http://www.databreaches.net/?p=9973
Customer Sues Bank After Phishing Attack
February 11, 2010 by admin
Linda McClasson reports:
A Michigan-based metal supply company is suing Comerica Bank, claiming that the bank exposed its customers to phishing attacks.
A lawsuit filed by Experi-Metal Inc. (EMI) in Sterling Heights, MI alleges that Dallas-based Comerica opened its customers to phishing attacks by sending emails asking customers to click on a link to update the bank’s security software. EMI says even though the bank had two-factor authentication using digital certificates for its online banking portal, the phishing scam was able to circumvent these measures.
EMI contends that Comerica’s actions opened its online bank account to a successful phishing attack where more than $550,000 was stolen from the company’s bank accounts and sent overseas.
News of this suit comes days after news of another Dallas-based bank, PlainsCapital Bank, suing one of its customers in a dispute over a similar hack.
EMI is but one of many companies across the U.S. being targeted by hackers in this fashion.
Read more on BankInfoSecurity.
(Related) Beware any assertion of “Totally Secure!” “They ain't no sech thing!” (But it is enough to deny liability until someone catches on...)
European Credit and Debit Card Security Broken
Posted by timothy on Thursday February 11, @04:52PM
Jack Spine writes
"With nearly a billion users dependent on smart banking credit and debit cards, banks have refused liability for losses where an idenification number has been provided. But now, the process behind the majority of European credit and debit card transactions is fundamentally broken, according to researchers from Cambridge University. The researchers have demonstrated a man-in-the-middle attack which fooled a card reader into accepting a number of point-of-sale transactions, even though the cards were not properly authenticated. [Hacker axiom 14b: “If you can't defeat it, go around it.” Bob] The researchers used off-the-shelf components (PDF), and a laptop running a Python script, to undermine the two-factor authentication process on European credit and debit cards, which is called Chip and PIN."
I'm thinking that my Computer Security students should have to do this to pass my class. (Remember, NSA is looking for a few good hackers...) Is it really hacking if the security is so weak, even a caveman can “break in?”
http://www.databreaches.net/?p=9997
FL: District investigates computer security breach
February 12, 2010 by admin
The Associated Press reports:
The Broward County School District in South Florida is investigating whether students at several schools were able to change grades by hacking into computers.
The district said Thursday it had found “several security breaches” with school computer systems.
A district spokeswoman told the South Florida Sun-Sentinel officials aren’t sure how many schools or students may be involved. She declined to say which schools are being investigated.
Read more in the Miami Herald.
[From the article:
The investigation began after Broward Teachers Union officials received complaints about students breaking into the district's online system, getting access to teacher passwords and selling the information to other students. [In a secure system, the school district would be the first to notice this. Bob]
Significant? Possibly not.
http://www.pogowasright.org/?p=7740
Employee Misuse of Computer Access Ruled Not a Crime
February 12, 2010 by Dissent
Mary Pat Gallagher reports:
Using a password-accessed workplace computer in violation of company rules or policies may get you disciplined, but it’s not enough to be prosecuted in New Jersey, says a Mercer County judge in a published case of first impression.
Superior Court Judge Mitchel Ostrer threw out an indictment against Princeton Borough police sergeant Kenneth Riley, for viewing a digitally stored video of a January 2008 motor vehicle stop by other officers in his department.
Riley had a password allowing him to access videos of motor stops, but department policy only allowed him to view them for training purposes.
Read more about the case and legal analysis from the New Jersey Law Journal.
Seems to be a “hot topic” in Privacy circles this year.
http://www.pogowasright.org/?p=7738
Ca: Privacy Commissioner launches public consultations on privacy implications of cloud computing
February 12, 2010 by Dissent
.. Proponents of cloud computing say it gives business and private users free or low-cost access to powerful computer resources, without having to purchase these resources themselves.
Critics, however, warn about potential privacy risks. Users, for instance, could lose control over their personal information stored in a cloud, including where it may be stored, who has access to it, and how it may be used, retained or disclosed. Data, moreover, may be stored on computers located in different countries, where it is subject to local laws.
If you follow one person you're a “stalker” What do you call someone who follows many people?
http://www.pogowasright.org/?p=7758
Prosecutors: ESPN reporter Erin Andrews’ stalker taped 16 other women, ran background checks
February 12, 2010 by Dissent
The Associated Press reports that prosecutors claims that sportscaster Erin Andrew’s stalker also breached other individuals’ privacy:
The man who stalked ESPN reporter Erin Andrews and shot nude videos of her through a hotel room peephole videotaped 16 other women and ran background checks on 30 people, including female sports reporters and TV personalities, according to court documents.
A sentencing memo filed Monday in U.S. District Court in Los Angeles says Michael Barrett uploaded videos of 16 other women to an online account.
Barrett also allegedly conducted 30 Internet background checks that can produce birthdays and home addresses, the document said. The filing did not name the other alleged victims or say what information he obtained or how he may have used it.
Read more in the Hartford Courant.
Okay, here's a new argument for “privacy”
Virginia Legislators Outlaw Involuntary Implantation of Microchips
Concerns include privacy issues and preventing the apocalypse
By Jeremy Hsu Posted 02.10.2010 at 5:08 pm
Ultimate IP protection scheme? Microsoft recently won (suit was dropped) a case I reported earlier (http://www.pogowasright.org/?p=7686 ) Looks like they had even more “updates” waiting for a green light from their legal department.
Anti-Piracy Windows 7 Update Phones Home Quarterly
Posted by kdawson on Thursday February 11, @12:54PM
Lauren Weinstein sends in news of a major and disturbing Microsoft anti-piracy initiative called Windows Activation Technologies, or WAT. Here is Microsoft's blog post giving their perspective on what WAT is for. From Lauren's blog:
"The release of Windows 7 'Update for Microsoft Windows (KB71033)' will change the current activation and anti-piracy behavior of Windows 7 by triggering automatic 'phone home' operations over the Internet to Microsoft servers, typically for now at intervals of around 90 days. ... These automatic queries will repeatedly — apparently for as long as Windows is installed — validate your Windows 7 system against Microsoft's latest database of pirated system signatures (currently including more than 70 activation exploits known to Microsoft). If your system matches — again even if up to that time (which could be months or even years since you obtained the system) it had been declared to be genuine — then your system will be 'downgraded' to 'non-genuine' status until you take steps to obtain what Microsoft considers to be an authentic, validated, Windows 7 license. ... KB971033... is scheduled to deploy to the manual downloading 'Genuine Microsoft Software' site on February 16, and start pushing out automatically through the Windows Update environment on February 23. ... [F]or Microsoft to assert that they have the right to treat ordinary PC-using consumers in this manner — declaring their systems to be non-genuine and downgrading them at any time — is rather staggering."
Update: 02/12 02:08 GMT by KD : Corrected the Microsoft Knowledge Base number to include a leading 9 that had been omitted in the pre-announcement, per L. Weinstein.
(Related) How can an unsupported user tell the difference? If they can't get their own updates to work properly, what chance do users have? Another reason I dislike push updates.
Windows Patch Leaves Many XP Users With Blue Screens
Posted by timothy on Thursday February 11, @05:38PM
CWmike writes
"Tuesday's security updates from Microsoft have crippled Windows XP PCs with the notorious Blue Screen of Death, users have reported on the company's support forum. Complaints began early yesterday, and gained momentum throughout the day. 'I updated 11 Windows XP updates today and restarted my PC like it asked me to,' said a user identified as 'tansenroy' who kicked off a growing support thread: 'From then on, Windows cannot restart again! It is stopping at the blue screen with the following message: 'A problem has been detected and Windows has been shutdown to prevent damage to your computer.' Others joined in with similar reports. Several users posted solutions, but the one laid out by 'maxyimus' was marked by a Microsoft support engineer as the way out of the perpetual blue screens."
More grants to create lists of “Best Practices” that companies can ignore.
http://www.wired.com/threatlevel/2010/02/facebook-denies-all-wrongdoing-in-beacon-data-breach/
Facebook Denies ‘All Wrongdoing’ in ‘Beacon’ Data Breach
By David Kravets February 11, 2010 5:20 pm
Facebook is denying it illegally breached the privacy of its users in a proposed $9.5 million settlement to a class action challenging its program that monitored and published what users of the social-networking site were buying or renting from Blockbuster, Overstock and other locations.
To settle allegations that the social networking site’s “Beacon” program breached federal wiretap and video-rental privacy laws, Facebook is agreeing to seed what the agreement is calling a “Digital Trust Fund” that would issue more than $6 million in grants to organizations to study privacy. Facebook would have a seat on the fund’s three-member board — a move raising some eyebrows in the privacy community.
Here's where the next Willie ShakeYourSpear will come from. I'm sure someone (Google?) has a txt-to-English translation program. (“2B or ain't 2B”)
http://gizmodo.com/5468836/texting-is-the-scourge-of-this-generation
Texting Is the Scourge Of This Generation
By John Herrman
Nielsen stats put the average teen's texting rate at about ten per hour during the day.
… somewhere over 3000 text per month, per teen, on average.
… Even if the average word length is very generous five characters (that's six, including a space), these kids are tapping out about 40,000 words of ephemeral nothingness every month, or roughly one Catcher in the Rye's worth of "WILL UR BRTHR BUY US SUM BEER?" and "R U REDDY 2 DO IT YET?" every two months.
Did you ever stop to consider that very few people ever contemplated this question before computers?
http://www.maximumpc.com/article/howtos/10_best_ways_use_your_pc_night_or_while_youre_office
10 Best Ways to Use Your PC While You're Sleeping or at Work
Posted 02/12/10 at 10:00:00 AM by Mark Edward Soper
Observation: It amazes me that so many people ask questions that I should have been asking, but it is reassuring to note that lots of others have found a solution that works for them. (see the comments)
Document Management For Research With Annotation?
Posted by timothy on Thursday February 11, @03:04PM
msimm writes
"I'm currently looking for a document management system for personal and research-related use. Having looked at Alfresco and KnowledgeTree along with a slew of similar open source document management systems they seem to have a common set of features including version control, archiving, document permission/ownership and search/indexing. What I'd like, in order to help me manage my own continually growing collection of pdf/doc/odf/rtf/txt files, would be something that allowed me to view and annotate documents (and possibly collaborate/share notes) without requiring me to download, edit and re-upload each document. Obviously there are plenty of capable document management systems out there, so I really suspect I've simply missed something and am hoping someone can point me to a better way to index, search, collaborate and keep and share notes on the ever increasing glut of useful information I seem to use and collect."
For my students (website and digital design)
Aviary Now Free As A Bird
by MG Siegler on Feb 11, 2010
Aviary is easily one of the best online image editors out there — maybe the best. But to take full advantage of all it offers, you had to pay for its full suite, which cost you $24.99 a year. Well, that is until now. Starting today, the full service is now available for free to all users.
For my website students (and the University?)
JobBoardsHQ
Now all we need to do is scale it up! Tomorrow pigeons in New York, eventually satellites and aircraft, then Klingon warbirds!
TED 2010: Death Star Laser Gun Zaps Mosquitoes Dead
By Kim Zetter February 11, 2010 9:41 pm
LONG BEACH, California — If Microsoft founder Bill Gates unleashes more mosquitoes at this year’s Technology, Entertainment and Design conference, Nathan Myhrvold will be ready for him.
Myhrvold demonstrated a “Death Star” laser gun designed to track and kill mosquitoes in flight. The device was crafted from parts purchased on eBay by scientists at Myhrvold’s Intellectual Ventures Laboratory.
… Myhrvold’s team demonstrated the system onstage using a green laser light rather than a real laser for safety reasons. They let loose mosquitoes in a glass box rigged with a camera on one side of the stage, then pointed the laser device at the box. The laser lights quickly located the mosquitoes in flight.
After the live demo, Myhrvold showed a video depicting mosquitoes being zapped for real in flight.
No comments:
Post a Comment