Tuesday, December 01, 2009

Interesting to me that they even consider re-interpreting the law. If the answer makes Hannaford liable, security will improve immediately.

http://www.databreaches.net/?p=8612

Update: Court to decide what time, trouble are worth in Hannaford breach

December 1, 2009 by admin Filed under Breach Incidents, Business Sector, Hack, Of Note, U.S.

Judy Harrison reports:

Whether Hannaford Bros. customers may recover damages for the time and trouble it took them to straighten out their bank or credit card accounts after the Scarborough-based firm’s computer system was breached in late 2007 and early 2008 now is up to the Maine Supreme Judicial Court.

The justices have never considered what constitutes damages for lost time and effort in cases of data theft.

U.S. District Judge D. Brock Hornby last week sent two specific questions to the state’s high court. In essence, the federal judge wants to know if Maine consumers who have been reimbursed by their banks and credit card companies for losses due to stolen data have the right to seek damages for the time they spent and the effort it took them to straighten out their accounts.

Read more in the Bangor Daily News.

[From the article:

Questions to the court

“1. In the absence of physical harm or economic loss or identity theft, do time and effort alone, spent in a reasonable effort to avoid or remediate reasonably foreseeable harm, constitute a cognizable injury for which damages may be recovered under Maine law of negligence and/or implied contract?”

“2. If the answer to question #1 is yes under a negligence claim and no under an implied contract claim, can a plaintiff suing for negligence recover damages under Maine law for purely economic harm absent personal injury, physical harm to property, or misrepresentation?”



Wisdom?

http://www.pogowasright.org/?p=5862

Privacy Trends and Laws: J. Trevor Hughes of the IAPP

December 1, 2009 by Dissent Filed under Other, U.S.

Tom Field writes:

What have been the biggest privacy issues of 2009, and what emerging trends should you watch heading into 2010?

We posed these questions to J. Trevor Hughes, Executive Director of the International Association of Privacy Professionals (IAPP). In an exclusive interview, Hughes discusses:

  • The role of the IAPP;

  • Key legislation in the U.S. and internationally;

  • Where organizations need to improve privacy protection.

Hughes is an attorney specializing in e-commerce, privacy and technology law. In his role as Executive Director of the IAPP, Hughes leads the world’s largest association of privacy professionals.

Read the interview on GovInfoSecurity.com.

[From the article:

… one of the dynamics that has emerged over the past 10 years has been a collision of sorts between globalization and the rise of the information economy. Those two things have put enormous strains on our prior jurisdictional approaches to law.


(Related) The joys of doing business globally. I wonder if there is a good (not in legalese) guide to laws in all countries.

http://www.pogowasright.org/?p=5844

Norwegian consumer group will mount legal challenge to Facebook terms

November 30, 2009 by Dissent Filed under Featured Headlines, Internet, Non-U.S.

A Norwegian consumer protection agency is preparing a legal challenge to Facebook and other social networking companies, accusing them of operating “in a legal vacuum and irrespective of norms and standards”.

Forbrukerrådet, the Norwegian Consumer Council, has studied the privacy policies and terms and conditions of social networking sites and says that many do not properly protect Norwegian users and do not comply with Norwegian law.

“There are general principles of fair contracts and privacy that must apply also in an online environment,” said the Consumer Council’s assistant director Hans Marius Graasvold. “Nothing has changed in that respect, except the online entrepreneurs at one point just stopped caring about the law.”

Read more on Out-Law.com



A trivial (573,000 lines and 6.4 million word) hack.

http://www.motherboard.tv/2009/11/27/how-the-9-11-pagers-got-hacked--2

How the 9/11 Pagers Got Hacked

Posted by Alex_Pasternack on Friday, Nov 27, 2009

… As CBS News’ Declan McCullagh writes, it could have been done with a single pager, a laptop and some software, using “over-the-air interception”:

Each digital pager is assigned a unique Channel Access Protocol code, or capcode, that tells it to pay attention to what immediately follows. In what amounts to a gentlemen’s agreement, no encryption is used, and properly-designed pagers politely ignore what’s not addressed to them.

But an electronic snoop lacking that same sense of etiquette might hook up a sufficiently sophisticated scanner to a Windows computer with lots of disk space — and record, without much effort, gobs and gobs of over-the-air conversations.

Existing products do precisely this.



Every time I read about someone caught crossing the border with child pornography on their computer, I wonder why their lawyers never told them how to avoid detection. Turns out some Canadian lawyers did.

http://www.pogowasright.org/?p=5831

Protect sensitive data from border searches this holiday season

November 30, 2009 by Dissent Filed under Featured Headlines

There are a lot of organizations offering tips on how to protect yourself from becoming the victim of identity theft or a scam during the holiday season. David Canton offers some tips for those traveling across borders who are taking their laptops or electronic devices. The tips are based on advice published by the Canadian Bar Association, where you can find additional tips as well:

  • Travel with a “bare” computer that contains only the most essential information. Ensure that all work with data is done via a secure virtual private network (VPN). Consider using SaaS (software as a service) programs based on the Internet, rather than your computer’s hard drive.

  • Turn off your computer early: At least five minutes before you get to U.S. Customs, make sure your computer is turned off so unencrypted information in your computer’s RAM has adequate time to void itself.

  • Back up your data: Self-explanatory.

  • Store data on small devices: Smaller devices can be carried more inconspicuously.

  • Protect your phone and PDA: Phones now carry a considerable amount of information and needed to be kept as “clean” as possible in case they’re confiscated.

  • ‘Clean’ your laptop once it’s returned: This will ensure that no programs or spyware have been installed on your computer.

The better approach is to leave all information on a Canadian server and access it remotely once in the U.S.

[...]

In summary, the prudent approach for taking a computer into the U.S. is to ensure it contains no confidential, sensitive or privileged information.

Read more on Canoe.



Once again it becomes obvious that “plain English” doesn't translate easily to “plain American” But it is a step in the right direction.

http://www.databreaches.net/?p=8600

ICO publishes guide to Data Protection Act

November 30, 2009 by admin Filed under Breach Laws, Commentaries and Analyses, Non-U.S., Of Note

The Information Commissioner’s Office (ICO) has produced a new plain English Guide to Data Protection to provide businesses and organizations with practical advice about the Data Protection Act and dispel myths. The guide will help organizations safeguard personal data and comply with the law. The guide takes a straight-forward look at the principles of the Data Protection Act and uses practical, business-based examples.

Download the guide here (pdf). The full press release can be found here.



Google has to get out of this business immediately. Reviewing what users choose to share within their (not public) groups should not be subject to review. Otherwise, don't they assume liability for “allowing” anything they miss? (I have heard this excuse already.)

http://it.slashdot.org/story/09/12/01/1419238/The-Cloud-Ate-My-Homework?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

The Cloud Ate My Homework

Posted by timothy on Tuesday December 01, @09:46AM from the low-hanging-clouds-are-fog dept.

theodp writes

"Over at CNET, James Urquhart sings the praises of cloud computing, encouraging folks to 'really listen to what is being said, understand how the cloud is being used, and seriously evaluate how this disruptive model will change your projects, your organization, and even your career.' Fair enough. Over at the Google Docs Help Forum, some perplexed cloud computing users spent the month of November unsuccessfully trying to figure out why they've been zinged for inappropriate content. Among the items deemed inappropriate and unshareable include notes on Henry David Thoreau ("the published version of this item cannot be shared until a Google review finds that the content is appropriate"), homework assignments, high school yearbook plans, wishlists, documents containing botanical names for plants, a list of websites for an ecommerce class, and a list of companies that rent motorcycles in Canada. When it comes to support in the cloud, it kind of looks like you might get what you pay for."



The IMEI identifies the phone not the user. If the terrorist buys several phones for cash and isn't videotaped while doing it, how does this help? Meanwhile, it shuts off the phones of all those slumdogs...

http://mobile.slashdot.org/story/09/11/30/2042245/India-Hanging-Up-On-25-Million-Cell-Phones?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

India Hanging Up On 25 Million Cell Phones

Posted by ScuttleMonkey on Monday November 30, @06:12PM from the can-you-hear-me-now dept.

jvillain writes

"India is about to pull the plug on 25 million cell phones in the name of fighting terrorism and fraud. 'The ban by India's Department of Telecommunications has been unfolding gradually since Oct. 6, 2008, six weeks before the attacks in Mumbai killed 173 people and wounded 308. A memo then directed service providers to cut off cellphone users whose devices didn't have a real IMEI — or unique identity number — in the interests of 'national security.' Since then, the move has picked up steam as a way to circumvent terrorists using black market, unregistered cellphones. The Mumbai attackers kept in touch with each other via cellphones and used GPS to pinpoint their attacks, which started Nov. 26, 2008, and went on for three days. The telecommunications department has issued warnings and deadlines through 2009 but has announced this one is for real, telling operators to block cellphones without valid IMEI numbers. Previously, it warned companies to stop importing them and customers to stop buying them.'"



We've been saying this for months, nice of you to notice! Note that it used to be “common knowledge” that only Republicans supported the “business agenda.”

http://www.wired.com/threatlevel/2009/11/america-catering-to-hollywood/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Europe Worries U.S. Bowing to ‘Industry’ in ACTA Talks

By David Kravets November 30, 2009 4:01 pm

… The document, entitled European Union’s Comments to the US Proposal, suggests that the administration, in its closed-door negotiations over the Anti-Counterfeiting and Trade Agreement, might have forgotten that copyright interests extend beyond industry concerns.

The “most important provision” of the U.S.-proposed copyright section, according to the EU document, includes language noting that the United States’ “overarching objective” is to “facilitate the continued development of industry.” (.pdf)



Is this the business model that will kill newspapers? Personnaly, I think the newspapers are doing that themselves.

http://www.techcrunch.com/2009/11/30/smsone-micro-local-india-news/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

SMSONE: Micro-local news from India to make Silicon Valley jealous

by Sarah Lacy on November 30, 2009

… But every once in a while I find a company that hits the trifecta: It’s addressing a big problem locally, it’s something I don’t think is offered in the US, and…. I want it.

… I’m talking about SMSONE Media, a company I met in Pune about a week ago. Like most of the impressive companies I saw in India, it’s aimed squarely at the base of the pyramid and is using basic SMS to deliver services to people some of India’s most unconnected areas.

… SMSONE is basically a very-local newsletter. Ghate goes to a village and scouts out an unemployed youth—preferably one who’s had jobs as a street vendor or has experience going door-to-door shilling for local politicians. The kid pays Ghate 1000 rupees (or about $20) for the “franchise” rights to be the local reporter for that village. He goes door-to-door singing up 1,000 names, phone numbers and other basic information, then mails the slips to Ghate. Ghate enters it all his databases and all those “subscribers” get a text introducing the kid as their village’s reporter. In India all incoming texts are free so, the subscribers don’t pay anything.

And what readers get is pretty powerful. Right now there is no way to get a timely message to people in a village. There’s no Internet access, no TV, no local paper, and frequently no electricity. All they have is a basic mobile phone. SMSONE’s service can give farmers instant updates about crop pricing or news of a seed or fertilizer delivery a town away. That means the farmer only makes the trip when he knows the shipment is there, rather than wasting days of travel hoping the shipment is there.



Harvard makes a fundamental error? Also consider that existing “hospital” computer systems haven't been designed to assist doctors.

http://news.slashdot.org/story/09/12/01/0115246/Harvard-Says-Computers-Dont-Save-Hospitals-Money?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Harvard Says Computers Don't Save Hospitals Money

Posted by kdawson on Tuesday December 01, @02:28AM from the always-jam-tomorrow dept.

Lucas123 writes

"Researchers at Harvard Medical School pored over survey data from more than 4,000 'wired' hospitals and determined that computerization of those facilities not only didn't save them a dime, but the technology didn't improve administrative efficiency either. The study also showed most of the IT systems were aimed at improving efficiency for hospital management — not doctors, nurses, and medical technicians. 'For 45 years or so, people have been claiming computers are going to save vast amounts of money and that the payoff was just around the corner. [Not people, salesmen. Salesmen aren't people. Bob] So the first thing we need to do is stop claiming things there's no evidence for. It's based on vaporware and [hasn't been] shown to exist or shown to be true,' said Dr. David Himmelstein, the study's lead author."



Ethics. Iffin youse gotta ax, youse ain't got none.

http://ask.slashdot.org/story/09/12/01/0025213/Ethics-of-Releasing-Non-Malicious-Linux-Malware?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Ethics of Releasing Non-Malicious Linux Malware?

Posted by kdawson on Monday November 30, @09:39PM from the what-would-schneier-do dept.

buchner.johannes writes

"I was fed up with the general consensus that Linux is oh-so-secure and has no malware. After a week of work, I finished a package of malware for Unix/Linux. Its whole purpose is to help white-hat hackers point out that a Linux system can be turned into a botnet client by simply downloading BOINC and attaching it to a user account to help scientific projects. The malware does not exploit any security holes, [Not exactly true. Bob] only loose security configurations and mindless execution of unverified downloads.

The aim of the exercise was to provide a payload so security people can 'pwn' systems to show security holes, without doing harm (such as deleting files or disrupting normal operation). But now I am unsure of whether it is ethically OK to release this toolkit, which, by ripping out the BOINC payload and putting in something really evil, could be turned into proper Linux malware. On the one hand, the way it persists itself in autostart is really nasty, and that is not really a security hole that can be fixed. On the other hand, such a script can be written by anyone else too, and it would be useful to show people why you need SELinux on a server, and why verifying the source of downloads (checksums through trusted channels) is necessary. Technically, it is a nice piece, but should I release it? I don't want to turn the Linux desktop into Windows, hence I'm slightly leaning towards not releasing it. What does your ethics say about releasing such grayware?"



Small savings multiplied by huge numbers = competitive advantage.

http://hardware.slashdot.org/story/09/11/30/2039239/Google-Patent-Reveals-New-Data-Center-Innovations?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Google Patent Reveals New Data Center Innovations

Posted by ScuttleMonkey on Monday November 30, @05:29PM from the easy-to-innovate-with-unlimited-resources dept.

miller60 writes

"'Google is seeking to patent a system that provides precision cooling inside racks of servers, automatically adjusting to temperature changes while reducing the energy required to run chillers.' The cooling design uses an adjustable piping system featuring 'air wands' that provide small amounts of cold air to components within a server tray. The cooling design, which could help Google reduce the power bill for its servers, reinforces Google's focus on data center innovation as a competitive advantage. Check out the patent application and a diagram of the system."



Still thinking about collecting my blog into an e-book. Need to come up with a catchy title. “Everything important in the last 3 years?” “The world according to Bob?” “The dark side of the Internet?”

http://www.makeuseof.com/tag/how-to-actually-make-money-selling-ebooks/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Makeuseof+%28MakeUseOf.com%29

How to Actually Make Money Selling eBooks

Nov. 30th, 2009 By Ryan Dube



I plan to use this in my next word processing class. I wonder how many other “forced template” tools are available?

http://www.killerstartups.com/Web-App-Tools/niceletter-com-writing-letters-just-got-easier?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+killerstartups%2FBkQV+%28KillerStartups.com%29

Niceletter.com - Writing Letters Just Got Easier

http://www.niceletter.com/en/

The digital age caused many people to lose the structural knack that defined letter-writing in the past. These individuals will most likely benefit from a service such as Niceletter. And the same goes for those who did never get to grips with formatting their letters to begin with, and wrote everything in the wrong places of the sheet.

Basically, Niceletter is a free letter wizard that will enable anybody to have a letter which complies with writing rules simply by filling in a couple of fields. That is, the layout of the letter will be taken care of more or less automatically, and the only thing you will need to worry about is the actual content.

No comments: