Tuesday, March 16, 2010

As Identity Theft migrates from personal credit cards to small business bank accounts, the dollar amounts go up – with apparently little additional effort!

http://www.databreaches.net/?p=10643

Victim Asks Capital One, ‘Who’s in Your Wallet?’

March 15, 2010 by admin

Brian Krebs writes:

In December, I wrote about how a Louisiana electronics testing firm was suing its bank, Capital One, to recover the losses after cyber thieves broke in and stole nearly $100,000. It looks like another small firm in that state that was similarly victimized by organized crooks also is suing Capital One to recover their losses.

Joseph Mier and Associates Inc., a real estate appraisal company based in Hammond, L.a., lost more than $27,000 last year when four unauthorized automated clearing house (ACH) withdrawals were made from its accounts and sent to individuals around the United States.

Read more on KrebsonSecurity.com

Related: Complaint (pdf)



Something for those of us with both technical and business degrees? Since this would be a great source of “targeting” information for Computer Security, perhaps we should be the ones to set it up?

http://news.slashdot.org/story/10/03/15/1740214/The-Coming-Botnet-Stock-Exchange?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

The Coming Botnet Stock Exchange

Posted by Soulskill on Monday March 15, @01:22PM

Trailrunner7 writes

"Robert Hansen, a security researcher and CEO of SecTheory, has been gleaning intelligence from professional attackers in recent months, having a series of off-the-record conversations with spammers and malicious hackers in an effort to gain insight into their tactics, mindset and motivation. 'He's not the type to hack randomly, he's only interested in targeted attacks with big payouts. Well, the more I thought about it the more I thought that this is a very solvable problem for bad guys. There are already other types of bad guys who do things like spam, steal credentials and DDoS. For that to work they need a botnet with thousands or millions of machines. The chances of a million machine botnet having compromised at least one machine within a target of interest is relatively high.' Hansen's solution to the hacker's problem provides a glimpse into a business model we might see in the not-too-distant future. It's an evolutionary version of the botnet-for-hire or malware-as-a-service model that's taken off in recent years. In Hansen's model, an attacker looking to infiltrate a specific network would not spend weeks throwing resources against machines in that network, looking for a weak spot and potentially raising the suspicion of the company's security team. Instead, he would contact a botmaster and give him a laundry list of the machines or IP addresses he's interested in compromising. If the botmaster already has his hooks into the network, the customer could then buy access directly into the network rather than spending his own time and resources trying to get in."



“We don't need no stinking warrant!” After delivery, a copy of your email sits in your “Sent” folder as well as the copy in my “Inbox” All that in addition to the “Hold for the government” folder. Perhaps we need to re-think e-mail?

http://yro.slashdot.org/story/10/03/16/1235227/11th-Circuit-Eliminates-4th-Amend-In-E-mail?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

11th Circuit Eliminates 4th Amend. In E-mail

Posted by CmdrTaco on Tuesday March 16, @08:34AM

Artefacto writes

"Last Thursday, the Eleventh Circuit handed down a Fourth Amendment case, Rehberg v. Paulk, that takes a very narrow view of how the Fourth Amendment applies to e-mail. The Eleventh Circuit held that constitutional protection in stored copies of e-mail held by third parties disappears as soon as any copy of the communication is delivered. Under this new decision, if the government wants get your e-mails, the Fourth Amendment lets the government go to your ISP, wait the seconds it normally takes for the e-mail to be delivered, and then run off copies of your messages."



Until this bill is passed, there is absolutely, positively no way to tell a US citizen from one-a them non-English-speaking fur-in-ers. Soon all the good jobs will be stolen by illiterate immigrants – even Senators might be illegal. (Oh wait, that's redundant.)

http://www.pogowasright.org/?p=8351

National Worker ID Proposed in Comprehensive Immigration Bill

March 16, 2010 by Dissent

I missed this story last week about newly proposed legislation that would create worker ID cards:

President Obama is scheduled to meet with Senators Chuck Schumer (D., N.Y.) and Lindsey Graham (R., S.C.) later this week to discuss a Comprehensive Immigration Reform (CIR) bill. At controversy is a proposed national worker ID which would be at the center of the Senators’ proposed immigration bill currently being worked on in the U.S. Senate.

To combat critics of CIR, who say that once it is passed more illegal immigrants will flood the United States, Senators Schumer and Graham will introduce a national worker ID. The new ID card would be embedded with information, such as fingerprints or a scan of the veins in the top of the hand, to tie the card to the worker. The ID card would be required for all legal U.S. workers, including citizens and immigrants. If implemented all new workers, including teenagers, would be phased in with an initial focus on industries that are known to employ illegal-immigrants.

Read more on MigrationExpert


(Related) Or maybe we could do it this way. After all, what fun is a national Health Care system for if you can't make your citizens prove they are “worthy” of care?

http://www.phiprivacy.net/?p=2230

AU: Heath identifier function creep threatens data privacy says Coalition

By Dissent, March 15, 2010 11:48 am

Kareen Dearne reports:

The Senate Community Affairs committee has recommended passage of the controversial Healthcare Identifiers Bill, despite the minority Coalition members calling for amendments to ensure patient privacy and prevent personal identifiers being turned into a national identity regime.

Last night, the committee recommended developing a plan to introduce the scheme over the next two years, opening it to public comment before finalisation.

“The National E-Health Transition Authority in partnership with the Health Department and Medicare should more effectively engage all stakeholders in establishing the HI service,” it said.

Read more on Australian IT.



I suggest we start with his... All of it.

http://yro.slashdot.org/story/10/03/15/1811224/Yale-Law-Student-Wants-Government-To-Have-Everybodys-DNA?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Yale Law Student Wants Government To Have Everybody's DNA

Posted by Soulskill on Monday March 15, @02:06PM

An anonymous reader writes

"Michael Seringhaus, a Yale Law School student, writes in the NY Times, 'To Stop Crime, Share Your Genes.' In order to prevent discrimination [Gack! That's carrying PC way too far. By extension, we could execute everyone, not just serial killers – fair is fair. Bob] when it comes to collecting DNA samples from criminals (and even people who are simply arrested), he proposes that the government collect a DNA profile from everybody, perhaps at birth (yes, you heard that right)."

Regarding the obvious issue of genetic privacy, Seringhaus makes this argument: "Your sensitive genetic information would be safe. A DNA profile distills a person’s complex genomic information down to a set of 26 numerical values, each characterizing the length of a certain repeated sequence of 'junk' DNA that differs from person to person. Although these genetic differences are biologically meaningless — they don’t correlate with any observable characteristics — tabulating the number of repeats creates a unique identifier, a DNA 'fingerprint.' The genetic privacy risk from such profiling is virtually nil, because these records include none of the health and biological data present in one’s genome as a whole."



Darn! Now I have to train my Hacker 101 class to bathe...

http://www.pogowasright.org/?p=8334

Bacteria Trail Betrays Identity Of Computer Users

March 15, 2010 by Dissent

Thomas Claburn reports that now our bacteria can compromise our privacy:

Scientists at the University of Colorado at Boulder have found that the bacteria trail left behind on objects like computer keyboards and mice can analyzed and used to help identify users of those devices.

“Your body is coated with bacteria inside and out,” says CU-Boulder assistant professor Noah Fierer in a video on YouTube. “You’re basically a walking microbial habitat. And we found that the diversity of bacteria just on the skin surface is really pretty incredible. You harbor hundreds of different bacteria species just on your palm, for example. We’ve also found that everybody is pretty unique. So of those let’s say hundred or so bacteria species, very few are of them are shared between individuals.”

What Fierer and his colleagues have demonstrated in a new study is that the distinctive combination of bacteria each of us carries and distributes can be used to help identify what we’ve touched.

Such work may one day help link individuals to malicious computer use or other crimes.

Read more on InformationWeek.

(For directions on knitting the bacteria [Huh? Bob] in the featured photo, click here.)

[Watch the video here: http://www.youtube.com/watch?v=K4b7eqZAWuA&feature=player_embedded#


(Related) Tools for Hackers... I'd never suggest such things to my students because, as Dick Nixon said, “That would be wrong!”

http://www.makeuseof.com/dir/try2stopme-bypass-restrictive-firewalls

Try2StopMe: Bypass Restrictive Firewalls at Work & School

… Try2StopMe is essentially a web-based proxy service, which means your web traffic is routed through another computer before being sent to you. This can bypass censorship because so far as the corporate or national firewall can tell all you’re doing is browsing Try2StopMe.

Check out Try2StopMe @ www.endscene.net/T2SM

Similar sites: AnonyMouse, CTunnel, Prime Proxies and Unblockall.


(Related) Now my Hackers will need some PhotoShop training. (Chapter 6 How to add Zeros)

http://news.slashdot.org/story/10/03/16/0027217/Deposit-Checks-To-Your-Bank-By-Taking-a-Photo?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Deposit Checks To Your Bank By Taking a Photo

Posted by kdawson on Tuesday March 16, @07:50AM

Pickens writes

"The Mercury News reports that consumers will soon be able to deposit a check by snapping a photo of it with a cell phone and transmitting an encrypted copy to their bank. Although some critics contend paperless deposits are an attempt by the banking industry to eliminate 'float,' the standard one- or two-day waiting period between the time someone writes a check and the time the money is actually taken out of their account, actually remote-deposit capture started out as a way for big companies and financial institutions to process huge numbers of checks without having to ship them around the country. 'Our customers are becoming more and more tech-savvy,' said an SVP for mobile banking at Citibank. 'We're trying to support those people on the go.' Although the process adds a new wrinkle to concerns about fraud and the privacy of financial data, banks and the technology companies helping them say they have largely overcome these concerns. Another bank SVP said, 'For many institutions struggling to raise deposits and differentiate, this is an outstanding offering they can roll out inexpensively [note: interstitial]. It's a sticky product.'"



There have been (FBI) press releases before, but here's the whole report. Interesting that the leader in the “Perpetrators per 100,000 People” category is Washington DC.

http://www.bespacific.com/mt/archives/023746.html

March 15, 2010

Internet Crime Complaint Center Annual Report

News release: "The Internet Crime Complaint Center (IC3), a partnership between the FBI and the National White Collar Crime Center (NW3C), released the 2009 Annual Report about fraudulent activity on the Internet today. Online crime complaints increased substantially once again last year, according to the report. The IC3 received a total of 336,655 complaints, a 22.3 percent increase from 2008. The total loss linked to online fraud was $559.7 million; this is up from $265 million in 2008."



Is this a model for RIAA fighters here?

http://www.pogowasright.org/?p=8340

Pirate Bay legal action dropped in Norway

March 15, 2010 by Dissent

Mikael Ricknäs reports:

Copyright holders have given up legal efforts to force Norwegian ISP Telenor to block filesharing site The Pirate Bay, one of the parties to the case said.

The copyright holders, led by Norway’s performing rights society TONO and by the International Federation of the Phonographic Industry Norway (IFPI Norge) Norway have lost two rounds in the Norwegian court system, and have now decided against appealing the case to Norway’s supreme court, the organisations said.

Read more in Computerworld UK. TorrentFreak also provides coverage.



I wonder how many of these are in my cereal? (Of course, these are only the “non-confidential” chemicals – apparently Mother Nature holds patents...)

http://www.bespacific.com/mt/archives/023756.html

March 15, 2010

EPA Makes Chemical Information More Accessible to Public For the first time

News release: "As part of Administrator Lisa P. Jackson’s strong commitment to increase information on chemicals, for the first time, EPA is providing web access, free of charge, to the Toxic Substances Control Act (TSCA) Chemical Substance Inventory. This inventory contains a consolidated list of thousands of industrial chemicals maintained by the agency. EPA is also making this information available on Data.Gov, a website developed by the Obama Administration to provide public access to important government information. This action represents another step to increase the transparency of chemical information while continuing to push for legislative reform of the 30 year old TSCA law."



Very focused search...

http://www.makeuseof.com/tag/top-7-underground-search-engines-knew/

Top 6 Underground Search Engines You Never Knew About

By Ryan Dube on Mar. 15th, 2010

Torrent Finder is one of the most impressive meta-search engines for Torrent files around.

… great bargain search engine FreshBargains. FreshBargains aggregates results from 15 top websites, which is excellent. However, another fantastic and barely known website to find freebies is called Prospector.

… Earlier, I wrote an article about the best websites to find foreclosed homes. Public government sources seemed to provide the most information without requiring a paid membership. However, somehow I missed AOL Foreclosures.

… Another very common sought-after search engine that isn’t always very easy to find are those that offer free public records information. Nine times out of ten, if you try to find such a search engine, you’ll end up with results from one of the major commercial companies trying to sell paid public records search results to you. However, the Public Record Center is different.

… Ever hear of a search engine that lets you dig up legal information from the web? Neither did I, until I discovered Cornell’s Legal Information Institute.

… Of course, if we want to go really underground, we’ve got to go paranormal. And there’s really no better underground paranormal search engine out there than UFO Seek. Don’t let the name fool you, this particular niche search engine isn’t just focused on UFOs and aliens.



If his autobiography is anything to go on, his papers and letters might be interesting to read as well. The political cartoons are very interesting – especially those dealing with the Wall Street bailout.

http://www.bespacific.com/mt/archives/023750.html

March 15, 2010

Mississippi State University Libraries Posts Online Collection of Ulysses S. Grant's Papers

Newswise: "With the digitization process now complete, the 31 volumes of Ulysses S. Grant's collected papers now are available online through the Mississippi State University Libraries. The volumes contain thousands of letters written by and to the 18th U.S. president and former Civil War general and Union Army hero. Also including military documents, other materials and numerous photographs, the collection may be viewed free via the Ulysses S. Grant Association's Web site."


(Related) I think I've mentioned this before, but it never hurts to be redundant.

http://www.freetech4teachers.com/2010/03/avalon-project-hundreds-of-primary.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+freetech4teachers%2FcGEY+%28Free+Technology+for+Teachers%29

Tuesday, March 16, 2010

The Avalon Project - Hundreds of Primary Documents from US History

The Avalon Project is a good resource for students that need to find digital copies of original documents. For example, all of The Federalist Papers are available on the Avalon Project website.



I'll seriously suggest this type of tool to my students. I'd rather have them spend a reasonable amount of time every day than try to do all of their online assignments at one sitting.

http://www.makeuseof.com/dir/xminutesat-avoid-wasting-time

xMinutesAt: Avoid wasting time by setting timer on any website

… xMinutesAt is a handy tool to helps avoid wasting time online. It is a small online timer that you can set before browsing any website, and it will remind you once the timer counts down to zero.

www.x.minutes.at

Similar tools: ToVisitOrNot, StayFocusd, MinutesPlease and KeepMeOut.

No comments: