Wednesday, February 10, 2010

It is almost axiomatic that initial reports don't fully report the damage.

http://www.databreaches.net/?p=9930

Update: BlueCross ID theft warnings top 500,000 and growing

February 10, 2010 by admin

Dave Flessner reports:

Another 301,628 current and former members of BlueCross BlueShield of Tennessee soon will be getting letters alerting them that their personal information was included on computer hard drives stolen from the insurance company last year.

The Chattanooga-based health insurer announced today that the number of affected customers with potentially compromised identification and health information has more than doubled from the 220,133 persons already notified about the identity threat.

[...]

BlueCross still is accessing records of those whose names and addresses — but not Social Security numbers and other sensitive identity data — may be on the hard drives. Mr. Vaughn said even more people are likely to be contacted.

[...]

“The company seems to be bending over backwards to alert anyone whose records may be involved and authorities in the states where the affected people live,” said Deven McGraw, a privacy advocate with Center for Democracy and Technology. “It’s costing them a huge amount of money. They could have avoided this if they would have spent just a little bit more on the front end to better secure these hard drives or use data encryption to protect the records.”

Read more in the Chattanooga Times Free Press.

[From the article:

BlueCross already has spent more than $7 million to identify the scope of what was taken and to notify those affected, officials said.

… But so far, no one has been charged with any crime and BlueCross officials say there is no evidence that anyone has improperly accessed or used the data on the hard drives. [A common assertion of no value. They have no way to know that the data wasn't accessed, but they can say they have no 'evidence' that it was. Bob]



Are we seeing some push back at last?

http://www.databreaches.net/?p=9926

Javelin Study Finds Identity Fraud Reached New High in 2009, but Consumers are Fighting Back

February 10, 2010 by admin

The 2010 Identity Fraud Survey Report – released today by Javelin Strategy & Research (http://www.javelinstrategy.com/) – found that the number of identity fraud victims in the United States increased 12 percent to 11.1 million adults in 2009, while the total annual fraud amount increased by 12.5 percent to $54 billion(1). The report found that protection of data by consumers and businesses and enlisting assistance in resolution are helping consumers and businesses resolve fraud more quickly, and are also reducing or eliminating costs for the consumer.

To register for an interactive webinar detailing the report’s findings, please visit: https://www1.gotomeeting.com/register/115681009



Should we feel honored that criminals are fighting over us? (Have they no honor?)

http://it.slashdot.org/story/10/02/10/1337238/New-Russian-Botnet-Tries-To-Kill-Rivals?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

New Russian Botnet Tries To Kill Rivals

Posted by CmdrTaco on Wednesday February 10, @10:10AM

alphadogg writes

"An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers. Security researchers say that the relatively unknown Spy Eye toolkit added this functionality just a few days ago in a bid to displace its larger rival, known as Zeus. The feature, called "Kill Zeus," apparently removes the Zeus software from the victim's PC, giving Spy Eye exclusive access to usernames and passwords. Zeus and Spy Eye are both Trojan-making toolkits, designed to give criminals an easy way to set up their own "botnet" networks of password-stealing programs. These programs emerged as a major problem in 2009, with the U.S. Federal Bureau of Investigation estimating last October that they have caused $100 million in losses."



Just when people are beginning to understand the concept of a cookie, we start seeing variations.

http://www.wired.com/threatlevel/2010/02/feds-bust-cookie-stuffing-code-seller/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Feds Bust Cookie-Stuffing Code Seller

By David Kravets February 9, 2010 6:48 pm

… The now-defunct site lets nefarious website owners purchase his cookie-stuffing code to unwittingly dupe eBay to pay those site owners thousands of dollars in advertising referral fees, the authorities said.



...because his lips are moving.

http://www.pogowasright.org/?p=7697

UK: ISA chairman assures nation: Your data is safe

February 10, 2010 by Dissent

John Ozimek reports:

On Monday night, Panorama took a close look at the new scheme that went live last October, to create a vetting database that will determine whether adults are allowed to work with children and vulnerable adults. This scheme will, on the government’s own figures, cost the taxpayer an additional £277 million over the next three years.

Interviewed by Jeremy Vine, former Information Commissioner Richard Thomas was cautious. He said: “With any large governmental collection of personal information, there are clear and substantial risks that the information may be inaccurate.

[...]

Roger Singleton, Chairman of the Independent Safeguarding Authority (ISA) reassured viewers by confirming that there is a very high level of security within the government’s secure information system in terms of physical safeguards. [Hackers will have no trouble accessing the data. Bob]

He pointed out that the ISA has never lost any personal data, although as Jeremy Vine observed, the ISA has not yet had any data to lose.

Read more on The Register.


(Related) Not only can they keep the data, they can prove it's authentic by having the victim sign it! (Ah, to be a Bollywood movie star!) After all, what use is evidence that you can't later produce in court?

http://www.pogowasright.org/?p=7688

Shah Rukh signs off sexy body-scan printouts at Heathrow – or does he?

February 10, 2010 by Dissent

How many assurances have we seen that data from airport strip search scanners is destroyed immediately? A news story of February 6 by ANS suggested that this may not be the case. Indian star Shah Rukh Khan recently told BBC’s Jonathan Ross that not only did airport staff at Heathrow print out his very revealing digital images, but that he autographed copies for them:


(Related) Keeping customers can take on a whole new meaning.

http://www.wired.com/epicenter/2010/02/what-do-we-want-our-data-when-do-we-want-it-now?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

What Do We Want? Our Data. When Do We Want It? Now!

By Eliot Van Buskirk February 9, 2010 3:58 pm

Predictions about the appeal of cloud computing were on the money. We increasingly share, communicate, socialize and entertain ourselves with software and media on remote servers rather than on our own computers. But a big catch prevents more of us from investing much time or money in ephemeral digital media or constantly-changing online services: It can be difficult, if not impossible, to grab your stuff and split.



Now this surprises me. I have expressed a few concerns with the “push” updates to software. Adding new software that has nothing to do with the original product seemed a bit beyond the original agreement to me. I'd like to see some documentation of the arguments, but I suspect that won't be possible.

http://www.pogowasright.org/?p=7686

Judge dismisses Windows anti-piracy software lawsuit

February 10, 2010 by Dissent

Gregg Keizer reports:

A federal judge last week dismissed a three-year-old lawsuit that accused Microsoft of duping customers when it fed them company anti-piracy software as a critical security update, court documents show.

U.S. District Court Judge Richard Jones dismissed the case last Friday, a day after the plaintiffs and Microsoft agreed to drop the lawsuit.

[...]

Multiple lawsuits filed in July 2006 claimed that Microsoft mislead users by labeling the WGA software as a security update, and failed to tell customers that WGA collected information from their PCs, then frequently “phoned home” the data to Microsoft’s servers. The plaintiffs later combined their cases and asked the court to grant the joint lawsuit as a class-action.

Read more on Computerworld.

The plaintiffs seem to have dropped the suit because of the way the judicial winds were blowing. So it seems that Microsoft or any other company can dupe consumers into downloading and installing software that spies on the consumer’s system and “phones home” and they may get away with it.

[From the article:

Last year, Microsoft warned Jones that if the lawsuit was allowed to proceed as a class-action, it could be tapped for big money. "Plaintiffs seek hundreds of millions of dollars on behalf of tens of millions of persons for twelve forms of alleged damages," Microsoft said as it cast the plaintiffs as little more than gold diggers.



Can't say this surprises me. Very little happens in China without official approval (or an official deliberately ignoring something or someone).

http://arstechnica.com/tech-policy/news/2010/02/hacker-training-site-reappears-after-takedown-by-china.ars

Hacker training site backup lives after takedown by China

By Jacqui Cheng Last updated February 8, 2010 12:25 PM

Chinese authorities are making a cursory effort to crack down on hackers as of late, and have shut down hacker training website Black Hawk Safety Net. According to state-run news organization Xinhua, police in the Hubei Province made three arrests associated with the massive recruiting site and have confiscated numerous assets, including cash, servers, and a Honda Accord. With all eyes on China thanks to the Great Google Scandal of 2010, a move like this may calm fears that China is allowing itself to become a Wild West of cybercriminals. The problem is that Black Hawk already has a contingency plan in place and may be back sooner than later.



How do you distinguish a deposit to your personal bank account from a payment for services rendered? Expect the suspension to last until India can figure out which transfers should be taxed. (Or PayPal users realize they could deposit that money in a Swiss account.)

http://news.slashdot.org/story/10/02/10/0048246/India-Suspended-From-PayPal-For-At-Least-a-Few-Months?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

India Suspended From PayPal For "At Least a Few Months"

Posted by kdawson on Tuesday February 09, @11:24PM

More details have come about about what was behind PayPal's decision to suspend personal payments to any user in India, as we discussed on Sunday. In a blog post today, PayPal revealed that payments to India will remain in suspension for at least a few months. Customers in India will be able to pull rupees out of the service into their bank accounts within a few days. The suspension came about when Indian government regulators raised questions about whether PayPal's service was enabling remittences (transfers of money by foreign workers) to Indian citizens.

"The problems may have been triggered by a marketing push that promotes PayPal as a way to send money abroad, a source familiar with the matter said. The campaign — which reads 'As low as $1.50 to send $300 to countries like India' — may have caught the attention of Indian regulators, the source said."

[From the article:

PayPal notified users on Saturday that personal payments to and from India had been suspended, as well as transfers to local banks. Customers can still make commercial payments to India, but merchants can’t withdraw funds in rupees to local banks, the company said.

On Tuesday it said customers should be able to withdraw funds to a local bank within a few days. But for now it can do nothing to facilitate personal transactions.



Good news/bad news? Looks like a technique US ISPs might try.

http://arstechnica.com/telecom/news/2010/02/australias-internet-non-neutral-and-proud-of-it.ars

Australia's Internet: nonneutral and proud of it

By Nate Anderson | Last updated February 9, 2010 6:35 AM

Last week, an Australian federal judge issued a major ruling—the first of its kind worldwide—saying that ISPs aren't required to take action against subscribers after receiving letters alleging copyright infringement. But lost in most of the discussion of the ruling is another hot topic, net neutrality. If you want a good look at what a non-neutral 'Net looks like, take a gander at Australia.

The judge's ruling discussed the business practices of Australia's third-largest ISP, iiNet, and in doing so reminded non-Aussie readers about a defining feature of Internet life Down Under: bandwidth caps. Such caps are common around the world, but Australian ISPs take the idea one step further by setting up partnerships with entertainment services and music download companies. Any data usage directed at one of these favored services doesn't count against the monthly bandwidth cap.

… This is quite clearly nonneutral behavior in any sense of the term. ISPs like iiNet shape traffic when the quota is reached, meaning that all traffic to nonpartner sites is slowed dramatically, while the favored services continue at full speed. This isn't an outright "blocking" of other websites, which can be freely accessed until the cap is reached, but the effect is quite similar. How are high-bandwidth services like video streaming going to compete against those services favored by an ISP? How will new players ever gain market share?



Because you should never be exposed (no pun intended) to sub-standard porn. Is an Tampa jury applying Florida standards to a video produced in California a jury of his peers?

http://yro.slashdot.org/story/10/02/10/0140245/Appeals-Court-Rules-On-Internet-Obscenity-Standards?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Appeals Court Rules On Internet Obscenity Standards

Posted by kdawson on Wednesday February 10, @05:21AM

dark_requiem writes

"The 11th Circuit Court of Appeals has ruled that online content can be judged by the standards of the strictest community that is able to access it. The court upheld the conviction of pornography producer Paul F. Little, aka Max Hardcore, for violating obscenity laws in Tampa, despite the fact that the 'obscene' material in question was produced and sold in California. From the article: 'The Atlanta-based court rejected arguments by Little's attorneys that applying a local community standard to the Internet violates the First Amendment because doing so means material can be judged according to the standards of the strictest communities. In other words, the materials might be legal where they were produced and almost everywhere else. But if they violate the standards of one community, they are illegal in that community and the producers may be convicted of a crime. ... Jurors in Little's trial were told to judge the materials on the basis of how "the average person of the community as a whole — the Middle District of Florida" — would view the material.'" [They definitely would not want me on that jury. I would remind them that statistically, half the world is below average. Bob]

[From the article:

Little is from California but was tried in Tampa after investigators here ordered his videos through the mail and downloaded them over the Internet. [I wonder if anyone else did? Bob]



I wonder if this could be expanded into a moot court?

http://www.killerstartups.com/User-Gen-Content/instantjury-com-where-everybody-becomes-a-jury

InstantJury.com - Where Everybody Becomes A Juror

http://www.instantjury.com/

This site is based on an interesting premise: it lets the public become web-based jurors and settle disputes by casting their own votes in favor of either the plaintiff or the defendant. That is, people submit their own cases and dilemmas on the site, and each party can set down why he thinks that he is right. People will then vote for the one that they sympathize with, and they will also be able to leave comments in the forum that is opened for each and every case.



Google streetview expanded to include images of malls and standalone stores, now ski slopes. Next we will be asked to swallow Google capsule cam to map our intestinal tract... (Google Colon-Cam?)

http://www.wired.com/gadgetlab/2010/02/google-snowmobile-street-view/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Google Tricks Out a Snowmobile for Stunning Street View


(Related) Can't recall ever needing a worm's-eye view of my garden, but you can never have too much information.

http://www.wired.com/dangerroom/2010/02/darpas-plan-for-world-domination-map-entire-planets-underground/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

With Darpa’s ‘Transparent Earth,’ Underground Doesn’t Mean Out of Sight



What fun! Drive your cubicle-mates nuts by raining on their day! (Sorry boss, I can't get to work today. All the roads are washed out. … What do you mean it's not raining there?)

http://www.makeuseof.com/dir/rainymood-sound-of-rain-and-thunder-mp3/

RainyMood: Relax to the Sound of Rain and Thunder mp3

www.rainymood.com

Similar tool: SoundSleeping.

Similar sites: iSerenity, NapSounds, SimplyNoise and WhiteNoise (iPhone).



This is from a law blog (specifically e-discovery) but it has much wider implications. ...and I agree with him.

http://e-discoveryteam.com/2010/02/07/why-online-education-will-surpass-traditional-face-to-face-education-in-the-next-5-10-years/

Why Online Education Will Surpass Traditional Face-to-Face Education in the Next 5-10 Years

Those who change and go with the times will prosper, those who do not will go the way of the newspapers. For law schools that means their income and rankings will decline, their enrollment will suffer, and their faculty will transfer. They will struggle to make ends meet, and ultimately, many will close. The few who lead the way, or quickly catch up, will make up the difference as world-wide matriculation increases. They will grow in quality, prestige, and wealth.

No comments: