It is always amusing that “Security Standards” can be documented in fewer pages that it took to describe the impact of the data breach.
http://www.wired.com/threatlevel/2009/07/pci/
4 Years After TJX Hack, Payment Industry Sets Security Standards
By Kim Zetter July 17, 2009 1:30 pm
Four years after hackers breached TJX’s unsecured wireless network and stole information on more than 94 million customers, a standards body for the payment-card industry has finally released guidelines for securing wireless networks.
The Payment Card Industry Security Standards Council released its 33-page report (.pdf) on Thursday
Do de do do , do de do do (theme from the Twilight Zone)
Amazon Pulls Purchased E-Book Copies of 1984 and Animal Farm
Posted by Soulskill on Friday July 17, @06:39PM from the miniplenty-malquoted-kindle-rectify dept. books handheld
Oracle Goddess writes
"In a story just dripping with irony, Amazon Kindle owners awoke this morning to discover that 1984 and Animal Farm had mysteriously disappeared from their e-book readers. These were books that they had bought and paid for, and thought they owned. Apparently the publisher changed its mind about offering an electronic edition, and apparently Amazon, whose business lives and dies by publisher happiness, caved. It electronically deleted all books by George Orwell from people's Kindles and credited their accounts for the price. Amazon customer service may or may not have responded to queries by stating, 'We've always been at war with Eastasia.'"
(Related) Is this the result of outrage by customers or a quiet conversation with their lawyers about the potential for Class Actions?
http://news.cnet.com/8301-13860_3-10290047-56.html?part=rss&subj=news&tag=2547-1_3-0-5
Amazon says it won't repeat Kindle book recall
by Ina Fried July 17, 2009 4:59 PM PDT
Amazon said late Friday that it recalled two Kindle e-books because the publisher lacked the rights to the book. However, in the future, it says it won't pull already downloaded material from customers' devices.
… Some said that Amazon's move appeared to violate its own terms of service.
Doesn't this smell like a scam? “Give me money to find out if the police know you're a victim of Identity Theft.”
http://www.databreaches.net/?p=6275
Four million British IDs up for sale on the internet
July 17, 2009 by admin Filed under Breach Incidents, Non-U.S., Of Note, U.S.
The identities of more than four million Britons are being offered for sale on the internet, The Times has learnt. Highly sensitive financial information, including credit card details, bank account numbers, telephone numbers and even PINs are available to the highest bidder.
[...]
The information being traded on the web has been intercepted by a British company and collated into a single database for the first time. The Lucid Intelligence database contains the records of four million Britons, and 40 million people worldwide, mostly Americans. Security experts described the database as the largest of its kind in the world.
[...]
The database is held by Colin Holder, a retired senior Metropolitan police officer, who served on the fraud squad. He has collected the information over the past four years. His sources include law enforcement from around the world, [...as well as his local mob contacts... Bob] such as British police and the FBI, anti-phishing and hacking campaigners and members of the public. Mr Holder said he had invested £160,000 in the venture so far. He plans to offset the cost by charging members of the public for access to his database to check whether their data security has been breached.
Read more on The Times Online.
“Hey! We got all this stimulus money that we have to spend! Spending it on projects we couldn't do before because we didn't have enough money would be too logical, so we have to come up with completely new boondoggles. And this will save us lots of money providing we never have a data breach.”
http://www.pogowasright.org/?p=1954
LA’s move to the cloud raises concerns
July 17, 2009 by Dissent Filed under Featured Headlines, Govt, Internet, U.S.
A multimillion-dollar proposal to overhaul the computer network used by thousands of Los Angeles city workers raised concerns Thursday about the security of confidential information kept by the Police Department and other agencies.
The nation’s second-largest city is considering dumping its in-house computer network for Google Inc. e-mail and office programs that are accessed over the Internet. At issue is the security of computerized records on everything from police investigations to potholes.
Read more from the Associated Press on SanLuisObispo.com.
The story quotes Pam Dixon of the World Privacy Forum, who raises a number of concerns that the city does not seem to have adequately considered nor planned for. Indeed, the idea of the entire city’s databases with personally identifiable information being up in the cloud is downright frightening to privacy advocates who point out that no how much Google may attempt to keep everything secure, the risks of compromise, access, or acquisition of sensitive data are enormous.
(Related) If you are required to store someone else's data on your computer, what happens to the RIAA's “evidence?”
The Pirate Bay to Become a Distributed Storage Cloud?
Posted by ScuttleMonkey on Friday July 17, @04:28PM from the volunteer-to-make-your-computer-run-slower dept. storage business internet
eldavojohn writes
"After announcing the sale of The Pirate Bay to Global Gaming Factory X, it was unknown what would become of TPB. Details of the future plans have been released. 'According to Rosso, GGF plans to build a massive "storage cloud" on top of TPB that would use individual users as storage system's nodes. Apparently users can opt out for being part of the decentralized storage system, but then they'd have to pay a monthly fee for the service. More resources the user is willing to commit for the service, the cheaper the monthly subscription fee will be ... GGF's plan is to harness the resources users are willing to allocate to the cloud service and sell that computing power and bandwidth to 3rd party companies, essentially creating a service that could be used as a content delivery network (system that most large sites — including ours — use to deliver static content, such as images, software downloads and stylesheets, faster to the end user) or even as a web hosting cloud. As the service would use P2P technology, it could bring massive savings to ISPs, as the delivery of content to an end user would be provided from the closest possible "node," most likely from an user within the same ISP network.'"
When they make this assertion aren't they saying “our companies (and citizens) are subject to your laws?”
http://www.pogowasright.org/?p=1961
Belgium fines Yahoo for protecting user privacy
July 17, 2009 by Dissent Filed under Court, Internet, Non-U.S., U.S.
from the this-is-bad… dept
For many years, we’ve discussed the many challenges faced by countries in trying to recognize that “jurisdiction” on the internet isn’t what they probably think it is. Many countries want to interpret internet jurisdiction as “if it’s accessible here via the internet, it’s covered by our laws.” But it doesn’t take much scenario planning to recognizing what a disaster would result from such an interpretation. Effectively that means that the most restrictive legislation anywhere in the world (think: China, Iran, Saudi Arabia, etc.) would apply everywhere else.
That’s why it’s quite worrisome to find out that Belgium is trying to fine Yahoo for protecting its users’ privacy and refusing to hand over user data to Belgian officials. Yahoo noted, accurately, that it does not have any operation in Belgium, and the data in question was held on US servers, not subject to Belgian law. On top of that, the US and Belgium have a good diplomatic relationship, such that such a data request could have gone through established diplomatic channels to make sure that US laws were properly obeyed as well. But, instead, Belgian officials just demanded the info from Yahoo’s US headquarters directly, and then took the company to criminal court where the judge issued the fine.
Read more on techdirt.
Perhaps they have brain damage. Have newspapers ever charged readers for content? Don't they charge for delivering the paper? (If they charged for content, the price would go up on big news days.) They forget that they make their money on advertising and that an advertiser or a potential buyer values a newspaper based on its circulation.
http://www.bespacific.com/mt/archives/021842.html
July 17, 2009
Financial Times Editor Predicts End of Free News Organization Content
Guardian UK: "The Financial Times editor, Lionel Barber, has predicted that "almost all" news organisations will be charging for online content within a year. Barber said building online platforms that could charge readers on an article-by-article or subscription basis was one of the key challenges facing news organisations."
(Related) One quick way to reduce the number of visitors to your website (the e-quivalent of subscribers) is to drop off of search engines. Why would I visit your site to see IF you are carrying a specific story when I can visit sites that I KNOW are carrying the story?
http://latimesblogs.latimes.com/technology/2009/07/google-newspapers.html
Google to newspapers: Put up or shut up
1:13 PM, July 16, 2009
Is Google stealing our content? That, anyway, seemed to be the suggestion when a European publishing group announced last week that it had garnered a number of supporters for its Hamburg Declaration, which calls for "urgent improvements in the protection of intellectual property on the Internet."
This week, Google had a reply, which basically boils down to: Put up or shut up.
In a post written by Josh Cohen, senior business product manager, on the company's public policy blog Wednesday afternoon, Google said publishers can easily tell search engines to take a hike. All it takes is a two-line piece of code, which he helpfully included in his post. Tuck that on your website, and no search engine will crawl it; the stories won't show up when people look for content using search engines.
It's unlikely that newspapers will call Google's bluff. Here's why: Google's search engine and its Google News site sends 1 billion visits to newspaper websites each month. Those visitors drive up the traffic numbers that website ad rates are partially based on. More readers = higher ad rates, which is why few publishers will say no to Google's traffic referrals.
… Google's retort to publishers is that it is open to work with them on whatever business model they deem fit. Want only paid subscribers to read? Fine, it can steer clear of the site, or follow a model like that of the Wall Street Journal, which lets readers referred from search engines see the article for free but makes them subscribe if they want to read any other articles on the site. Want the articles to expire after a few days and go into an archive where readers would have to pay to see? There's a line of code for that too.
Right now, the vast majority of newspaper sites serve up free, ad-supported content. And Google said it's happy to send traffic to those sites. Unless, of course, they don't want all those readers.
Think of them as pre-arrest mug shots.
http://www.bespacific.com/mt/archives/021845.html
July 17, 2009
111th Congress Congressional Pictorial Directory
"The 111th Congressional Pictorial Directory provides a color photograph of each member of the House of Representatives and the Senate for the 111th Congress. It also includes information about a Member of Congress' length of service, political party affiliations, and Congressional district. Also contains pictures of the President, Vice President, and House and Senate officers and officials."
For my computer security class – never rely on a password!
http://www.makeuseof.com/tag/hack-windows-passwords-with-ophcrack/
Ophcrack – A Password Hack Tool to Crack Almost Any Windows Password
Jul. 17th, 2009 By Simon Slangen
There are a lot of different reasons why one would want to use any number of password hack tools to hack a Windows password. Of course, there are the good-hearted reasons, like helping your grandpa because he forgot his password and is locked out of his own computer. Then, there are the more dubious reasons, like spying on your accountant.
In the past, MakeUseOf has published other password-cracking related articles. Those who are interest should check out T.J. Miniday’s 3 Ways to Reset Forgotten Windows Administrator Password.
However, there might be circumstances in which you’d need unnoticed access – being able to use the terminal without literally changing the password.
That’s where Ophcrack comes in. Ophcrack is one of the more effective password hack tools that runs via Windows, Mac and Linux installations or on a Live CD, and it can be used to crack almost any Windows password.
Tools & Techniques Automating backups means never having to say you're sorry. And for a couple of hundred dollars, you can buy enough storage to completely safeguard all the information on your home network. (Many external hard drives come with free backup software.)
http://www.killerstartups.com/Web-App-Tools/idlebackup-nl-automatic-backup-software-for-free
IdleBackup.nl - Automatic Backup Software For Free
It is possible that you store very important information on your computer. However, there are so many important things you probably do on your machine that it is necessary to back them up because otherwise, you might lose them and you already know how bad that feels.
That is one of the main reasons why you should use a solution that gives you the possibility to back all your information up. In this way, you can make sure that no matter what happens to your computer your information is going to be safe.
This is an online solution called IdleBackup you can use to automatically back your files up. This service is totally free and you can be benefited with it by setting your backing up preferences. In this way you can either save you files to your whole hard disk or any other folder you want. You can save your files using your computer disk or just by using an external FTP.