This blogger asks the same types of questions I do. Are there any guidelines for press releases on Data Breaches?
http://breachblog.com/2009/01/13/rochester.aspx?ref=rss
Many details missing in University of Rochester breach
Date Reported: 1/11/09
Organization: University of Rochester
1) This is becoming much more common. 2) Access to the information must be quick, easy and cheap
http://www.databreaches.net/?p=508
TX: HPD investigating massive credit card scam
Posted January 12th, 2009 by admin
Matthew Jackson reports:
Huntsville Police began a massive investigation into an international fraud ring on Friday after arresting a Houston woman with more than 100 credit card numbers in her possession Thursday afternoon.
[..]
In the vehicle, officers found more evidence of fraud.
“In her vehicle we found several typed pages of credit card numbers and access codes, many of which had names with them,” Foulch said. “There were also numerous slips of paper with names and credit card information written on them, along with more cards.”
In total, Washington was found to have 38 credit and debit cards in her possession, and at least 62 credit card numbers written down in her vehicle and purse, along with $3,000 cash and several gift cards.
[...]
During the initial hours of the investigation, detectives also established a financial connection to the Ukraine, leading them to believe that this scam is part of an international criminal group.
Read more in the Huntsville Item
Looks like they were intercepting the mail. That's interesting.
http://www.databreaches.net/?p=527
OH: CCS Employees’ Personal Info Found During Police Raid
Posted January 12th, 2009 by admin
Columbus City Schools experienced a security breach, resulting in employees’ Social Security numbers being at risk.
A raid conducted by Columbus police Thursday turned up the Social Security numbers of 80 to 100 CCS employees, NBC 4‘s Lauren Diedrich reported.
The information was part of a mailing that appears to have been intercepted while en route to annuity companies.
Two employees filed a police report, claiming that credit cards were opened and that someone rented cars in their names.
Source - NBC4 Additional info in The Columbus Dispatch
Perhaps we could call this the “Rothschild Effect?” Expectation of privacy?
http://www.pogowasright.org/article.php?story=20090112073357621
UK: CCTV cameras used to provide 'evidence' against diners who complained
Monday, January 12 2009 @ 07:33 AM EST Contributed by: PrivacyNews
When a family who dined at the Manor Restaurant in Waddesdon Manor were disappointed with their meal, they wrote a letter complaining about their experience. In response, the manager disputed her version after he had "watched and listened with interest to the video recording of her table". Now theIn a letter to the National Trust's director-general, Dame Fiona Reynolds, she asked: "Does the National Trust condone recording, watching and listening to private conversations at customers' tables in National Trust restaurants?"
Source - The Telegraph hat-tip, Privacy Lives
This strikes me as a great way to check out your phony credentials before you reach the boarder...
http://yro.slashdot.org/article.pl?sid=09%2F01%2F13%2F0252208&from=rss
Visitors To US Now Required To Register Online
Posted by kdawson on Tuesday January 13, @08:14AM from the e-papers-please dept.
mytrip sends a reminder that starting today, visitors to the US from 35 visa-waiver countries will be required to register online with the Department of Homeland Security in advance. The DHS is asking people to go online for the ESTA program 72 hours before traveling, but they can register any amount of time ahead. Approval, once granted, is good for 2 years. DHS says that most applications are approved in 4 seconds. If an application is rejected, the traveler will have to go to a US embassy and get a visa. CNet reports that information from applications will be retained for 12 years, and eventually up to 75 years.
Similar to Credit Reporting firms that didn't bother to check the businesses they sent reports to? (but at the money laundering end of the game.)
http://www.pogowasright.org/article.php?story=20090112154307634
PayPal to start obtaining credit reports on some new users or upgraded accounts
Monday, January 12 2009 @ 03:43 PM EST Contributed by: PrivacyNews
PayPal is amending their User Agreement for Business or Premier Accounts. New Business or Premier accounts or those or those who upgrade to either of those types of accounts will be giving PayPal their written instruction to obtain their personal and/or business credit reports from a credit bureau.
They will also have to give PayPal permission to obtain their business and/or personal credit reports at any time thereafter if PayPal thinks there may be increased risk associated with the account.
From the Policy Updates notice on their site
Effective Date: February 11, 2009
Beginning February 11, 2009 the PayPal User Agreement is being amended as follows:
1. A new section 2.4 is added to the PayPal user agreement. The new section will read as follows:
"2.4 Credit Report Authorization for Premier and Business Accounts. If you open a Premier or Business Account, you are providing PayPal with your written instructions to obtain your personal and/or business credit report from a credit bureau. PayPal may obtain your credit report: (a) when you open (or upgrade to) a Premier or Business Account, or (b) any time thereafter if PayPal reasonably believes there may be an increased level of risk associated with your Account. An increased level of risk includes, but is not limited to, a high number of chargebacks or reversals, or suspicious activity associated with your Account."
Something to consider when drafting your security policy!
http://www.databreaches.net/?p=552
Absolute and Ponemon Institute Study Shows Many Employees Undermine Traditional Data Breach Prevention Strategies
Posted January 13th, 2009 by admin
From the press release:
Absolute(R) Software Corporation and the Ponemon Institute today announced the findings of a new study on the use of encryption on laptops by employees within corporations in the U.S. The study, “The Human Factor in Laptop Encryption: US Study,” revealed that more than half (56%) of business (non-IT) managers polled, disable the encryption solution on their laptops. Ninety-two percent of IT security practitioners report that someone in their organization has had a laptop lost or stolen and 71% report that it resulted in a data breach. Results indicate that it is employee behavior that undermines data protection efforts in corporate America. Companion studies of UK and Canadian companies are also available.
[...]
“The Human Factor in Laptop Encryption: U.S. Study” key findings include:
92% of IT security practitioners report that someone in organization has had a laptop lost or stolen and 71% report that it resulted in a data breach;
56% of business managers have disengaged their laptop’s encryption;
Only 45% of IT security practitioners report that their organization was able to prove the contents of missing laptops were encrypted;
Only 52% of business managers - employees most likely to have access to the most sensitive data (personally identifiable information and/or intellectual property) - have employer-provided encryption;
57% of business managers either keep a written record of their encryption password, or share it with others in case they forget it;
61% of business managers share their passwords, compared to only 4% of IT managers; and,
Business managers are much more likely than IT security practitioners to believe encryption makes it unnecessary to use other security measures for laptop protection.
[...]
Highlights and the complete reports for “The Human Factor in Laptop Encryption” studies for the U.S., U.K. and Canada can be found at: www.absolute.com/humanfactor.
[...]
Speaking of security, here's something for those BlackBerry addicts. Interesting article.
http://news.cnet.com/8301-13578_3-10141398-38.html?part=rss&subj=news&tag=2547-1_3-0-5
Obama's new BlackBerry: The NSA's secure PDA?
Posted by Declan McCullagh January 13, 2009 4:00 AM PST
… One reason to curb presidential BlackBerrying is the possibility of eavesdropping by hackers and other digital snoops. While Research In Motion offers encryption, the U.S. government has stricter requirements for communications security.
… Fortunately for an enthusiastic e-mailer-in-chief, some handheld devices have been officially blessed as secure enough to handle even classified documents, e-mail, and Web browsing.
One is General Dynamics' Sectera Edge, a combination phone-PDA that's been certified by the National Security Agency as being acceptable for Top Secret voice communications and Secret e-mail and Web sites.
The comments include health warnings for politicians.
http://games.slashdot.org/article.pl?sid=09%2F01%2F12%2F2255224&from=rss
Congressman Wants Health Warnings On Video Games
Posted by ScuttleMonkey on Monday January 12, @06:32PM from the nanny-state dept. Games Politics
An anonymous reader writes
"California Rep. Joe Baca has proposed a bill which would mandate placing health warning labels on any video game rated T (13+) or higher by the ESRB. The Video Game Health Labeling Act of 2009 would require a cigarette pack-like label that reads, 'WARNING: Excessive exposure to violent video games and other violent media has been linked to aggressive behavior.'"
Related? Do these come with health warnings? (Might work with the Video-ringtones, below)
http://news.cnet.com/8301-13578_3-10141182-38.html?part=rss&subj=news&tag=2547-1_3-0-5
YouTube launches platforms for Congress
Posted by Stephanie Condon January 12, 2009 2:46 PM PST
President-elect Barack Obama embraced YouTube when he started broadcasting his weekly address in both audio and video form, so it may have only been a matter of time before the Congress followed suit.
YouTube in conjunction with Congress on Monday launched two new platforms, the Senate Hub and the House Hub, that provide easy access to congressional YouTube channels.
Visitors can find their senators' YouTube pages by clicking on a map or using a drop down menu. While Washington, D.C. has no members to boast in either chamber, clicking the capital city on the map will take visitors to channels dedicated to congressional committees. While the hubs are maintained by YouTube, each individual congressperson's channel is maintained by his or her office.
How to compete with free? Something for the next anti-trust class?
http://news.slashdot.org/article.pl?sid=09%2F01%2F12%2F2116230&from=rss
How Microsoft Beats GNU/Linux In Schools
Posted by ScuttleMonkey on Monday January 12, @05:42PM from the doing-battle-like-an-insider dept. Microsoft Education
twitter writes
"Ever wonder why schools still use Windows? Boycott Novell has extracted the details from 2002 Microsoft email presented in the Comes vrs Microsoft case and other leaks. What emerges is Microsoft's desperate battle to 'never lose to Linux.' At stake for Microsoft is more than a billion dollars of annual revenue, vital user conditioning and governmental lock in that excludes competition, and software freedom for the rest of us. Education and Government Incentives [EDGI] and "Microsoft Unlimited Potential" are programs that allows vendors to sell Windows at zero cost. Microsoft's nightmare scenario has already been realized in Indiana and other places. Windows is not really competitive and schools that switch save tens of millions of dollars. Because software is about as expensive as the hardware in these deals, the world could save up to $500 million each year by dumping Microsoft. Now that the cat is out of the bag, it's hard to see what Microsoft can do other than what they did to Peter Quinn."
Something to watch?
http://news.cnet.com/8301-10805_3-10141225-75.html?part=rss&subj=news&tag=2547-1_3-0-5
Tech giants team on education push
Posted by Ina Fried January 13, 2009 12:01 AM PST
Microsoft, Intel, and Cisco plan to announce Tuesday that they are working together to help ensure that proper standards are created for measuring digital literacy.
The three companies aren't coming up with the assessment criteria themselves, but rather bringing together a group of education leaders and academics to identify the characteristics that should form the basis of global standards.
While such standards have emerged for math and science, they are also needed for other kinds of 21st century skills, Microsoft Vice President Anoop Gupta said in an interview last week.
It would be interesting to match this list against reported data breaches but I suspect there is not enough data released to make an honest assessment. Might be enough to sic the Class Action lawyers on them though...
http://tech.slashdot.org/article.pl?sid=09%2F01%2F12%2F1828226&from=rss
More Than Coding Errors Behind Bad Software
Posted by ScuttleMonkey on Monday January 12, @02:19PM from the bad-decisions-go-all-the-way-up dept. Programming Bug
An anonymous reader writes
"SANS' just-released list of the Top 15 most dangerous programming errors obscures the real problem with software development today, argues InfoWeek's Alex Wolfe. In More Than Coding Mistakes At Fault In Bad Software, he lays the blame on PC developers (read: Microsoft) who kicked the time-honored waterfall model to the curb and replaced it not with object-oriented or agile development but with a 'modus operandi of cramming in as many features as possible, and then fixing problems in beta.' He argues that youthful programmers don't know about error-catching and lack a sense of history, suggesting they read Fred Brooks' 'The Mythical Man-Month,' and Gerald Weinberg's 'The Psychology of Computer Programming.'"
Another anniversary. The program that changed the world? (or at least, gave birth to the saying: “to err is human, to really screw up you need a computer.”)
http://tech.slashdot.org/article.pl?sid=09%2F01%2F13%2F1325239&from=rss
30th Anniversary of the (No Good) Spreadsheet
Posted by timothy on Tuesday January 13, @09:01AM from the malignant-cells dept. Software Programming
theodp writes
"PC Magazine's John C. Dvorak offers his curmudgeonly take on the 30th anniversary of the spreadsheet, which Dvorak blames for elevating once lowly bean counters to the executive suite and enabling them to make some truly horrible decisions. But even if you believe that VisiCalc was the root-of-all-evil, as Dvorak claims, your geek side still has to admire it for the programming tour-de-force that it was, implemented in 32KB memory using the look-Ma-no-multiply-or-divide instruction set of the 1MHz 8-bit 6502 processor that powered the Apple II."
On the brighter side, one of my favorite things about Visicalc is the widely repeated story that it was snuck into businesses on Apple machines bought under the guise of word processors, but covertly used for accounting instead.
Not exactly a significant security tool, but likely useful when explaining how advertisers track your browsing.
http://www.killerstartups.com/Web-App-Tools/ghostery-com-finding-web-bugs-the-easy-way
Ghostery.com - Finding Web Bugs The Easy Way
http://www.ghostery.com
Ghostery is a Firefox extension that plays out a very specific role, namely informing you about the web bugs used by any site that you visit. As it is explained online, a web bug can be defined as a graphic on websites or e-mail messages that are used to monitor who is reading what. A web bug is often invisible to the human eye, as they tend to be just 1-by-1 pixel in size. This is so because the idea of such monitoring processes is to run under cover of darkness.
Whenever a bug is viewed, some specific information is sent to a server. This includes the IP address of the computer that fetched the web bug and the type of browser that the internaut is using, as well as the URL of the web image and the time that the web bug itself was viewed.
Obviously, such a as system has two main uses: 1) Garnering statistics about online traffic and web usage, and 2) Setting down banner ads as per the personal tastes of the user. This Firefox extension, then, will let you inform yourself about the ways information is culled from you while you are surfing the Web, and how to act in consequence. Note that Ghostery is available free if charge, too, so that if you want to see the invisible Internet this is a good chance to do so.
This might turn into an interesting resource.
http://www.killerstartups.com/Web20/globalpost-com-foreign-correspondents-on-the-www
GlobalPost.com - Foreign Correspondents On The WWW
http://www.globalpost.com
GlobalPost is an American news organization that aims to redefine the concept of international news as we know it, and make it fit in the digital age. To these ends, GlobalPost aims to build a worldwide community of foreign correspondents who live in the country that each one of them is covering, and are well-acquainted with the environment they have to report about.
In principle, each journalist has to submit a weekly dispatch as well as keeping a blog and uploading contents such as pictures and videos to give the readership an accurate idea of what it is like where they are located.
At the end of the day, this new organization has the objective of covering these areas that the American news-media has traditionally under-reported. It has already hired over 60 correspondents, and you can see how they fare for yourself. If you do like the approach, note that you can also subscribe for a membership program that is named “Passport”. One way or the other, those who have migrated to the Web as a new contents platform will probably find a visit to the site compelling.
Inevitable? Once upon a time, your butler would bring a calling card to you on a silver platter. Now imaging the IRS sending you an image of Darth Vader with the message “We need to talk!” (Perhaps I can get my students to use the “Dog Malfunction” video when they call me.)
http://news.cnet.com/8301-17939_109-10140891-2.html?part=rss&subj=news&tag=2547-1_3-0-5
Vringo adds video ringtone creator
Posted by Rafe Needleman January 12, 2009 12:06 PM PST
Video ringtone company Vringo has launched Vringo Studio, which gives user the capability to create their own video calling cards. Previously, users could only select from a pre-built library of videos on the site. With the new Vringo Studio, users can search for any video on YouTube, select a portion of it up to 30 seconds long, and send it to their phone, where it can become their outbound ringtone for other Vringo users.