Perhaps HPS learned from TJX. After all, TJX kept a low profile too.
http://www.identitytheftblog.info/identity-theft/national-media-ignoring-heartland-data-breach/1265
National Media Ignoring Heartland Data Breach
February 17th, 2009 Rob Douglas
President Barack Obama and the massive Heartland Payment Systems data breach have one thing in common. They both became official on Tuesday, January 20, 2009.
The 20th of January was the day the president was inaugurated and the day Heartland – in a pathetically obvious [yet effective Bob] attempt to hide behind the news of the inauguration – announced the largest data breach in history.
But, that is where the similarities end.
While President Obama continues to revel in the adulation of a fawning press, Heartland’s inability to thwart the hackers who planted malware in order to steal valuable credit card information from millions of Americans has been - for the most part - ignored by the national media.
While there have been dozens of articles written by small town and regional publications across the country about the hundreds of banks and credit unions that are replacing customer credit and debit cards because of the data breach, the national print and television media have paid almost no attention to the scope of the crisis.
Even more troubling is the lack of inquiry by the media into the genesis of the breach and the degree to which other payment processors may also be at risk.
The inescapable conclusion is that with the majority of the media so focused on our newly minted president and the global economic recession, there has never been a better time for cybercriminals to ply their trade. I suspect the Heartland security breach will not be the last significant cybercrime we learn of that benefited from the media’s self-induced distraction.
Bottom line: If you’re an identity thief, hacker or any other form of cybercriminal, this is the perfect time to strike the United States as no one is minding the store.
Related in that you'll never hear this on the evening news.
http://www.databreaches.net/?p=1545
EXCLUSIVE: GovTrip site shut down; DOT computers infected
Posted February 17th, 2009 by admin
Over on USA Today, Peter Eisler’s lead is about how more infiltrators are trying to plant malicious software they could use to control or steal sensitive data. Here’s another incident this week that mainstream media doesn’t seem to know about.
Over on the FAA Follies blog, it’s been reported that the Cyber Security Management Center detected that certain users of the GovTrip site were being redirected to a site that was delivering malicious software to users, resulting in the compromise of certain computers within the Department of Transportation (DOT). The site was reportedly shut down on the 13th although it was back online by the time I checked it on the 15th. The notices, as posted on the blog read:
… When contacted about the breach, an employee of the DOT informed me that he had received the broadcast emails, but that’s all they he knew, and no one at Cyber Security Management Center has returned calls asking for more information about the breach. Nor did anyone seem to know who would even collect information from all agencies that use GovTrip to determine how many agencies and how many computers might have been infected.
Related
http://www.databreaches.net/?p=1559
And yet even more p2p breaches
Posted February 17th, 2009 by admin
Thanks to Rian of RedTeam Protection, here are some more breaches they uncovered:
An executive producer at a Manhattan based television Production Company published 2,755 documents onto the gnutella file-sharing network. Contractors of this firm were required to provide their name, date of birth, and social security number for tax purposes. The invoices with personal identifiers were leaked, and several scripts were found for episodes currently in preproduction.
A therapist at a Tennessee based health care provider, and contractor to the Department of Children’s Services published 581 files onto the gnutella p2p network. These files included psychological evaluations of both parents and their children. The documents included personal identifiers, family medical histories, parenting evaluations, and admissions of rape and sexual abuse. [Can prosecutors use this? Bob]
A Florida accounting firm published 1,714 files onto the gnutella file sharing network. These files contained social security numbers and income information, in addition to confidential accounting records belonging to their corporate clients.
A benefits advisor at a Canadian college, published 2,781 files onto the gnutella file sharing network. The files included health insurance information for employees and their families.
A Texas based paralegal and transcription service published 5,340 files onto the gnutella network. These files included both medical records as well as attorney client privileged information.
A bookkeeper at a national food service company, published 2,604 files onto the gnutella file sharing network. These files included social security numbers, payroll information, scanned drivers licenses, insurance cards, and social security cards, in addition to internal union negotiations and grievance claims.
More p2p breaches coverage.
The response must have been massive – not suggested in the accounts I read. (Or perhaps Facebook hadn't thought through the changes until the backlash forced them to?)
http://www.pogowasright.org/article.php?story=20090218050329737
Facebook Withdraws Changes in Data Use
Wednesday, February 18 2009 @ 05:03 AM EST Contributed by: PrivacyNews
After a wave of protests from its users, the Facebook social networking site said on Wednesday that it would withdraw changes to its so-called terms of service concerning the data supplied by the tens of millions of people who use it.
Source - NY Times
Inevitable? Strategically, this bayoneting of the wounded would make any Privacy “protest” more likely to reach management's ears.
http://www.pogowasright.org/article.php?story=20090217183531575
Facebook Privacy Change Sparks Federal Complaint
Tuesday, February 17 2009 @ 06:35 PM EST Contributed by: PrivacyNews
The backlash against Facebook's updated privacy policies is about to expand. The Electronic Privacy Information Center (EPIC) is preparing to file a formal complaint with the Federal Trade Commission over the social network's updated licenses, PC World has learned.
Source - PC World
What can we learn? The first thing that springs to mind is: When you have a high-visibility, strategically important, “proof of concept” trial – you damn well better make certain to win on every count. Anything not 99% certain should be eliminated. (Besides, keeping all those counts until now divided the defense's efforts.)
http://blog.wired.com/27bstroke6/2009/02/prosecution-dro.html
Prosecution Drops Some Charges Against The Pirate Bay
By Wired Staff February 17, 2009 12:27:29 PM
Special correspondent Oscar Swartz reports.
STOCKHOLM — Prosecutors dropped half of the charges in the landmark trial of The Pirate Bay file sharing site Tuesday, leaving observers stunned and prompting questions about the government's preparedness in the long-awaited criminal proceeding.
… The Pirate Bay's supporters quickly claimed victory in the blogosphere, and many expressed astonishment at the course-correction. This was, after all, supposed to be the seminal piracy prosecution, with Hollywood throwing the kitchen sink at a few defiant Swedish computer nerds.
… The move is remarkable because of the extensive groundwork the content industries and the prosecutor has laid for the case. The Motion Pictures Association and other plaintiffs had collected evidence for many months by participating in file-sharing torrent swarms, dumping screenshots of downloads in progress and collecting information before the raid on May 31, 2006, in which 195 computers were trucked away by the police. The prosecutor led an investigation for two-and-a-half years after that.
Now Brad Pitt's computer can be accessed by his brother Arm...
http://it.slashdot.org/article.pl?sid=09/02/17/216216&from=rss
Researchers Hack Biometric Faces
Posted by kdawson on Tuesday February 17, @08:35PM from the face-off dept. Security Portables
yahoi sends in news from a week or so back:
"Vietnamese researchers have cracked the facial recognition technology used for authentication in Lenovo, Asus, and Toshiba laptops in lieu of the standard logon/password. The researchers were able to easily bypass the biometric authentication system built into the laptops by using photos of an authorized user, as well as by presenting multiple phony facial images in brute-force attacks. One of the researchers will demonstrate the hack at Black Hat DC this week. He says the laptop makers should remove the facial biometrics feature from their products because the vulnerability of this technology can't be fixed."
[From the article:
They successfully bypassed Lenovo's Veriface III, Asus' SmartLogon V1.0.0005, and Toshiba's Face Recognition 2.0.2.32 -- each set to its highest security level -- demonstrating vulnerabilities in the systems that let an attacker cheat them with phony photos of the legitimate user and gain access to the laptops.
These Windows XP and Vista laptops come with built-in webcams that work with the facial-recognition technology. This form of authentication is considered more convenient than fingerprint scans and more secure than traditional passwords.
For your security newsletter. Points to reports and advice for securing your phone.
http://www.identitytheftblog.info/category/security-breach
Phone Security Not Only a Presidential Issue
February 17th, 2009 Rob Douglas
… “There’s software out there that will let people image what’s on a phone, or download that information in a matter of minutes, put it back on a desk and nobody will know their information is lost,” said Michael Kessler, president of Kessler International. The computer and cell phone forensics company works with government agencies, as well as corporate clients and law firms.
See the full report at MSNBC.
So, under what circumstances would Google NOT be allowed to drive up a private road and photograph your house?
http://www.pogowasright.org/article.php?story=20090218052330994
Google wins Street View privacy suit
Wednesday, February 18 2009 @ 05:23 AM EST Contributed by: PrivacyNews
A couple in Pittsburgh that sued Google claiming that the Street View on Google Maps is a reckless invasion of their privacy has lost their case.
Aaron and Christine Boring sued the Internet search giant last April, alleging that Google "significantly disregarded (their) privacy interests" when Street View cameras captured images of their house beyond signs marked "private road." The couple claimed in their five-count lawsuit that finding their home clearly visible on Google's Street View caused them "mental suffering" and diluted their home value. They sought more than $25,000 in damages and asked that the images of their home be taken off the site and destroyed.
Source - Cnet
[From the article:
However, the U.S. District Court for Western Pennsylvania wasn't impressed by the suit and dismissed it Tuesday, saying the Borings "failed to state a claim under any count."
Ironically, the Borings' suit subjected themselves to even more public exposure by filing the lawsuit, which included their home address. In addition, the Allegheny County's Office of Property Assessments included a photo of the home on its Web site.
The Borings are not alone in their ire toward the Google Maps feature. As reported earlier, residents in California's Humboldt County complained that the drivers who are hired to collect the images are disregarding private property signs and driving up private roads. In January, a private Minnesota community near St. Paul, unhappy that images of its streets and homes appeared on the site, demanded Google remove the images, which the company did.
However, Google claims to be legally allowed to photograph on private roads, arguing that privacy no longer exists in this age of satellite and aerial imagery.
Handy dandy planning tool for my website students. Might work for document layout as well.
http://www.killerstartups.com/Web-App-Tools/wireframesketcher-com-create-screen-mockups
WireframeSketcher.com - Create Screen Mockups
http://wireframesketcher.com/tour.html
Presented by Mr. Petru Severin (a Romanian programmer), WireframeSketcher is a nifty little tool that is available to users the world over. It serves the purpose of creating wireframes, screen mockups and UI prototypes and getting your ideas across to others.
The aim of any mockup is to let others have a good idea of what it is you want to construct in the long run, and see whether your vision and the vision of others are compatible and can complement each other. In that sense, WireframeSketcher does a very competent job and will enable you to find the feedback and the insight you might be needing in order to move on up.
This tool is provided at a given cost, but (as it is the norm nowadays) you can try it out for free beforehand. This way, you will be able to determine what are its high points and how minutely it will suit your needs before incurring into any expenses. You can also check out the provided “Support” section and the featured blog, and if any doubt still subsides you can dispel it by contacting Mr. Severin at the address provided online.
As Cloud Computing grows, users will have the ability to move applications off their computers (leaving more room for porn music) and ensuring that everyone in a work-group has the same tool.
http://www.killerstartups.com/Web-App-Tools/shutterb-org-edit-documents-online-for-free
Shutterb.org - Edit Documents Online For Free
http://shutterb.org/
If word processing is the task at hand, chances are a visit to this site will sort you out. Presented by a Canadian team, Shutterborg can be described as a free word processor that is entirely web-hosted.
When you first visit the site, you are asked where the document in question is located. You can pick documents located both in your computer and in the WWW, whereas a new document can be created from scratch if that is what you want.
… The one aspect that gives this tool added presence is the ability to modify the text of any webpage without having to edit or touch the .HTML itself. This will obviously fuel the creativity of those who have either 1) A well-developed sense of humor, or 2) A lot of time on their hands. And if both suppositions turn out to be true at the same time, then we will be in for some highly amusing times.
...and just in case you thought all innovation was productivity enhancing...
http://www.killerstartups.com/Web-App-Tools/godoublevision-com-a-transparent-browser
GoDoubleVision.com - A Transparent Browser
http://www.godoublevision.com/
In a nutshell, Double Vision is a software application that will let you browse the web employing a transparent window. That is, the browser itself becomes a sort of see through entity that can even be clicked through in order to open applications and do other things in the background.
The transparency level itself can be customized, and there is also a “Quick hide” feature that comes complete with an automatic muting functionality. This is useful if you employ Double Vision in your workspace, and wish to go as unnoticed as possible.
Of course, this application also lends itself to uses such as watching tutorials while performing the different steps, or keeping articles in sight while working on projects.
… Finally, it must be mentioned that this solution is absolutely free.