Rule 56: Data Breaches are always bigger than initial reports suggest.
http://www.databreaches.net/?p=3127
(Update) Laptop theft from Vavrinek, Trine, Day and Co. reportedly affected 50 banks
April 17, 2009 by admin Filed under: Business Sector, Financial Sector, Subcontractor, Theft, U.S.
Add Mission Bank to what may become a whole list of banks affected when six laptops were stolen from accounting firm Vavrinek, Trine, Day and Co. on or about March 5. Borrego Bank was the first bank we learned about. Now Mission Bank, which reports that it first learned about the theft on April 1, reports that it notified all of its customers. According to a news report by James Chilton of the Kingman Daily Miner, Mission Bank president Darrell Lautaret “noted that the compromised data includes that of roughly 50 other banks. In the month and a half since the burglary, he said none of the banks involved has reported any incidence of related identity theft.”
Even so, one wonders whether data on customers from all approximately 50 banks were left unencryped on the stolen laptops, and if so, what the banks’ agreements with the accounting firm required in terms of security.
I love it! This is the first such lawsuit I've seen. Do you suppose there was any language addressing this in their contract/service agreement?
http://www.databreaches.net/?p=3118
LA: Lawsuit filed over data theft
April 17, 2009 by admin Filed under: Business Sector, Hack, ID Theft, U.S.
Joe Gyan Jr. of The Advocate http://www.2theadvocate.com/news/43149297.html:
A Baton Rouge seafood restaurant from which more than 1,800 patron credit card numbers were stolen in April 2008 is suing the providers of its computers and software.
On the Half Shell, which has one eatery on Bluebonnet Boulevard and another in Prairieville, claims Acadiana-based Computer World Inc. and Radiant Systems Inc. of Georgia should have been able to prevent the thefts.
[...]
The suit says the thieves gained access to the credit card data via the remote access software — PC Anywhere — sold, installed and maintained by the defendants.
Read more in The Advocate.
[From the article:
The suit alleges there were “inadequate security measures and/or precautions in place to prevent attackers from gaining access’’ to the Radiant Aloha point-of-sale system at the Bluebonnet location.
The suit also says there was no firewall in place in the POS systems at the time of the compromise, and that no anti-virus software was installed in the POS terminals.
The suit alleges negligence, fraud, breach of contract, and breach of express and implied warranties.
Unfortunately, I see this far too often.
http://www.databreaches.net/?p=3124
(Follow-up) UK: Human error blamed for data loss
April 17, 2009 by admin Filed under: Healthcare Sector, Lost or Missing, Non-U.S.
A health trust did not take adequate steps to prevent the loss of a memory stick with data on 6,360 prisoners and ex-prisoners, a report has said.
The USB stick was being used to back up clinical databases at HMP Preston when it was lost on 30 December.
A report found that human error was to blame, but that procedures on data security had not been adhered to.
NHS Central Lancashire said it had taken action and reminded staff of their responsibilities.
The data lost was encrypted but the password had been written on a note which was attached when it was misplaced. The USB stick has not been found.
Read more on BBC
Convergence of IP Law and Computer Law?
http://news.slashdot.org/article.pl?sid=09/04/16/1945246&from=rss
The Long-Term Impact of Jacobsen v. Katzer
Posted by timothy on Thursday April 16, @06:00PM from the stabs-in-the-dark dept. The Courts GNU is Not Unix Software Patents
snydeq writes
"Lawyer Jonathan Moskin has called into question the long-term impact last year's Java Model Railroad Interface court ruling will have on open source adoption among corporate entities. For many, the case in question, Jacobsen v. Katzer, has represented a boon for open source, laying down a legal foundation for the protection of open source developers. But as Moskin sees it, the ruling 'enables a set of potentially onerous monetary remedies for failures to comply with even modest license terms, and it subjects a potentially larger community of intellectual property users to liability.' In other words, in Moskin's eyes, Jacobsen v. Katzer could make firms wary of using open source software because they fear that someone in the food chain has violated a copyright, thus exposing them to lawsuit. It should be noted that Moskin's firm has represented Microsoft in anti-trust litigation before the European Union."
Attention records managers! When your DVDs fail, so do your backups?
http://blog.wired.com/gadgets/2009/04/cracked-netflix.html
Netflix Subscribers See Red Over Cracked Blu-ray Discs
By Priya Ganapati April 16, 2009 7:15:33 PM
More than a common blogger ranter, this was Google's privacy guy in Europe.
http://www.pogowasright.org/article.php?story=20090416083949746
The Cloud: policy consequences for privacy when data no longer has a clear location
Thursday, April 16 2009 @ 08:39 AM EDT Contributed by: PrivacyNews
Cloud Computing has become one of the more influential tech trends of our day. The Cloud is roughly analogous to remote computing, where computing and storage move away from your personal device to servers run by companies. A simple example might be online photo albums, which allow users to move their pictures off personal computers and into a secure and accessible space on the Web. Some Cloud services, like Hotmail, have been around for roughly a decade. And others have appeared since; almost all of Google's services, for example, run in the Cloud. As these services become more widely used, it's important to ask how our privacy laws and regimes should deal with this new phenomenon.
Source - Peter Fleischer
Personal surveillance tools are popular.
http://www.atthebreach.com/blog/want-to-see-what-other-people-txt-dont-fall-for-it/
Want to see what other people TXT? Don’t Fall For It.
Websense has recently detected a new scam aimed at infecting systems with malware. The scam includes an email that tells people that by clicking a link and installing and application, they can see other peoples SMS messages. So slooths and wood be snoops are in danger of infection if they aren’t careful.
IT Governance: What do you mean, you don't have a strategy/policy/procedure? What will you do when Al Gore comes calling?
http://hardware.slashdot.org/article.pl?sid=09/04/16/1819206&from=rss
Why IT Won't Power Down PCs
Posted by timothy on Thursday April 16, @02:42PM from the sheer-cussedness dept. Power Businesses The Almighty Buck IT
snydeq writes
"Internal politics and poor leadership on sustainable IT strategies are among the top reasons preventing organizations from practicing proper PC power management — to the tune of $2.8 billion wasted per year powering unused PCs. According to a recent survey, 42 percent of IT shops do not manage PC energy consumption simply because no one in the organization has been made responsible for doing so — this despite greater awareness of IT power-saving myths, and PC power myths in particular. Worse, 22 percent of IT admins surveyed said that savings from PC power management 'flow to another department's budget.' In other words, resources spent by IT vs. the permanent energy crisis appear to result in little payback for IT."
Mostly patting themselves on the back, but eventually, non-encrypted drives will be the exception and inability to access the data (I forgot my pass-phrase) will become increasingly common.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9131684
Full disk encryption comes to SSDs for mobile devices, laptops
Dell adds encrypted drives to its Latitude line of laptops
By Lucas Mearian
April 16, 2009 (Computerworld) Samsung Electronics Co. announced today it is shipping its first self-encrypting solid-state disk (SSD) drives.
… Full disk encryption (FDE) is already a standard feature on some desktop and laptop hard disk drives, including Seagate's Momentus 5400 FDE.2 laptop drive.
Not a popular decision with the commenters. Perhaps the courts will permit this some day...
http://news.slashdot.org/article.pl?sid=09/04/17/0423250&from=rss
Appeals Court Says RIAA Hearing Can't Be Streamed
Posted by timothy on Friday April 17, @01:39AM from the may-not-is-more-like-it dept. The Courts
NewYorkCountryLawyer writes
"The US Court of Appeals for the First Circuit has overturned a lower court order permitting webcast of an oral argument in an RIAA case, SONY BMG Music Entertainment v. Tenenbaum, in Boston. As one commentator put it, the decision gives the RIAA permission to 'cower behind the same legal system they're using to pillory innocent people.' Ironically, the appeals court's own hearing had been webcast, via an mp3 file. The court admitted that this was not an appropriate case for a 'prerogative writ' of 'mandamus,' but claimed to have authority to issue a writ of 'advisory mandamus.' The opinion came as a bit of a surprise to me because the judges appeared, during the oral argument, to have a handle on the issues. The decision gave me no such impression. From where I sit, the decision was wrong in a number of respects, among them: (a) it contradicted the plain wording of the district court rule, (b) it ignored the First Amendment implications, and (c) there is no such thing as 'advisory' mandamus or 'advisory' anything — our federal courts are specifically precluded from giving advisory opinions."
Another unpopular verdict. Their criteria seem to include Google, browsers, storage manufacturers, etc.
http://yro.slashdot.org/article.pl?sid=09/04/17/110235&from=rss
Pirate Bay Trial Ends In Jail Sentences
Posted by timothy on Friday April 17, @07:10AM from the even-non-commercial-use dept. The Courts
myvirtualid writes
"The Globe and Mail reports that the Pirate Bay defendants were each sentenced Friday to one year in jail. According to the article, 'Judge Tomas Norstrom told reporters that the court took into account that the site was "commercially driven" when it made the ruling. The defendants have denied any commercial motives behind the site.' The defendants said before the verdict that they would appeal if they were found guilty. 'Stay calm — Nothing will happen to TPB, us personally or file sharing whatsoever. This is just a theater for the media,' Mr. Sunde said Friday in a posting on social networking site Twitter."
[From the article:
The court found the defendants guilty of helping users commit copyright violations "by providing a website with ... sophisticated search functions, simple download and storage capabilities, and through the tracker linked to the website."
Support for my “pay by the drink” business model for media.
http://news.cnet.com/8301-1023_3-10221501-93.html?part=rss&subj=news&tag=2547-1_3-0-5
Google bringing pay-per-view to YouTube
by Stephen Shankland April 16, 2009 2:51 PM PDT
So far, YouTube has been a free, advertising-supported service, but Google plans to build payment mechanisms into its video-sharing site.
"With respect to how it'll get monetized, our first priority is on the advertising side. We do expect over time to see micropayments and other forms of subscription models coming as well," said Google Chief Executive Eric Schmidt after the company reported first-quarter profits Thursday. "We'll be announcing additional things in that area literally very, very soon."
Related. I think dropping cable for content on the Internet will be a “big thing” this year. This might be a project for the Hacker Club.
http://www.popularmechanics.com/technology/how_to/4313545.html
How to Ditch Your Cable Provider Without Giving Up on TV
Let's face it. You don't like your cable provider (here's why). Yet the average American cable subscriber pays more than $700 per year on subscription fees. But with the right combination of antenna and Internet streaming sources, you can get the shows and movies you like without the expense.
By Glenn Derene Published in the May 2009 issue.
Another possible Hacker Club project. Locate, acquire, analyze, defeat? Mostly the FBI trying to convince someone (congress?) that they're cool.
http://it.slashdot.org/article.pl?sid=09/04/17/0534232&from=rss
The Secret History of the FBI's Classified Spyware
Posted by timothy on Friday April 17, @08:12AM from the but-we-just-want-to-peek dept. Security Privacy United States
An anonymous reader writes
"A sophisticated FBI-produced spyware program has played a crucial behind-the-scenes role in federal investigations into extortion plots, terrorist threats and hacker attacks in cases stretching back at least seven years, according to newly declassified documents obtained by Wired.com. The so-called 'computer and internet protocol address verifier,' or CIPAV, is delivered through links to websites controlled by the FBI, and it silently reports back to a government server in Virginia. Among other cases, the FBI used it to track a Swedish hacker responsible for cracking thousands of computers at national labs and NASA's JPL in 2005."
[From the article:
As first reported by Wired.com, the software, called a "computer and internet protocol address verifier," or CIPAV, is designed to infiltrate a target's computer and gather a wide range of information, which it secretly sends to an FBI server in eastern Virginia. The FBI's use of the spyware surfaced in 2007 when the bureau used it to track e-mailed bomb threats against a Washington state high school to a 15-year-old student. [Clearly not new, certainly not sophisticated. Bob]
… The documents, which are heavily redacted, do not detail the CIPAV's capabilities, but an FBI affidavit in the 2007 case indicate it gathers and reports a computer's IP address; MAC address; open ports; a list of running programs; the operating system type, version and serial number; preferred internet browser and version; the computer's registered owner and registered company name; the current logged-in user name and the last-visited URL.
Did you ever want to be a twit? If so, be a good one.
http://www.killerstartups.com/Web20/tweepmeup-com-all-there-is-to-know-about-twitter
TweepMeUp.com - All There Is To Know About Twitter
http://tweepmeup.com/
This website aims to let you know “everything there is to know about Twitter”. In order to do so, it includes a host of Twitter tips, tricks and free downloads.
… On the other hand, links to worthwhile Twitter tools and resources like the TweetMyBlogWP plugin and Twitter’s info pack are included and prominently displayed.
Related, Celebrity Twit?
http://news.cnet.com/8301-17939_109-10222030-2.html?part=rss&subj=news&tag=2547-1_3-0-5
Twitter's big day? Here comes Oprah
by Stephen Shankland April 17, 2009 7:26 AM PDT
Is this type of service useful? No one Evites me anywhere, but the wife forwarded one recently because in included directions.
http://news.cnet.com/8301-17939_109-10220916-2.html?part=rss&subj=news&tag=2547-1_3-0-5
10 Evite alternatives: The good and the bad
by Don Reisinger April 16, 2009 4:45 PM PDT
I recently used Evite to send invitations for a party … Overall, I was pleased … the site's user interface made it too complicated … there's no Evite app on Facebook nor Twitter integration
... So I set out to find some alternatives to Evite to see if they could provide a better service.
“Big fleas have little fleas upon their backs to bite them, and little fleas have lesser fleas, and so ad infinitum.” This could be an interesting test for my web site students...
http://news.cnet.com/8301-17939_109-10221086-2.html?part=rss&subj=news&tag=2547-1_3-0-5
National Geographic's Infinite Photograph will mesmerize you
by Josh Lowensohn April 16, 2009 2:32 PM PDT
National Geographic has a fun new feature called the Infinite Photograph that takes over 300,000 photos collected from its archives and submitted by users, and turns them into a giant photo mosaic. It lets you zoom in infinitely, making your way deeper into each photo as it breaks down into smaller photos of various colors.