Saturday, April 11, 2009

Retrospect is a bad place to be, because you can see all of your bad decisions from there.

http://www.databreaches.net/?p=2975

Auditing firm in multiple-bank breach identified

April 11, 2009 by admin Filed under: Financial Sector, Subcontractor, Theft, U.S.

This story updates the breach first reported yesterday.

J. Harry Jones of the Union-Tribune confirms that laptop computers stolen from an accounting firm may contain personal financial information of many more banks and people than first revealed.

According to the Orange County Sheriff’s Department, the laptops were stolen between 4:30 p.m. March 4 and 7 a.m. March 5 from the Laguna Hills office of the accounting firm Vavrinek, Trine, Day and Co. The six laptops (not seven, as originally reported) were not encrypted but required two passwords.

White said he is not authorized to reveal what other banks are involved, whether any besides Borrego Springs Bank are based in San Diego County, or even the number of banks the firm had as clients.

“We’ve approached this very, very seriously,” White said. All the banks involved have been notified and each is making its own decisions about whether to notify its customers and how to otherwise handle the situation, he said.

I guess we’ll just have to wait to see which banks make announcements or send notifications, and when. If anyone has received a notification letter concerning this incident, please feel free to send a copy to this site.



Somehow the details will leak. Why not state your case immediately?

http://www.databreaches.net/?p=2977

OR: BMC alleges improper record access

April 11, 2009 by admin Filed under: Healthcare Sector, U.S., Unauthorized Access

Markian Hawryluk reports:

Officials from Bend Memorial Clinic have filed a criminal complaint with Bend police alleging that employees of Cascade Healthcare Community’s new cancer center at St. Charles Bend have inappropriately viewed patient records from the clinic.

But clinic leadership declined to explain why they believe the cancer center staff had acted inappropriately, and hospital officials said they have yet to see a copy of the complaint.



An old argument. Yes we meant the information to be public, just not that public.

http://www.pogowasright.org/article.php?story=20090411060304201

ME: Public Salaries Website Causes Privacy Dispute

Saturday, April 11 2009 @ 06:03 AM EDT Contributed by: PrivacyNews

When a conservative think tank posted the names and salaries of state employees on its website, the database was applauded by the Maine Freedom of Information Coalition, which promotes open government. Since then, state employees have complained that easy public access to their salary information amounts to an invasion of privacy. In response a Democratic legislative leader has submitted a bill to shield the state employees' names. Now critics are accusing her of trying to turn government into a secret society. [Fits the world view that “only the government can save us” Bob]

Source - MPBN



You can't make stuff like this up... Okay, maybe you can. Some things just sound too improbable.

http://www.databreaches.net/?p=2966

UK: ‘Stolen’ Blackberry containing personal details of cabinet ministers, police and MPs found

April 10, 2009 by admin Filed under: Government Sector, Non-U.S., Theft

From the Daily Mail Online:

A student paid £150 for a Blackberry phone which contained the personal details of cabinet ministers, others MPs, civil servants and senior police officers.

Journalism student Darryl Curtis, 44, said he bought the device from a homeless man in Sheffield and found it contained the details of several hundred people.

He said it also held the National Insurance number, home address and computer passwords of a former chief executive of Sheffield City Council, leading him to believe it was once his.



Learn to program! (so you can determine the outcome of the next election) Do you believe these machines are re-programming themselves during the day?

http://news.slashdot.org/article.pl?sid=09/04/11/030208&from=rss

Voting Machines and 'Calibration Drift'

Posted by Soulskill on Saturday April 11, @08:18AM from the if-it's-not-one-thing dept. Government

An anonymous reader writes

"Tuesday saw elections for school boards and city officials throughout Kansas. In Saline, ES&S voting machines in several locations were 'mis-calibrated,' and when the voter touched next to one candidate's name, the 'x' appeared next to another one. One person I talked to said he tried to vote three times before going to the 80-something-year-old election worker, who told him 'It was doing that earlier, but I thought I fixed it.' From the story in today's Salina Journal: 'The iVotronic machines used in Saline County are sold by Elections Systems and Software. In October, the Brennan Center for Justice at New York University School of Law notified 16 secretaries of state, including Kansas Secretary of State Ron Thornburgh, that the machines are known to record votes to the wrong candidate.' The county does calibrate the machines the day before each election, but, '... in conversations with ES&S on Thursday, [the county clerk] was told that the calibration might change during the day. "What they've seen is calibration drift on a unit," Merriman said. "They're fine in the morning, but by afternoon they're starting to lose their calibration."' There was also coverage of the problems when they occurred two days ago."



A new perspective. At least, a reminder that this didn't start with the California disclosure law... Note that Heartland isn't on this list. (Footnotes omitted)

http://www.databreaches.net/?p=2862

Revising the Top 10 Data Loss Incidents list

April 10, 2009 by admin Filed under: Breach Reports

It’s been a while since I posted a list of the largest breaches or data loss incidents. My list often does not totally match others’ lists because of different criteria and sources that I use, but we’re often pretty close in our lists. This time, however, my list will likely appear significantly different, due, in part, to the fact that I recently uncovered some old breaches and incidents that pre-date most chronologies. Indeed, it was only because of the Open Security Foundation’s fun “find the oldest incident” contest that I discovered some of these older data loss incidents.

So here’s a list of what may be the 10 largest data loss incidents involving single organizations:

Rank

# of Records or People

Entity

Date of Incident or Report

Type of Incident

1

94,000,0001

TJX, Inc.

2007-01-17

Hack

2

90,000,0002

TRW

1984-06-22

Hack

3

40,000,000

Card Systems

2005-06-17

Hack

4

30,000,000

Deutsche Telekom

2008-11-01

Exposure

5

26,500,000

U.S. Department of Veterans Affairs

2006-05-22

Stolen Laptop

6

25,000,000

HM Revenue and Customs / TNT

2007-10-18

Lost Tapes

7

18,000,0003

Auction.co.kr

2008-02-17

Hack

8

18,000,0004

National Personnel Records Center

1973-07-12

Fire

9

17,000,000

Deutsche Telekomm

2008-10-04

Theft

10

16,000,000

Revenue Canada

1986-11-23

Insider - microfiche



This puts a new perspective on government surveillance – and makes recruiting (of young males) easy!

http://news.slashdot.org/article.pl?sid=09/04/10/163253&from=rss

Swedish Tax Office Targets Webcam Strippers

Posted by samzenpus on Friday April 10, @12:37PM from the anything-for-my-job dept.

Sweden's tax authorities are cracking down on unreported webcam stripper income. They estimate that hundreds of Swedish women are dodging the law, resulting in a tax loss of about 40m Swedish kronor (£3.3m) annually. The search involves tax officials examining stripper websites, hours upon hours, for completely legitimate purposes. A slightly disheveled project leader said 200 Swedish strippers had been investigated so far, adding the total could be as much as 500. "They are young girls, we can see from the photos. We think that perhaps they are not well informed about the rules," he said.



There is something amusing about a legal argument. Perhaps it is the polite way that each side calls the other side “Idiots!”

http://news.slashdot.org/article.pl?sid=09/04/10/2313233&from=rss

Copyright Scholar Challenges RIAA/DOJ Position

Posted by Soulskill on Friday April 10, @08:05PM from the whom-some-might-call-an-expert dept. The Courts Government Music

NewYorkCountryLawyer writes

"Leading copyright law scholar Prof. Pamela Samuelson, of the University of California law school, has published a 'working paper' which directly refutes the position taken by the US Department of Justice in RIAA cases on the constitutionality of the RIAA's statutory damages theories. The Department of Justice had argued in its briefs that the Court should follow a 1919 United States Supreme Court case which upheld the constitutionality of a statutory damages award that was 116 times the actual damages sustained, under a statute which gave consumers a right of action against railway companies. The Free Software Foundation filed an amicus curiae brief supporting the view that the more modern, State Farm/Gore test applied by the United States Supreme Court to punitive damages awards is applicable. The paper by Prof. Samuelson is consistent with the FSF brief and contradicts the DOJ briefs, arguing that the Gore test should be applied. A full copy of the paper is available for viewing online (PDF)."



We may never know why, but I bet it will cause a strong reaction from the geek community.

http://yro.slashdot.org/article.pl?sid=09/04/10/2014219&from=rss

German Wikileaks Domain Suspended Without Warning

Posted by ScuttleMonkey on Friday April 10, @05:41PM from the boom-headshot dept.

mb writes to mention that Germany has gone one step further in impeding access to Wikileaks. Germany's registration authority, DENIC, recently suspended Wikileaks.de without notice.

"The action comes two weeks after the house of the German WikiLeaks domain sponsor, Theodor Reppe, was searched by German authorities. Police documentation shows that the March 24, 2009 raid was triggered by WikiLeaks' publication of Australia's proposed secret internet censorship list. The Australian Communications and Media Authority (ACMA) told Australian journalists that they did not request the intervention of the German government."



This could be huge. Think it would ever get past the US telecomm lobby?

http://www.tgdaily.com/html_tmp/content-view-42003-118.html

EU may force wireless carriers to allow VoIP on cellphones

Business and Law By Wolfgang Gruener Friday, April 10, 2009 10:18

Brussels (Belgium) – The European Union (EU) is preparing binding guidelines for wireless carriers to allow VoIP services such as Skype to run over their cellular network. EU Telecoms Commissioner Viviane Reding stated that there “action” should be taken against carriers that use their market power to block “innovative services.”



Build you own nuke!

http://www.bespacific.com/mt/archives/021073.html

April 10, 2009

Open Access to INIS Database on the Internet

"Established in 1970, [the International Nuclear Information System] INIS represents the world's largest database of scientific and technical literature on a wide range of subjects from nuclear engineering, safeguards and non-proliferation to applications in agriculture, health and industry.... We are pleased to announce that access to INIS database has been now opened to all Internet users around the world. Free, open and unrestricted access is available from the INIS Homepage, or directly from the following link: http://inisdb2.iaea.org . This initiative provides easy access to reliable nuclear information on the peaceful uses of nuclear science and technology, including nonconventional literature, and makes nuclear knowledge readily available worldwide. Currently, the INIS Database contains over 3 million bibliographic records and almost 200,000 full-text nonconventional documents, consisting of scientific and technical reports and other non copyrighted information."



I don't know how useful this is, but it is very cool! Take a look.

http://www.killerstartups.com/Search/ifree3d-com-view-the-world-in-3d

IFree3D.com - View The World In 3D

http://www.ifree3d.com/#

There are many ways to find Internet resources. Y ou can find many things by using browsers or search engines. You can also use Twitter if you want.

This site was created in order to give you the chance to use an innovative tool that is continuously evolving. On this online resource you will be able to visualize data in a truly exciting way: the famed third dimension.

… This system works for MySQL and Amazon SimpleDB database, and you can also use it on the most popular social networks.



Have I mentioned this one before?

http://search-pdf-books.com/

Search-PDF-Books

is a specialized e-books search service that could save you a lot of time if you are looking for free books online. Following your search request, you are presented with a list of results from which you can easily view or download the PDF file.

Friday, April 10, 2009

Twisting a simple investigation

http://www.databreaches.net/?p=2909

Prosecuting the Mitsubishi UFJ case: what’s the crime?

April 10, 2009 by admin Filed under: Financial Sector, Insider, Non-U.S., Unauthorized Access

The Yomiuri Shimbun has an article on the Mitsubishi UFJ breach reported earlier this week that suggests difficulties the prosecutors may face.

In this case, a (now-former) employee allegedly used a co-worker’s credentials to access a database to which he already had authorized access. Using the co-worker’s credentials, he accessed and copied data on 1,486,651 clients onto a CD, and then e-mailed data on 49,159 clients from his home computer to three personal list dealers, receiving 328,000 yen ($3,272.11) for the records. When he came under suspicion in March, he reportedly turned the CD over to the company. And therein may lie the prosecutorial rub:

Under the law regulating illegal access to information via computer networks, it is not considered illegal for an individual with the right to access certain information to take this information with them in another form. However, it bans individuals accessing such information using somebody else’s ID or other personal data without permission.

So there may be no charges of data theft, and had he used his own credentials, he might not be facing any charges at all? As it is, he faces up to one year in jail and a $5,000.00 fine, because using his colleague’s credentials made the situation “unauthorized access.”

When a similar situation occurred here in the Certegy breach, the employee faced up to 10 years in prison.

If any reader has some expertise on Japanese law, feel free to comment: is there really so little criminal prosecution and penalty for stealing and selling personal information?



Can a Privacy Policy actually protect Macy's customer data? Wouldn't “We've already notified our customers.” be a better response?

http://www.pogowasright.org/article.php?story=2009040910572510

Macy’s Cites Privacy In Fighting D.A.’s CRM, POS Subpoena

Thursday, April 09 2009 @ 10:57 AM EDT Contributed by: PrivacyNews

Fighting a subpoena for CRM and POS data from the Los Angeles District Attorney, Macy's attorneys are arguing that privacy expectations prevent them from revealing the names of their customers who purchased children's jewelry made with potentially toxic lead. The D.A. argues that it needs the names so that the consumers can be contacted to try and stop the health threat.

Source - StorefrontBacktalk



See, it's not just us second-class citizens... (Commenters are for breaking the system to Google-map the best donut places...)

http://tech.slashdot.org/article.pl?sid=09/04/09/1526254&from=rss

Norfolk Police Officers To Be Tagged To Improve Response Times

Posted by samzenpus on Friday April 10, @01:42AM from the car-54-I-know-exactly-where-you-are dept.

Police in Norfolk, England already have tracking units, The Automatic Vehicle Location System, installed in their cars that allow a control room to track their exact locations. Later this year a similar system will be attached to individual police radios to allow controllers to monitor the position of every frontline officer. Combined with equipment that can pinpoint the locations of 999 callers, the system will allow the force to home in on "shouts" to within yards. The system also lets operators filter a map showing the location of its vehicles and constables to reveal only those with the skills needed for a specific incident, like the closest officer with silver bullets during a werewolf attack.



Today's reading seems to be dominated by “The emperor has no clothes” types of stories. A global community pointing to assertions by management or governments and saying “That's nonsense!” (and sometimes using stronger language.)

http://blog.wired.com/business/2009/04/time-warner-cab.html

Time Warner Cable Earnings Refute Bandwidth Cap Economics

By Ryan Singel April 09, 2009 4:50:55 PM

UPDATE: Since this article was first published, Time Warner Cable has updated its pricing scheme.

Time Warner Cable is pushing some fuzzy math to justify its controversial plan to ditch flat-rate broadband subscriptions in favor of a metered approach that effectively charges customers by the bit.

The company claims its capped rates are fairer than flat rates because people who use less bandwidth stand to get a break as the company shifts its costs to others who use the network more.

There is only one small problem: A close look at Time Warner Cable's books shows no significant link between its high-speed data costs and network usage.

… So why does Time Warner Cable care so much about bandwidth caps? One reasonable theory making the rounds is that bandwidth itself is a red herring, and the real concern is cannibalization. As more broadband customers shift video viewing to the web, cable companies fear a steep drop in TV revenues. Bandwidth caps may not make sense as a cost-saving move for Roadrunner, but they might look tempting to cable executives hoping to save cable TV.


Interesting article. Is there enough here to get my students debating surveillance (keep them awake)?

http://blog.wired.com/business/2009/04/little-brother.html

Little Brother Is Watching You

By Wired Staff April 09, 2009 9:49:01 AM

LONDON — When London's mobile CCTV cameras were shut down by a legal ruling two days before the G20 protests in London, conspiracy theorists suggested that the blackout had been contrived so that the police could be let off the reins. Without CCTV, there would be no record of official wrongdoing.

It was a neat theory, but naively old-fashioned in its assumption that the state had a monopoly on surveillance.

… We've grown used to the idea that amateur footage will trump the professionals in the moments after air crashes, floods and fires, but we haven't yet grasped what that does to the balance of power between the state, the media and the individual.

 Surveillance is still talked of as something done to us by them, but increasingly it's something done to everyone by everyone else. What that means for the authorities is that they can no longer control the flow of information about their actions.

… The story brings to mind Cory Doctorow's novel, Little Brother, which examines how smart, tech-savvy individuals can level the playing field against agents of the state by using their own understanding of digital tools to subvert and confront them. [A free e-book for my hacker friends. Bob]


Related. Sometimes your surveillance is exactly what you feared.

http://news.cnet.com/8301-17852_3-10216518-71.html?part=rss&subj=news&tag=2547-1_3-0-5

Florida woman watches home burglarized live on Web

by Chris Matyszczyk April 9, 2009 4:08 PM PDT

… Jeanne Thomas, 43, put her live feed in last October when her home was burglarized. Which turns out to have been a peculiarly clairvoyant decision.

… The police, having appeared, as police should do, right at the end of the movie, sped back to their place of work and put Ms. Thomas' video on YouTube.


Related. CyberCivilWar? This didn't take long.

http://blog.wired.com/defense/2009/04/activist-charge.html

Activist Charged for Inciting 'Twitter Revolution' (Updated)

By Nathan Hodge April 09, 2009 9:54:00 AM

A Moldovan activist faces criminal charges for organizing demonstrations that were enabled by social networking tools like Twitter and Facebook, the Russian press reports.


Almost related? Paranoia is good up to a point.

http://news.slashdot.org/article.pl?sid=09/04/10/1320211&from=rss

Slashdot Mentioned In Virginia Terrorism Report

Posted by kdawson on Friday April 10, @09:19AM from the true-americans dept.

megamerican alerted us to a leaked document (PDF) from a Virginia Fusion Center titled "2009 Virginia Terrorism Threat Assessment." The document is marked as "Law Enforcement Sensitive," not to be shown to public. Citizens for Legitimate Government has a write-up. Slashdot gets a mention on page 45 — not as a terrorist organization itself, but as one of the places that member of Anonymous may hang out:

"A 'loose coalition of Internet denizens,' Anonymous consists largely of users from multiple internet sites such as 4chan, 711chan, 420chan, Something Awful, Fark, Encyclopedia Dramatica, Slashdot, IRC channels, and YouTube. Other social networking sites are also utilized to mobilize physical protests. ... Anonymous is of interest not only because of the sentiments expressed by affiliates and their potential for physical protest, but because they have innovated the use of e-protests and mobilization. Given the lack of a unifying creed, this movement has the potential to inspire lone wolf behavior in the cyber realms."

According to the report, cell phones and digital music players have been used to transfer plans related to criminal activity, and therefore presumably could be grounds for suspicion. Podcasting is also suspicious.



For the lawyers representing my hacker students. So this wasn't a violation of DMCA?

http://blog.wired.com/27bstroke6/2009/04/dmca-coupon-fla.html

DMCA Coupon Flap Ends — Nobody 'Won'

By David Kravets April 09, 2009 6:06:08 PM

A federal judge on Thursday rejected an online coupon-generating company's bid to reopen a copyright infringement lawsuit against a North Carolina man who posted commands allowing users to print an unlimited number of valid coupons.

… Ironically, Coupons recently filed the secret settlement (.pdf) with the court without sealing it. It says each side agrees to release the other from any litigation.



One of the conundrums of marketing – customers don't want to pay for new technology. So new technology is frequently offered without the “extra expense” of security or privacy.

http://www.pogowasright.org/article.php?story=20090409132036988

U.S. Consumers Leary of Security and Privacy with Mobile Banking, Says KMPG

Thursday, April 09 2009 @ 01:20 PM EDT Contributed by: PrivacyNews

U.S. consumers believe mobile banking is important but do no not want to pay for it and also are wary of using their mobile devices such as cell phones, smartphones, and personal digital assistants (PDAs) for financial transactions and online banking, according to results of a survey conducted by KPMG LLP, the audit, tax and advisory firm.

Source - Wireless and Mobile News Related - KPMG Press Release (pdf)



The wise manager reads audit reports from similar organizations and similar functions because his auditors are going to be asking the same questions.

http://www.pogowasright.org/article.php?story=200904090747111

AU: WA Auditor General finds personal information badly handled

Thursday, April 09 2009 @ 07:47 AM EDT Contributed by: PrivacyNews

THE WA Auditor General has found widespread deficiencies in the way sensitive personal information is handled in government agencies.

The Auditor General’s two-part Information Systems Audit Report, tabled in Parliament today, gives a wake-up call to all government agencies that handle personal and sensitive information.

Source - {erth Now Related - Information Systems Audit Report



Politicians will no doubt try to “solve” this by requiring all citizens to be available for drug tests 24/7/365 (except politicians of course)

http://www.pogowasright.org/article.php?story=20090409104903777

EU says athletes' doping rules breach privacy

Thursday, April 09 2009 @ 10:49 AM EDT Contributed by: PrivacyNews

The European Union says the regulations enforced by the World Anti-Doping Agency (WADA) breach privacy guidelines. WADA demands that athletes be available for drugs tests 24 hours a day throughout the year. This causes problems for athletes and for sporting organisations.

Source - Radio Netherlands



CyberWar? Remember the article claiming that China, Russia and (probably many) others had hacked the US infrastructure? Apparently labor unions have too. Will this be ignored as just another “negotiating tactic” or will Homeland Security treat it as a terrorist act?

http://sandbox.bitgravity.com/blog/2009/04/09/destroy-the-internet-with-a-hacksaw/

Destroy the Internet with a hacksaw?

Thursday, April 9th, 2009 at 10:54 am

This morning many people in Silicon Valley woke up without 911 service, Internet, cellular phones, and in some cases TV. Web sites were impacted and Internet traffic between a few major datacenters stopped flowing. Several of our employees were cut off from the Internet and phone service.

AT&T put out a press release stating that there was a fiber cut, but to make this happen, there had to be several cuts. According to several employees that work at AT&T, it may have been done by the very people that repair this stuff, the Communication Workers of America Union (CWA).



For my Computer Forensics class. Nothing new here – it's an old analyst's trick.

http://www.pogowasright.org/article.php?story=20090409074022858

Software improves p2p privacy by hiding in the crowd

Thursday, April 09 2009 @ 07:40 AM EDT Contributed by: PrivacyNews

Researchers at the McCormick School of Engineering and Applied Science at Northwestern University have identified a new "guilt-by-association" threat to privacy in peer-to-peer (P2P) systems that would enable an eavesdropper to accurately classify groups of users with similar download behavior. To thwart this threat, they have released publicly available, open source software that restores privacy by masking a user's real download activity in such a manner as to disrupt classification.

Source - PhysOrg.com hat-tip, Schneier on Security



For the White Hat Hacker Club. Build an 'off the grid' phone system!

http://www.pocketgadget.org/2009/04/07/turn-your-ipod-touch-into-an-iphone-almost/

Turn your iPod Touch into an iPhone (almost)

April 7, 2009 at 6:16 pm · Filed under USB gadgets, electronic gadgets, groundbreaking gadgets, hacking and modding, timesavers · Posted by Dave

… The great news is that besides having to spend a bit of cash on your microphone solution, all the software used in this tutorial to give your snazzy iPod Touch the functionality of the iPhone is totally free.



Now this is interesting! Learn how to save money (or as my wife says, be really really cheap)

http://digg.com/tech_news/I_Used_to_Blank_But_Now_I_Blank_Free_on_the_Net

I Used to (Blank), But Now I (Blank) Free on the Net

lifehacker.com — A chain of "FrugalFilter" ideas on Metafilter comes from filling in the blanks. e.g. "I used to buy blank CDs to back up my data, but now I use the 2GB free storage/backup system at Mozy" or "I used to fail to ever get a database working in MS Access, now I use Zoho Creator." Junior High jokes aside, it's an intriguing read.

http://ask.metafilter.com/118881/Best-free-services-online



This could be useful (I'll need to fiddle a bit to be sure)

http://www.killerstartups.com/Search/ambiently-com-turn-each-webpage-into-a-search-engine

Ambiently.com - Turn Each Webpage Into A Search Engine

http://ambiently.com/

Ambiently touts itself as the first discovery engine on the WWW. What does that exactly mean? Well, it basically means that instead of answering a search query with a string of web links it will provide you with direct web links from the webpage that you are located in, without having to type anything.

In order to use it, all you have to do is install the provided bookmarklet by dragging and dropping the button which can be found on the main page. Firefox, Safari and Chrome and fully supported along with Explorer, and although dragging and dropping the button should not be a problem three different tutorials are provided to ensure nothing goes wrong.

The main advantage that this site has over search engines is that it is much simpler – you don’t have to dream up a query to fire up the search, you simply click on the Ambiently button to come across related links.



Always looking for shortcuts, this might be very useful to my website students.

http://www.killerstartups.com/Web-App-Tools/file2-ws-convert-any-file-into-a-website

File2.ws - Convert Any File Into A Website

http://www.file2.ws/

This is a new, free service that plays out a concise yet very useful role. In essence, it will let you upload any file and have it transformed into a webpage that anybody can visit.

… It is obviously not going to be converted into a fully-fledged webpage with all the features and functionalities that one expects to see in an online resource, but it will be accessible by all your friends and peers.

The full list of files you can upload to be converted is detailed online. This list includes audio and photo files, programming source code and documents of every kind.

… The one limitation you have to comply with is that files should not exceed 15 MB.

Thursday, April 09, 2009

Yet another example of management not recognizing what must have been right in front of their eyes. Someone must look for obvious fraud patterns like “funds transferred in and immediately withdrawn.”

http://www.dailypost.co.nz/local/news/internet-hacker-hits-bank-account/3800248/

Internet hacker hits bank account

by By CHERIE TAYLOR, cherie.taylor@dailypost.co.nz 09.04.2009

… The police's summary of facts states that from June 2008, a small group of people in Hamilton found a way to access the National Bank internet website and transfer money from one account to another, creating credits in their own or a nominated bank account.

The money was then withdrawn the next day before the money was dishonoured for insufficient funds. This then put both accounts into overdraft.

The scheme became widely known to criminals in the following months before the scam was picked up, the summary states.

In November, the scale of transactions and reversals became large enough to become noticed in the banking world.



This is becoming clearer, but now suggests some new and frightening risks for anyone outsourcing to locations in the US. This could be crippling for businesses with tight resources.

http://blog.wired.com/27bstroke6/2009/04/company-caught.html

Company Caught in Texas Data Center Raid Loses Suit Against FBI

By Kim Zetter April 08, 2009 11:58:39 AM

A company whose servers were seized in a recent FBI raid on Texas data centers applied for a temporary restraining order to force the bureau to return its servers, but was denied by a U.S. district court last week.

… The U.S. District Court for the Northern District of Texas denied the request (.pdf), however, after holding an ex parte discussion with FBI Special Agent Allyn Lynd, who led the raid. Lynd told the court that the owner of the co-location facility was being investigated for fraud and that even though Liquid Motors was not part of the investigation, its equipment might have been used to facilitate fraud by others.

… The FBI told the court it would work over the weekend to create mirror images of the data from Liquid Motors' servers and provide it to the company by Monday of this week. In order to do so, the FBI asked the company to provide the agency with blank hard drives for copying the data.

Mark Bureck, executive vice president for Liquid Motors, said his company did get its data back after supplying the FBI with hard drives, but that the company had to buy all new servers to restore its business.

[From the Court's denial:

However the speed of this copying was subject to the availability of hard drives onto which the data can be copied. The extent that plaintiff could provide blank hard drives onto which the copies could be made would facilitate the speed with which the data copies could be returned to plaintiff. [Sounds like the FBI will make no effort to provide copies unless the victims pay for the drives? Would standard backup to CDs or DVDs be possible? NOTE that the FBI must make forensically sound copies of these drives (for the defense, if nothing else) and I always assumed (silly me) that they would release the hard drives at that time. The judge did order some returned after copying – why not all? Bob]



Change in Washington. Obama is Bushier than Bush? Government can never do anything wrong?

http://www.pogowasright.org/article.php?story=20090409053841857

In Warrantless Wiretapping Case, Obama DOJ's New Arguments Are Worse Than Bush's (Commentary)

Thursday, April 09 2009 @ 05:38 AM EDT Contributed by: PrivacyNews

Friday evening, in a motion to dismiss Jewel v. NSA, EFF's litigation against the National Security Agency for the warrantless wiretapping of countless Americans, the Obama Administration's made two deeply troubling arguments.

Source - EFF

Related - Watch EFF attorney Kevin Bankston on Keith Olbermann's show last night.

[From the article:

Sad as that is, it's the Department Of Justice's second argument that is the most pernicious. The DOJ claims that the U.S. Government is completely immune from litigation for illegal spying — that the Government can never be sued for surveillance that violates federal privacy statutes.



I'm not a lawyer (don't even play one on TV) but isn't this argument essentially: “We don't think we'll like what they will say about us?”

http://blog.wired.com/27bstroke6/2009/04/court-weights-r.html

Appeals Court Weighs RIAA Trial Broadcast

By David Kravets April 08, 2009 5:35:21 PM

… In court documents, the RIAA objected to a lower court's decision allowing the pretrial broadcast of Boston University student Joel Tenenbaum's challenge to allegations he purloined copyrighted music on a peer-to-peer file sharing program. Among other reasons, the RIAA claimed that a broadcast of the hearing from a Massachusetts federal court "will be readily subject to editing and manipulation by any reasonably tech-savvy individual."

… Ironically, the court audio-recorded the hearing, which can be heard here (MP3 audio file).

Ray Beckerman of Recording Industry vs The People has compiled the court records related to the case.


Related? At least a clear legal opinion...

http://www.pogowasright.org/article.php?story=20090409061757937

Court: your MySpace page isn't private

Thursday, April 09 2009 @ 06:17 AM EDT Contributed by: PrivacyNews

A college student's rant against her small town provoked such intense backlash that her family had to move—but a California court has ruled that you can't cry "invasion of privacy" when people circulate what you've posted to your MySpace page.

Source - Ars Technica

[From the article:

On the privacy claim, Fifth District Court of Appeal Justice Bert Levy concluded that it was Moreno who had decided to make her rant public:



“We don't know what it is, but we don't like it!”

http://digg.com/d1oGva

A.P. Exec Doesn’t Know It Has A YouTube Channel: Threatens Affiliate For Embedding Videos

by Erick Schonfeld on April 8, 2009

Here is another great moment in A.P. history. In its quest to become the RIAA of the newspaper industry, the A.P.’s executives and lawyers are beginning to match their counterparts in the music industry for cluelessness. A country radio station in Tennessee, WTNQ-FM, received a cease-and-desist letter from an A.P. vice president of affiliate relations for posting videos from the A.P.’s official Youtube channel on its Website.

You cannot make this stuff up. Forget for a moment that WTNQ is itself an A.P. affiliate and that the A.P. shouldn’t be harassing its own members. Apparently, nobody told the A.P. executive that the august news organization even has a YouTube channel which the A.P. itself controls, and that someone at the A.P. decided that it is probably a good idea to turn on the video embedding function on so that its videos can spread virally across the Web, along with the ads in the videos.


Related. We're being good citizens because everyone knows Pirate Bay. We can still allow out users access to lesser known sites without a high risk of being sued. It's not ethics, it's economics. (Is 'failure to block' the same as 'endorsement?')

http://digg.com/d1oFwr

Facebook Blocks All Pirate Bay Links

Written by Ernesto on April 08, 2009

It was less than two weeks ago when The Pirate Bay implemented a new feature making it easier for site users to post links to torrents on their Facebook profile, so their friends can download those torrents with just a single click.

The entertainment industries were not happy with the new feature, but since The Pirate Bay is not exclusively used to spread copyrighted material, there wasn’t much they could do about it. Facebook users responded positively and many began posting torrent links in their profile. This integration of the world’s largest tracker and the world’s largest social networking site generated hundreds of news articles and excitement. But it wasn’t to last.

This morning Facebook decided to put an end to the sharing and blocked not only the feature, but all links to Pirate Bay’s torrents.

… Facebook’s censorship policies are not very consistent though. Mininova and isoHunt, two other large BitTorrent sites remain unaffected, even though isoHunt offers the exact same ‘Share on Facebook’ feature as The Pirate Bay previously did.



Geeks do like to share (show off their knowledge?) and detailed questions often produce a large number of useful suggestions. Review the comments to see if any are useful to you. (Catalogs of research?)

http://ask.slashdot.org/article.pl?sid=09/04/08/1939248&from=rss

Building a Searchable Literature Archive With Keywords?

Posted by timothy on Wednesday April 08, @04:20PM from the must-be-in-here-somewhere dept. Data Storage Databases

Sooner Boomer writes

"I'm trying to help drag a professor I work with into the 20th century. Although he is involved in cutting-edge research (nanotechnology), his method of literature search is to begin with digging through the hundreds of 3-ring binders that contain articles (usually from PDFs) that he has printed out. Even though the binders are labeled, the articles can only go under one 'heading' and there's no way to do a keyword search on subject, methods, materials, etc. Yeah, google is pretty good for finding stuff, as are other on-line literature services, but they only work for articles that are already on-line. His literature also includes articles copied from books, professional correspondence, and other sources. Is there a FOSS database or archive method (preferably with a web interface) where he could archive the PDFs and scanned documents and be able to search by keywords? It would also be nice to categorize them under multiple subject headings if possible. I know this has been covered ad nauseum with things like photos and the like, but I'm not looking at storage as such: instead I'm trying to find what's stored."



For the Swiss Army folder. Three tools I'll definitely probably need someday, maybe.

http://news.cnet.com/8301-17939_109-10215640-2.html?part=rss&subj=news&tag=2547-1_3-0-5

Screencastle puts software-free screen recording in your browser

by Josh Lowensohn April 8, 2009 3:15 PM PDT

We don't do too many screencasts here on Webware. But when we do, my personal favorite is Telestream's Screenflow. It's a nice app, but it's Mac-only which means I can't use it when I'm on my office PC. In keeping with the mission statement of this blog, worth a look is software-free alternative Screencastle. This Java-based tool will record a select region of your screen and any audio from your computer's microphone. It then hosts it for you, complete with download links so you or your users can download a local copy for offline viewing.

… Screencastle is a consumer-friendly demo of Skoffer, an open service for adding software-free screen recording to Web apps or support sites to make it easier for people to create how-to's or document problems. There's even a WordPress plug-in which puts a small recording button in the compose window so you can record something on the screen to drop into your post.

See also: Screencast-O-Matic


Related.

http://www.killerstartups.com/Web-App-Tools/goview-com-screen-recordings-made-easy

GoView.com - Screen Recordings Made Easy

http://goview.com/goldwyn/spring/play?method=indexPage

Do you need to make a presentation? Do you need to explain to others the way your current project will work? Now you have a tool you can use in order to give other people an accurate representation of what you can see in your head.

Goview.com works in a very simple way and gives you the possibility to record, edit and share the different movies, websites, and programs, in addition to the processes you usually see in your computer’s screen everyday.



Something for those Visual Communications students.

http://blog.wired.com/business/2009/04/now-on-youtube.html

Now on YouTube: First Movie Ever Made

By Chris Snyder April 07, 2009 12:11:13 PM

In the latest effort to bridge the disconnect between the government and new media, the Library of Congress officially launched its YouTube channel Tuesday.

The debut includes 70 historical videos from its vast collection, such as the first-ever movie (a man sneezing), 100-year-old films from the Thomas Edison studio and industrial films from Westinghouse factories.

The launch follows a collaboration last year with Flickr's "The Commons," when the Library of Congress released thousands of non-copyright images to the photo sharing service with 50 new photos uploaded each week.

Wednesday, April 08, 2009

...so is it more than 50,000? What proves data safe in a situation like this?

http://www.databreaches.net/?p=2853

Mitsubishi UFJ says 49,159 customer records leaked

April 8, 2009 by admin Filed under: Financial Sector, Insider, Non-U.S.

Junko Fujita of Thomson Reuters reports that Mitsubishi UFJ Financial Group’s brokerage unit experienced a data breach when a former employee took records on 1.5 million customers home. Records on 49,159 customers, including personal and salary details, were sold to data list agents.

The firm says that most of the records have been retrieved.



Small, but close to home.

http://www.coloradoconnection.com/news/news_story.aspx?id=283799

Man indicted for identity theft and check fraud in 10 counties

Tuesday, April 07, 2009 at 9:27 a.m.

DENVER, COLO. -- Colorado Attorney General John Suthers announced today the Statewide Grand Jury has issued a 25-count indictment against Timothy Kuskowski (DOB: 7/20/1963) who is suspected of stealing the identities of nearly two dozen Coloradans and using them to pass fake checks in 10 counties across Colorado.



CyberWar You always scout/probe before launching an attack.

http://www.bespacific.com/mt/archives/021044.html

April 07, 2009

WSJ: Electricity Grid in U.S. Penetrated by Spies

"Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials... But protecting the electrical grid and other infrastructure is a key part of the Obama administration's cybersecurity review, which is to be completed next week. Under the Bush administration, Congress approved $17 billion in secret funds to protect government networks, according to people familiar with the budget. The Obama administration is weighing whether to expand the program to address vulnerabilities in private computer networks, which would cost billions of dollars more. A senior Pentagon official said Tuesday the Pentagon has spent $100 million in the past six months repairing cyber damage."

  • See also North American Electric Reliability Corporation letter to Industry Stakeholders, April 7, 2009: "...as we consider cyber security, a host of new considerations arise. Rather than considering the unexpected failure of a digital protection and control device within a substation, for example, system planners and operators will need to consider the potential for the simultaneous manipulation of all devices in the substation or, worse yet, across multiple substations... One of the more significant elements of a cyber threat, contributing to the uniqueness of cyber risk, is the cross-cutting and horizontal nature of networked technology that provides the means for an intelligent cyber attacker to impact multiple assets at once, and from a distance."

[The WSJ article: http://online.wsj.com/article/SB123914805204099085.html?mod=googlenews_wsj

The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.

… The espionage appeared pervasive across the U.S. and doesn't target a particular company or region, said a former Department of Homeland Security official. "There are intrusions, and they are growing," the former official said, referring to electrical systems. "There were a lot last year."



If this was in fact a federal requirement, wouldn't more than one state be impacted? Or don't people in other states have concerns?

http://www.pogowasright.org/article.php?story=20090407110152369

Student privacy bill spurs debate in Augusta

Tuesday, April 07 2009 @ 11:01 AM EDT Contributed by: PrivacyNews

Students, parents and school administrators all told lawmakers the Department of Education should stop collecting the names of students disciplined by schools and keeping them in a database, but Commissioner Susan Gendron warned that could jeopardize all federal funds for education that come to the state.

Source - Politicker.com



Get 'em while they're young!

http://news.cnet.com/8301-13639_3-10214182-42.html?part=rss&subj=news&tag=2547-1_3-0-5

Intelligence agency hosts kids' Web sites

by Mark Rutherford April 8, 2009 6:00 AM PDT

It's never too early to know your organs of state. To this end, the Office of the Director of National Intelligence is hosting what it calls the Intelligence Agency Community Kids' Page.

The page offers roughly a dozen links to U.S. intelligence and law enforcement agency sites, where children can learn about the institutional layout and various skill sets of each department.

For example, the NSA offers a primer on cryptology, led by a collection of trademarked characters like Crypto Cat and Decipher Dog.



More bad stuff, go figure.

http://news.cnet.com/8301-1009_3-10214586-83.html?part=rss&subj=news&tag=2547-1_3-0-5

Microsoft: Scareware, PDF exploits rise

by Elinor Mills April 8, 2009 12:01 AM PDT

The use of scareware and exploits that take advantage of common file formats like PDF, Excel and Word rose in the second half of last year as online scammers realized people are getting smarter about recognizing spam and phishing e-mails, according to a Microsoft security report to be released on Wednesday.

There was a significant increase in rogue security software, which falsely informs people they need to buy security software and instead either does nothing or steals personal information, the Microsoft Security Intelligence Report found.



May be a bit more than my Intro to Computer Security students need, but could be a mandatory reading for my graduate students.

http://www.pogowasright.org/article.php?story=20090408045755132

Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society

Wednesday, April 08 2009 @ 04:57 AM EDT Contributed by: PrivacyNews

Edited by: Ian Kerr, Valerie Steeves, and Carole Lucock ... This book has been informed by the results of a multi-million dollar research project that has brought together a distinguished array of philosophers, ethicists, feminists, cognitive scientists, lawyers, cryptographers, engineers, policy analysts, government policy makers, and privacy experts. Working collaboratively over a four-year period and participating in an iterative process designed to maximize the potential for interdisciplinary discussion and feedback through a series of workshops and peer review, the authors have integrated crucial public policy themes with the most recent research outcomes.

The book is available for download under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Canada License by chapter below. Hard copies are available for purchase at Amazon & at Oxford University Press.

Source - On the Identity Trail hat-tip, EPIC.org



...but this isn't a farm subsidy – it's an “anyone but the rich” subsidy, where rich is determined by your income without regard to profit or loss.

http://www.pogowasright.org/article.php?story=20090407110337174

ND farmers say federal form invades their privacy

Tuesday, April 07 2009 @ 11:03 AM EDT Contributed by: PrivacyNews

The Associated Press reports that some North Dakota farmers claim that a new federal farm program form invades their privacy by requiring them to authorize the release of personal tax information to determine their eligibility for federal farm programs.

Source - Grand Forks Herald



Something fishy here – the FBI can't be as ignorant as this make them seem.

http://blog.wired.com/27bstroke6/2009/04/data-centers-ra.html

FBI Defends Disruptive Raids on Texas Data Centers

By Kim Zetter April 07, 2009 3:22:52 PM

The FBI on Tuesday defended its raids on at least two data centers in Texas, in which agents carted out equipment and disrupted service to hundreds of businesses.

The raids were part of an investigation prompted by complaints from AT&T and Verizon about unpaid bills allegedly owed by some data center customers, according to court records. One data center owner charges that the telecoms are using the FBI to collect debts that should be resolved in civil court. But on Tuesday, an FBI spokesman disputed that charge.

… According to the owner of one co-location facility, Crydon Technology, which was raided on March 12, FBI agents seized about 220 servers belonging to him and his customers, as well as routers, switches, cabinets for storing servers and even power strips. [What evidence would they provide? Bob] Authorities also raided his home, where they seized eight iPods, some belonging to his three children, five XBoxes, a PlayStation3 system and a Wii gaming console, among other equipment. Agents also seized about $200,000 from the owner's business accounts, $1,000 from his teenage daughter's account and more than $10,000 in a personal bank account belonging to the elderly mother of his former comptroller.



How would the government refute these charges if they can't mention the election in the national media? Did they even monitor Twitter enough to know this was coming?

http://news.slashdot.org/article.pl?sid=09/04/07/148257&from=rss

Organized Online, Students Storm Gov't. Buildings In Moldova

Posted by timothy on Tuesday April 07, @10:23AM from the no-emoticon-for-what-I-feel dept.

An anonymous reader writes

"Reacting to allegedly fraudulent election procedures, students are storming the presidency and parliament of the small eastern European country of Moldova. It is reported that they used Twitter to organize. Currently twitter and blogs are being used to spread word of what is happening since all national news websites have been blocked. If the 1989 Romanian revolution was the first to be televised, is this the first to be led by twitter and social networks?"

Jamie points out this interesting presentation (from March 2008) by Ethan Zuckerman about the realities of online activism, including how governments try to constrain it.



Quick and easy. Even a caveman could do it.

http://www.atthebreach.com/blog/the-easiest-way-to-detect-conficker-compromised-systems/

April 07, 2009

The Easiest Way to Detect Conficker Compromised Systems

I was impressed with a method that some have developed to detect (in a very simple way) if your system is infected with Conficker. Certainly there are many tools out there, but nothing quite as simple as this. Go out to this website. Click on the “Eye Chart” link. Based on the images you see, you can detect if you are infected with Conficker and even the variant strain. Very simple. Very easy.



The question is, “Secret from whom?” Did the RIAA have a chair at the table?

http://yro.slashdot.org/article.pl?sid=09/04/07/2212227&from=rss

US Gov. Releases Six Pages On Secret ACTA Pact

Posted by kdawson on Tuesday April 07, @07:00PM from the one-thousand-two-hundred-ninety-four-to-go dept. Censorship Government

narramissic writes

"Change is afoot at the Office of the US Trade Representative. New details have been released about an anti-counterfeiting trade agreement that has been discussed in secret among the US, Japan, the European Union and other countries since 2006. Although the six-page summary (PDF) provides little in the way of specific detail about the current state of negotiations, the release represents a change in policy at the USTR, which had argued in the past that information on the trade pact was 'properly classified in the interest of national security.'"

Michael Geist has a timeline that puts together more details about the ACTA negotiations than any government has so far been willing to reveal.



Lawyers Tweet? A website for lawyers who don't use websites? How can a lawyer say anything in a mere 140 characters (other than “Let's sue!”)

http://www.killerstartups.com/Comm/tweetlaw-com-twitter-for-law-professionals

TweetLaw.com – Twitter For Law Professionals

http://tweetlaw.com/

This site is all about Law. If you are a legal professional on the lookout for information related to your profession, you should take a look at this website. This online resource is based on Twitter. In fact, this solution can be defined as a Twitter for Law professionals.

… After you create an account (for free) you can start browsing through more than 30 categories in order to find attorneys and lawyers, as well as small law firms. Investigators and other law-related professionals are also accounted for.

Tuesday, April 07, 2009

“We're just now noticing this thing called the Inter-Net. If we don't make this removal process difficult, everyone will want their SSANs removed!”

http://www.pogowasright.org/article.php?story=20090406145717281

WI: Dane County to remove social security numbers from online documents

Monday, April 06 2009 @ 02:57 PM EDT Contributed by: PrivacyNews

The Dane County register of deeds is offering to remove Social Security numbers from online documents after a local information security expert warned the data could be accessible to identity thieves.

.... After being contacted by Campana and the Wisconsin State Journal last month, Dane County Register of Deeds Kristi Chlebowski said her office will remove the numbers from online documents for anyone who submits a written request starting April 20. Requests can be mailed to P.O. Box 1438, Madison, Wis. 53701.

Source - Wisconsin State Journal


Related? Internet (digital) crimes aren't real crimes? Is there a minimum amount of information that must be released? Perhaps enough to prevent further crimes?

http://www.pogowasright.org/article.php?story=20090407051414226

UK: Lawyers argue for card fraud details to be made available to victims

Tuesday, April 07 2009 @ 05:14 AM EDT Contributed by: PrivacyNews

Lawyers in Scotland have launched a case against a leading bank, arguing that it should be made to change its data strategy and provide details of instances of credit card fraud.

The move comes after Clydesdale Bank cited the Data Protection Act in refusing to divulge the details of how £8,500 came to be missing from an 87-year-old man's bank account.

Source - QAS

[From the article:

"If someone were hit over the head with a brick, they would be treated as a victim and yet in this case, they are not."

In response, the bank has stated that it takes data security issues very seriously and that it routinely carries out extensive investigations and secures criminal convictions. [Which is exactly as responsive as saying, “I had a cheeseburger for lunch yesterday.” Bob]



Competitor Intelligence gathering is to be expected, but this article raises a few questions: 1) What was worth hacking into their competitor's system? 2) Who tipped the cops?

http://www.yourdailyjournal.com/pages/full_story?article-Three%20charged%20with%20computer%20crime%20=&page_label=home_top_stories_news&id=2244044-Three+charged+with+computer+crime&widget=push&instance=home_news_lead&open=&

Three charged with computer crime

by Tom MacCallum 3 days ago

Three Rockingham Realtors have been arrested by the Rockingham Police Department on charges they allegedly gained access computer information of another Realtor without authorization.

… Hayden of Exit Realty Platinum Friday morning said she was “still in shock.”

She said, “We didn’t know about it until we were informed, and the police did their job.”



This touches a lot of my hot-buttons. I've advocated a government built (rather than a monopolist built) network for years. Let's hope the Aussies don't screw it up and that others copy it.

http://tech.slashdot.org/article.pl?sid=09/04/07/004241&from=rss

Australia To Build Fiber-To-the-Premises Network

Posted by kdawson on Tuesday April 07, @02:21AM from the no-censorship-on-the-wire-of-course dept. Networking Government

candiman writes

"The Australian PM, Kevin Rudd, has just announced that none of the private sector submissions to build a National Broadband Network was up to the standard, so instead the government is going to form a private company to build a fiber to the premises network. The network will connect to 90% of premises delivering 100Mb/s. [Let's hope that is the “readily available today” technology and that much higher speeds will be common before they are done. Bob] The remaining 10% will be reached with wireless and satellite delivering up to 12Mb/s. The network cost has been estimated at 43 billion AU dollars over 8 years of construction — and is expected to employ 47,000 people at peak. It will be wholesale only [Why force me to use an ISP? Bob] and completely open access. As an Australian who voted for the other guys, all I can say is, wow."



“Hey, we think it's funny!” (Another indication that management is not monitoring their system.)

http://techdirt.com/articles/20090405/2130444402.shtml

Zecco's Bad April Fool's Joke: Gives Away Millions In Fake Money; Users Start Trading With It

from the how-to-define-a-bad-idea dept

Well here's an idea that must have sounded good at one point. Upstart online brokerage Zecco (already known for pulling attention-grabbing stunts) had the bright idea for April Fool's Day to load up users' balances with much more money than they actually had -- sometimes millions more. Except... it looks like they never bothered to make sure people couldn't use that money. So plenty of users started making trades with the fake money... and when Zecco realized it, the company apparently started to force sell, even at a loss, charging the losses to the customers along with a "$19.99 broker-assisted trading fee." Oops.

Update: Consumerist has updated their post with a message from Zecco claiming that it was not an April Fool's joke, but noting "Some clients may experience incorrect display of Buying Power and Account Balances." It's not entirely clear how those "incorrect displays" were apparently off by millions in some cases.

Update 2: Zecco is again insisting this was not an April Fool's joke and that it was "a bad feed" from a vendor. It's not entirely clear why it took the firm 5 days to explain that, however...


Related (at least the Management didn't bother to check part)

http://www.databreaches.net/?p=2834

Memo: remember to lock the bank

April 7, 2009 by admin

In February 2008, a news story from the UK caught my eye. A 5 year-old boy had wandered into a branch of HSBC that had been left essentially open overnight due to what the bank subsequently described as a malfunction with the door catch.

Now there’s another story out of the UK that also involves a bank left open overnight. This time, it’s the Low Fell Barclays branch, and the bank said the problem was due to unnamed contractors failing to lock the door as they left.

In somewhat typical British understatement, a spokesman for Barclays said, “We will be reviewing the circumstances with the third party contractor, whose standards appear to have fallen short on this occasion.”

Ya think?



Strange speculation, isn't it?

http://www.atthebreach.com/blog/is-your-identity-stolen-every-18-months/

April 06, 2009

Is Your Identity Stolen Every 18 Months?

In the recently release financial institution data breach study by Kevin Prince at Perimeter eSecurity. The first part of the study breaks down just what we don’t know about data breaches.



Economics of the Internet?

http://tech.slashdot.org/article.pl?sid=09/04/06/2341227&from=rss

New Fundamental Law of Network Economics

Posted by kdawson on Tuesday April 07, @08:13AM from the move-over-metcalfe dept. Networking Science

intersys writes

"A new fundamental law of economics has been formulated by Rod Beckstrom, former Director of the National Cyber Security Center. In Words: The value of a network equals the net value added to each user's transactions (PDF) conducted through that network, valued from the perspective of each user, and summed for all. It answers the decades-old question of 'how valuable is a network.' It is granular and transactions-based, and can be used to value any network: social, electronic, support groups, and even the Internet as a whole. This new model or law values the network by looking from the edge of the network at all of the transactions conducted and the value added to each. One way to contemplate the value the network adds to each transaction is to imagine the network being shut off and what the additional transactions' costs or loss would be. [an old Risk Analysis technique. Bob] Beckstrom's Law replaces Metcalfe's law, Reed's law, and other concepts which proposed that the value of a network was based purely on the size of the network (and in the case of Metcalfe's law, one other variable)."



I don't think I'm going to like this one. (The links may be bad...)

http://www.bespacific.com/mt/archives/021038.html

April 06, 2009

CRS: Comprehensive National Cybersecurity Initiative: Legal Authorities and Policy Considerations

Follow up to April 5, 2009 posting Senate Staff Working Draft of Cybersecurity Act of 2009, see this related CRS report: Comprehensive National Cybersecurity Initiative (CNCI): Legal Authorities and Policy Considerations, March 10, 2009

  • "In response to the CNCI and other proposals, questions have emerged regarding: (1) the adequacy of existing legal authorities—statutory or constitutional—for responding to cyber threats; and (2) the appropriate roles for the executive and legislative branches in addressing cybersecurity. The new and emerging nature of cyber threats complicates these questions. Although existing statutory provisions might authorize some modest actions, inherent constitutional powers currently provide the most plausible legal basis for many potential executive responses to national security related cyber incidences. [Democrats didn't believe this when Bush was in office and Republicans won't believe it now that Obama in is charge. Bob] Given that cyber threats originate from various sources, it is difficult to determine whether actions to prevent cyber attacks fit within the traditional scope of executive power to conduct war and foreign affairs. Nonetheless, under the Supreme Court jurisprudence, it appears that the President is not prevented from taking action in the cybersecurity arena, at least until Congress takes further action. Regardless, Congress has a continuing oversight and appropriations role. In addition, potential government responses could be limited by individuals’ constitutional rights or international laws of war. [...so, pretty much anything up to and including nuclear weapons? Bob] This report discusses the legal issues and addresses policy considerations related to the CNCI."



Perhaps this is the birth of a new RIAA-like wave of lawsuits? Would a backlash/boycott make the AP irrelevant/obsolete/history?

http://news.slashdot.org/article.pl?sid=09/04/07/1250236&from=rss

AP Says "Share Your Revenue, Or Face Lawsuits"

Posted by timothy on Tuesday April 07, @09:35AM from the involuntary-disassociation dept. The Media News

eldavojohn writes

"The Associated Press is starting to feel the bite of the economic recession and said on Monday that they will 'work with portals and other partners who legally license our content and will seek legal and legislative remedies against those who don't.' They are talking about everything from search engines to aggregators that link to news articles and some sites that reproduce the whole news article. The article notes that in Europe legislative action has blocked Google from using news articles from some outlets similar to what was discussed here last week."



This is why newspaper ad revenue is dropping like a stone. (Who are the other 3 and can I invest n them?)

http://news.slashdot.org/article.pl?sid=09/04/06/1952209&from=rss

97 of Top 100 Classified Sites Are Craigslist

Posted by ScuttleMonkey on Monday April 06, @04:54PM from the newspapers-still-dying dept.

According to a recent report, 97 of the top 100 classified sites are just localized versions of Craigslist, up from 88 just last year. Combine that with a massive rise in traffic to classified sites in general and you have a recipe for one raging behemoth.

"Craigslist isn't just crushing the newspaper industry and crowding out other classified sites. It's also taking an increasing slice of total U.S Internet traffic: the site's market share in February was up 90% year over year, accounting for about 2.5% of total US Web site visits."



...but if a supermarket tabloid ran a headline claiming that a mystic/alien/talking cat had made the same warning, thousands would have left town!

http://science.slashdot.org/article.pl?sid=09/04/06/1935246&from=rss

Scientist Forced To Remove Earthquake Prediction

Posted by ScuttleMonkey on Monday April 06, @04:11PM from the not-quite-your-average-psychic dept.



Interesting idea for organizing a list of tools.

http://www.killerstartups.com/Web20/alternativeto-net-find-new-applications-for-your-os

AlternativeTo.net - Find New Applications For Your OS

http://alternativeto.net/

… The most “reviled” ones are actually spotlighted on the main page, under the “Applications that many users want to replace” heading.



Will these help my students do better research?

http://digg.com/d1o4wt

5 Wikipedia Tools For The Information Junkie

icon1 Posted by admin in Freelance, Miscellaneous, Social Media on 04 6th, 2009



More tools for students (and me)

http://www.killerstartups.com/Web-App-Tools/tutorialpro-net-where-knowledge-becomes-success

TutorialPro.net - Where Knowledge Becomes Success

http://www.tutorialpro.net/

Nowadays it is extremely important for everybody to know how to operate a wide range of software applications. This is true when it comes to web development, computer programming and both web and graphic design.

Times have changed and these tools are not exclusive to professionals - they are also used by students to prepare school projects, as well as by kids to play, draw, etc.



Some of my students wanted one of these. Perhaps we could make it a club project?

http://digg.com/d1o6PI

Build Your Own Multitouch Surface Computer

Posted 04/07/09 at 12:00:00 AM by Alex Castle