Saturday, November 28, 2009

It's not altruism, there's a good bit of (justifiable) paranoia here. What should citizens have a “Right” to and what just makes it easier for the government to identify and control them?

http://thenextweb.com/europe/2009/11/28/turkey-give-70-million-citizens-email-address-search-engine/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+thenextwebeurope+%28The+Next+Web+Europe%29

Turkey wants to give each of its 70 million citizens an email address (and a search engine too.)

By Zee on November 28, 2009

Turkey’s Informational Technology Watchdog today announced its intentions to allocate an e-mail address to each of its 70 million citizens.

The project, called Anaposta, has reportedly already been developed and tested and will allocate a 10GB storage quota to its entire population, with ambitions to build an email network to match its current mobile network.

Every child will have an email address written on his/her identity card since birth” said Tayfun Acarer, chairman of Turkey’s Information Technologies and Communications Authority Board.

The network would also replace foreign mail networks such as Yahoo, Gmail and Hotmail in Turkey, Acarer was quoted as saying.

… “All major search engines used worldwide are based in foreign countries, which can not meet Turkey’s needs and could bring security problems,” said Tayfun Acarer, chairman of Turkey’s Information Technologies and Communications Authority Board.


(Related)

http://www.washingtonpost.com/wp-dyn/content/article/2009/11/24/AR2009112404175.html

Comments on net neutrality irk AT& T

White House official links the issue to censorship in China

By Cecilia Kang Washington Post Staff Writer Wednesday, November 25, 2009

… In an entry published on the Post Tech Blog and in comments at a telecom policy conference last week, McLaughlin compared censorship in China -- where President Obama's recent comments on open Internet values were blocked from Chinese Web sites -- to the need for net neutrality rules so as to prevent corporations from acting as gatekeepers of information and speech.

"If it bothers you that the China government does it, it should bother you when your cable company does it," McLaughlin said at the policy conference. The administration has made net neutrality a cornerstone of its technology agenda.



Maybe MG got it right. If so, how do we use this information to get rich?

http://www.techcrunch.com/2009/11/27/internet-twitter-tiger-woods/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

This Is Why The Internet (And Twitter) Wins

by MG Siegler on November 27, 2009

Undoubtedly by now you’ve heard about Tiger Woods’ car crash. Early reports had him in serious condition (which remember, is better than critical condition) after he apparently hit a fire hydrant and a tree while leaving his home in his SUV. The latest reports say he has been released from the hospital and is “fine.” But I’m not going to speak to any of that because that’s not what we do (you can find out more here).

Instead, as I’m watching this unfold infront of my eyes on the Internet, I’m reminded that this type of story is exactly why the web is destroying newspapers, and should eventually even take down television and the main source of news for most people. I first heard the news via a BNOnews bulletin sent via push notification to my iPhone. I immediately pulled up Twitter and already some 10-15 people had retweeted it and the news was appearing in my stream.

… Information wants to be free, and the web, with services like Twitter, provides the easiest way for that to happen. [Free as in not restrained, not free as in no cost. Bob]

Google was almost as fast on the case, as some 10 minutes after the tweets were flowing, it started showing reports from local Orlando news outlets (where the crash occurred) giving details of the crash. Within 15 minutes, we knew what time the crash occurred at, apparently what happened, and some other important details (like no alcohol being involved).



Not just for math teachers. Take a look at how it returns simple facts...

http://www.makeuseof.com/tag/the-true-power-of-the-wolfram-alpha-knowledge-engine/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Makeuseof+%28MakeUseOf.com%29

The True Power of the Wolfram Alpha Knowledge Engine

Nov. 27th, 2009 By Simon Slangen

Wolfram Alpha shows us the future of search engines. And we’re now one step closer to a computer taking over the world.



For my Computer Security students

http://www.makeuseof.com/tag/how-to-mask-yourself-online-use-a-fake-ip-address/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Makeuseof+%28MakeUseOf.com%29

How To Mask Yourself Online & Use a Fake IP Address

Nov. 27th, 2009 By Jack Cola



I don't teach Criminal Justice, but Technology is our name.

http://games.slashdot.org/story/09/11/27/2334220/3D-Video-Game-Collaboration-Used-To-Solve-Crimes?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

3D Video Game Collaboration Used To Solve Crimes

Posted by Soulskill on Friday November 27, @08:14PM from the world-of-csi-craft dept.

eldavojohn writes

"Reuters explains how the National Science Foundation's Cyber-Enabled Discovery and Innovation (CDI) program is funding research used to implement real life crimes in a CSI-like game. They will use IC-CRIME's laser scanner technology and the Unity platform (which recently enjoyed the release of a freeware version) to recreate the crime scene as closely as possible. The crime scene will then be hosted for multiple remote crime scene investigators to explore concurrently while discussing what they see, sharing their data and experience as well as learning and asking questions."

Friday, November 27, 2009

This breach continues to grow. Absent mandatory disclosure laws, it's not easy to piece together a clear picture of what happened.

http://www.databreaches.net/?p=8553

Spanish breach causes “largest bank-card security breach in Czech history”

November 26, 2009 by admin Filed under Breach Incidents, Financial Sector, ID Theft, Non-U.S., Of Note

Stephan Delbos reports:

Clients of four major Czech banks could find their accounts blocked at their next visit to the ATM as a result of the largest bank-card security breach in Czech history. [Did they even have credit cards under communism? Bob]

ČSOB, Raiffeisenbank, Česká spořitelna and Volksbank CZ have begun blocking thousands of bank cards for customers who made transactions in Spain in spring and summer this year after it was reported that fraudsters had stolen information necessary to access these accounts, including account numbers and pin codes. Approximately 100,000 accounts in the Czech Republic could be affected by the blockages, according to the Bank Card Association.

“In the spring and summer months this year in Spain, there was a relatively extensive data leakage concerning payment cards, probably from a system processor such as an ATM,” said Roman Kotlán of the Czech Bank Card Association. “There have been reports of the misuse of stolen data to manufacture counterfeits and make payments to merchants in different parts of the world.”

Read more in the Prague Post.

[From the article:

"The whole process of blocking the account and re-issuing a new card will take about a week," he said. [One of those measures you don't often see reported. Still, most of the process is automated so the labore costs are low. Bob]



Apparently this is not related via the Aloha device, but the technique appears to be the same. Somewhere there is a school for crooks who want to learn “How to Steal Bunches of Credit/Debit cards”

http://www.databreaches.net/?p=8523

Hackers steal credit-card numbers from restaurant customers

November 26, 2009 by admin Filed under Breach Incidents, Business Sector, Hack, ID Theft, Malware, U.S.

Theodore Decker reports:

Diners who frequent a popular Downtown restaurant should review their charge-card statements because hackers broke into its computer system to loot debit- and credit-card numbers, police said today.

Between 30 and 50 people have reported fraudulent charges on their accounts, and Columbus detectives said that anyone who used a charge card at Tip Top Kitchen and Cocktails in July or August is at risk.

Detective Wyatt Wilson of the Columbus police fraud/forgery unit said police began linking reports of credit-card fraud in October. Cross-checking the victims’ accounts revealed Tip Top, which is on E. Gay Street, as a common denominator, he said.

Read more in the Columbus Dispatch.

In case you’re wondering, no, Tip Top was not using the Aloha POS system. The restaurant informs DataBreaches.net that they were using 2Touch POS. According to a restaurant spokesperson, 2Touch used VNC software “so 2Touch can do maintenance, install updates etc from their offices.”

An “unknown IP address” was found on the VNC logs as well as malware. VNC has been disabled and the malware removed. Hard drives have even been replaced for good measure. So far the CPD has traced the IP address to somewhere in Europe.” [Isn't it wonderful how the Internet brings us all together in one global community? Bob]


(Related)

http://www.databreaches.net/?p=8537

NZ: Skim versus hack: Council still in the dark

November 26, 2009 by admin Filed under Breach Incidents, Government Sector, Non-U.S.

Rob O’Neill reports:

Auckland City is referring all enquiries about how its carparking systems were compromised, leading to the reissue of thousands of credit cards, to Westpac, which is leading the investigation into the incident.

Spokesman Glyn Jones says the council “hasn’t been told conclusively” whether skimming or hacking were used to breach customer security. The banks are conducting the investigation into the incident, he says.

[...]

Earlier today, a note on the Public Address system website indicated the city’s PCI credit card certification was “under serious review”.

“Basically, internal systems at Auckland City have been compromised,” the leak, attributed to “Mr A. Source”, said.

However, Jones says the council has had no indication from the banks that is the case.

Read more on Computerworld (NZ)

[Update on the Computerworld site:

The New Zealand Herald has raised the possibility of a spoofing attack being behind the incident.

… A banking investigation has raised the possibility that stolen credit card details of tens of thousands of New Zealanders are in the hands of a Russian or Albanian gang.

The theft of credit card details from payment machines at the Downtown carpark in central Auckland had all the hallmarks of a Russian or Albanian hacking ring preying on soft targets, [Soft targets here are defined as those that use default passwords, unencrypted wireless, and every other “worst practices” we teach students in “Introduction to Computer Security.” Bob] a source close to the investigation told the Herald.

… The source said the gang was believed to be based in the United States, but probably masked its identity by using internet addresses in other countries.

Several people have contacted the Herald to say their credit cards were used fraudulently to buy goods at a Walmart chain store in the American city of Phoenix, Arizona, after being used at the Downtown carpark.

… Police spokeswoman Kaye Calder said New Zealand representatives of Interpol and fraud staff at police national headquarters had not been advised of the scam. [??? Bob]

Westpac and other banks, Mastercard and Visa have refused to reveal the scale of the problem. [Does that indicate the problem is huge? Bob]

… More than 100,000 cards are believed to be affected.

Westpac is refusing to say how long the scam ran, but a source in the finance industry said it was possibly years.

Auckland IT consultant Steven Ellis said he received a new credit card three weeks ago to replace a card he last used at the Downtown carpark about 14 months ago.



Another case of “Our policy was inconvenient, so we ignored it.”

http://www.databreaches.net/?p=8528

UK: Action taken after details of 110,000 individuals are stolen

November 26, 2009 by admin Filed under Breach Incidents, Financial Sector, Non-U.S., Of Note, Subcontractor, Theft

The Information Commissioner’s Office (ICO) has found Verity Trustees Ltd to be in breach of the Data Protection Act after the Trustees reported the theft of a laptop computer containing the names, addresses, dates of birth, salaries and national insurance numbers of around 110,000 individuals.

The laptop, which also contained the bank details of around 18,000 individuals, was stolen from a locked server room at Northgate Arinso – suppliers of the Trustees’ computerised pensions administration system. The data was downloaded for training purposes in breach of Northgate Arinso’s policy of only using an anonymised data sample for 50 to 100 pension scheme members.

A formal Undertaking has been signed by Verity Trustees Ltd to ensure that personal data is processed in accordance with the Data Protection Act. Verity Trustees Ltd will ensure portable and mobile devices used to store and transmit personal data are suitably encrypted. Adequate written contracts that encompass data security obligations will also be put in place with data processors as soon as is practically possible.

Mick Gorrill, Assistant Information Commissioner at the ICO, said: “This is a stark reminder of how easy it can be to put so many people’s details at risk. Failure to follow security policies and downloading such a vast amount of information has resulted in thousands of individuals’ personal details being compromised. It is encouraging to see that the Trustees have taken remedial steps, including the engagement of a fraud protection service provider to protect the affected individuals.

I am also satisfied that the Trustees will now take appropriate steps to ensure individuals’ details are protected.”

Failure to meet the terms of the Undertaking is likely to lead to enforcement action by the ICO. A copy of the Undertaking can be downloaded from http://www.ico.gov.uk/what_we_cover/data_protection/enforcement.aspx

Source: ICO



How about that? Even the government can sometimes grasp the obvious.

http://www.computerworld.com.au/article/327812/victorian_auditor_general_slams_public_sector_privacy

Victorian Auditor-General slams public sector privacy

Information security policy, standards and guidance for the sector are incomplete and too "narrowly focused" on ICT security

Tim Lohman 26 November, 2009 13:26

The confidentiality of personal information collected and used by the public sector can be, and has been, easily compromised, a Victorian Auditor-General report has found.

The Maintaining the Integrity and Confidentiality of Personal Information report, which examined information security in three Victorian government departments, found that the ability to penetrate databases, the consistency of its findings and the lack of effective oversight and coordination of information security practices strongly indicate that this phenomenon is widespread.

… “Risks cannot be managed where an agency is not aware of them, or does not understand their significance,” the report reads. “Without substantiation, attestations by agency heads about the effectiveness of controls have no value.”

The Victorian Auditor-General also made a number of recommendations to resolve these issues which can be read in the report.



Slumdog Big Brother? Stimulating the economy by paying 80% of the population to spy on the other 80%?

http://yro.slashdot.org/story/09/11/27/0316240/India-To-Have-Automatic-Communications-Monitoring?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

India To Have Automatic Communications Monitoring

Posted by timothy on Friday November 27, @01:37AM from the top-down-with-a-vengeance dept.

angry tapir writes

"India plans to set up a centralized system to monitor communications on mobile phones, landlines and the Internet in the country, a minister has told the Rajya Sabha, the upper house of Parliament. Indian laws allow the interception and monitoring of communications under certain conditions, including to counter terrorism. A pilot of the new Centralized Monitoring System (CMS) is to be started by June next year, subject to clearances by other government agencies."



Learn all you can about Cloud Computing. Most organizations will be using it soon.

http://www.pogowasright.org/?p=5775

ENISA Report Examines Cloud Computing and Privacy

November 26, 2009 by Dissent Filed under Featured Headlines, Internet, Non-U.S.

From EPIC.org:

The European Network and Information Security Agency has released a new report on Cloud Computing. The ENISA report recommends that European officials determine the application of data protection laws to cloud computing services. The report also considers whether personal data may be transferred to countries lacking adequate privacy protection, whether customers should be notified of data breaches, and rules concerning law enforcement access to private data. Earlier this year, EPIC filed a complaint with the Federal Trade Commission, urging the Commission to examine the adequacy of privacy safeguards for cloud computing services. A subsequent letter by computer researchers, addressed to Google CEO Eric Schmidt, raised similar concerns.

[From the report:

The key conclusion of this paper is that the cloud’s economies of scale and flexibility are both a friend and a foe from a security point of view. The massive concentrations of resources and data present a more attractive target to attackers, but cloud-based defences can be more robust, scalable and cost-effective.



I thought this was a collection of open source software, apparently not.

http://tech.slashdot.org/story/09/11/26/1356246/Microsoft-Issues-Takedown-Notices-Over-COFEE?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Microsoft Issues Takedown Notices Over COFEE

Posted by Soulskill on Thursday November 26, @10:27AM from the horses-and-barn-doors dept.

Eugen tips news that Microsoft has sent DMCA takedown notices to several websites to stop them from offering the Computer Online Forensic Evidence Extractor (COFEE) tool for download after it was leaked earlier this month. One of the sites, Cryptome.org, has posted their correspondence with Microsoft over the software. "... Microsoft contacted Network Solutions, which hosts Cryptome, and since John Young, the owner of the website, wasn't too keen on losing his whole website for the sake of a single 15MB file, he removed the download link and sent Network Solutions a notice of compliance."

[Of course, you can still get it on the Pirate Bay site (or so I've been told)

http://thepiratebay.org/torrent/5156601



Certainly not unexpected. The world is warming, just not fast enough for some politicians. Politicians control grant money. See where I'm going with this?

http://wattsupwiththat.com/2009/11/25/uh-oh-raw-data-in-new-zealand-tells-a-different-story-than-the-official-one/

Uh, oh – raw data in New Zealand tells a different story than the “official” one.

25 11 2009

Reposted from TBR.cc Investigate magazine’s breaking news forum:

New Zealand’s NIWA accused of CRU-style temperature faking

The New Zealand Government’s chief climate advisory unit NIWA is under fire for allegedly massaging raw climate data to show a global warming trend that wasn’t there.

The scandal breaks as fears grow worldwide that corruption of climate science is not confined to just Britain’s CRU climate research centre.



This is interesting. My web site students might (better!) find it useful.

http://www.thumboo.com/centennial-man.blogspot.com/#size

Thumboo

Online Thumbnail Generator

Quickly generate an instant web screenshot of any site!



I'd use one of these if I had a CD collection...

http://www.makeuseof.com/tag/5-free-tools-to-quickly-convert-a-cd-to-an-mp3-collection/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Makeuseof+%28MakeUseOf.com%29

5 Free Tools To Quickly Convert A CD To An MP3 Collection

Nov. 27th, 2009 By Sharninder

Thursday, November 26, 2009

Looks like this one is a much larger can of worms than I thought.

http://www.databreaches.net/?p=8475

Risky business: Remote Desktop opened the door for Aloha hackers

November 25, 2009 by admin Filed under Breach Incidents, Business Sector, Hack, Of Note, U.S.

When nine restaurants in Louisiana and Mississippi filed lawsuits against Radiant Systems and its Louisiana distributor, they may have represented only the tip of a substantial iceberg of hacks affecting restaurants that used Radiant Systems’ Aloha POS system. It seems that the scope of the problem is first coming to the public’s attention approximately one and a half years after the hacking incidents started. [Yesterday's article mentioned a three year period. Bob]

Breaches in Other Parts of the Country

During a two-month period in late 2008, a Spicy Pickle franchise in Michigan was hacked and 150 customers’ card data were stolen and misused. The franchise closed in June 2009, reportedly unable to recover from the loss of customer confidence after the breach. At around the same time in 2008, Ted’s Cafe Escondido in Oklahoma also reported being hacked. Although both breaches were reported at the time on PogoWasRight.org, the POS system they were using was not reported in the media. Unbeknownst to me at the time, a forum member on FoodService.com commented on both breaches by noting both restaurants used the Aloha system. There was no indication in the forum member’s report, however, as to whether the restaurants had removed any remote access software that was suspected of creating the vulnerability to hacks or whether the restaurants had used commercial grade firewalls.

Hacks Started in Early 2008

Also flying completely under my radar at the time, in December 2008, WKZO News reported this about the Spicy Pickle hack:

Co-owner Terry Henderson says the FBI’s been investigating fraud cases across the country for seven months and they were just the latest victims. [Do the warn anyone? Bob]

“There’s a similar thread to all of it and it keeps leading to one particular software manufacturer,” says Henderson, adding that he’s not at liberty to say which manufacturer that is. [Some kind of gag order? Bob] “It’s a popular software that’s used by thousands of restaurants throughout the country.”

Continuing to work backwards to see what else I had missed, I found that in August 2008, WAFB and the Associated Press had reported that a rash of hacks involving Louisiana restaurants began in March 2008. And although Aloha’s name did not appear in any media reports on affected restaurants, when the Secret Service met with Louisiana restauranteurs in August 2008, they may have specifically mentioned the Aloha system. Another poster on the FoodServices.com forum wrote on August 19, 2008:

I spoke to someone who attended the meeting outlined in the Associated Press article. The meeting was set up by the Lousiana (sic) Restaurant Association and was attended by the Secret Service agent on the case, a US Attorney and a represtative (sic) from Visa. During the meeting it was presented that the 15 breaches occured (sic) were all Aloha POS systems. It was stated that he hackers were able to breach the systems as the Remote support software were all using the same User Name and Password (this is against PCI requirements). The hackers installed a “sniffer” program that would capture credit card data on the Local LAN (ie private network).

So it seems as if suspicions about Aloha were being raised over a year ago but were not specifically mentioned in media coverage.

Radiant’s Response

In August 2008, within days of the Secret Service and Visa representatives meeting with Louisiana restauranteurs, Aloha sent a data security alert to its customers. The alert said, in part:

Radiant Systems has been working with Visa on an emerging issue that could cause POS systems to be compromised. The specific vulnerability is related to Remote Desktop being enabled on BOH servers, POS terminals, and routers, which may allow intruders to gain access to POS systems. Once intruders gain access they could install malware such as packet sniffers to capture card holder data. Remote access to POS systems is critical to supporting sites, but can also provide a method for unauthorized users to obtain access to systems and potentially sensitive credit card data. Configuring and managing access to POS systems is extremely important.

The alert then provided specific steps Aloha clients should take to configure their systems securely including:

  • Disable Remote Desktop on routers, BOH servers, and POS terminals, if this remote access tool is not used to support the site.

  • Use Command Center as the single means of remote access for Aloha POS systems to ensure the highest level of site security. Command Center has a number of inherent features that significantly increase your ability to support sites, and also significantly decrease the risks associated with accessing sites.

Alternative measures were described for those who chose to leave remote access tools enabled.

Their alert may well have prevented more restaurants from being hacked, but may be small comfort to the allegedly many restaurants who had already suffered hacks resulting in lost business, fines by Visa and Mastercard, and the cost of forensic audits and IT consultants. Whether the juries will agree with the restaurant-plaintiffs or with Radiant Systems remains to be seen, but it would seem that some jurors are in for a real earful on security. [Anyone need an expert? Bob]



Some interesting “statistics” for those who lose hard drives...

http://www.databreaches.net/?p=8511

Update: BCBS of Tennessee to start sending notifications

November 25, 2009 by admin Filed under Breach Incidents, Healthcare Sector, Theft

John Commins updates us on the Tennessee BlueCross BlueShield breach:

BlueCross BlueShield of Tennessee is readying a Nov. 30 mass mailing to some of its 3.1 million customers in the Volunteer State who may have had their Social Security numbers and other private data compromised after an Oct. 2 hard drive theft at a remote training facility in Chattanooga.

“It’s going to be a progression of mailings, with those who would be most at risk receiving the first mailings, depending upon how many people had a Social Security number compromised,” says BCBST spokeswoman Mary Thompson.

[...]

Meanwhile, local, state, and federal law enforcement officials have been called in to investigate the Oct. 2 theft of three 3.5″ X 10″ hard drives, which were physically removed from server racks on computers inside a data storage closet at a training center located in a strip mall. [Not your typical “grab the laptop and run” – sounds like they knew what they wanted. Bob]

We were using the information on those drives for training purposes. [Training with live data? Very inefficient. Bob] We were auditing [Wait! We weren't training, we were auditing. Bob] our [customer service representatives] to ensure that they were delivering the correct information and servicing providers correctly and using it for training [Wait! No, yes, were were using it to train after all. Bob] of new CSRs,” Thompson says.

[...]

In the past several weeks, Thompson says BCBST has had as many as 800 people—including employees from a private security company—working at any given time on the arduous task of analyzing more than 300,000 screen shots and about 50,000 hours of audio data to identify potential breaches.

Read more on Health Leaders Media.

Is anyone else confused by the reference to three hard drives? Earlier reports talked about 57 hard drives and then 68.



“Hey, you gottta pay for law school somehow!” An interesting flaw (loophole? Bug?) in the legal system. Some simple (Hacking 101) tools gather IP addresses, the court orders the ISP to disclose the owner of that IP address, lawyers send a mass mailing and some (significant?) percentage settle. Like SPAM, but you get to wear a wig.

http://torrentfreak.com/30000-internet-users-to-receive-file-sharing-cash-demands-091125/

30,000 Internet Users to Receive File-Sharing Cash Demands

Written by enigmax on November 25, 2009

As many as 25,000 BT and 5,000 customers of other ISPs will be receiving shock letters demanding big payments during the coming weeks. Lawyers in the UK have been granted more court orders which force ISPs to hand over the details of individuals who they say have been monitored sharing hardcore pornography. [No evidence required? Bob]

For regular readers of TorrentFreak, this fresh news can hardly come as a surprise. The supposed anti-piracy scheme originally pioneered in the UK in conjunction with lawyers Davenport Lyons rolls on, but now in the hands of ACS:Law and their partners DigiProtect.

Although there is an insistence that the project is aimed at reducing piracy, in reality piracy is the scheme’s lifeblood, providing healthy profits for all concerned, except the original rightsholders that is. [What could the copyright holders do? Bob]



The difference between apologizing and attacking: In an attack, Google would have highlighted this picture and made the authors the subject of ridicule. Instead, they have allowed the Streisand Syndrome free rein to 'encourage' more users to view the images without hearing why anyone might find it offensive. Yes, it is offensive and stupid, but inevitable. “Failure to spank” just encourages the idiots.

http://news.slashdot.org/story/09/11/26/0311249/Google-Apologizes-For-Michelle-Obama-Results?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Google Apologizes For "Michelle Obama" Results

Posted by samzenpus on Thursday November 26, @04:00AM from the was-that-wrong? dept.

theodp writes

"CNN reports that for most of the past week, when someone did a Google image search for 'Michelle Obama,' one of the first images that came up was a picture of the First Lady altered to resemble a monkey. After being hit with a firestorm of criticism over the episode, Google first banned the site that posted the photo, saying it could spread malware. Then, when the image appeared on another site, Google displayed the photo in its search results, but displayed an apologetic Google ad above it. On Wednesday morning, the racially offensive image appeared to have been removed from any Google Image searches for 'Michelle Obama.' Google officials could not immediately be reached for comment."



Is this truly a better idea? How will it be funded?

http://www.bespacific.com/mt/archives/022881.html

November 25, 2009

New York Review of Books: Google and the New Digital Future

Follow up to previous postings on Google Book Search (GBS), Google and the New Digital Future, Robert Darnton is Carl H. Pforzheimer University Professor at Harvard

  • "...The digitizing, open-access distribution, and preservation of orphan works could be done by a nonprofit organization such as the Internet Archive, a nonprofit group that was built as a digital library of texts, images, and archived Web pages. In order to avoid conflict with interests in the current commercial market, the database would include only books in the public domain and orphan works. Its time span would increase as copyrights expired, and it could include an opt-in provision for rightsholders of books that are in copyright but out of print. The work need not be done in haste. At the rate of a million books a year, we would have a great library, free and accessible to everyone, within a decade. And the job would be done right, with none of the missing pages, botched images, faulty editions, omitted artwork, censoring, and misconceived cataloging that mar Google's enterprise. Bibliographers—who appear to play little or no part in Google's enterprise—would direct operations along with computer engineers. Librarians would cooperate with both in order to assure the preservation of the books, another weak point in GBS, because Google is not committed to maintaining its corpus, and digitized texts easily degrade or become inaccessible." [Quite the opposite, actually. Bob]



For the Online Reference Library

http://www.makeuseof.com/tag/the-incredible-guide-to-ubuntu-karmic-koala-linux-pdf/

The Incredible Guide to NEW Ubuntu (Karmic Koala) [PDF]

Nov. 25th, 2009 By Simon Slangen

… In the past we published A Newbie’s Getting Started Guide to Linux, aimed at the making you familiar with the most basic Linux principles.

… We teamed up with Guvnr.com to create the Ubuntu Karmic Koala Bible – a guide that’s both great for Linux initiates, and invariably useful for Linux intermediates. With over fifty pages of copy-paste tutorials, this guide belongs in the virtual library of every Linux user!

… Don’t waste any time, download the Ubuntu Karmic Koala Bible now in PDF, or read it online on Scribd!



For the Swiss Army folder

http://download.cnet.com/8301-2007_4-10405343-12.html?part=rss&subj=news&tag=2547-1_3-0-20

Big changes in Security Starter Kit 2010

by Seth Rosenblat November 25, 2009 3:51 PM PST

… To help you during these tough economic times, we've refreshed the Download.com Security Starter Kit for 2010. Although nothing can replace common-sense browsing, this collection of freeware security tools will help you protect new machines and old from pernicious threats,

Wednesday, November 25, 2009

The joy spreads. Perhaps companies (their lawyers?) are realizing that “compliant” does not mean “secure.” In any case (no pun intended), suits like these could further swamp the courts.

http://www.databreaches.net/?p=8408

Radiant Systems and Computer World responsible for breach affecting restaurants – lawsuit

November 24, 2009 by admin Filed under Breach Incidents, Hack, ID Theft, Of Note, U.S.

There’s been a lot of coverage of the lawsuits against Heartland Payment Systems, a payment processor fined by both Visa and Mastercard for not being PCI-DSS compliant. Now a class-action lawsuit by seven restaurants claims that dozens of restaurants may have become victims of card fraud because systems provided to the restaurants by Radiant Systems and its Louisiana distributor, Computer World Inc., were not PCI-DSS compliant.

According to a statement provided to DataBreaches.net by Charles Hoff of the Law Offices of Charles Y. Hoff, PC, general counsel for the Georgia Restaurant Association and one of the attorneys acting as a legal advisor to the restaurants in the lawsuit, the plaintiffs “do not have any exact numbers from the Secret Service but have been told that it is believed that dozens of restaurants as well as some hotels were victims of security breaches.”

Seven restaurants in Louisiana and Mississippi are named as plaintiffs in the lawsuit, including a Best Western, Mel’s Diner, Sammy’s Grill, Crawfish Town USA, Jone’s Creek Cafe, Don’s Seafood, and Picante’s Mexican Grill. In a separate, but related lawsuit, On the Half Shell and Boudreaux’s and Thibodeaux’s, sued Radiant Systems and Computer World in April.

Keith Bond, owner of Mel’s Diner in Broussard, Louisiana says that he purchased the “Aloha” system in 2007. In the spring of 2008, one of the restaurant’s servers noticed a problem that the mouse seemed to be moving around out of their control. According to Bond, they called Computer World, who told them to disconnect their internet connection and that they would send someone out the next day. When the service tech examined the system, he reportedly removed and replaced the hard drive, but was “vague” about what was wrong with the system, reassuring them that the problem was now resolved. Less than one month later, the restaurant received letters from Visa and Mastercard that they had been breached, were being fined, and were required to arrange for a forensic audit with an approved auditor. According to Bond, Visa fined them $5,000 and debited the money from their account immediately. Mastercard fined them $100,000 but waived the fine. [Visa fined the restaurant? First time I've heard that. Bob]

Bond says that 669 of his customers were affected by the breach, although he never heard any complaints [“No illegal use of this data has been reported.” Bob] from any of them and only knew of the breach because of Visa and Mastercard contacting him. Other restaurants involved in the lawsuit were reportedly not as lucky. Bond says that Sammy’s Grill had 45,000 customers whose cards were compromised over a three-year period, and that he knows of 19 businesses who had similar breaches while using the Aloha system. He suspects that there are many more restaurants who also experienced breaches of a similar nature.

In a press release from the plaintiffs, Radiant Systems and Computer World Inc., are accused of having directly contributed to the breach by providing products that were not PCI-DSS compliant. [If they were certified compliant, do they automatically win the lawsuit? Bob]

1) Restaurants were sold earlier model POS systems although they were represented to be new models;
2) Computer World used a remote access system that did not have adequate security patches – a violation of PCI-DSS standards;
3) Computer World used the same password for at least 200 operators in violation of PCI standards;
4) The distributor failed to remove prior sensitive customer credit data upon installation of Radiant POS systems, again in violation of PCI standards.

Bond claims that in his case, when Secure Metrics performed the forensic audit, they discovered that the system had previously been installed as Sorano’s Salsa Company’s system. It’s not clear whether any personal or financial data were still accessible, but it was clear that the system was not new. Bond says that pcAnywhere came installed on his system so that Computer World could remotely access the system to service it. But as with every Computer World installation for every Aloha customer, Computer World allegedly used the default password, and all 200 installations used the same password, “computer.” According to Bond, the Secret Service discovered that a Romanian hacker had accessed all of the computers using the system and common password and installed keyloggers to capture the card data.

The plaintiffs also claim that “Radiant and Computer World were warned by Visa in 2007 that their programs were non-compliant, but the restaurants were unaware of these warnings at the time they purchased the Aloha system.”

The plaintiffs are seeking damages to cover all of the expenses they incurred.

Both Radiant Systems and Computer World were contacted for a response to the press release issued yesterday by the plaintiffs. C. York Craig, III, of the law firm representing Computer World, Forman Perry Watkins Krutz & Tardy LLP, sent the following statement:

Computer World, through its New Orleans attorney, Joseph B. Morton, III of Forman Perry Watkins Krutz & Tardy LLP, denied the assertions of the plaintiffs. Morton stated, “We prefer to handle these matters in the proper forum. Computer World is confident that when all of the evidence is examined in a court of law, it will be established that Computer World fulfilled its contractual obligations, appropriately installed/monitored the POS hardware and software, complied with all government requirements and was very responsive to the needs of its clients.”

As of the time of this posting, Radiant Systems did not reply to DataBreaches.net’s inquiry. Bond says that a motion by Radiant Systems to break up the class action lawsuit was dismissed by a judge yesterday, and that the lawsuit has been allowed to go forward as a class-action lawsuit.

Bond informs DataBreaches.net that as a result of the breach, another one of the plaintiffs gave up on using credit cards altogether rather than incur the costs of a forensic audit and fines by Visa and Mastercard. [Good for them! Bob] As for Bond himself, after incurring $19,000 in forensic audit fees, several thousand dollars in fees for an IT consultant to implement the auditor’s recommendations, $20,000 in chargebacks, attorney fees, miscellaneous fees, and $5,000 in fines from Visa, Mel’s Diner has gone back to using dial-up.



When you know (not just suspect, know) someone has hacked your system, shouldn't your review be AT LEAST as through as a “routine” review?

http://www.databreaches.net/?p=8451

Cobra.com hack exposed customer card data for 9,000

November 24, 2009 by admin Filed under Breach Incidents

Almost five months after a security breach was first discovered, lawyers for Cobra Electronics Corporation notified the New Hampshire Attorney General’s Office that its web site at www.cobra.com had been hacked and customer card data might have been accessed.

According to the letter from David E. Teitelbaum of Sidley Austin, Cobra was alerted to a problem on June 14. Subsequent investigation determined that the server had been hacked on June 14. The site was totally offline from June 23 until July 3 while the company addressed the security issues. But according to the notification:

Although the intruder apparently used the Cobra.com site to attempt to download malicious software to customer computers, Cobra did not believe at the time that the intruder had access to any Cobra files containing personally identifiable information, such as cardholder information.

During a routine security review in late September, [Apparently their “Incident Review” did not rise to the level of a “routine” review, even thought they knew they had been hacked.! Really poor management! Bob] however, the company realized that there were unencrypted card numbers in archival files on the server at the time of the intrusion. A subsequent forensic examination concluded that there was no access to the data between June 16 and October 2, but the examiners were unable to determine if there had been any access between June 14 and June 16 because the web host could not provide the relevant hard drives. [What caused them to destroy evidence? Bob] As a result, Cobra decided to notify 9,000 customers whose unencrypted card numbers were on the server at the time of the intrusion or whose unencrypted card numbers were entered after the intruder was shut out but before all data on the server were fully encrypted. The notifications include all customers who made purchases via the web site between November 18, 2007 and September 30, 2009.

Cobra offered affected customers free credit monitoring services and created an FAQ on the breach at http://www.cobra.com/creditcardquestions



Even criminals can learn to be more efficient.

http://www.databreaches.net/?p=8456

The Year Of The Mega Data Breach

November 24, 2009 by admin Filed under Commentaries and Analyses, Of Note

Andy Greenberg reports:

Glance at 2009’s data breach statistics, and you might think the IT world had scored a rare win in the endless struggle against cybercrime.

According to the Identity Theft Resource Center, government agencies and businesses reported 435 breaches as of Nov. 17, on track to show a 50% drop from the number of breaches reported in 2008. That would make 2009 the first year that the number of reported data breaches has dropped since 2005, when the ITRC started counting.

But the decrease in data breaches is deceptive. In fact, the number of personal records that were exposed–data like Social Security numbers, medical records and credit card information tied to an individual–that hackers exposed has skyrocketed to 220 million records so far this year, compared with 35 million in 2008. That represents the largest collection of lost data on record. And the majority of 2009’s data loss stems from a single source: credit card processing firm Heartland Payment Systems.

Read more on Forbes.



Something tipped the scales here, forcing(?) the hospital to act. I wonder what happened? (The liability must be huge!) Nothing on either Google or Yahoo news search.

http://www.phiprivacy.net/?p=1534

TX: Hospital District Employees Fired for Violation

By Dissent, November 25, 2009 8:56 am Andrea Watkins reports:

A major breach in patient privacy at the Harris County Hospital District has caused 16 employees to lose their jobs.

Melinda Muse, a hospital district spokeswoman, says the employees were fired because of HIPAA violations.

[...]

HCHD says it will not confirm specific details on the privacy breach, but it released the following statement:

“The Harris County Hospital District, in all circumstances, is guided by the best interests of our patients, especially in matters of patient’s protected health information, and our policies that protect our patients privacy are always vigorously enforced. Actions by the hospital district were the result of steadfast diligence performed in the best interests of our patients.”

The hospital district has not specified the patient or patients affected by the privacy violation.

Maybe one of the patients who receives notification of the breach will provide more detail. It sounds like a snooping situation, but we’ll have to wait and see.

Source: MyFoxHouston



An example of domestic wiretapping? Who had this data (before WikiLeaks I mean) and do they also have SMS messages, emails, voice mails, etc?

http://www.pogowasright.org/?p=5734

WikiLeaks releases 573.000 pager intercepts from 9/11 2001

November 25, 2009 by Dissent Filed under Breaches, Other

From Wikileaks.org:

From 3AM on Wednesday November 25, 2009, until 3AM the following day (US east coast time), WikiLeaks will release over half a million US national text pager intercepts.

The intercepts cover a 24 hour period surrounding the September 11, 2001 attacks in New York and Washington.

To foster a deeper understanding, the messages will be released to the global community “live”. That is, the first message, corresponding to 3AM September 11, 2001, five hours before the first attack, will be released at 3AM November 25, 2009 and the last, corresponding to 3AM September 12, 2001 at 3AM November 26, 2009.

To follow the release, please visit http://911.wikileaks.org



Not so fast, RIAA... Perhaps there is hope!

http://torrentfreak.com/european-commission-no-3-strikes-without-judicial-oversight-091124/

European Commission: No 3 Strikes Without Judicial Oversight

Written by enigmax on November 24, 2009

The European Commission has issued a warning to the Spanish government that any plan to disconnect file-sharers from the Internet without involving a judge would create conflict with the EU. This statement could also throw the three-strikes plans of the UK government and the Irish ISP Eircom into serious doubt.


(Related) Poor description of the problem. Sounds like they would be unable to bill their customers if true.

http://yro.slashdot.org/story/09/11/24/2025212/UK-File-Sharing-Laws-Unenforceable-On-Mobile-Networks?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

UK File-Sharing Laws Unenforceable On Mobile Networks

Posted by kdawson on Tuesday November 24, @04:42PM from the p2p-ringtones dept.

superglaze writes

"UK mobile broadband providers currently have no way of telling which subscribers are file-sharing which copyrighted content, ZDNet UK reports. This represents something of a problem for new laws that have been proposed to crack down on unlawful file-sharing. According to the article, databases (tracking IP address mappings) could be built to make it possible to identify what specific users are downloading, but the industry is loathe to fund this sort of project itself. Also, as an analyst points out in the piece, users of prepaid phone cards are mostly anonymous in the UK, which creates another challenge for the government's plans. And if that isn't enough, connection-sharing apps like JoikuBoost would make identification pretty much impossible anyway."



They guy did act strangely, but there is no flexibility any more – guilty until proven innocent.

http://www.pogowasright.org/?p=5729

UK jails schizophrenic for refusal to decrypt files

November 24, 2009 by Dissent Filed under Court, Non-U.S., Surveillance

Chris Williams reports:

The first person jailed under draconian UK police powers that Ministers said were vital to battle terrorism and serious crime has been identified by The Register as a schizophrenic science hobbyist with no previous criminal record.

His crime was a persistent refusal to give counter-terrorism police the keys to decrypt his computer files.

The 33-year-old man, originally from London, is currently held at a secure mental health unit after being sectioned while serving his sentence at Winchester Prison.

Read more on The Register.

[From the article:

He was arrested on 15 September 2008 by officers from the Metropolitan Police's elite Counter-Terrorism Command (CTC), when entering the UK from France. Sniffer dogs at Gare du Nord in Paris detected his Estes model rocket, which was still in its packaging and did not have an engine. [What exactly did the dogs detect? Bob]

… In his final police interview, CTC officers suggested JFL's refusal to decrypt the files or give them his keys would lead to suspicion he was a terrorist or paedophile.

"There could be child pornography, there could be bomb-making recipes," said one detective.

"Unless you tell us we're never gonna know... What is anybody gonna think?"



This would be funny if it wasn't pathetic.

http://www.databreaches.net/?p=8466

How many computers were stolen from your school district?

November 24, 2009 by admin Filed under Breach Incidents

Okay, I don’t know if this is some kind of dysrecord, but in an AP story on a Detroit teacher accused of pawning one of the district’s laptops, it says:

More than 500 district computers have been stolen over the past six months.

I wonder what the numbers are like in other major urban school districts. Anyone know?



None of these are new. If Gartner is correct, they are at that point on the learning curve where adoption starts to go vertical.

http://www.bespacific.com/mt/archives/022871.html

November 24, 2009

Gartner Identifies the Top 10 Strategic Technologies for 2010

News release: "Gartner, Inc. analysts highlighted the top 10 technologies and trends that will be strategic for most organizations in 2010... Gartner defines a strategic technology as one with the potential for significant impact on the enterprise in the next three years. Factors that denote significant impact include a high potential for disruption to IT or the business, the need for a major dollar investment, or the risk of being late to adopt. These technologies impact the organization's long-term plans, programs and initiatives. They may be strategic because they have matured to broad market use or because they enable strategic advantage from early adoption."

[In brief:

Cloud Computing.

Advanced Analytics

Client Computing.

IT for Green

Reshaping the Data Center

Social Computing

Security – Activity Monitoring

Flash Memory

Virtualization for Availability

Mobile Applications.



Interesting stuff for us military history buffs.

http://www.dailymail.co.uk/sciencetech/article-1230025/Google-Earth-Second-World-War-Amazing-aerial-images-taken-daring-Allies-revealed-Hitlers-weapons.html?ITO=1490

From Colditz to D-Day: Amazing aerial images taken by daring Allied pilots on secret missions during World War II

By David Wilkes Last updated at 9:53 AM on 23rd November 2009



Got movies? For the Website students too...

http://www.makeuseof.com/tag/media-cope-an-all-in-one-media-player-cutter-converter/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Makeuseof+%28MakeUseOf.com%29

Media Cope – An All In One Media Player, Cutter & Converter

Nov. 24th, 2009 By Varun Kashyap

We have covered plenty of audio/video tools in the past, from mp3 joiner to video transcoding tools. If you are an avid user of such tools, you will have a nice, albeit a little lengthy, collection in your start menu. Well here is one tool that can make that list a little shorter.

It is an all in one media player solution and lets you play audio & video files, cut them according to your needs or transcode them to other formats. In addition you get a photo cutter, resizer and much more. In short, it’s as complete a media package as you’re likely to get. It is called Media Cope.

Tuesday, November 24, 2009

Try and save a few bucks by sewing your own tuxedo... Interesting that several stores recently replaced their credit card machines. Sounds like the crooks traveled around pretending to be from the card processor(?) and replaced the processor's machines with their own.

http://www.databreaches.net/?p=8394

Multi-state debit card fraud linked to Hancock Fabrics – police

November 23, 2009 by admin Filed under Business Sector, ID Theft, Of Note, U.S.

Linda McGlasson reports:

Bank customers in California, Wisconsin and Missouri are reporting fraudulent ATM withdrawals that police say are tied to transactions conducted with the Hancock Fabrics retail chain.

In California, Napa Police Department spokesman Brian McGovern says 60 residents reported their cards being used by thieves….. At about the same time, as many as 70 Wisconsin victims reported suspicious ATM withdrawals from their accounts, according to Wood and Portage county law enforcement, which also ties the thefts to machines in Hancock Fabrics stores…. And in Missouri, at least 10 customers at Hancock Fabrics in the St. Louis area reported their debit card numbers and pin numbers stolen during the week of November 9.

Read more on BankInfoSecurity.com

Hancock Fabrics, Inc. operates 264 stores in 37 states and an Internet store. Stores are primarily located in strip shopping centers.

As of the time of this posting, Hancock has neither denied nor confirmed that they have experienced a breach.



Perhaps I've become more sensitive to articles like this, but it seems to me like there is a increased reaction to security breaches of all kinds, but particularly HIPAA violations.

http://www.phiprivacy.net/?p=1526

At UMC, audits show privacy lapses are not new

By Dissent, November 24, 2009 8:40 am

Marshall Allen of the Las Vegas Sun is staying all over the UMC breach reported here previously. In today’s commentary, he reviews the findings of past audits of UMC’s HIPAA compliance:

University Medical Center, facing a possible FBI investigation for allowing confidential patient information to be leaked to outsiders, has a spotty record of adhering to patient privacy laws, Clark County auditors have previously found.

Three county audits since June 2007 showed that although UMC employees are almost universally aware of the patient privacy policies mandated by the Health Insurance Portability and Accountability Act, better known as HIPAA, they have had a more difficult time with implementation.

Failure by the UMC workforce to comply with privacy safeguards “makes the hospital vulnerable” to compromising patient information, county auditors wrote Sept. 15.

Read more in the Las Vegas Sun.



No good deed goes unpunished! Confirms some of what we thought was happening when tapes were stolen. They liked the box the tapes were in and only found out about the records when they watched the evening news.

http://www.databreaches.net/?p=8386

Sentencing in U. of Utah Hospitals and Clinics case

November 23, 2009 by admin Filed under Breach Incidents, Education Sector, Healthcare Sector, U.S.

Back in June 2008, the University of Utah Hospitals and Clinics revealed that a backup tape containing billing records, medical codes, and Social Security numbers on 2.2 million patients [up from 1.5 million Bob] was stolen from the vehicle of one of their contractors, Perpetual Storage. The tape was returned a month later after those receiving the stolen tapes understood what they had, [“Oh my, we've got a fortune in stolen IDs, let's turn our selves in?” Bob] and in December 2008, they were offered a plea deal.

Today, Stephen Hunt reports in the Salt Lake Tribune:

[...]

The U. spent about $500,000 notifying patients of the potential for identity theft, and offered free credit monitoring.

[...]

A judge sentenced Thomas Howard Anderson, one of two men charged with felony counts of receiving stolen property and possession of another’s identification documents, to probation and 60 days in jail. A restitution hearing for Anderson, 53, is pending.

The judge set restitution at $500 for co-defendant Shadd Dean Hartman, 38, who was sentenced to a year in jail. Prosecutor Matthew Lloyd said that amount covers the cost of the custom metal case, the only thing of interest to Hartman.

Jail time? wasn’t part of the plea deal. I wonder what happened. And if the U. spent $500,000 in breach costs, why aren’t they ordered to pay more in restitution? Or is this because they are just the receivers of the stolen property and not the thief?

[From the Tribune article:

But most of the panic subsided a month later when the records were returned uncompromised, [This suggests they didn't know what they had. Bob] and Monday the criminal case also ended quietly.

… Police have said the two had no way to access the partially encrypted data [PR speak for ASCII code? Bob] and that the duo believed the tapes were movies.

Anderson stashed the tapes in his garage until learning from media reports they contained billing records, medical codes and Social Security numbers. He then took the tapes to the U., where he was arrested.



I almost passed this one by, thinking it was another case of “overstatement.” Then I noticed the next article.

http://www.pogowasright.org/?p=5713

UK: Police arrest so they can boost DNA database, warns watchdog

November 24, 2009 by Dissent Filed under Non-U.S., Surveillance

Tom Whitehead reports:

Officers will arrest individuals for “everything” because they then have to power to take DNA samples, even if they wouldn’t have been detained under other circumstances.

The Human Genetics Commission (HGC) warned the alarming practice, which was revealed by a retired senior police officer, was creating a “spiral of suspicion” over the DNA database.

In a major review of the system, it said police should no longer be allowed to automatically take DNA samples for everyone they arrest and called for new rules on when it was right to do so.

[...]

Chris Huhne, the Liberal Democrat home affairs spokesman, said: “The Government’s cavalier attitude towards DNA retention has put us in the ridiculous situation where people are being arrested just to have their DNA harvested.”

James Brokenshire, the shadow home affairs minister, said: “Under Labour’s surveillance state everyone is treated as a potential suspect.”

Read more in the Telegraph.


(Related) Because any one of them could be Osama bin Laden?

http://www.pogowasright.org/?p=5706

UK group: 3/4 of young black men on DNA database

November 24, 2009 by Dissent Filed under Non-U.S., Surveillance

Gregory Katz reports:

As many as three quarters of all black men in Britain aged 18-35 have had their genetic information placed on the country’s massive DNA database, a group charged with reviewing officials’ use of genetic technology said Tuesday.

The Human Genetics Commission – an independent government advisory board made up of scientists, lawyers and other experts – said young black males were “very highly over-represented” on the DNA register and could be unfairly stigmatized by being placed on the database in such large numbers.

[...]

Last month, security minister Alan West acknowledged that the overrepresentation of blacks and other minorities on the database was worrying, but said that “our initial look at this makes us feel that this is to do with the fact that in the criminal justice system as a whole there is overrepresentation of black people.”

“It is not because of a problem with the DNA database itself,” he told lawmakers.

Read more of this AP story on Taiwan News.


(Related?) Same idea, simpler technology.

http://www.pogowasright.org/?p=5708

AU: Clubbers to have fingerprints scanned

November 24, 2009 by Dissent Filed under Businesses, Non-U.S.

Cassie White reports:

Party-goers in Brisbane’s Fortitude Valley will soon be forced to have their fingerprints scanned before entering some of the precinct’s most popular nightclubs…. between 15 and 20 nightclubs will be implementing it over the next three to six months.

But the move has been slammed as a “PR gimmick” by Terry O’Gorman from the Queensland Council for Civil Liberties.

For the licensees to say that if a patron gives their fingerprint that will somehow prevent incidents from occurring within a nightclub is just silly and downright illogical,” he said. [Does it increase their liability? Bob]

“But as well, we have significant concerns about peoples’ privacy, particularly with handing over their fingerprints.

“Even with the police they can only demand them in certain situations when a person is arrested, and even when police get fingerprints under statute they’re under very heavy obligation to ensure privacy safeguards are in place.

“There will be absolutely no privacy safeguards in place to ensure fingerprint materials being collected by pubs and clubs.

“It’s all very well for a relevant licensee to say they’ll be properly stored, but Queensland doesn’t have any privacy laws against which their storage records and procedures can be managed.”

Read more on ABC.



Another first!

http://news.cnet.com/8301-17852_3-10403864-71.html?part=rss&subj=news&tag=2547-1_3-0-20

Police arrest exec for not using Twitter

by Chris Matyszczyk November 23, 2009 4:22 PM PST



For your Security Manager

http://www.pogowasright.org/?p=5699

IE bug leaks private details from 50 million PDF files

November 23, 2009 by Dissent Filed under Breaches, Featured Headlines, Internet

Dan Goodin reports:

A bug in Microsoft’s Internet Explorer browser is causing more than 50 million files stored online to leak potentially sensitive information that could compromise user privacy, a security researcher said.

The documents stored in Adobe’s PDF format display the internal disk location where the file is stored, an oversight that can inadvertently expose real-world names and login IDs of users, the operating system being used and other information that is better kept private. The data can then be retrieved using simple web searches.

Google searches such as this one expose almost 4 million documents residing on users’ C drives alone.

Read more in The Register.



This should make Security managers feel all warm and fuzzy...

http://www.databreaches.net/?p=8381

41% of workers have stolen corporate data – survey

November 23, 2009 by admin Filed under Commentaries and Analyses, Of Note

From Cyber-Ark Software’s press release:

Stealing employer data has become endemic in our culture. According to a survey conducted with 300 office workers in New York City examining the impact of the recession on ethics and security, 85 percent of the respondents admitted to knowing that downloading corporate information from their employer was illegal, yet a quarter of those surveyed would take the data regardless of the penalties. In fact, 41 percent of respondents have already taken sensitive data with them to a new position, while 26 percent would pass on company information if it proved useful in getting friends or family a job.

The second annual “Global Recession and Its Effect on Work Ethics”transatlantic survey also polled 300 office workers in London, asking the same set of questions for comparison.

Protection of corporate data continues to lag, with 60 percent of those surveyed admitting that it is easy to take sensitive information from under their bosses noses – with the primary tool of choice remaining a portable storage device like a memory stick, USB flash drive or CD, followed by email and then paper coming in a close third.

… Tops on the hit list of information that people like to download is customer and contact details (23 percent), followed by access and password codes (11 percent). Other information that is coveted includes product information, plans and proposals. This is particularly worrying as, without the proper identity and access management solutions in place, many ex-employees can still get into the network to access content and download information long after they’ve left the building.



I wonder who their adviser is? (and do we have it on tape?) It sounds like this whole thing is an organized crime scam – get the government to pay you to advise pimps on how to get around the law...

http://www.databreaches.net/?p=8401

ACORN Dumped Sensitive Documents as Probe Began – PI

November 24, 2009 by admin Filed under Breach Incidents, Exposure, Miscellaneous, Of Note, Paper, U.S.

Joseph Abrams reports:

A private investigator says he found tens of thousands of sensitive documents dumped outside a California ACORN office just days after the state attorney general announced an inquiry into the community organizing group.

Derrick Roach, a licensed investigator based in San Diego, told FoxNews.com he paid an impromptu visit to the city’s ACORN branch on Oct. 9 and watched from his car as a man tossed bags of files into a Dumpster outside the building.

After ACORN staff left for the day, he says, he searched the trash bin and discovered more than 20,000 documents he believes point to illicit relationships between ACORN and a bank and a labor union — as well as confidential information that could put thousands at risk for identity theft.

“We’re talking people’s driver’s license numbers, dates of birth, Social Security numbers, credit card numbers, bank account numbers, tax returns, credit reports” — all tossed in public view in the Dumpster, he said.

Read more on Fox News. NBC also provides coverage, with more of an emphasis on the political angles.



Isn't this a crime? Something about 'bait & switch?'

http://yro.slashdot.org/story/09/11/24/0112201/Bing-Cashback-Can-Cost-You-Money?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Bing Cashback Can Cost You Money

Posted by timothy on Monday November 23, @11:38PM from the wotta-boggin dept.

paltemalte writes

"Microsoft and various retailers have teamed up to bring you cashback on purchases made via Bings price comparison feature. There is a little snag though — it seems that when you have a Bing cookie living in your browser, some retailers will quote you a higher price than if you come with no Bing cookie in your system."



Of course they do... If we define our system as the best, then by definition we are the best. (Politics 101)

http://tech.slashdot.org/story/09/11/23/1651218/Telcos-Want-Big-Subsidies-Not-Line-Sharing?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Telcos Want Big Subsidies, Not Line-Sharing

Posted by ScuttleMonkey on Monday November 23, @12:22PM from the give-us-money-and-leave-us-alone dept.

It seems that a recent survey of global broadband practices by Harvard's Berkman Center at the behest of the FCC has stirred the telecommunications hornet's nest. Both AT&T and Verizon are up in arms about some of the conclusions (except the ones that suggest offering large direct public subsidies).

"Harvard's Berkman Center study of global broadband practices, produced at the FCC's request, is an 'embarrassingly slanted econometric analysis that violates professional statistical standards and is insufficiently reliable to provide meaningful guidance,' declares AT&T. The study does nothing but promote the lead author's 'own extreme views,' warns a response from Verizon Wireless. Most importantly, it 'should not be relied upon by the FCC in formulating a National Broadband Plan,' concludes the United States Telecom Association. Reviewing the slew of criticisms, Berkman's blog wryly notes that the report seems to have been 'a mini stimulus act for telecommunications lawyers and consultants.'"

[The report: http://www.fcc.gov/stage/pdf/Berkman_Center_Broadband_Study_13Oct09.pdf



Fodder for my Disaster Recover class who keep telling me “No one can be that stupid, can they?” I wonder if anyone got a bonus for bring the project in under budget?

http://it.slashdot.org/story/09/11/24/0634220/New-Virginia-IT-Systems-Lack-Network-Backup?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

New Virginia IT Systems Lack Network Backup

Posted by timothy on Tuesday November 24, @08:17AM from the private-did-not-make-perfect dept.

1sockchuck writes

"Virginia's new state IT system is experiencing downtime in key services because of a mind-boggling oversight: the state apparently neglected to require network backup in a 10-year, $2.3 billion outsourcing deal with Northrop Grumman. The issue is causing serious downtime for state services. This fall the Virginia DMV has suffered 12 system outages spanning a total of more than 100 hours, and downtime hampered the state transportation department when a state of emergency was declared during the Nov. 11 Northeaster."



Something for the Forensics wiki?

http://www.bespacific.com/mt/archives/022866.html

November 23, 2009

New on LLRX.com - Strengthening Forensic Science: The Next Wave of Scholarship

Strengthening Forensic Science: The Next Wave of Scholarship: Ken Strutin's article focuses on threads of scholarly literature citing and commenting on the recent National Academy of Sciences report, Strengthening Forensic Science in the United States: A Path Forward, and highlights discussions where experts and practitioners rethink the merits of a wide range of forensic issues.



For my website students

http://www.makeuseof.com/tag/make-your-own-movie-from-photos-with-pinnacle-video-spin-windows/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Makeuseof+%28MakeUseOf.com%29

Make Your Own Movie From Photos With Pinnacle Video Spin [Windows]

Nov. 23rd, 2009 By Ryan Dube



I love lists (and I looked, no Centennial-man)

http://www.pcmag.com/article2/0,2817,2356002,00.asp

Our Favorite Blogs 2009

11.23.09

Fifty blogs we just can't get enough of.