Thursday, January 21, 2010

Looks fishy to me (but then, there are lawyers involved)

http://www.databreaches.net/?p=9540

Proposed VISA/Heartland Data Breach Settlement May Pay Banks and Credit Unions Pennies on the Dollar – plaintiffs

January 20, 2010 by admin Filed under Breach Incidents, Financial Sector

According to Interim Co-Lead Counsel in the Class Action Lawsuit in Houston Federal Court:

Banks and credit unions that issued VISA payment cards compromised by the Heartland Payment Systems data breach, the largest data breach in history, should carefully review the proposed settlement between Heartland and VISA.

The proposed settlement has many weaknesses: (1) it may offer little compensation to payment card issuers, (2) it gives banks and credit unions little time to decide whether to participate, (3) it releases Heartland and other parties that may be liable, and (4) it is being touted for reasons that are not entirely accurate.

Notice of the proposed settlement was communicated to banks and credit unions throughout the country on January 14. Both VISA and Heartland are aggressively pushing the settlement on the eligible VISA issuers by giving them only until January 29—a total of 15 days—to decide whether to participate. Court appointed Interim Co-lead Counsel representing the proposed class of VISA issuers against Heartland in the pending class action lawsuit in Houston federal court, however, say not so fast—the proposed settlement is not as generous as Heartland and VISA want you to believe.

Read the entire press release here.


(Follow-up)

http://www.databreaches.net/?p=9546

Heartland lawsuit plaintiffs go after acquiring banks’ deep pockets

January 21, 2010 by admin Filed under Breach Incidents, Financial Sector, Of Note

The $60 million settlement offer announced by Visa and Heartland Payment Systems seems in jeopardy of falling apart as lawyers for some of the banks file a new lawsuit against Heartland’s acquiring banks and urge rejection of the settlement offer.

Jaikumar Vijayan follows-up on the press release issued yesterday by lawyers for financial institutions suing Heartland Payment Systems over the massive breach revealed in January 2009. Although Visa and Heartland announced a proposed $60 million settlement earlier this month, lead counsel for the plaintiffs says that card issuers should be hesitant about accepting the offer as it provides only “pennies on the dollar” even though KeyBank and Heartland Bank have “deep pockets” and could afford to be part of a better settlement offer for the card issuers:

The costs that banks incurred to replace each of those cards and costs stemming from fraudulent transactions far exceed the $60 million being offered by Heartland, said Cadell who is a partner at Caddell y& Chapman, a Houston-based law firm. The amount is even less than Visa’s own internal estimates which pegs financial damages to banks as a result of the breach at $140 million, Caddell said.

Visa started sending out settlement offers to individual banks and credit unions last week, Caddell said. Based on information from clients the offers appear to be ranging anywhere from around 1% of the actual damages incurred up to around 30%, he said.

[...]

Though Heartland has downplayed its ability to pay more money, its acquiring banks Key Bank has $97 billion of assets and Heartland Bank has over $1 billion of assets, he said. An acquiring bank is a bank that authorizes and accepts card transactions on behalf of a merchant or processor. In response to the proposed settlement offer, a lawsuit has been filed in Houston federal court seeking to hold KeyBank and Heartland Bank liable for damages caused by the Heartland data breach.

Read more on BankInfoSecurity.com

Over on BankInfoSecurity.com, Linda McGlasson writes more about the banks’ latest lawsuit against Heartland:

Five financial institutions have filed a class action suit alleging that two acquiring banks, Heartland Bank and Key Bank, should be included as defendants and share responsibility for damages caused by the Heartland Payment Systems data breach.

Lone Star National Bank, PBC Credit Union, O Bee Credit Union, Seaboard Federal Credit Union and Pennsylvania State Employees Credit Union filed the class action complaint in the U.S. Southern District Court in Houston, TX on Tuesday. Heartland Bank is based in St. Louis, MO, and Key Bank is based in Cleveland, OH.

Read more on BankInfoSecurity.com.



I don't want to sound trepidacious, but is this the end of privacy as we know it?

http://www.pogowasright.org/?p=7158

UN issues call for international privacy agreement

January 21, 2010 by Dissent Filed under Other

Chris Williams reports:

A UN watchdog has called for a new international agreement on privacy following a review of the expanding global array of surveillance measures and databases advanced by governments in the cause of counter-terrorism.

The special rapporteur on human rights, Martin Scheinin, said the UN should create a “a global declaration on data protection and data privacy” in response.

His report, delivered to the UN’s Human Rights Council, describes the expansion of watchlists, border checks, financial data sharing, interception of communications, biometrics and ID registers in recent years.

Read more in The Register. The full report is here.



About time! Now I have someplace to send my students!

http://www.techcrunch.com/2010/01/20/founder-institute-international/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Founder Institute Now International, Launches In Singapore, Paris, LA, And Denver

by Jason Kincaid on January 20, 2010

… This Spring, the startup mentorship program will be expanding to Singapore, Paris, Los Angeles, and Denver, meaning that the Founder Institute is now active in nine cities worldwide. Interested entrepreneurs can apply starting tonight, with an early application deadline of February 15 2010 and a final deadline of February 28.



We're going to change the law to make it look like we're getting tough.

http://www.phiprivacy.net/?p=1874

Pointer: More Answers About Law Amending HIPAA Rules

By Dissent, January 20, 2010 11:06 am

Donna Vanderpool, M.B.A., J.D., assistant vice president, risk management, at Professional Risk Management Services Inc. (PRMS), has an article in the January 15th issue of Psychiatric News (Volume 45, Number 2, Page 9), “More Answers About Law Amending HIPAA Rules.” The article is available free in full-text version online.

[From the article:

Individuals can recover a percentage of penalties imposed or settlement proceeds from HIPAA investigations based on their complaints.

Civil penalties for HIPAA violations have increased for covered entities and business associates to $100 to $50,000 or more per violation, with a cap of $1.5 million per calendar year for multiple identical violations. [So disclosing health records in quantities approaching TJX or Heartland costs a maximum of $1.5 Million? CHUMP CHANGE! Bob] “Violation” means disclosure of one person's information.

[Part I is available at: http://pn.psychiatryonline.org/content/45/1/9.1.full



This is another of those “I'm sure I'd understand this if I was a lawyer” decisions. Seems like the very definition of a “Class” to me.

http://www.pogowasright.org/?p=7141

Judge nixes class-actions in Microsoft WGA lawsuit

January 21, 2010 by Dissent Filed under Businesses, Court, Featured Headlines, Internet

Gregg Keizer reports:

A federal judge has killed class-action allegations in a lawsuit that accused Microsoft of misleading consumers when it fed them anti-piracy software under the auspices of a critical security update, according to court documents.

The move means that Microsoft will not be faced with millions in potential damages. Last fall, Microsoft’s lawyers argued that a class-action lawsuit could involve “tens of millions” of customers who might be owed “hundreds of millions of dollars” if the company lost the case.

A class-action would have let virtually anyone who owned a Windows XP PC in mid-2006 to join the case without having to hire an attorney.

[...]

The three-and-a-half-year-old lawsuit claims Microsoft duped customers by labeling its Windows Genuine Advantage (WGA) software a critical security update, failed to tell them that WGA collected information from their PCs, then frequently “phoned home” that data to Microsoft’s servers.

Read more on Computerworld.


(Related) Another decision I don't understand unless it's related to campaign contributions or the revolving door that we only used to see in the defense industry.

http://politics.slashdot.org/story/10/01/20/211243/Obama-DOJ-Sides-With-RIAA-Again-In-Tenenbaum?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Obama DOJ Sides With RIAA Again In Tenenbaum

Posted by timothy on Wednesday January 20, @04:04PM from the could-make-a-jaded-man-more-jaded dept.

NewYorkCountryLawyer writes

"Despite having had some time to get their act together, Obama's Department of Justice has filed yet another brief defending the RIAA's outlandish statutory damages theory — that someone who downloaded an mp3 with a 99-cent retail value, causing a maximum possible damages of 35 cents, is liable for from $750 to $150,000 for each such file downloaded, in SONY BMG Music Entertainment v. Tenenbaum. The 25- page brief (PDF) continues the DOJ's practice of

(a) ignoring the case law which holds that the Supreme Court's due process jurisprudence is applicable to statutory damages,

(b) ignoring the law review articles to like effect,

(c) ignoring the actual holding of the 1919 case they rely upon,

(d) ignoring the fact that the RIAA failed to prove 'distribution' as defined by the Copyright Act, and

(e) ignoring the actual wording and reasoning of the Supreme Court in its leading Gore and Campbell decisions.

Jon Newton of p2pnet.net attributes the Justice Department's 'oversights' to the 'eye-popping number of people [in its employ] who worked for, and/or are directly connected with, Vivendi Universal, EMI, Warner Music and Sony Music's RIAA.'"



Interesting. Looks like Hillary will be running in 2012. This is the kind of “Look, I understand your pain!” speech politician make when they are wooing constituencies. Keep an eye out for “Hillary the Hacker” bumper stickers.

http://news.cnet.com/8301-13578_3-10438324-38.html?part=rss&subj=news&tag=2547-1_3-0-20

Clinton plans to stump for global Net freedom

by Declan McCullagh and Tom Krazit January 20, 2010 3:06 PM PST

Secretary of State Hillary Rodham Clinton is preparing to deliver a major speech on Thursday elevating the importance of Internet freedom and placing the influence of the United States' diplomacy behind efforts to protect it, according to multiple people who have been briefed on the speech's contents.



Is this Google killing NetFlix? Perhaps just an easy way to monitize.

http://tech.slashdot.org/story/10/01/21/0343225/YouTube-To-Allow-Video-Rentals?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

YouTube To Allow Video Rentals

Posted by samzenpus on Thursday January 21, @05:28AM from the viral-rentals dept.

poopdeville writes

"Starting Friday, Google and YouTube will allow movie rentals. The first five films available to rent through YouTube will cost $3.99 for a 48-hour viewing period. Movie studios will be able to set their own prices, with rental viewing windows ranging from one to 90 days. YouTube will get an unspecified commission from each rental. Barclays Capital analyst Douglas Anmuch expects YouTube to generate about $700 million in revenue this year, an estimated 55 percent increase from 2009. If YouTube hits that target, it likely will turn profitable, helping to justify the $1.76 billion in stock that Google paid for the site more than three years ago."



So, how come I can't get them to do their online assignments?

http://news.slashdot.org/story/10/01/21/0323238/New-Study-Shows-Youth-Plugged-In-Most-of-The-Day?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

New Study Shows Youth Plugged In Most of The Day

Posted by samzenpus on Thursday January 21, @02:08AM from the turn-on-tune-in-drop-out dept.

An anonymous reader writes

"The amount of time youngsters are spending on the web has ballooned to proportions that exceed the average adult's full working week, according to a new study. A few years ago, the same researchers thought that teens and tweens were consuming about as much media as possible in the hours available. But now they've have found a way to pack in even more. Young people now devote an average of seven hours and 38 minutes to daily media use, or about 53 hours a week according to Kaiser Family Foundation findings released today."



For the Visual Communications students. I'm hoping they can explain this to me.

http://developers.slashdot.org/story/10/01/20/1947237/Disney-Releases-3D-Texture-Mapper-Source-Code?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Disney Releases 3D Texture Mapper Source Code

Posted by timothy on Wednesday January 20, @02:52PM from the nice-of-them dept.

dsavi writes

"Ptex, Walt Disney Animation Studio's cutting-edge 3D texture mapping library which was first used on nearly every surface in the 2008 animated feature Bolt, was released under the BSD license on Friday. Quoting the announcement on monophyl.com: 'We expect to follow Ptex with other open source projects that we hope the community will find beneficial. We will soon be launching a new Walt Disney Animation Studios Technology page under disneyanimation.com. It will include links to our open source projects as will as a library of recent publications.' This looks good for open source 3D graphics."

[From BlenderNation:

The Ptex home page is located at http://ptex.us, and the source code is hosted at http://github.com/wdas/ptex/.



Interesting on a number of levels. Think of it as an RSS feed for news video. Since I also have “Download Helper” installed on my FireFox, I can grab any of the videos if I want to. Try a search for your favorite topic!

http://www.makeuseof.com/tag/1cast-easy-access-to-world-news-headline/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Makeuseof+%28MakeUseOf.com%29

1Cast – Easy Access To World News Headlines [US Only]

By Justin Pot on Jan. 20th, 2010

… online video aggregator 1Cast offers a cross-section of videos from sources all over the world. And, like everything we profile here, it’s free to use.

Getting Started

To use 1Cast on your desktop computer just point your browser to 1Cast.com. You’ll then be presented with a variety of current world news story thumbnails.

Click any of these stories to watch them. It’s that simple. Because 1Cast gets content from a wide variety of sources, you never know which source the video you get will come from – though it will be clearly labeled once the video loads. If you don’t like the way the first source covers the story, you can simply skip to the next.



For my Computer Security students. A guide for hackers. One of many FINAL EXAM tests: If I can guess your password on the last day of class, YOU FLUNK!

http://it.slashdot.org/story/10/01/21/1313235/Analysis-of-32-Million-Breached-Passwords?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Analysis of 32 Million Breached Passwords

Posted by CmdrTaco on Thursday January 21, @08:42AM from the trust-no-1 dept.

An anonymous reader writes

"Imperva released a study analyzing 32 million passwords exposed in the Rockyou.com breach. The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of these as a security mechanism. In the past, password studies have focused mostly on surveys. Never before has there been such a high volume of real-world passwords to examine."

Most interesting to me was that in the sample, less than 4% used any non alpha-numerics in their #$#%'ing passwords.

[From the article:

The report identifies the most commonly used passwords:

1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123


No comments: