http://www.databreaches.net/?p=9008
AU: Two charged over $4m Perth McDonald’s EFTPOS scam
December 22, 2009 by admin Filed under Business Sector, Non-U.S., Of Note, Skimmers
Glenn Cordingley reports:
Two people have been arrested over an EFTPOS skimming scam in which $4 million was stolen from the accounts of McDonald’s customers in WA [Western Australia].
More than $4 million was withdrawn from 4,000 accounts and people were forced to change their pin numbers at the height of the scam in September.
Read more on news.com.au
[From the article:
WA Police believe card details were stolen after thieves tampered with hand-held EFTPOS devices handed into cars at several McDonald’s stores.
… Western Australia's top fraud officer Detective Senior Sergeant Don Heise said the McDonald's scam occurred when legitimate EFTPOS PIN pads were replaced by bogus ones that transmitted PINs to criminals.
[Note: EFTPOS is an acronym for "electronic funds transfer point of sale." Bob]
Update Think I should stop giving my student sniffing programs?
http://www.wired.com/threatlevel/2009/12/stephen-watt/
Former Morgan Stanley Coder Gets 2 Years in Prison for TJX Hack
By Kim Zetter December 22, 2009 6:44 pm
… Stephen Watt, a 25-year-old former Morgan Stanley software engineer, pleaded guilty last December to creating a custom sniffing program dubbed “blabla” that Gonzalez and other hackers used to siphon millions of credit and debit card numbers from TJX’s network.
… A spokeswoman for the U.S. attorney’s office in Massachusetts said the judge also ordered Watt to pay restitution to TJX in the amount of $171.5 million.
… Prosecutors never alleged that Watt received money for the software he wrote, or directly profited from the hacks. But they brandished more than 300 pages of chats [Someone was keeping the chat messages they claim to be deleting. Bob] the two friends exchanged that belied Watt’s stated ignorance.
These things are confusing, but I still want to believe the WSJ got it right. Who has the duty to disclose, and can other victims stop or initiate the disclosure?
http://www.databreaches.net/?p=9013
WSJ reports Citi’s denial (updated)
December 22, 2009 by admin Filed under Breach Incidents, Financial Sector, Hack
David Enrich of the WSJ reports:
Citigroup Inc. denied a report in The Wall Street Journal that federal authorities are investigating the theft of tens of millions of dollars from customer accounts by hackers, and sought to reassure clients that their funds are safe.
The New York financial company sent employees in U.S. bank branches a memo to help respond to questions. The moves came after The Wall Street Journal reported that the Federal Bureau of Investigation is probing a computer-security breach aimed at accounts of the company’s Citibank unit.
It couldn’t be learned how funds were stolen, whether through Citibank’s systems or by other means. The breach could have involved a contractor that processes transactions for the U.S. financial institution. Investigators suspect that the theft was conducted by a well-known Russian cyber gang.
Read more on The Wall Street Journal (subscription required).
Citi’s press release does not specifically deny that they might have suffered losses due to a contractor or processor breach. It only denies that there was a breach of its system with associated losses. Nor did Citi deny that it had shared information with federal agencies over the summer to counter an attack. If their customers did not suffer large losses on the order of tens of millions of dollars due to any contractor or processor breach, it would be helpful if they said so. As it stands now, the only part of the WSJ story they seem to have directly denied is that there was a security breach of their own system.
Or at least that’s how I read it. How do you read it?
UPDATE: 12-23-09: Now others are confirming Citi’s denial and saying that WSJ got it wrong. See the story here.
(Related) Could make an interesting Ethics question for my students. Do we tell card holders they are at risk or not.
http://www.databreaches.net/?p=9025
Suspected computer hack compromises Anchorage credit, debit card holders
December 23, 2009 by admin Filed under Breach Incidents, Business Sector, Hack
Christine Kim reports:
Just a simple swipe can lead to a ripple of consequences.
Up to 1,000 Anchorage residents may be affected by a credit card crime.
Police say it may have been a computer hack that stole the information about credit and debit card holders.
Detectives are still trying to figure out who was behind the hacking, but they say they’re using what they have to put the puzzle pieces together.
“It’s a lot easier than most people think,” Jan Jones from the Consumer Credit Counseling Service of Alaska said.
After a process of elimination, police believe it was a computer hack that compromised credit and debit card information of customers at an Anchorage business.
Police are not releasing the name and type of business.
Read more on KTUU.
[From the article:
I don't want the bad guy to know everything we know, we got to keep some things close but also there are some privacy issues as well," said APD Detective Glen Klinkhart.
… One pattern detectives are noting is that many of the charges made are from various locations in the East Coast. [So probably not one guy and probably a jurisdictional nightmare. Bob]
Stephen Rynerson was kind enough to send me this article, knowing it would ring my eDiscovery, logic, forensic and technology bells, simultaneously!
http://www.juliansanchez.com/2009/12/08/the-redactors-dilemma/
The Redactor’s Dilemma
December 8th, 2009
… Like a lot of the stacks of papers that pile up on your desk when you study national security surveillance for a living, these are heavily redacted, and over time, you start developing little heuristics for trying to put the puzzle pieces together, to at least limit the domain of what might be in those black boxes.
… But it does point toward the larger problem—or strategy for reading, if you spend your time outside the federal government poking through this stuff—that I want to call the Redactor’s Dilemma.
Imagine you’re given the task of censoring documents like these for public release. There are some bits that you just obviously cut out—whole paragraphs describing operational details that, for good reasons or bad, you want to keep secret. But that won’t be quite enough. Because you’re probably going to have folks reading the documents who know a little something about the law, a little something about the relevant technology, and a little something about surveillance tactics generally. [And when Stephen is asked to name someone who knows little, he naturally thinks of me! I couldn't be prouder. Bob]
Defining 'freedom of the blog'?
http://www.pogowasright.org/?p=6536
Canada’s top court transforms press freedom with new libel defense
December 23, 2009 by Dissent Filed under Court, Featured Headlines, Internet, Non-U.S.
Kirk Makin reports:
The Supreme Court of Canada transformed the country’s libel laws Tuesday with a pair of decisions that proponents say will expand the boundaries of free speech. [Free speech is an 'infinite good,' this is merely removing limits. Bob]
The court ruled that libel lawsuits will rarely succeed against journalists who act responsibly in reporting their stories when those stories are in the public interest.
It also updated the laws for the Internet age, extending the same defence to bloggers and other new-media practitioners.
[...]
The media were exultant about the rulings. “This is a historic turn for Canadian media, who have long suffered an undue burden of proof,” said Globe and Mail editor-in-chief John Stackhouse. “We should not take our responsibility any more lightly, but we should celebrate the fact that the heavier blinds of Canadian libel law have been pulled back. The acceptance of this new defence by the Supreme Court of Canada will greatly advance the cause of freedom of expression, transparency and responsible journalism in Canada.”
Read more in The Globe and Mail. Related: Peter Grant v. Torstar (pdf) Hat-tip, Slashdot.
What do they teach at Harvard these days?
Florida Congressman Wants Blogging Critic Fined, Jailed
Posted by timothy on Tuesday December 22, @01:27PM from the gov't-we-deserve-is-a-canard dept.
vvaduva writes
"Florida Rep. Alan Grayson wants to see one of his critics go directly to jail, all over her use of the word 'my' on her blog. In a four-page letter sent to [US Attorney General Eric] Holder, Grayson accuses blogger Angie Langley of lying to federal elections officials and requests that she be fined and imprisoned for five years. Her lie, according to Grayson, is that she claims to be one of his constituents. Langley, Grayson says, is misrepresenting herself by using the term 'my' in the Web site's name."
[From the article:
In an effort to raise money against the outspoken freshman Democrat, a Republican activist named Angie Langley has launched "mycongressmanisnuts.com" -- a Web site that parodies Grayson's re-election site, "congressmanwithguts.com."
The details would have been better, but we can still assume this proves that they do block user access, doesn't it?
Comcast Pays Out $16M In P2P Throttling Suit
Posted by kdawson on Wednesday December 23, @08:13AM from the bad-money-after-good dept.
court
eldavojohn writes
"Comcast has settled out of court to the tune of $16 million in one of several ongoing P2P throttling class action lawsuits. You may be eligible for up to $16 restitution if 'you live in the United States or its Territories, have a current or former Comcast High-Speed Internet account, and either used or attempted to use Comcast service to use the Ares, BitTorrent, eDonkey, FastTrack or Gnutella P2P protocols at any time from April 1, 2006 to December 31, 2008; and/or Lotus Notes to send emails any time from March 26, 2007 to October 3, 2007.' $16 million seems low. And it's too bad this was an out-of-court settlement instead of a solid precedent-setting decision for your right to use P2P applications. The settlement will probably not affect the slews of other Comcast P2P throttling suits, and it's unclear whether it will placate the FCC."
Next to gossip, we love leaks best! It's just like gossip, but (usually) without the celebrities. This business model would create thousands of “drop boxes” for spying on corporations.
Wikileaks Targets the Local News Frontier
Posted by kdawson on Tuesday December 22, @06:45PM from the think-locally-disrupt-globally dept.
eldavojohn writes
"Wikileaks has been pretty successful on a global scale — from ACTA documents to East Anglian e-mails, it is the definitive place to find suppressed documents. But some are saying that now Wikileaks should begin focusing on a local level. From the article: 'The organization has applied for a $532,000 two-year grant from the Knight Foundation to expand the use of its secure, anonymous submission system by local newspapers. The foundation's News Challenge will give as much as $5 million this year to projects that use digital technology to transform community news. WikiLeaks proposes using the grant to encourage local newspapers to include a link to WikiLeaks' secure, anonymous servers so that readers can submit documents on local issues or scandals. The newspapers would have first crack at the material, and after a period of time — perhaps two weeks, [German Wikileaks spokesman Daniel] Schmitt said — the documents would be made public on the main WikiLeaks page.' Anyone reading this who works for a community news source and would like to host sensitive documents with no risk: here is your solution."
Toward ubiquitous surveillance.
Background Checks For All With BeenVerified’s iPhone App
by MG Siegler on December 22, 2009
… The aptly named Background Check App does exactly what it says: Using data from the site BeenVerified, it allows you to do background checks on people via name queries or their email addresses. And it even allows you to check your contacts on your iPhone with just one click. Just imagine the fun that will bring.
But it’s not all free fun. Unfortunately, you only get three free queries a week [Probably not enough for Tiger Woods, but then he can afford to pay. Bob] After that, you’re prompted to sign up for a BeenVerified account and pay to get unlimited access. Currently, that will cost you $8-a-month.
Why did it take so long?
Amazon Kindle Proprietary Format Broken
Posted by kdawson on Wednesday December 23, @05:24AM from the let-a-thousand-e-books-bloom dept.
An anonymous reader writes
"The Register reports that the proprietary document format used by the Amazon online store and Amazon's Kindle has been successfully reverse engineered, allowing these DRM-protected documents to be converted into the open MOBI format. Users of alternative e-book readers rejoice."
Here are the hacker's notes on the program he is calling "Unswindle," and here is the (translated) forum where the Kindle challenge was posed and answered.
(Related)
Enable Web Browsing and Full Catalog Access on International Kindle
By Charlie Sorrel December 22, 2009 6:58 am
Interesting convergence of law and technology?
http://news.cnet.com/8301-17852_3-10420477-71.html?part=rss&subj=news&tag=2547-1_3-0-20
UK divorce lawyers: A fifth of cases Facebook-related
by Chris Matyszczyk December 22, 2009 4:43 PM PST
I've been saying that myself! Perhaps we should start a “Cool Nerd” website (or has Al Gore already copyrighted that name?)
The US Economy Needs More "Cool" Nerds
Posted by kdawson on Tuesday December 22, @02:13PM from the we-be-cool dept.
Hugh Pickens writes
"Steve Lohr writes in the NY Times that the country needs more 'cool' nerds — professionals with hybrid careers that combine computing with other fields like medicine, art, or journalism. Not enough young people are embracing computing, often because they are leery of being branded nerds. Educators and technologists say that two things need to change: the image of computing work, and computer science education in high schools. Today, introductory courses in computer science are too often focused merely on teaching students to use software like word processing and spreadsheet programs, says Janice C. Cuny, a program director at the National Science Foundation adding that the Advanced Placement curriculum concentrates too narrowly on programming. 'We're not showing and teaching kids the magic of computing,' Cuny says. The NSF is working to change this by developing a new introductory high school course in computer science and seeking to overhaul Advanced Placement courses as well. The NSF hopes to train 10,000 high school teachers in the modernized courses by 2015. Knowledge of computer science and computer programming is becoming a necessary skill for many professions, not only science and technology but also increasingly for marketing, advertising, journalism and the creative arts. 'We need to gain an understanding in the population that education in computer science is both extraordinarily important and extraordinarily interesting,' says Alfred Spector, vice president for research and special initiatives at Google. 'The fear is that if you pursue computer science, you will be stuck in a basement, writing code. That is absolutely not the reality.'"
(Related) Does this qualify the creator as a cool nerd? Okay, probably not. They seem to be ignoring the over 10 age range. I suspect this would be useful in ESL classes and would probably amuse politicians. (“How [Your Name Here!] became President!”)
Story Something Quietly Opens Up, Turns Your Kids Into Heroes
by Robin Wauters on December 23, 2009
… TC50 finalist Story Something is cautiously opening up to the masses during the holidays – intentionally.
… As our initial review of Story Something lays out in detail, the service generates personalized stories for children that make them the heroes by putting them at the center of the narrative. The hero takes on the child’s name, and a story is generated which can be viewed on the Web or e-mailed to the parent.
The startup is launching in open beta with 55 stories, some of which get featured on the homepage. Stories come in two flavors: ones that are not interactive and fairly short, and ones that are a bit longer and allow the parent or child to have some control over the storyline by giving options that effect the narrative.
No comments:
Post a Comment