Tuesday, February 16, 2010

Another months-long leak that no one noticed? First deny it, then claim you fixed it.

http://www.databreaches.net/?p=10037

Massive security breach suspected at Latvian tax office

February 15, 2010 by admin

The State Revenue Service (VID) in Latvia admitted Monday that its electronic security systems may have been breached and that millions of confidential documents could have been hacked.

The Latvian television news programme De Facto said Sunday night that 120 gigabytes of data consisting of 7.4 million individual documents had been leaked from VID’s database as a result of a data ‘hole’ in an electronic tax declaration system.

[...]

In a statement, VID said only that there was ‘a suspicion of a security incident involving possible data loss from the VID information system.’

The hole appeared to have been created in the system intentionally by a senior figure within VID, claimed representatives of a hackers’ group calling themselves the Fourth Awakening People’s Army (4ATA), which De Fact said obtained the information over a three-month period.

Read more on Monsters & Critics.

[From the article:

The incident represented the biggest data breach in Latvia's history and included information on businesses, individuals and public figures, De Facto claimed, and said it could vouch for the accuracy of the leaked data, which it said included the programme makers' tax codes and rates of pay.

… Despite the scandal surrounding the data breach, on Monday morning the official VID website was still encouraging businesses to declare their tax online and claimed the system was safe.

[Finance minister] Repse told reporters Monday that the data leak was 'extremely serious' but had been plugged.



Another breach, or a bug, or a company trying to reach 'quotas?”

http://uk.news.yahoo.com/18/20100215/tbs-japan-probes-apple-s-itunes-over-bog-8cc5291.html

Japan probes Apple's iTunes over bogus credit bills

Yesterday, 06:50 am

Japanese authorities plan to summon Apple officials this week over complaints that its iTunes online store has billed customers for downloads they never made, officials said Monday.



So easy, even a world-class athlete can do it?

http://yro.slashdot.org/story/10/02/16/0230255/Tour-de-France-Champion-Accused-of-Hacking?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Tour de France Champion Accused of Hacking

Posted by kdawson on Tuesday February 16, @08:13AM

ub3r n3u7r4l1st writes

"A French judge has issued a national arrest warrant for US cyclist Floyd Landis in connection with a case of data hacking at a doping laboratory, a prosecutor's office said. French judge Thomas Cassuto is seeking to question Landis about computer hacking dating back to September 2006 at the Chatenay-Malabry lab, said Astrid Granoux, spokeswoman for Nanterre's prosecutor's office. The laboratory near Paris had uncovered abnormally elevated testosterone levels in Landis' samples collected in the run-up to his 2006 Tour de France victory, leading to the eventual loss of his medal."



The same software tools are available (from multiple vendors) in the US. Only the aggregation seems to rise to the level of notice.

http://www.pogowasright.org/?p=7819

Mobile Spy Web-site Shuts Down Among Privacy Concerns, Crime Allegations

February 16, 2010 by Dissent

Tamar Khurtsia reports:

Mobile spyware web-site www.shpioni.ge was withdrawn by its owner Saturday after young lawyers [Age is negatively correlated to tech savvy? Bob] warned that using the service is a violation of privacy and thus a crime.

Shpioni.ge offered widely-used smartphone spy software which allows you to silently record SMS text messages and GPS locations. It can be downloaded from its webpage and installed in Symbian-based handsets and its results are displayed in the private online accounts of clients.

[...]

Tamar Kordzaia of the Georgian Young Lawyers Association (GYLA) said that Shpioni.ge’s service is illegal and both its owners and users are committing a crime under the Criminal Code of Georgia.

“When a site offers us the chance to intercept someone’s correspondence and mobile phone communication this is an invasion of someone’s private life. The inviolability of private life is guaranteed by the Constitution of Georgia, which is the supreme law of the country,” Kordzaia noted.

Read more in The Georgian Times.



Now your online browsing can be tied to your “loyalty card” purchases at the local supermarket.

http://www.pogowasright.org/?p=7817

Yahoo! deal with Nectar will link online ads with offline purchases

February 15, 2010 by Dissent

Shoppers will have internet adverts displayed to them based on their offline shopping habits in a new scheme being developed by internet publisher Yahoo! and customer loyalty scheme Nectar.

The two companies will link their databases in a bid to better target consumers with relevant adverts and to improve the tracking of ads’ effectiveness in persuading consumers to buy goods.

[...]

The system is an opt-in one, meaning that consumers have to actively choose to allow their data to be used in this way. [Want to bet? Bob] Nectar is offering some of its points as an incentive for consumers to participate and 20,000 have already signed up, according to press reports.

Read more on Out-Law.com



I suspect this will translate for Cloud Computing in other areas as well...

http://www.bespacific.com/mt/archives/023526.html

February 15, 2010

New on LLRX.com: Ethics of Legal Outsourcing White Paper

LLRX.com - Ethics of Legal Outsourcing White Paper: The practical reality for US and UK attorneys engaging in or contemplating Legal Process Outsourcing (LPO) is that the outsourcing of both core legal and support services across the legal profession is nothing new. What is different today with the emergence of the LPO industry is that both core legal and legal support related services are being outsourced to lawyers, law firms and corporations located offshore in countries such as India, South Africa and the Philippines . Mark Ross analyzes how the outsourcing of legal work by a law firm or legal department to a legal outsourcing company or an entity located offshore raises specific issues pertaining to the outsourcing lawyer's ethical obligations to his or her client.


(Related) Isn't it similar to counting pigeons in Times Square?

http://www.pogowasright.org/?p=7822

Is it Ethical to Harvest Public Twitter Accounts without Consent?

February 16, 2010 by Dissent

Michael Zimmer has posted another ethical question this week:

While participating in the workshop on Revisiting Research Ethics in the Facebook Era: Challenges in Emerging CSCW Research, the question arose as to whether it was ethical for researchers to follow and systematically capture public Twitter streams without first obtaining specific, informed consent by the subjects. Many in the room felt that consent was not necessary since the tweets are public, a conscious choice made by the user to allow the whole world see her activity. In short, by not restricting access to one’s account, there is no expectation of privacy.

You can read the entire entry here. As Michael reiterates in a comment in the discussion section, “the issue isn’t about having individual tweets reposted, but whether it is ethical for researchers to systematically follow and scrape them, without undergoing IRB review or gaining informed consent.”

Many commenters on Michael’s blog seem to think this is a non-issue and that there is no expectation of privacy in public tweets. But researchers often have additional ethical obligations that the general public does not have. So, for example, a psychologist who wishes to conduct research that involves observing people on the street or under naturalistic conditions without their knowledge needs to take the proposal before an institutional review board (IRB) who will consider whether there is any risk posed to the unwitting participants in the study that needs to be addressed. When it comes to running things by an IRB, my position has always been that it’s pretty much always of value for uni-based researchers to seek IRB input and approval – not just for liability reasons but to gain others’ perspectives on the ethics of your design and methods.

Whether Tweeters have any right to control the use of their tweets is not the same question as asking whether researchers have an obligation to ask.



You don't suppose this might be connected to the “cost cutting” newspapers are doing? Fewer investigative journalists equals less transparent government? Perhaps they are not yet able to analyze the blogs and tweets coming from insiders – any good intelligence service can.

http://www.bespacific.com/mt/archives/023521.html

February 15, 2010

Some News Organizations Persist in Using FOIA, and Prevail

New York Times: "Some big companies, like Hearst and The Associated Press, have been quietly ramping up their legal efforts, by doing more of the work in-house — and saving costs by not hiring outside lawyers — and being more aggressive in states where they can recoup legal fees and at the federal level, which also allows plaintiffs in such access cases to sue for legal fees when they win. At Hearst, the company’s top lawyer says it has never had more First Amendment lawsuits in courtrooms around the country than it does now. At The A.P., a cooperative owned by its member newspapers, in-house lawyers say they are becoming more aggressive on a number of fronts. In 2009, the agency was party to 40 lawsuits, moderately up from four years ago, when the number of lawsuits was in the low 30s, according to Dave Tomlin, associate general counsel for The A.P.... But The A.P. has been vastly more assertive in appealing denied Freedom of Information Act, or F.O.I.A., requests from the federal government under the Obama administration, which came to power promising to operate a more open government and alter what some media lawyers complained was a trend toward more government secrecy in the wake of the 9/11 terrorist attacks."

  • News release: "The John S. and James L. Knight Foundation has approved a new $2 million, three-year grant to the National Freedom of Information Coalition to launch the Knight FOI Fund and support state open government groups. The Knight FOI Fund will provide up-front costs such as court costs, filing and deposition fees, if attorneys are willing to take on a pro-bono basis cases that otherwise would go unfiled." [Attention law schools! Bob]



Part of Computer Security – does the software do what it claims to do?

http://www.bespacific.com/mt/archives/023520.html

February 15, 2010

Investigative Resources, Due-Diligence Tips and Useful War Stories For Doing Business in a Complex World

Investigative Resources, Due-Diligence Tips and Useful War Stories For Doing Business in a Complex World - Eight Lessons from Recent Due-Diligence Background-Checking Gone Wrong. James Mintz Group, Global Fact Finding, Issue Five, February 2010

  • "The unmasking of Bernard Madoff has made many business people uneasy about the ventures they invest in, and the new partners and new hires they take on. This mega-scandal is certainly instructive about the need for proper and timely due diligence about those with whom we do business. The missed opportunities to recognize Madoff’s criminality have been discussed ad infinitum over the last year... But more obscure recent cases provide other lessons about due-diligence checking that you might want to do as a matter of routine. The war stories below are real and scary, but the lessons they teach us can reduce the chances of deception, and the risks to reputation and investment."



Competition in the digital age. Multiple proprietary standards cost more to support than one open standard.

http://tech.slashdot.org/story/10/02/15/2010230/Five-Years-of-YouTube-and-Forced-Evolution?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Five Years of YouTube and Forced Evolution

Posted by ScuttleMonkey on Monday February 15, @04:46PM

NakNak writes to mention that the DailyMaverick has a feature looking back at five years of YouTube, some of the massive changes that have been forced through as a result of its overwhelming popularity, and what changes might be necessary going forward.

"Google, which bought YouTube less than two years after it was founded for what was then considered outrageously expensive $1.65 billion, does not want Microsoft or Apple (or anybody else) to own the dominant video format. So it has become the biggest early tester of HTML5. Your browser doesn't support HTML5? Google launches its own browser, Chrome. Need to use Internet Explorer at work because that's all your IT department supports? Google launches a Chrome framework that effectively subverts IE and makes it HTML5-compatible. The final blow will be the day that YouTube switches off Flash and starts streaming only to HTML5 browsers. On that day all browsers will be HTML5 compatible or they will perish in the flames of user outrage."



Free is good, despite what the RIAA says.

http://www.makeuseof.com/dir/movski-watch-movies-online-downloading/

Movski: Watch Movies Online Without Downloading Anything

www.movski.com

Similar Tools: SurfTheChannel, Watch-Movies, and Free-Horror-Movies



A “real life” example for my Math students.

http://www.wired.com/geekdad/2010/02/leftover-valentines-chocolate-use-it-to-measure-the-speed-of-light/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Leftover Valentine’s Chocolate? Use It to Measure the Speed of Light



Toward Star Treks' Tricorder?

http://news.cnet.com/8301-27083_3-10453496-247.html?part=rss&subj=news&tag=2547-1_3-0-20

GE's Vscan puts ultrasound tech in docs' pockets

1 comment:

Vumetric said...

I think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article. cyberattack simulation