Wednesday, November 11, 2009

Update

http://www.databreaches.net/?p=8186

Heartland revises results for third quarter due to breach costs

November 10, 2009 by admin Filed under Breach Incidents, Financial Sector, Hack, Of Note

Breach costs force a revision in estimates. From their press release:

…. subsequent to the release of its earnings for the third quarter on November 3, 2009, Heartland engaged in settlement discussions that resulted in an increase in settlement offers made to certain claimants in an attempt to resolve certain of the claims asserted against Heartland relating to the criminal breach of Heartland’s payment systems environment (the “Processing System Intrusion”). Heartland believes that SFAS No.5, “Accounting for Contingencies” (ASC 450-20) requires it to increase its Reserve for Processing System Intrusion from the amount included in the financial results reported in Heartland’s November 3, 2009 earnings release to reflect this increase in such settlement offers. As a result of the increase in this reserve, Heartland reported in its Form 10-Q, which was filed with the SEC yesterday, a GAAP net loss for the quarter ended September 30, 2009 of $37.1 million, or $0.99 per share, and a GAAP net loss for the nine months ended September 30, 2009 of $42.2 million, or $1.12 per share. Results for the quarter are after $73.3 million (pre-tax), or $1.22 per share, of various expenses, accruals and reserves, all of which are attributable to the Processing System Intrusion, including charges related to settlement offers made by Heartland in attempts to resolve certain Processing System Intrusion related claims and expected costs of settling certain other claims as to which settlement discussions between Heartland and the claimants are underway. Such expenses, accruals and reserves for the nine month period totaled $105.3 million (pre-tax) or $1.74 per share. The increase in the Reserve for Processing System Intrusion has no impact on the Adjusted Net Income and Earnings per Share reported in the November 3, 2009 earnings release.

Now that’s a really costly breach. Or is it a bargain? If the U.S. Attorney’s claims that 130 million records or accounts were involved in the intrusion, then it’s less than $1 per record. All in all, though, I think most would agree that this has been a very costly breach for HPS.



Another update

http://www.databreaches.net/?p=8195

Four indicted for RBS WorldPay hack

November 10, 2009 by admin Filed under Breach Incidents, Financial Sector, Hack, Of Note, U.S.

Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 28, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and a person known only as “Hacker 3;” have been indicted by a federal grand jury in Atlanta, Ga., on charges of hacking into a computer network operated by the Atlanta-based credit card processing company RBS WorldPay, which is part of the Royal Bank of Scotland,

… Igor Grudijev, 31, Ronald Tsoi, 31, Evelin Tsoi, 20, and Mihhail Jevgenov, 33, each of Tallinn, Estonia, have also been indicted by a federal grand jury in Atlanta, Ga., for access device fraud.

The 16-count indictment charges Tsurikov, Pleshchuk, Covelin and “Hacker 3″ with conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud, access device fraud and aggravated identity theft. The indictment alleges that the group used sophisticated hacking techniques to compromise the data encryption that was used by RBS WorldPay to protect customer data on payroll debit cards. Payroll debit cards are used by various companies to pay their employees. By using a payroll debit card, employees are able to withdraw their regular salaries from an ATM.

Once the encryption on the card processing system was compromised, the hacking ring allegedly raised the account limits on compromised accounts, [Something they could change on the card? Seems unlikely. Bob] and then provided a network of “cashers” with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from more than 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada. The $9 million loss occurred within a span of less than 12 hours.

The hackers then allegedly sought to destroy data stored on the card processing network in order to conceal their hacking activity. The indictment alleges that the “cashers” were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of those funds back to Tsurikov, Pleshchuk and other co-defendants. Upon discovering the unauthorized activity, RBS WorldPay immediately reported the breach.



Good legal strategy, let's hope it fails. Judge Lamberth does not suffer fools (AKA: government lawyers) gladly.

http://www.pogowasright.org/?p=5230

Obama administration tries to vacate adverse rulings

November 10, 2009 by Dissent Filed under Court, Featured Headlines, Govt, Surveillance

Kim Zetter of Threat Level reports on how the government’s motion to vacate prior rulings in Horn v. Huddle may seriously impact other pending cases such as al-Haramain v. Obama.

In Horn v. Huddle, the government settled a 15-year old lawsuit filed by a former DEA agent who claimed he was subjected to illegal eavesdropping. But as part of the settlement, Horn agreed not to oppose the government’s motion to vacate previous rulings in the case by the D.C. courts.

“The opinions will be a valuable resource for litigants and courts as these issues arise in other cases,” the lawyers wrote in their brief (.pdf) Friday.

[...]

The Justice Department is “willing to pay absolute top dollar [in the D.C. Case] [$3,000,000 Bob] to get out from some very damaging opinions” says Jon Eisenberg, attorney for the plaintiffs in the Al-Haramain case. “They are desperate to make the decisions go away and to deprive me of the ability to cite those decisions in the future.”

Although district court opinions aren’t binding elsewhere, they are regularly published and cited in other cases.

The D.C. rulings could help convince the California court to let plaintiffs view and use the classified document in their case, Eisenberg says. He notes that the D.C. rulings could be particularly persuasive to the San Francisco judge in the Al-Haramain case because they come from U.S. District Judge Royce Lamberth, head of the Foreign Intelligence Surveillance Court until 2002, who is overseeing the coffee table case. The intelligence court is responsible for approving government requests for wiretaps and other types of surveillance in the U.S. in cases involving foreign spying and terrorism.

When Judge Lamberth speaks on a matter of national security, people listen,” Eisenberg told Threat Level.

Read more on Threat Level.

[From Threat Level:

Earlier this year, Lamberth ruled in the coffee table case that a judge has authority to determine whether lawyers in a state secrets case have a “need to know” classified information.

… the judge accused the CIA of deliberately misleading the court about Brown’s covert nature to get the case dismissed the first time. He unsealed hundreds of documents that had been sealed since 1994.



Who did the best job?

http://www.databreaches.net/?p=8199

Resource: Comparing breach notification laws

November 10, 2009 by admin Filed under Breach Laws, Commentaries and Analyses, Of Note

International Security Breach Notification Survey” is a new resource prepared by Foley & Larnder LLP and Eversheds LLP, November 2009. The report summarizes and compares the laws in various countries in tabular format, with comparisons based on:

Notice Requirements (to who – (i)individual and (ii)regulator?),

Timing of Disclosure (does it have to be done in a particular time period?),

Form of Disclosure (does it have to be submitted in a particular way or with particular content?),

Are there reporting or other obligations on entities that maintain data (ie Data Processors)?,

Existing Policies (can the controller use their own procedures as opposed to those prescribed by law?),

Exemptions from Disclosure, Damages/Enforcement, and

Preemption (is there deemed compliance with the local law if you comply with another specified law?)

For U.S. states, the notification laws are compared on the basis of: Notice Requirements, Timing of Disclosure, Form of Disclosure, Entities that Maintain Data, Existing Policies, Exemptions from Disclosure, Damages/Enforcement, and Preemption.

View or download the free 158-page report here.



Here's an evil thought. This isn't limited to celebrities, exactly the same information could be available for anyone. I suspect the celebrities are getting more press than I would...

http://www.pogowasright.org/?p=5244

Celebrity Web site allegedly used by burglars

November 11, 2009 by Dissent Filed under Businesses, Surveillance

Andrew Blankstein reports:

Suppose you could look at the pool in back of James Cameron’s Malibu estate. Or admire the ornate garden at Haim Saban’s Beverly Hills mansion. Or check out the tennis court at Tiger Woods’ Florida home.

Should you?

The Web site celebrityaddressaerial.com makes possible exactly that sort of high-tech snooping, listing addresses and aerial photos of the homes of hundreds of celebrities, corporate titans, politicians and others.

To a lot of stars and their lawyers, that’s a big problem.

Read more in the Chicago Tribune.



Goolge tool for self-surveillance.

http://www.techcrunch.com/2009/11/10/google-latitude-now-tells-you-where-youve-been/

Google Latitude Now Tells You Where You’ve Been

by Erick Schonfeld on November 10, 2009

Don’t you sometimes wish you had a map of every place you’ve ever been? Well, if the concept of such detailed self-tracking doesn’t creep you out, you can now do that with Google Latitude, the mobile app that lets you broadcast your location to your friends.

Google Latitude just turned on Location History as a new feature in Google Latitude. Whenever Google Latitude is on, it records your location, and you can go back to see where you’ve been.



It's good to know that someone isn't accepting all those marketing claims without proof.

http://yro.slashdot.org/story/09/11/10/187202/Chicago-Court-Throwing-Out-LIDAR-Speeding-Tickets?from=rss

Chicago Court Throwing Out LIDAR Speeding Tickets

Posted by timothy on Tuesday November 10, @01:18PM from the should-happen-more-often dept.

bridgeco writes

"Chicago Traffic Court Judges have been throwing out speeding cases in which the driver's speed was measured with a LIDAR. Judges are asking for a special 'Frye Hearing' to determine the accuracy of these devices. Many motorists nabbed for speeding by a laser gun, instead of radar, are seeing their tickets thrown out at Chicago's traffic court because of a legal issue that the city's law department has been unable to overcome. Within the past year judges in Cook County Traffic Court in Chicago determined that speeds captured by lidar were not admissible because the devices had not been proven scientifically reliable in an Illinois court, said Jennifer Hoyle, spokeswoman for the law department, which prosecutes most speeding tickets in the city."

(Here's some background on LIDAR from Wikipedia.)


(Related) Would these be tossed out too? Better tools make convincing juries easier... (No doubt a Blackberry version is available for ambulance chasing lawyers...)

http://www.killerstartups.com/Web-App-Tools/accidentsketch-com-sketching-out-accident-scenes

AccidentSketch.com - Sketching Out Accident Scenes

http://www.accidentsketch.com/

A truly novel tool, Accident Sketch will come in quite useful if you have had the misfortune of being involved in a car crash or related accident. Basically, using it you will be capable of setting down your version of what has just happened.



The UK does have wacky laws (left over from wacky monarchs?)

http://www.pogowasright.org/?p=5220

UK: Libel law reform campaigners seek £10,000 damages cap

November 10, 2009 by Dissent Filed under Internet, Non-U.S.

English PEN, a charity that promotes the human rights of writers and publishers, and Index on Censorship, a body that promotes freedom of expression, spent a year investigating English libel laws. Their joint report, Free Speech Is Not For Sale, was published today.

[My personal favorite:

  1. Not everything deserves a reputation



How to advertise in the Internet Age?

http://torrentfreak.com/indie-movie-explodes-on-bittorrent-makers-bless-piracy-091110/

Indie Movie Explodes on BitTorrent, Makers Bless Piracy

Written by Ernesto on November 10, 2009

Hollywood often complains about the billions of dollars allegedly lost due to piracy. Indie film makers, on the other hand, tend to welcome the free buzz generated when their film is pirated. The makers of Ink belong to this latter group, and are thanking the hundreds and thousands of people who downloaded their movie on BitTorrent.

Thanks to the pirated copy their movie jumped to 16th place on IMDb’s movie meter, and according to the makers this increased popularity also boosted DVD and Blu-ray sales.



Benevolence, thy name is Google.

http://mobile.slashdot.org/story/09/11/10/2146207/Google-Gives-the-Gift-of-Free-Airport-Wi-Fi?from=rss

Google Gives the Gift of Free Airport Wi-Fi

Posted by kdawson on Tuesday November 10, @07:27PM from the no-self-interest-here-no-sir dept.

itwbennett writes

"Google is giving you something to be thankful for as you travel this holiday season. The company announced today that it is offering free Wi-Fi at 47 airports across the US between now and January 15. If you haven't booked your flights yet, you want to factor this into your plans. Here's a list of the 47 airports, which cover about 35% of all US passengers, according to Google. The Burbank and Seattle airports will continue to offer the free Google Wi-Fi indefinitely."

The HuffPo notes another altruistic note in Google's gesture: "As another way to pass on the spirit of the season, once they log on to networks in any of the participating airports, travelers will have the option [of making] a donation to Engineers Without Borders, the One Economy Corporation, or the Climate Savers Computing Initiative. Google will match the donations made across all the networks up to $250,000, and the airport network that generates the highest amount per passenger by January 1, 2010 will receive $15,000 to donate to the local nonprofit of their choice."


(Related) Not a freebie, but this is more storage space that some billion dollar companies provide.

http://www.techcrunch.com/2009/11/11/google-offers-a-16-terabyte-cloud-drive-for-4096-a-year/

Google Offers A 16 Terabyte Cloud Drive For $4,096 A Year

by MG Siegler on November 11, 2009



This is interesting. Currently limited to Digg videos (whatever they are) but it might make finding new sources of “how to” videos easier if they ever open it up.

http://tv.digg.com/

Tune in to DiggTV

by mmasermmaser at 1pm, November 10th, 2009 in Digg Company

Today we’re excited to announce the premiere of DiggTV, a one-stop destination for all Digg shows.



Interesting question. I'm going to play with some of the solutions the commenters suggest because I'm reaching my saturation point. I have six different logonIDs/passwords for one university because they are not integrating their various services as they bring them online.

http://ask.slashdot.org/story/09/11/10/2045258/Best-Tool-For-Remembering-Passwords?from=rss

Best Tool For Remembering Passwords?

Posted by kdawson on Tuesday November 10, @08:30PM from the encrypted-plain-text-file-on-a-stick dept.

StonyCreekBare writes

"Lately I've been rethinking my personal security practices. Should my laptop be stolen, having Firefox 'fill in' passwords automatically for me when I go to my bank's site seems sub-optimal. Keeping passwords for all the varied sites on the computer in a plain-text file seems unwise as well. Keeping them in my brain is a prescription for disaster, as my brain is increasingly leaky. A paper notepad likewise has its disadvantages. I have looked at a number of password managers, password 'vaults' and so on. The number of tools out there is a bit overwhelming. Magic Password Generator add-in for Firefox seems competent, but it's tied to Firefox, and I have other places and applications where I want passwords. And I might be accessing my sites from other computers that don't have it installed. The ideal tool in my mind should be something that is independent of any application, browser, or computer; something that is easily carried, but which if lost poses no risk of compromise. What does the Slashdot crowd like in password tools?"



Another freebie to check out...

http://developers.slashdot.org/story/09/11/11/0210212/Go-Googles-New-Open-Source-Programming-Language

Go, Google's New Open Source Programming Language

Posted by kdawson on Wednesday November 11, @12:21AM from the blatently-bracist dept.

Many readers are sending in the news about Go, the new programming language Google has released as open source under a BSD license. The official Go site characterizes the language as simple, fast, safe, concurrent, and fun. A video illustrates just how fast compilation is: the entire language, 120K lines, compiles in under 10 sec. on a laptop. Ars Technica's writeup lays the stress on how C-like Go is in its roots, though it has plenty of modern ideas mixed in:

"For example, there is a shorthand syntax for variable assignment that supports simple type inference. It also has anonymous function syntax that lets you use real closures. There are some Python-like features too, including array slices and a map type with constructor syntax that looks like Python's dictionary concept. ... One of the distinguishing characteristics of Go is its unusual type system. It eschews some typical object-oriented programming concepts such as inheritance. You can define struct types and then create methods for operating on them. You can also define interfaces, much like you can in Java. In Go, however, you don't manually specify which interface a class implements. ... Parallelism is emphasized in Go's design. The language introduces the concept of 'goroutines' which are executed concurrently. ... The language provides a 'channel' mechanism that can be used to safely pass data in and out of goroutines."



A simple question for my lawyer friends: If I use this to “speak” my blog instead of using the written word, is that “cruel and unusual punishment?” Another scary thought, I could record a few of my rants and they'd be on the Internet forever...

http://www.makeuseof.com/tag/gizmoz-%E2%80%93-a-3d-talking-character-maker-that-uses-your-photo/

Gizmoz – A 3D Talking Character Maker That Uses Your Photo

Nov. 10th, 2009 By Saikat Basu

Well, that’s what Gizmoz is. A Web 2.0 3d character maker that lets us create, customize and animate lifelike 3D talking characters and share it on sites like YouTube and Facebook. Yes, your very own talking, blabbering avatar.



I still like the old fashioned feel of a book, but free is free and that's good. And now I can give all my students free books for Christmas (Yes I'm cheap. Youse gotta problem wid dat?)

http://www.makeuseof.com/tag/how-to-download-completely-free-amazon-kindle-ebooks-to-your-pc/

How To Download Completely Free Amazon Kindle eBooks To Your PC

Nov. 11th, 2009 By Karl L. Gechlik

You can turn your portable computer or even your desktop computer into a full featured Kindle. It may not look like a Kindle but it can let you read, bookmark and annotate your eBooks.

… Let’s take a look at how to download, install and start reading eBooks. Your Kindle for PC will also let you download and pay for books as well. But as we cover free software here we will focus on some free eBook downloading and reading.

I started by downloading the software from here. After the download is completed, run the installer and install the application. Then you will see a screen that looks like this:

No comments: