Thursday, February 25, 2010

How to motivate lawmakers to take Computer Security seriously? Imagine the reaction in this country!

http://www.databreaches.net/?p=10146

Cyber-whistleblower stuns Latvia with tax heist

This entry was posted Wednesday, 24 February, 2010 at 3:30 pm

The Associated Press provides more info on a breach previously reported on this site that may have resulted in the acquisition of 7.4 million confidential files by a hacker’s group calling themselves the Fourth Awakening People’s Army (4ATA):

One of the group’s members, who uses the name “Neo” — apparently in reference to the hero of the popular “Matrix” films — has been making some of the documents available on the Internet.

On Wednesday “Neo” published salaries of members of Latvia’s police force and, in comments on a Twitter account, said “I call on the police union to analyze the data and determine whether the salary reform is fair and to continue the fight against crime.”

Earlier this week “Neo” released data showing that the CEO of Riga’s heating company, Aris Zigurs, paid himself a 16,000 lat ($32,000) bonus last year — a hefty sum for a city-owned utility, especially at a time when many municipal workers have had their salaries slashed. Zigurs confirmed to Latvian media the data was accurate.

Read more on KIDK.

[From the article:

The nation's security council discussed the breach and expressed concern that only 50 percent of the country's 175 state-run data systems have security oversight. President Valdis Zatlers called for immediate action to install proper security on all systems.



Insurance would depend on the bank's security procedures. If the bank happens to own the insurance company, you probably can't get a policy.

http://www.databreaches.net/?p=10144

Firm Faces Bankruptcy from $164,000 E-Banking Loss

This entry was posted Wednesday, 24 February, 2010 at 3:25 pm

Brian Krebs has a piece reminding us that businesses don’t have the same protection as individuals when bank accounts are hit by fraud and/or when the cause of the breach is that the user’s system was infected by malware:

A New York marketing firm that as recently as two weeks ago was preparing to be acquired now is facing bankruptcy from a computer virus infection that cost the company more than $164,000.

Karen McCarthy, owner of Merrick, N.Y. based Little & King LLC, a small promotions company, discovered on Monday, Feb. 15 that her firm’s bank account had been emptied the previous Friday. McCarthy said she immediately called her bank – Cherry Hill, N.J. based TD Bank – and learned that between Feb. 10 and Feb. 12, unknown thieves had made five wire transfers out of the account to two individuals and two companies with whom the McCarthys had never had any prior business.

Read more on KrebsonSecurity.com

[From the article:

Krebsonsecurity spoke briefly with John G. McCluskey, vice president of TDBank’s corporate security and investigations. McCluskey referred all questions about the incident to the bank’s marketing department, [Does this suggest that the bank's Risk department has no clue how to address this? Bob] which hasn’t returned calls seeking additional information and comment.



I wonder what “adequate security” would have cost?

http://www.databreaches.net/?p=10142

Cost Of A Breach, Heartland Style: At Least $129 Million; Might Be $229 Million

This entry was posted Wednesday, 24 February, 2010 at 3:20 pm

Evan Schuman comments:

In its latest financial report, Heartland Payment Systems reported that it dropped $129 million on data breach costs last year (an incident that briefly placed Heartland on Visa’s Bad Breach Boy list). The company added that it still has a reserve of $100 million for additional expenses.

As a processor, Heartland’s pain is certainly much more severe than what would be inflicted on a retailer involved in a similarly large breach. But $229 million is starting to look like real money.

Read more on StorefrontBacktalk.



Learning to speak Lawyer: “No evidence” means they can ignore all the “anecdotal” complaints.

http://www.phiprivacy.net/?p=2050

Tennessee: No evidence stolen personal information being used, BlueCross says

By Dissent, February 24, 2010 1:21 pm

Andy Sher reports:

No identity theft or credit card fraud has been found stemming from the October theft of 57 computer hard drives containing BlueCross customers’ personal information, a company official told state lawmakers today.

“No sir,” Clay Phillips, BlueCross’ director and associate general counsel for state affairs, told Sen. Ken Yager, R-Harriman. “We monitor that daily.”

Mr. Phillips said the Chattanooga-based insurer has had a “couple” of notifications that members’ company-issued identification number were “exposed.” But he emphasized that BlueCross officials tracked the cases down and were able to “determine that none of it is the result of this exposure.”

BlueCross’ update to Senate State and Local Government Committee members is the latest action the company has taken following the theft of the computer hard drives from an abandoned BlueCross training center at the Eastgate Center in Chattanooga.

Read more in the Chattanooga Free Times Press.

[From the article:

The company has spent more than $7 million to identify the scope of what was stolen and to notify those affected, officials have previously said. Millions of dollars more are likely to be spent.

“The risk of exposure (to customers) is actually very small,” Mr. Phillips said in response to another lawmaker’s question. “As you can see from how long it’s actually taking us using 800 employees to get at this data, it’s very difficult to ‘mine’ data like this.” [Perhaps my Intro to Computer Security students could help? Or the Latvian whistle blower in the article above? Bob]

Asked whether there were any suspects, Mr. Phillips said he could not publicly say. [Possible translations: “No one told me.” OR “Yes” OR “We don't have a clue.” Bob]



Again....

http://www.wired.com/threatlevel/2010/02/ftc-identity-theft-no-1-consumer-complaint/

FTC: Identity Theft Is No. 1 Consumer Complaint

The complete 101-page report (.pdf) is available here.



Also a “learning to speak lawyer” article, and more “spin” in the “WebCamGate” story. I fail to understand why they don't say “There was no photo” if that was the case? Why dance around if they are guilty?

http://news.cnet.com/8301-19518_3-10459240-238.html?part=rss&subj=news&tag=2547-1_3-0-20

High-school disciplinarian denies Webcam spying

by Larry Magid February 24, 2010 2:59 PM PST

Responding to what she called "many false allegations reported about me in the media," Harriton High School Assistant Vice Principal Lynn Matsko gave an emotional response on Wednesday morning to allegations that she played any role in the alleged remote activation of a student's school-issued laptop Webcam to spy on the student at home.

… With anger apparent in her voice, Matsko read a statement in which she said "at no point in time did I have the ability to access any Webcam through security-tracking software. At no time have I ever monitored a student via a laptop Webcam, nor have I ever authorized the monitoring of a student via security-tracking Webcam either at school or in the home. And I never would."

… You can listen to the entire 5-and-a-half-minute statement, courtesy of CBS radio station KYW Newsradio 1060 Philadelphia.

… After Matsko's statement, Blake Robbins read a statement (PDF) from his family saying that "nothing in Ms. Matsko's statement is inconsistent with what we stated in our complaint. Ms. Matsko does not deny that she saw a Webcam picture and screenshot of Blake in his home; she only denies that she is the one who activated the Webcam."

… You can listen to Blake Robbins read the 4 minute, 15 second statement here on KYW Newsradio's site.



Worth a look...

http://www.internetevolution.com/tutorial-cloud-security.asp

New Video Tutorial: Cloud Computing Security‏

Internet Evolution's latest video tutorial on cloud computing security identifies the challenges and offers checklists to consider and solutions, where available. The tutorial, hosted by security expert and Wikibon founder David Vellante, is divided into 10 questions to allow viewers to dig into the topics they care about most.



For some values of “Reasonable”

http://www.pogowasright.org/?p=7989

Tennessee Supreme Court to Hear Right to Privacy Issue

February 25, 2010 by Dissent

The Baker Associates blog discusses a case coming before the Tennessee Supreme Court:

…. The right to privacy, however, does have some limitations. One of those limitations is that the right does not exist where the person has no reasonable expectation [Different from “Some” reasonable expectation and dependent on the definition of “Reasonable” Bob] of privacy. There can be a plethora of reasons for why a person may have a diminished expectation of privacy, and one of those reasons is set to come before the Tennessee Supreme Court on its upcoming docket. In an upcoming case styled State v. Talley, the Court will decide if the defendant had a reasonable expectation of privacy with regard to the common areas of his condominium complex, a common area to which many third parties had unrestricted access. In this case, detectives had performed a warrantless search of the common areas by asking a third party if they could come inside the condominium and look around and obtaining consent to do so. They then gathered evidence that was in plain view in order to provide them with probable cause to execute the search later. The defendant contended that the search was unconstitutional, but his motion was unsuccessful.

While it is true that defendants do not generally have a reasonable expectation of privacy with regard to places where a numerous amount of third parties have unfettered access, some circumstances in this case suggest that law enforcement officials may have overstepped their constitutional boundaries.

Read more on Baker Associates.


(Related)

http://www.pogowasright.org/?p=7992

On Fourth Amendment Privacy: Everybody’s Wrong

February 25, 2010 by Dissent

Jim Harper of the Cato Institute writes:

Everybody’s wrong. That’s sort of the message I was putting out when I wrote my 2008 American University Law Review law review article entitled “Reforming Fourth Amendment Privacy Doctrine.”

A lot of people have poured a lot of effort into the “reasonable expectation of privacy” formulation Justice Harlan wrote about in his concurrence to the 1967 decision in U.S. v. Katz. But the Fourth Amendment isn’t about people’s expectations or the reasonableness of their expectations. It’s about whether, as a factual matter, they have concealed information from others—and whether the government is being reasonable in trying to discover that information.

Read more here or even better, listen to the podcast here.



It's for your own good! We need this to diagnose and fix “problems” This is the kind of help I can do without!

http://it.slashdot.org/story/10/02/24/235249/GoDaddy-Wants-Your-Root-Password?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

GoDaddy Wants Your Root Password

Posted by samzenpus on Wednesday February 24, @07:20PM

Johnny Fusion writes

"The writer of the Securi Security Blog had an alarming awakening when a honeypot on port 22 on a GoDaddy-hosted VPS recorded login attempts using his GoDaddy username and password and even an attempt to login as root. It turns out the attempt was actually from within GoDaddy's network. Before he could 'alert' GoDaddy about the security breach, he got an email from GoDaddy Demanding his root login credentials. There is an update where GoDaddy explains itself and says they will change policy."



There is probably no good way to do this. But this seems far from the best available choice...

http://www.pogowasright.org/?p=7982

Microsoft takes down Cryptome, but Cryptome will be back

February 25, 2010 by Dissent

John Young of Cryptome.org has been a thorn in the side of numerous businesses and government agencies for posting documents that they would rather not be seen by the public, such as those marked For Official Use Only, or lawful compliance guides issued by ISPs and providers that detail what kinds of information they maintain on subscribers that they can provide to law enforcement. But now Microsoft has used copyright law to take down Cryptome over its publication of their Microsoft® Online Services Global Criminal Compliance Handbook .

[ … ]

Of course, if Microsoft wanted to keep the manual quiet, the takedown notice ended any thought of that. The manual has now been mirrored all over the Internet, including Wikileaks.

Microsoft, meet Streisand.



No one seems to distort the facts more than a lawyer working for a Copyright Trust.

http://news.slashdot.org/story/10/02/24/1812244/Use-Open-Source-Then-Youre-a-Pirate?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Use Open Source? Then You're a Pirate!

Posted by ScuttleMonkey on Wednesday February 24, @03:59PM

superapecommando writes

"There's a fantastic little story in the Guardian today that says a US lobby group is trying to get the US government to consider open source as the equivalent to piracy. The International Intellectual Property Alliance (IIPA), an umbrella group for American publishing, software, film, television and music associations, has asked the US Trade Representative (USTR) to consider countries like Indonesia, Brazil, and India for its 'Special 301 watchlist' because they encourage the use of open source software. A Special 301, according to Guardian's Bobbie Johnson is: 'a report that examines the "adequacy and effectiveness of intellectual property rights" around the planet — effectively the list of countries that the US government considers enemies of capitalism. It often gets wheeled out as a form of trading pressure — often around pharmaceuticals and counterfeited goods — to try and force governments to change their behaviors.'"



I'm going to save this study for my “How to Stalk” class.

http://science.slashdot.org/story/10/02/24/2343219/Cell-Phone-Data-Predicts-Movement-Patterns?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Cell Phone Data Predicts Movement Patterns

Posted by samzenpus on Thursday February 25, @01:26AM

azoblue writes

"In a study published in Science, researchers examined customer location data culled from cellular service providers. By looking at how customers moved around, the authors of the study found that it may be possible to predict human movement patterns and location up to 93 percent of the time."

[From the article:

Cell phone companies store records of customers' locations based on when the customers' phones connect to towers during calls. Researchers realized that taking this data and paring it down to users who place calls more frequently might allow them to see if they could develop any measure of how predictable human movements and locations are.

… Customers that stuck to the same six-mile radius had predictability rates of 97 to 93 percent, and this fell off as the typical area of travel grew. But the predictability eventually stabilized, and remained at 93 percent even as the radius of travel rose to thousands of miles. Regardless of how widely they traveled, the researchers could adequately predict their locations, down to the specific tower, 93 percent of the time.


(Related) If they can track anyone but crooks, is anyone they can't track a crook?

http://www.wired.com/gadgetlab/2010/02/car-thieves-use-gps-jammers-to-make-a-clean-getaway/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Car Thieves Use GPS Jammers to Make Clean Getaway



We're a long way from computers “spontaneously” selecting topics to learn in an attempt to outdo humans. What I'd like to know is if the computer is using “rules” similar to those I learned when I was becoming the preeminent kazoo player of the third grade..

http://tech.slashdot.org/story/10/02/24/2315204/Triumph-of-the-Cyborg-Composer?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Triumph of the Cyborg Composer

Posted by samzenpus on Wednesday February 24, @08:58PM

An anonymous reader writes

"UC Santa Cruz emeritus professor David Cope's software, nicknamed Emmy, creates beautiful original music. So why are people so angry about that? From the article: 'Cope attracted praise from musicians and computer scientists, but his creation raised troubling questions: If a machine could write a Mozart sonata every bit as good as the originals, then what was so special about Mozart? And was there really any soul behind the great works, or were Beethoven and his ilk just clever mathematical manipulators of notes?'"



I tend to believe this study, but then I grew up in the “Dragnet” culture (Just the facts, mam) Are “Individualist” and Communitarian” code words for Conservative and Liberal?

http://science.slashdot.org/story/10/02/24/2332234/Beliefs-Conform-to-Cultural-Identities?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Beliefs Conform to Cultural Identities

Posted by samzenpus on Wednesday February 24, @11:07PM

DallasMay writes

"This article describes an experiment that demonstrates that people don't put as much weight on facts as they do their own belief about how the world is supposed to work. From the article: 'In one experiment, Braman queried subjects about something unfamiliar to them: nanotechnology — new research into tiny, molecule-sized objects that could lead to novel products. "These two groups start to polarize as soon as you start to describe some of the potential benefits and harms," Braman says. The individualists tended to like nanotechnology. The communitarians generally viewed it as dangerous. Both groups made their decisions based on the same information. "It doesn't matter whether you show them negative or positive information, they reject the information that is contrary to what they would like to believe, and they glom onto the positive information," Braman says.'"



Perhaps not as good as dedicated mindmapping software, but more people should be familiar with it...

http://www.makeuseof.com/tag/build-mind-map-microsoft-word/

How To Build a Mind Map In Microsoft Word



A tool for my students who claim they don't like to read...

http://www.makeuseof.com/dir/carryouttext-convert-text-into-mp3

CarryOutText: Convert Text Into MP3 Audio

No comments: