Wednesday, January 27, 2010

Interesting on many levels. On the face of it, the bank didn't follow its own security procedures. If the court determines that the bank's security was NOT reasonable, how many cans of worms does that open? (One test: Did any of their customers ask for more security?) Will this 'less than stellar' treatment of a customer result in flight of their small business accounts?

http://www.databreaches.net/?p=9623

Texas Bank Sues Customer Hit by $800,000 Cyber Heist

January 26, 2010 by admin Filed under Breach Incidents, Business Sector, Of Note

Brian Krebs reports:

A machine equipment company in Texas is tousling with its bank after organized crooks swiped more than $800,000 in a 48-hour cyber heist late last year. While many companies similarly victimized over the past year have sued their banks for having inadequate security protection, this case is unusual because the bank is preemptively suing the victim.

Both the victim corporation – Plano based Hillary Machinery Inc. – and the bank, Lubbock based PlainsCaptial, agree on this much: In early November, cyber thieves initiated a series of unauthorized wire transfers totaling $801,495 out of Hillary’s account, and PlainsCapital managed to retrieve roughly $600,000 of that money.

PlainsCaptial sued Hillary on Dec. 31, 2009, citing a letter from Hillary that demanded repayment for the rest of the money and alleged that the bank failed to employ commercially reasonable security measures. The lawsuit asks the U.S. District Court for the Eastern District of Texas to certify that PlainsCapital’s security was in fact reasonable, and that it processed the wire transfers in good faith. The documents filed with the court allege that the fraudulent transactions were initiated using the defendant’s valid online banking credentials.

Read more on KrebsonSecurity

[From the article:

Owen said the transfers appear to have been initiated from computers in Romania and Italy, among others, and sent to accounts in Ukraine, Russia and other Eastern European nations.

According to a Nov. 12 memo that Owens said PlainsCapital shared with him, the institution’s commercial banking platform requires that each customer not only enter a user name and password, but also “register” their computer’s Internet address by entering a secure access code sent to the e-mail address on file for the customer.

The bank’s memo states that on Nov. 8, secure access code e-mails were sent to a Hillary e-mail address, but that the request came from a computer with an Internet address in Italy. The memo further states that the actual wire transfer requests were made from computers with Internet addresses in Romania.

… Transaction logs shared by Hillary indicate that the majority of the unauthorized transfers were international wires for roughly $100,000 each. But at least $60,000 of the money was sent to more than two dozen money mules, willing or unwitting accomplices in the United States who are often recruited through work-at-home job scams.

A copy of the bank’s complaint against Hillary Machinery is available here (PDF).



Who benefits? This would make sense if China wanted to get into the oil producing business.

http://www.csmonitor.com/USA/2010/0125/US-oil-industry-hit-by-cyberattacks-Was-China-involved

US oil industry hit by cyberattacks: Was China involved?

MONITOR EXCLUSIVE: Breaches show how sophisticated industrial espionage is becoming. The big question: Who’s behind them?

At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may have originated in China and that experts say highlight a new level of sophistication in the growing global war of Internet espionage.

The oil and gas industry breaches, the mere existence of which has been a closely guarded secret of oil companies and federal authorities, were focused on one of the crown jewels of the industry: valuable “bid data” detailing the quantity, value, and location of oil discoveries worldwide, sources familiar with the attacks say and documents obtained by the Monitor show.



Just to help you think about Privacy

http://www.pogowasright.org/?p=7306

Help EFF Research Web Browser Tracking

January 27, 2010 by Dissent Filed under Featured Headlines, Internet

Data Privacy Day is tomorrow. Wouldn’t it be a good activity to take part in an experiment on how your online patterns can identify you? Peter Eckersley explains:

What fingerprints does your browser leave behind as you surf the web?

Traditionally, people assume they can prevent a website from identifying them by disabling cookies on their web browser. Unfortunately, this is not the whole story.

When you visit a website, you are allowing that site to access a lot of information about your computer’s configuration. Combined, this information can create a kind of fingerprint — a signature that could be used to identify you and your computer. But how effective would this kind of online tracking be?

EFF is running an experiment to find out. Our new website Panopticlick will anonymously log the configuration and version information from your operating system, your browser, and your plug-ins, and compare it to our database of five million other configurations. Then, it will give you a uniqueness score — letting you see how easily identifiable you might be as you surf the web.

Adding your information to our database will help EFF evaluate the capabilities of Internet tracking and advertising companies, who are already using techniques of this sort to record people’s online activities. They develop these methods in secret, and don’t always tell the world what they’ve found. But this experiment will give us more insight into the privacy risk posed by browser fingerprinting, and help web users to protect themselves.

To join the experiment: http://panopticlick.eff.org/

To learn more about the theory behind it: http://www.eff.org/deeplinks/2010/01/primer-information-theory-and-privacy



The land of Big Brother is also spawning lots of Little Brothers.

http://www.pogowasright.org/?p=7296

EU To Assess Virgin Media Surveillance Software

January 26, 2010 by Dissent Filed under Internet, Non-U.S.

Virgin Media may have to put its plans to trial a tool that can monitor illegal file-sharing [More accurately, monitor all Internet activity to attempt to identify illegal file transfers, which (without copies of licenses or contracts) they can not do. Bob] over the Internet on hold, after the European Commission said it would investigate the legality of the software.

It was last November when Virgin Media broke ranks with its fellow service providers and said that it was trialling new technology from data collection specialist Detica, which would allow it to monitor file sharing over the Internet.

The government outlined its plans to cut off illegal file-sharers in the Queen’s Speech last year, with its Digital Economy Bill, which gives Lord Mandelson the ability to get tough on file-sharing. But the government’s clamp down has not gone down well with the UK Internet Service Providers Association (ISPA), as well as ISP TalkTalk.

And now it seems that the EU is to investigate Detica’s CView software, following a complaint from Privacy International.

Read more on eWeek Europe.



Just because I love extending my vocabulary.

http://yro.slashdot.org/story/10/01/27/0041242/Champerty-and-Other-Common-Law-We-Could-Use-Today?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Champerty and Other Common Law We Could Use Today

Posted by kdawson on Wednesday January 27, @02:17AM from the officious-intermeddling dept.

pevans writes

"Over on Red Hat's Opensource.com I found this neat summary of a few old laws that could really help us today with the patent trolls. The article 'What's wrong with champerty?' is brief, but full of legal goodness that seems to have fallen by the wayside: 'Let's bring back barratry, maintenance, and champerty for patent lawsuits. Combine that with a limitation on the assignment of patents and a lot of patent trolls would be out of business. ...do patents have to be freely assignable? And why can't we prohibit a cause of action for patent infringement where there is no net gain to society?"



I've blogged about this earlier, but this is the first link to the report I've seen.

http://www.bespacific.com/mt/archives/023354.html

January 26, 2010

Kaiser Foundation - Most Youth Say They Have No Rules About How Much Time They Can Spend With TV, Video Games, or Computers

Kaiser Family Foundation resource links: "With technology allowing nearly 24-hour media access as children and teens go about their daily lives, the amount of time young people spend with entertainment media has risen dramatically, especially among minority youth, according to a study released by the Kaiser Family Foundation. Today, 8-18 year-olds devote an average of 7 hours and 38 minutes (7:38) to using entertainment media across a typical day (more than 53 hours a week). And because they spend so much of that time ‘media multitasking’ (using more than one medium at a time), they actually manage to pack a total of 10 hours and 45 minutes (10:45) worth of media content into those 7½ hours. The amount of time spent with media increased by an hour and seventeen minutes a day over the past five years, from 6:21 in 2004 to 7:38 today. And because of media multitasking, the total amount of media content consumed during that period has increased from 8:33 in 2004 to 10:45 today.

  • Generation M2: Media in the Lives of 8- to 18-Year-Olds is the third in a series of large-scale, nationally representative surveys by the Foundation about young people’s media use. It includes data from all three waves of the study (1999, 2004, and 2009), and is among the largest and most comprehensive publicly available sources of information about media use among American youth."


(Related) First release, but it was announces a couple of days ago.

http://www.bespacific.com/mt/archives/023357.html

January 26, 2010

Ponemon 2009 Annual Study: Cost of a Data Breach

"This 2009 Poenemon Institute2009 Annual Study: Cost of a Data Breach - Understanding Financial Impact, Customer Turnover, and Preventive Solutions examines the costs incurred by 45 organizations after experiencing a data breach. Results were not hypothetical responses; they represent the cost estimates of activities resulting from the actual data loss incidents. This is the fifth annual survey of this issues. Breaches included in the survey included ranged from approximately 5,000 records to more than 101,000 records from 15 different industry sectors."


(Related) Yet another report

http://www.databreaches.net/?p=9626

Hacker Attacks Targeting Healthcare Organizations Doubled in the 4th Quarter of 2009 According to SecureWorks

January 26, 2010 by admin Filed under Commentaries and Analyses, Of Note

SecureWorks®, Inc., a provider of information security services protecting 2,700 clients worldwide, reported today that attempted hacker attacks launched at its healthcare clients doubled in the fourth quarter of 2009. Attempted attacks increased from an average of 6,500 per healthcare client per day in the first nine months of 2009 to an average of 13,400 per client per day in the last three months of 2009. Attempted attacks against other types of organizations, protected by SecureWorks, did not increase in the fourth quarter.

“From October through December of 2009, we blocked hundreds of SQL Injection and Butterfly/Mariposa Bot malware attacks launched at our healthcare clients. These attempted attacks were responsible for the increase in our attack statistics,” said Hunter King, security researcher with SecureWorks’ Counter Threat Unit(SM) (CTU).

Source: SecureWorks press release



I don't know how Harvard does it. With so many apparently horrific examples of bad management, how do they select just a few cases to teach from each year? Question: Do they have Class Action lawyers in Canada? (We'll find out soon if they do.)

http://mobile.slashdot.org/story/10/01/26/2358237/Canadian-Android-Carrier-Forcing-Firmware-Update?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Canadian Android Carrier Forcing Firmware Update

Posted by kdawson on Tuesday January 26, @11:19PM from the monopoly-rents dept.

Wolfier writes

"For wireless carrier Rogers in Canada, it seems that 'Customer Safety' only becomes a concern after months of neglect. Rogers is the only GSM carrier in Canada and so the only choice for Android users. Months ago, a customer called Rogers to report a firmware bug that was preventing users from making 911 calls under certain circumstances, and informed the carrier that Google had fixed the bug (recording of that call). But Rogers is only doing something about it now — namely, cutting data access of paying customers until they accept a mandatory firmware upgrade that not only fixes the 911 problem, but also contains 'extra' features that prevent users from ever gaining root access to their phones — even non-subsidized ones. And some phones are also getting bricked by this 'official' update. The moral: we really need to open up the competition here up North."



Is this a market opportunity? Would an app that connects you to guidelines for various types of emergencies find a market? Connect it to live experts and emergency services and it just might.

http://www.wired.com/gadgetlab/2010/01/dan-woolley/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

A Closer Look at Haiti Quake Survivor’s Use of Tech

By Brian X. Chen January 26, 2010 5:16 pm



Looks like all the lawyers will need to be retrained.

http://www.legaline.com/lawsites.html

Tuesday, January 26, 2010

A First Look at WestlawNext

… WestlawNext completely changes the search interface and the search engine behind it. ... This new search engine does not just look at the terms you enter, a West executive said. Rather, it tries to identify the issue of law based on the terms you searched.



Tools & Techniques

http://www.makeuseof.com/tag/bug-shooting-fulfill-screen-capturing/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Makeuseof+%28MakeUseOf.com%29

Fulfill Your Screen Capturing Needs With Bug Shooting

By Tim Lenahan on Jan. 26th, 2010

… If you are trying to write a tutorial or manual for a software application, whether it’s for your mother or a potential client, screen shots are almost always needed.

Bug Shooting works on Windows XP and Vista (32-bit) and requires Microsoft .NET Framework 2.0.


(Related)

http://www.makeuseof.com/tag/how-to-take-easy-screenshots-with-lightscreen-portable/

How to Take Easy Screenshots with Lightscreen Portable

… As you can also tell from reading articles here is that there are a few different software options when you want to take screenshots. There’s the PrtSc Button, Gadwin PrintScreen, Jing, and Wink (from Ben’s article, 4 Tools For Creating Screenshots and Screencasts). Also check out Ann’s post, All You Need For Making Awesome Screenshots.

This article is about the tool I use to take screenshots, Lightscreen Portable. There are several reasons I choose to use Lightscreen Portable including ease of use, stability, and portability.



Tools & Techniques Be careful what you automate. It may allow me to signin to your bank account and empty it to my Cayman Islands accout.

http://www.makeuseof.com/dir/dejaclick-activity-recording/

Dejaclick: A Web Activity Recording & Bookmarking Tool (Firefox)

… Is logging into your three email accounts the first thing that you do after switching on your computer? Are you tired of entering the usernames and passwords each time?

We tend to perform a lot of repetitive tasks using our computers and for that reason most professional desktop software such as Microsoft Word and Adobe Photoshop have long supported macros – a activity recording of the series of steps required to perform a given task that can be saved and called (played) later at will.

Dejaclick brings the same functionality to webpages. It is a web recording utility for Firefox.

  • No limit on the number of steps a recording can have.

  • Saves encrypted recordings where passwords are involved.

… Get Dejaclick @ addons.mozilla.org



Because occasionally my website students actually want to build a website.

http://www.smashingapps.com/2010/01/25/13-easy-and-powerful-website-building-tools-to-create-your-free-site.html

13 Easy And Powerful Website Building Tools To Create Your Free Site

January 25, 2010

No comments: