http://www.databreaches.net/?p=9664
77,000 Alaskans’ information missing; state settles with firm
January 29, 2010 by admin Filed under Breach Incidents, Government Sector, Lost or Missing, Of Note, Subcontractor, U.S.
Ted Land reports:
Tens of thousands of Alaskans are trying to find out if their personal information is missing. Attorney General Dan Sullivan announced Thursday there’s been a massive security breach reaching the highest levels of state government.
More than 77,000 Alaskans’ personal information is missing. No one knows where it went.
[...]
On that list, are Sullivan and Gov. Sean Parnell and more than 77,000 other Alaskans who were participants in the Public Employees Retirement System and the Teachers Retirement System in 2003 and 2004.
“In this case the information that we’re concerned of is names, dates of birth and social security numbers,” Sullivan said.
In the process of an ongoing lawsuit against the state’s former actuary, Mercer, a law firm turned over personal information to the state’s financial experts, PricewaterhouseCoopers, a private firm which was evaluating the list as part of the lawsuit.
In early December, PricewaterhouseCoopers realized the names and numbers could not be found.
Read more on KTUU.
BNO News reports more on the state’s settlement with
PricewaterhouseCoopers LLP:
Alaska Attorney General Dan Sullivan said that PricewaterhouseCoopers has accepted responsibility for the security failure.
“Most importantly, the firm has agreed to protect Alaskans by paying for identity theft protection and credit-monitoring, or a security freeze, for each of the 77,000 Alaskans who are potentially affected by this failure and by ensuring that Alaskans are reimbursed for losses that they might incur as a result of ID theft caused by this breach,” [Very unusual! Bob] Sullivan announced.
Sullivan also noted that other provisions of the settlement protect the state’s finances by, for example, requiring PricewaterhouseCoopers to pay for up to $100,000 of the cost of notifying affected individuals.
[From the BNO News:
The state was notified of PwC’s security failure last week and obtained the data files containing specific information about the Alaskans involved Friday. [Notification took a month and a half? Bob]
[From KTUU:
The state says it is not going to sue PricewaterhouseCoopers. [Perhaps that explains the generous(?) terms offered by PWC BOb]
If you can't trust the tax man, who can you trust?
Oklahoma tax domain offering tax help and Malware
by Steve Ragan - Jan 28 2010, 14:34
The official tax site for Oklahoma is offering more than just tax help, AVG’s Roger Thompson says. The portal for the Oklahoma Tax Commission has been hijacked, and as of 10:00 a.m. this morning is still serving malicious PDF files to anyone simply visiting the main page.
This may be skewed toward retail, but is still interesting.
http://www.databreaches.net/?p=9673
The State of Computer Security in the UK
January 29, 2010 by admin Filed under Commentaries and Analyses
eSecurity Planet reports:
British security consulting firm 7Safe and the University of Bedfordshire have released the UK Security Breach Investigations Report 2010, which looks at the current state of computer security in the UK through an analysis of actual data breaches.
Key findings include the fact that 69 percent of data compromises occurred in the retail sector, 85 percent of cases resulted in stolen payment card information, and SQL injection was used in 60 percent of attacks.
The methodology is based on actual incidents investigated by 7Safe:
This work analyses 62 genuine cases of breaches investigated over a period of 18 months. These investigations have been conducted by the digital forensics team at 7Safe. The breaches vary in many ways, including the sector they belong to, the number of records at risk and the sophistication of the attack. This report presents statistics on the investigations and discusses the data to provide a greater understanding of underlying trends.
The free report can be accessed here.
(Related) Not retail, but they are still after financial data – although the title might suggest otherwise.
Report: Critical Infrastructures Under Constant Cyberattack Globally
By Kim Zetter January 28, 2010 2:30 pm
… About 55 percent of respondents in the energy and power and the oil and gas sectors reported that the attackers most often targeted the SCADA or other operational control systems, although the survey offers no indication of how successful these attacks were.
Only 57 percent of respondents across all sectors said their organization installed security patches and updated software on a regular schedule.
The report, “In the Crossfire: Critical Infrastructure in the Age of Cyberwar,” was commissioned by anti-virus firm McAfee and coordinated by the Center for Strategic and International Studies in Washington, DC.
These guys must be innocent because apparently they have nothing to worry about.
http://www.pogowasright.org/?p=7380
Experts Urge Secretary Clinton to Act on International Privacy Convention
January 29, 2010 by Dissent Filed under Govt
From EPIC.org:
Twenty-nine experts in privacy and technology have sent a letter to US Secretary of State Hillary Clinton to urge that the United States begin the process of ratification of the Council of Europe Convention on Privacy. More than forty countries have ratified the Convention, which was opened for signature on January 28, 1981. The letter calls attention to Secretary Clinton’s recent remarks on Internet Freedom and the Madrid Declaration in which civil society groups have urged countries that have not yet ratified the Council of Europe Convention to do so as soon as possible. The signatories state, “privacy is a fundamental human right. In the 21st century, it may become one of the most critical human rights of all.”
More likely, it will raise the value of hacker/stalkers...
http://www.pogowasright.org/?p=7388
Will an Expanded Right of Privacy Deter China’s Internet Vigilantes?
January 29, 2010 by Dissent Filed under Featured Headlines, Internet, Legislation, Non-U.S.
Stanley Lubman writes:
A new legal development in China could have broad implications for domestic internet users – and, more significantly, for meaningful legal reform.
The comprehensive Tort Liability Law that was passed in late December by the China’s National People’s Congress includes a provision that gives citizens the right to sue for infringement of their privacy, which thereby solidifies the legal foundation of that right (Chinese text available here). If the law is applied by the courts without Party interference, it could limit the growing practice of using the internet to harass and vilify people deemed by internet users to have committed criminal or improper acts.
[...]
The law (Articles 2 and 6) creates liability for anyone who has infringed on and damaged “civil rights and interests” of others, and includes a generally stated “right of privacy” (not otherwise defined) in a list of protected interests, including the right to reputation. An injured party may also sue an employer whose employees caused the injury in the course of their employment (Art. 34). Also subject to suit are internet service providers that are used to infringe on the “civil rights and interests” of another person, or are aware that users are committing the tort and do not take necessary measures to cease the offending action after being notified of it (Art. 36). (A summary is available here in PDF format.)
Read more in the Wall Street Journal.
Shouldn't they ask the school to produce everything every student has ever put online (they weren't targeting just one student were they?) and everything every school official ever posted online (just to have their lawyer on record saying “It isn't related to anything at school.”
http://www.pogowasright.org/?p=7395
School Punished Kid for Video, Dad Says
January 29, 2010 by Dissent Filed under Court, Youth
Tish Kraft reports on Courthouse News:
A dad says Roseville Joint Union High School District unfairly threw his son off the Granite Bay High School basketball team because the boy produced a parody video about hip-hop music and the youth drug culture and posted it on Youtube. The boy and his friends did the video on their own time, in the summer, according to the complaint in Placer County Court.
The father wants to see all the email messages, counselors’ and basketball records and other items regarding the district’s decision to retaliate against his son.
Plaintiff Mike Harris says he asked to see the records documenting “the manner in which the district learned about and reacted to” his son’s video. After submitting a written request, he says he was allowed to see his son’s cumulative and disciplinary files, but nothing else. Miller wants to see the complete record.
A copy of the complaint can be found here.
If I was wearing my paranoid hat (something I never take off) I would be starting to think that the government might have discovered something exceptionally useful in all that phone data and are putting up such a determined defense to keep any hint of whatever it is from leaking.
Obama Speaks Transparency, Practices Subterfuge
By David Kravets January 28, 2010 7:00 pm
… When it comes to Obama transparency, Electronic Frontier Foundation privacy attorney Kurt Opsahl points out that the chief executive told the American public one thing Wednesday night and a federal appeals court another just a few weeks ago. [Politicians call that governing, everyone else calls it lying. Bob]
The issue at hand surrounds lobbying. “It’s time to require lobbyists to disclose each contact they make on behalf of a client with my administration or Congress,” the president said during his televised address.
But, before the 9th U.S. Circuit Court of Appeals last month, the Justice Department argued that it should not have to disclose the names of telecommunication industry lobbyists. Those companies successfully lobbied Congress and President George W. Bush in 2008 to approve legislation that provided their companies with retroactive immunity to lawsuits accusing them of funneling, without warrants, all domestic electronic communications to the National Security Agency.
What have I told you about giving away hacker secrets? Now I won't be able to read Paris Hilton's emails!
80% of Cell Phone Encryption Solutions Insecure
Posted by timothy on Thursday January 28, @06:21PM from the nsa-working-on-the-rest dept.
An anonymous reader writes
"Mobile Magazine writes about a blogger named Notrax who has tested 15 methods of secure encryption for mobile phones; out of those he found only 3 could not be cracked at some level. '12 of them were "worthless." It's easy to take the software at face value when it "tells you" that the call is secured. But how does someone actually go about being sure that it is secured? Notrax did some digging and discovered he could break in to almost all of them in under 30 minutes.'"
(Above link is to a slightly older description of Notrax's approach; then, it was 9 out of 10 products that were worthless, instead of 12 out of 15.)
Some more on Apple. There are lots iPad questions (on security, low resolution display, sticking with AT&T, etc.) But allowing Internet calls has the potential to kill some phone companies (not a bad thing) Can AT&T ride it to survivor-land?
http://download.cnet.com/8301-2007_4-10443564-12.html?part=rss&subj=news&tag=2547-1_3-0-20
Video VoIP calls over iPhone 3G? You betcha
by Jessica Dolcourt January 28, 2010 1:49 PM PST
Apple may have focused all its laser-beam attention on the iPad at Wednesday's press event, but that wasn't the computing giant's only announcement. Effective immediately, Apple has given up blocking voice-over-IP (VoIP) calls over 3G data networks on the iPhone, and has changed the SDK to reflect the allowance. Of course, your carrier has to also comply for VoIP calls to work over 3G in addition to Wi-Fi. Luckily for us, AT&T in the U.S. is already on board.
Just because ...
10 Cool Online Apps and Interactive Features Offered by NASA
By Ryan Dube on Jan. 28th, 2010
No comments:
Post a Comment