been blocked due to a breach at MasterCard somewhere in Europe.

[...]

Read more in The Local (Sweden)

Maybe this explains the Bank of Bermuda story I posted yesterday?



Even a small breach like this one can become costly if not handled properly.

http://www.databreaches.net/?p=7820

Lawsuit: 29,000 say Kaiser hid security breach

October 15, 2009 by admin Filed under Healthcare Sector, ID Theft, Of Note, Theft, U.S.

Maria Dinzeo reports on a class action lawsuit stemming from a 2007 breach that was first reported earlier this year:

Twenty-nine thousand Kaiser employees say the company did not inform them for more than a year about a security breach that left their personal information vulnerable to thieves. One employee says a woman stole her identity and used it to run up credit-card charges and “commit crimes across the country.”

The class of employees and members of SEIU United Healthcare West, claims that Kaiser provided the union with their names, birthdates, addresses and Social Security numbers “in connection with remittance of union dues,” but failed to encrypt the information, which was exposed when burglars broke into the UHW offices in July 2007 and made off with computer files.

Lead plaintiff Monica Saenz says she found out in October 2008 that her identity had been stolen. Saenz says her credit report showed that someone had withdrawn money from her bank account and had opened and run up charges on 10 credit cards. Saenz claims that a woman was using her identity to “commit crimes across the country.”

The class claims that Kaiser did not notify its 29,000 employees that their records had been stolen until February 2009, and that it delayed for 19 months in order to “shift the burden” for the identity theft.

Read more on Courthouse News.



No self-respecting hacker would waste the time he could be spending playing video games by listening to hundreds of hours of recordings just to steal credit cards. We'd run the calls through a voice-to-text program.

http://www.databreaches.net/?p=7818

Call centre recordings could breach payment card industry security rules

October 15, 2009 by admin Filed under Commentaries and Analyses, Non-U.S.

From Out-Law.com:

More than 95% of call centres were found to store customers’ credit card details in recordings of phone conversations in breach of industry rules, according to a survey conducted by a call recording technology company.

Veritape said that when it talked to 133 call centre managers only 39% of them knew about industry rules against the storing of the information and just 3% of them wiped credit card numbers from recordings of phone calls. Veritape provides call recording services to the call centre industry.

“The routine practice of storing unedited audio recordings of calls is creating a vast reservoir of sensitive data on the servers of call centres across the UK in direct breach of global industry standards drawn up by the Payment Card Industry Data Security Council,” said a Veritape statement.

Read more on Out-Law.com



“Reach out, reach out an print someone!” Drive-by fingerprinting? Point a finger (careful which one) at your computer to logon?

http://yro.slashdot.org/article.pl?sid=09/10/14/1912206

3D Fingerprinting — Touchless, More Accurate, and Faster

Posted by timothy on Wednesday October 14, @04:00PM from the invest-in-print-eradication dept.

kkleiner writes

"For all the glory it gets, the fingerprint has evolved very little in the last 60 years. They’re still two dimensional. The US Department of Homeland Security and the National Institute of Justice are hoping to change that. They've given grants to dozens of companies to perfect touchless 3D fingerprinting. Two universities (University of Kentucky and Carnegie Mellon) and their two respective start-up companies (Flashscan 3D and TBS Holdings) have succeeded. Fingerprints have reached the third dimension and they are faster, more accurate, and touchless."



Here's a money-making scheme that didn't quite work out. I'm gonna bet that no elected officials were in the lead here. “Disciplining” a worker is much better than losing the next election.

http://www.wired.com/threatlevel/2009/10/gis_data/

California County Hoarding Map Data Ordered to Pay $500,000

By Kim Zetter October 14, 2009 6:45 pm

A California county’s three-year battle to prevent a nonprofit group from obtaining public mapping data has ended disastrously for the county after it was ordered by a court to pay the group $500,000 in legal costs.

Last February, Santa Clara County, the heart of California’s Silicon Valley, was ordered to hand over the public records to the California First Amendment Coalition for a minimal duplication fee after initially trying to charge $250,000 for the data and then appealing to the federal government to designate the data a national security secret that couldn’t be released. This week the county paid out to the coalition twice the amount in legal fees that it had once hoped to rake in as profit for the data.



Did someone miss this point in the original trial? Sounds to me like it should never have gone to trial.

http://www.pogowasright.org/?p=4521

Swedish court overturns ruling in audio book piracy case

October 14, 2009 by Dissent Filed under Court, Internet, Non-U.S.

The Local reports:

Swedish broadband provider ePhone is not obligated to hand over customer information to five book publishers, according to a decision by the Svea Court of Appeal which overturns a lower court ruling.

The case, which ePhone initially lost in June in Solna District Court, is significant because it is the first to go to trial since the passage of a law designed to crack down on internet piracy in Sweden.

[...]

ePhone argued that the five audio book publishers who filed the lawsuit had not been able to prove that anyone other than users from Sweden’s Anti-Piracy Bureau (Antipiratbyrån) had accessed a server containing sound files for 27 titles which the publishers claimed had been made available for downloading by the general public.

The appeals court agreed with ePhone, finding that the book publishers failed to show that there was probable cause to believe copyright infringement had occurred.

In overturning the lower court’s ruling, the Svea Court of Appeal argued that the copyright protected material on the server, which was linked to an ePhone customer, had not been made available to the public or even to a select group of people.

Since users were required to log into the server and there had been no investigation to indicate that login information had been widely shared, the court concluded that the publishers had not convincingly shown that the audio books had been available to the public.

Read the full story in The Local. BetaNews also provides some commentary.



Move from theory to reality. The Army makes parachute riggers jump with the chutes they pack, why not slide a doctor through the machine? If he comes out extra crispy, you need to re-calibrate. Insist on that test or any other viable test and I suspect they will find one that works.

http://science.slashdot.org/story/09/10/14/1614245/CT-Scan-Reset-Error-Gives-206-Patients-Radiation-Overdose?from=rss

CT Scan "Reset Error" Gives 206 Patients Radiation Overdose

Posted by Soulskill on Wednesday October 14, @12:41PM from the paging-dr-simpson dept.

jeffb (2.718) writes

"As the LA Times reports, 206 patients receiving CT scans at Cedar Sinai hospital received up to eight times the X-ray exposure doctors intended. (The FDA alert gives details about the doses involved.) A misunderstanding over an 'embedded default setting' appears to have led to the error, which occurred when the hospital 'began using a new protocol for a specialized type of scan used to diagnose strokes. Doctors believed it would provide them more useful data to analyze disruptions in the flow of blood to brain tissue.' Human-computer interaction classes from the late 1980s onward have pounded home the lesson of the Therac-25, the usability issues of which led to multiple deaths. Will we ever learn enough to make these errors truly uncommittable?"


(Related) As is often the case, Dilbert has anticipated these little technological glitches...

http://dilbert.com/strips/comic/2009-10-15/



...and perhaps a few million more to come up with a definition of Cloud Computing that everyone can agree on?

http://science.slashdot.org/story/09/10/14/1843206/What-Kind-of-Cloud-Computing-Project-Costs-32M?from=rss

What Kind of Cloud Computing Project Costs $32M?

Posted by timothy on Wednesday October 14, @02:51PM from the those-investors-should-be-pissed dept.

coondoggie writes

"The US Department of Energy said today it will spend $32 million on a project that will deploy a large cloud computing test bed with thousands of Intel Nehalem CPU cores and explore commercial offerings from Amazon, Microsoft and Google. Ultimately, the project, known as Magellan, will look at cloud computing as a cost-effective and energy-efficient way for scientists to accelerate discoveries in a variety of disciplines, including analysis of scientific data sets in biology, climate change and physics, the DOE stated. Magellan will explore whether cloud computing can help meet the overwhelming demand for scientific computing. Although computation is an increasingly important tool for scientific discovery, and DOE operates some of the world's most powerful supercomputers, not all research applications require such massive computing power. The number of scientists who would benefit from mid-range computing far exceeds the amount of available resources, the DEO stated."



A sense of scale...

http://www.datacenterknowledge.com/archives/2009/10/13/facebook-now-has-30000-servers/

Facebook Now Has 30,000 Servers

October 13th, 2009 : Rich Miller

… Facebook has 30,000 servers supporting its operations. That number comes from Jeff Rothschild, the vice president of technology at Facebook, who discussed the company’s infrastructure in a presentation last week at UC San Diego (link via High Scalability).

… That places Facebook among the largest Internet companies that have publicly discussed their server counts, but still well behind hosting providers Rackspace, 1&1 Internet and OVH, which each house more than 50,000 servers in their data centers. See Who Has The Most Web Servers for more date on the largest infrastructures.

… The amount of log data amassed in Facebook’s operations is staggering. Rothschild said Facebook manages more than 25 terabytes of data per day in logging data, which he said was the equivalent of about 1,000 times the volume of mail delivered daily by the U.S. Postal Service.



So it's not a total disaster...

http://news.cnet.com/8301-13860_3-10375688-56.html?part=rss&subj=news&tag=2547-1_3-0-20

Microsoft: We've recovered most Sidekick data

by Ina Fried October 15, 2009 1:00 AM PDT



Very interesting idea, but should we believe them?

http://thenextweb.com/europe/2009/10/15/british-bank-launches-site-highlighting-customers-social-media-thoughts-good-badbut-good/

British bank launches site highlighting customers social media thoughts. Good and bad…but more good. (Updated)

By Zee on October 15, 2009

… In what appears to be a world first, the bank’s head of marketing explains the campaign:

“Our customers are writing about us all over the web and we want to embrace this, so we’re showing customer comments, good and bad, from websites, blogs and forums for everyone to see.

… The microsite, although seemingly well put together, doesn’t seem to give any link back to where these comments have come from. Although they claim the reviews come from “eight million social media sites”, not one appears to stem from Twitter where can verify these are real people. For all we know, HSBC have internal staff writing comments made to look genuine or writing comments on the original sources intending to increase the postive review tally over the negative.

*Update:*

If you needed any more proof this is far from a balanced view on the company’s customer feedback, check out HSBCReviews.com. A site put together for a “bit of fun” by a company called thruSITES.

… This time, you may be surprised to learn the general sentiment is bad with links back to the original profiles to ensure we know these are thoughts are genuine.



Hacker alert! What say we start them all at Midnight?

http://www.wired.com/autopia/2009/10/start-your-car-from-your-iphone/

Start Your Car From Your iPhone

By Keith Barry October 13, 2009 4:27 pm

No comments: