Thursday, February 11, 2010

There's a big difference between replacing a credit card and insuring against unauthorized bank transfers. (Class Actions are less likely?) I wonder if any of those “assurances” were in writing?

http://www.databreaches.net/?p=9955

Online Robbery: Hackers Steal $50,000. Bank Says ‘Tough Luck’

February 10, 2010 by admin

Kathy Kristof reports on a story that should make everyone who banks online think about whether they, too, are at risk:

…. Seven years ago, Fan Bao opened a checking account at Bank of America to facilitate his small import-export business called ZICO USA. When he needed to wire money, he or his wife, Cathy Huang, would walk a few blocks to Bank of America’s Highland Park, Calif., branch and execute the transfer in person.

But two summers ago, a BofA branch official urged Bao to do his banking online, assuring him that it was every bit as safe as banking in person. Only wires sent from Zico’s computer, accompanied by a downloaded security certificate, would be honored, he was told. Bao followed the bank’s security instructions to the letter, and accepted the bank’s assurances that his money was safe.

But last summer, two fraudulent drafts were sent through Bao’s account–one for $50,000 and another for $99,100. Both drafts were going to a bank in Croatia that Bao had never done business with. In fact, Bao had never before sent a wire transfer to anyone outside of Hong Kong or China.

[...]

Huang immediately denounced the charges as unauthorized and fraudulent. The bank was subsequently able to stop payment on the second draft for $99,100, but the other $50,000 already had been paid to the Croatian bank and the money had been withdrawn. When Bao asked for the money back, Bank of America told him the missing $50,000 wasn’t their problem.

Read more on Money Watch.



If nothing else, I may learn some useful new phrases... Don't recall a breach notice theough.

http://www.databreaches.net/?p=9968

Lawrence Welk Resort Furious with Visa

February 11, 2010 by admin

Elizabeth Banicki reports:

The Lawrence Welk Resort says a tech company disabled its computer security system, making 1,427 customers’ credit cards vulnerable to ID theft. Welk says it paid Micros Systems $100,000 for the botched job, to “ensure compliance with evolving Visa and other industry security standards,” and that Visa, for “no legitimate reason,” ordered banks to withhold $500,000 that should have gone to the resort.

The Welk Resort, a large housing development in North San Diego County, sued Visa and Micros Systems in Superior Court.

Read more about the lawsuit on Courthouse News. A copy of the lawsuit can be found here.

The lawsuit alleges that as a result of the manner in which MICROS disabled the the security, not only were customers’ credit cards vulnerable to ID theft, there were actual reports of a “limited number of unauthorized charges.” The complaint also provides a description of VISA’s operating rules, which the complaint describes as an

obfuscatory, convoluted and malleable set of Rules in order to provide itself with a legitimizing cloak for arbitrary actions intended to maximize the profits of VISA and its members to the detriment of merchants and the general public.

The complaint goes into a lot of detail about how VISA operates and the experience from the perspective of a merchant (and breached entity). Keeping in mind that a complaint is untried allegations, it still makes for interesting reading.



Opinions vary. Go figure...

http://www.databreaches.net/?p=9962

Credit card data security: Who’s responsible?

February 11, 2010 by admin

By Phil Lieberman, president & CEO, Lieberman Software, and Henry Helgeson, co-CEO, Merchant Warehouse, Network World

About a year ago security at Heartland Payment Systems Inc. was breached and information affecting more than 100 million credit cards stolen. Was it Heartland’s fault, or should the credit card companies shoulder more of the responsibility?

The experts:

Phil Lieberman, CEO of Lieberman Software, argues that Heartland met its legal obligations and the breach was not the company’s fault, but rather due to the lack of smart card technology that credit card issuers refuse to issue in the United States.

Henry Helgeson, CEO of Merchant Warehouse, argues that it’s the job of merchant account providers like his company (and Heartland), to take the security measures necessary to prevent breaches, but enhancing existing cards could help.

Read their point and counterpoint on Network World.



I thought China said they shut these guys down?

http://yro.slashdot.org/story/10/02/11/011257/Experts-Closing-In-On-Google-Attack-Coders?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Experts Closing In On Google Attack Coders

Posted by samzenpus on Wednesday February 10, @11:57PM

ancientribe writes

"The targeted attacks out of China that hit Google, Adobe, and other U.S. organizations are still ongoing and have affected many more companies than the original 20 to 30 reported. [What strategic goal is behind the underreporting of attacks? If I was the suspicious type, I might think the government wanted to avoid frightening/inciting the citizenry into demanding cyber war. Bob] Security experts now say they are getting closer to identifying the author or authors of the malware used to breach Google and other organizations."

[From the article:

Meanwhile, HBGary today released a free tool for downloading that scans and removes the Aurora malware from Windows machines. Hoglund calls it an "inoculation shot."



Speaking of Class Actions...

http://www.pogowasright.org/?p=7704

Facebook Hit With More Privacy Lawsuits In The Wake Of Changing Users’ Settings

February 10, 2010 by Dissent

Wendy Davis writes:

Facebook has been hit with two new potential class-action lawsuits stemming from recent revisions to its privacy settings.

The cases, filed in federal district court in San Jose, Calif. on behalf of nine Facebook users, allege that the new settings decreased users’ privacy and “resulted in wider access to personal information that users had included in their profiles,” according to court papers submitted on Wednesday by Facebook.

Late last year, Facebook sparked controversy by classifying a host of data as “publicly available information” — including users’ names, profile pictures, cities, networks, lists of friends and pages that people are fans of. Facebook also changed the default settings for many users to share-everything, spurring criticism that users who reviewed their settings quickly and accepted the defaults might inadvertently share more than they had intended.

[...]

The consumers in the most recent lawsuits allege that Facebook’s new settings violate California’s business code as well as their “right of publicity,” or right to control the commercial use of their images, according to Facebook’s papers.

Read more on MediaPost.

One of the cases is Silvestri v. Facebook, 5:10-cv-00429-JF. The other case is Markowitz v. Facebook, 5:10-cv-00430-JF. Both lawsuits were filed in January.


(Related) Might Google face the same problem?

http://www.pogowasright.org/?p=7708

WARNING: Google Buzz Has A Huge Privacy Flaw

February 10, 2010 by Dissent

Nicholas Carlson writes:

There is a huge privacy flaw in Google’s new Twitter/Facebook competitor, Google Buzz.

When you first go into Google Buzz, it automatically sets you up with followers and people to follow.

A Google spokesperson tells us these people are chosen based on whom the users emails and chats with most using Gmail.

That’s fine.

The problem is that — by default — the people you follow and the people that follow you are made public to anyone who looks at your profile.

Read more on Business Insider.


(Related) But then, maybe that is the “common business practice” for social networks.

http://www.pogowasright.org/?p=7702

Social networking sites failing to hide kids’ details, finds European Commission

February 10, 2010 by Dissent

The Commission analysed the policies of 22 social networking sites in a study aimed at finding out how well-protected under-18s were when using them as part of a campaign to urge young people to protect their information online.

It said that just 40% of the sites they examined had default settings which hid the personal information of minors from all but their friends and family. Just 11 of 22 sites examined stopped minors’ profiles being visible to search engines.

Read more on Out-Law.com



Completely innocent, I'm sure. Any country would want their own citizens, employed in their own country , running a service as important as the mail (even email).

http://yro.slashdot.org/story/10/02/10/2125242/Iran-Suspends-Googles-Email-Service?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Iran Suspends Google's Email Service

Posted by timothy on Wednesday February 10, @04:36PM

appl_iran writes

"Iran's telecommunications agency announced that it would be suspending Google's email services permanently, saying it would roll out its own national email service."

From the short WSJ article that is kernel of this Reuter's story: "An Iranian official said the measure was meant to boost local development of Internet technology and to build trust between people and the government." Funny way to go about that.



What goes on here? Huge bands of heavily armed Taliban terrorists roaming the cities and fields of England? They are fed up with their soccer hooligans? RIAA finally has the anti-piracy tool they always wanted?

http://hardware.slashdot.org/story/10/02/11/016239/Armed-Robot-Drones-To-Join-UK-Police-Force?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Armed Robot Drones To Join UK Police Force

Posted by samzenpus on Thursday February 11, @02:24AM

Lanxon writes

"British criminals should soon prepare to be shot at from unmanned airborne police robots. Last month it was revealed that modified military aircraft drones will carry out surveillance on everyone from British protesters and antisocial motorists to fly-tippers. But these drones could be armed with tasers, non-lethal projectiles and ultra-powerful disorienting strobe lighting apparatus, reports Wired. The flying robot fleet will range from miniature tactical craft such as the miniature AirRobot being tested by one police force, to BAE System's new 12m-wide armed HERTI drone as flown in Afghanistan."



The debate rages on and I'm sure each country is correct under their laws. Which should make International agreements interesting.

http://www.pogowasright.org/?p=7699

Norway court rejects industry bid to block The Pirate Bay


(Related)

http://yro.slashdot.org/story/10/02/10/1833230/Italian-Court-Rules-ISPs-Must-Block-Access-To-Pirate-Bay?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Italian Court Rules ISPs Must Block Access To Pirate Bay



Google has a way of noticing niche (or gaping) holes they can exploit to gain market share. Are they about to do to telecoms what they did to newspapers?

http://tech.slashdot.org/story/10/02/10/1712200/Googles-Experimental-Fiber-Network?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Google's Experimental Fiber Network

Posted by CmdrTaco on Wednesday February 10, @12:20PM

gmuslera writes

"Not enough speed from your ISP? Google seems to go into that market too. 'We're planning to build and test ultra high-speed broadband networks in a small number of trial locations across the United States. We'll deliver Internet speeds more than 100 times faster than what most Americans have access to today with 1 gigabit per second, fiber-to-the-home connections. We plan to offer service at a competitive price to at least 50,000 and potentially up to 500,000 people.' The goal isnt just to give ultra fast speed for some lucky ones, but to test under that conditions things like new generations of apps, and deployment techniques that take advantage of it."

If they need a test neighborhood, I'm sure mine would be willing. [Amen! Bob]



This list now includes a technology section.

http://www.bespacific.com/mt/archives/023476.html

February 10, 2010

The 2009 Global "Go-To Think Tanks"

The 2009 Global "Go-To Think Tanks", The Leading Public Policy Research Organizations In The World, Revised, January 31, 2010, James G. McGann, Ph.D. [Stuart Basefsky]

  • "The 2009 Global Go To Think Tank Rankings marks the fourth year edition of what has now become an annual report. The Think Tanks and Civil Societies Program at the International Relations Program, University of Pennsylvania has created a process for ranking think tanks around the world. It is the first comprehensive ranking of the world’s top think tanks, based on a worldwide survey of hundreds of scholars and experts. The think tank index has been described as the insider’s guide to the global marketplace of ideas. For this ambitious project, I have assembled a panel of close to 300 experts from around the world, across the political spectrum and from every discipline and sector to help nominate and select public policy research centers of excellence for 2009. The members of the Expert Panel were asked to nominate regional or global centers of excellence that they felt should be recognized for producing rigorous and relevant research, publications and programs in one or more substantive areas of research."



Thinking of “going Cloud?”

http://www.killerstartups.com/Web20/cloudxl-com-find-the-right-saas-provider-for-you

CloudXL.com - Find The Right SaaS Provider For You

http://www.cloudxl.com/

The way that software as a service and cloud computing have taken off implies that there are endless providers on the market, and the number increases by the minute. That couldn’t be avoided, and in the end those who have never hired the services of such companies before might be a bit at loss. How could they tell which companies are reputable from the ones that don’t make the cut, in a way that is fast and easy? Well, checking a site like CloudXL is a good way to start telling one from the other.

… Besides, you can always subscribe to the provided RSS feed and be in the loop when new providers are posted and eventually rated.


(Related) The porn industry is normally the earliest of early adopters.

http://news.cnet.com/8301-1009_3-10451566-83.html?part=rss&subj=news&tag=2547-1_3-0-20

Cutting-edge crooks keen on the cloud

by Toby Wolpe February 11, 2010 6:04 AM PST

… "One of the things that persuades me personally that the cloud is absolutely a viable model and has longevity is that it has already been adopted by criminals," Ferguson said. "They are the people who are leading-edge adopters of technology that is going to work and going to stick around for a long time.



This kind of article interests my students (Okay, me too)

http://www.makeuseof.com/tag/6-tips-optimize-pc-playing-movies/

6 Tips To Optimize Your PC For Playing Movies



Phones can do much more than the minimums the telecoms are willing to support.

http://www.theregister.co.uk/2010/02/10/droid_usb_hack/

USB hack connects Droid to printers, video cams, and more



Something for my nephew and niece?

http://www.makeuseof.com/tag/learning-type-online-morefun-defeating-ninjas/

Make Learning To Type Online More Fun By Defeating Ninjas!

http://www.addictinggames.com/ninjahunter.html

No comments: