Thursday, March 04, 2010

For the 53rd time, we don't see any need to encrypt our laptops! “

http://www.databreaches.net/?p=10369

Council hit again by lap top thefts

March 3, 2010 by admin

Mike Keegan reports that Oldham council has suffered yet another data breach: a laptop and laptop bag containing documents with employee information such as names, job titles, and salaries was stolen over the weekend.

The theft is thought to have taken place in the authority’s Human Resources Department at the Civic Centre.

[...]

Councillor Lynne Thompson, Cabinet Member for Finance and Resources, said: “Oldham Council can confirm that over last weekend a laptop and a laptop bag containing some documents were stolen from one of the council’s buildings in the borough. No information about any member of the public was involved, but the documents did include some employee information.

Read more in the Manchester Evening News.

[From the article:

Last year a review was ordered after 17 laptops were stashed in a recycling bin and taken off the premises.

The cash-strapped authority, which is looking at cutting 500 jobs to slash costs, spent £**amount to come** on a host of new security measures which included a sophisticated computerised swipe card system.

Many staff were issued with new identity badges, and new card readers were being introduced at all entrances, car park barriers and along the corridors.

Council chief executive Charlie Parker hailed the measures as 'an important step forward'.

[But they didn't even try the free encryption programs? Ignorance of Security Best Practices is no excuse! Bob]

… It is thought that despite the new systems, bosses do not know exactly when the theft took place. [Trust us, we have everything under control. Bob]

Earlier this year the council proposed slashing £250,000 from its security budget.


(Related) For my “How to commit computer crime” lecture.

http://www.switched.com/2010/03/03/wi-fi-finders-helping-thieves-locate-and-steal-laptops/

Wi-Fi 'Finders' Helping Thieves Locate and Steal Laptops

by Caleb Johnson — Mar 3rd 2010 at 1:30PM

We don't recommend leaving your laptop in the car for any reason, but, if you must, make sure you turn off the Wi-Fi signal first. According to Network World, thieves are using devices meant to locate Wi-Fi networks to detect laptops and steal them. Apparently, just closing the screen won't prevent your laptop from being detected, either. Wi- Fi disconnection must be done manually, as it can take as long as a half-hour for a laptop to go into sleep mode.


(Ditto) Who said thieves can't use technology?

http://www.databreaches.net/?p=10398

Cyberthieves Using Bluetooth To Steal Gas Station Credit Card Data

March 4, 2010 by admin

Evan Schuman writes:

When cyberthieves plant skimming devices inside POS PIN pads, they typically have one of two headaches. First, they have to return to the scene of the crime to retrieve the device and its stolen data, which is dangerous. If the thieves use the device to wirelessly phone the data to one of their own, it’s safer initially. But if that data is detected and examined, it could lead law enforcement right to the culprits—a.k.a., problem number two.

But one group of cyberthieves in Utah—as yet uncaught—has hit about 200 gas stations in that state with a toothy tweak: Bluetooth-y, to be precise. By arming their skimmers with a Bluetooth transmitter, the stolen card data was beamed out indiscriminately to anyone nearby—make that very nearby—who happened to choose to listen for it. When such a device is found by law enforcement, it reveals nothing to point to the thieves’ location—past or present—and nothing to even indicate how long it’s been there. The devices in the Utah case had no local storage whatsoever, police said; they simply grabbed the data and instantly beamed it away.

Read more on StorefrontBacktalk.



Okay people, lets put our heads together and try to come up with the worst possible date for a security breach.

http://www.databreaches.net/?p=10371

St. George Bank printing gaffe fuels fraud fears (updated)

March 3, 2010 by admin

Jessica Johnston reports:

A serious bank blunder has threatened the financial security of 42,000 people after their statements were mailed to strangers.

A former bank manager and a business owner are among the Gold Coast victims of a major fraud scare after private details were distributed during a St George Bank printing mistake.

The error resulted in names and addresses being transposed on to the wrong statements, which included personal information including Centrelink numbers, wage and employee details.

Ironically the mix-up occurred in national fraud week, and experts yesterday warned few details were needed to steal someone’s identity.

Read more on Goldcoast.com.au

Update: The bank’s vendor, Salmat, accepted responsibility for the breach.



Identity Theft is now a wholesale crime – and apparently lucrative enough to attract (gasp) thieves!

http://www.databreaches.net/?p=10385

Former fugitives sentenced for possessing more than 3k stolen credit cards

March 3, 2010 by admin

Octavio Delemos, 26, and Ruddy Perez-Espinal, 25, formerly of Miami-Dade County, were sentenced today for conspiring to commit credit card fraud, credit card fraud, and aggravated identity theft. U.S. District Court Marcia G. Cooke sentenced Delemos to 48 months’ imprisonment and Perez-Espinal to 64 months’ imprisonment. Both defendants were ordered to serve a three year term of supervised release following their incarceration, and to pay $171,562 in restitution.

According to court documents, in December 2007, a confidential informant told law enforcement that Delemos, Perez-Espinal, and their co-defendant Alfredo Dalmau were manufacturing counterfeit credit cards at a Medley, FL, home where all three defendants resided. On December 11, 2007, law enforcement began the process of securing a warrant to search the Medley residence.

While law enforcement agents were obtaining the search warrant, agents observed a group of armed home invaders, pretending to be police officers, raid the defendants’ residence, beat the defendants and their guests, tie up the defendants, and attempt to steal the defendants’ proceeds from credit card fraud. Law enforcement arrested the home invaders, secured a search warrant, and arrested Delemos, Perez-Espinal and Dalmau for credit card fraud.

Inside the Medley residence, law enforcement found evidence of a counterfeit credit card manufacturing operation, including hundreds of blank plastic cards used to make counterfeit credit cards, rolls of tipping foil to create the magnetic strips, partially manufactured counterfeit credit cards, and laptop computers. Subsequent analysis of the laptops revealed that the defendants possessed more than 3,000 stolen credit card numbers. Each defendant possessed a fraudulent identification with the defendant’s picture but a fraudulent name. In addition, each defendant possessed at least one counterfeit credit card with the defendant’s fictitious name but a real victim’s credit card number.

After indictment, the defendants filed a Motion to Suppress the evidence found inside the residence. After the district court denied the Motion in May 2008, the defendants fled to the Dominican Republic to avoid trial. In May 2009, Delemos and Perez-Espinal were arrested in the Dominican Republic and extradited to the United States. Alfredo Dalmau remains a fugitive, suspected of living in the Dominican Republic.

In December 2009, defendants Delemos and Perez-Espinal pled guilty to conspiring to commit credit card fraud, producing counterfeit access devices, possessing 15 or more counterfeit and unauthorized access devices, and aggravated identity theft. Because the defendants fled, Judge Cooke imposed a sentencing enhancement for obstruction of justice and rejected the defendants’ claim that they deserved a reduction for acceptance of responsibility. The Florida State Attorney’s Office is prosecuting the home invaders.

Source: U.S. Attorney’s Office



Should be (but rarely is) obvious. Lots of helpful forms and links!

http://www.databreaches.net/?p=10416

ICO outlines business case for privacy

March 4, 2010 by admin

In The Privacy Dividend, a report published on 4 March 2010, it said public and private sector organisations can use business cases to justify spending on privacy protection.

It says the benefits of protecting privacy derive from four areas in which information has value. Firstly, protecting personal information as an asset can help to make an organisation’s operations efficient, agile and attractive to the public. Secondly, respecting people’s privacy helps to win their trust, and can enhance an organisation’s reputation.

Read more on Kable.

[From the article:

Thirdly, protecting information from other parties can save people from the harm associated with privacy violations. Finally, winning people's trust will support working with other organisations.

[Correct link for the report: http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/privacy_dividend.pdf



What makes them think it was unintended?

http://www.eff.org/wp/unintended-consequences-under-dmca

Unintended Consequences: Twelve Years under the DMCA

This document collects reported cases where the anti-circumvention provisions of the DMCA have been invoked not against pirates, but against consumers, scientists, and legitimate competitors. It will be updated from time to time as additional cases come to light. Previous versions remain available.

PDF available



Convergence. Think of displaying a 2 dimensional barcode on your phone's screen...

http://www.techradar.com/news/phone-and-communications/mobile-phone-boarding-passes-increase-by-1-200--674329

Mobile phone boarding passes increase by 1,200%

Handsets just the ticket

By Marc Chacksfield

The amount of consumers using mobile phone boarding passes has dramatically risen, with one company quoting a 1,200 per cent increase.

… Instead of security scanning your boarding pass, they can do it straight from your phone.



What does it take to convince you to drink the koolaide?

http://www.pogowasright.org/?p=8120

A quarter of Germans want to be implanted with chips

March 4, 2010 by Dissent

Clay Dillow reports:

Privacy-loving Americans have roundly rejected the idea of implanting microchips within their bodies, but one in four Germans is enthusiastic about the idea of having a chip implanted as long as there are tangible benefits involved. Those benefits don’t even have to be of the life-and-death nature; some said they would implant a chip simply to make a shopping experience more enjoyable.

A poll released Monday in anticipation of Europe’s CeBIT trade show indicated that 23 percent of Germans are open to the idea of implantable microchips. The largest contingent (16 percent) said they would do it to help emergency services respond to them more quickly and effectively in case of an accident.

Read more in PopSci.



I'm fairly sure this is not to ensure that NK does not infringe Microsoft's patents. Someone is thinking of ways to secure their infrastructure. It will be interesting to see if it works better than any new operating system.

http://linux.slashdot.org/story/10/03/03/2155235/North-Koreas-Own-OS-Red-Star?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

North Korea's Own OS, Red Star

Posted by timothy on Wednesday March 03, @05:00PM

klaasb writes

"North Korea's self-developed computer operating system, named 'Red Star,' was brought to light for the first time by a Russian satellite broadcaster yesterday. North Korea's top IT experts began developing the Red Star in 2006, but its composition and operation mechanisms were unknown until the internet version of the Russia Today TV program featured the system, citing the blog of a Russian student who goes to the Kim Il-sung University in Pyongyang."

[From the article:

The Red Star is based on Linux, a free and open software operating system, but looks a lot like the Microsoft Windows on display. It also has a similar user interface. [Or maybe they'll claim Linux and Microsoft stole their code? Bob]



Note what they consider “moderately large” datasets. It's all a matter of scale, but you can see from the comments that storing data in the Cloud is becoming more acceptable.

http://ask.slashdot.org/story/10/03/03/2148245/Long-Term-Storage-of-Moderately-Large-Datasets?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Long-Term Storage of Moderately Large Datasets?

Posted by timothy on Wednesday March 03, @05:18PM

hawkeyeMI writes

"I have a small scientific services company, and we end up generating fairly large datasets (2-3 TB) for each customer. We don't have to ship all of that, but we do need to keep some compressed archives. The best I can come up with right now is to buy some large hard drives, use software RAID in linux to make a RAID5 set out of them, and store them in a safe deposit box. I feel like there must be a better way for a small business, but despite some research into Blu-ray, I've not been able to find a good, cost-effective alternative. A tape library would be impractical at the present time. What do you recommend?"



Forensics and e-Discovery?

http://search.slashdot.org/story/10/03/03/239201/Narus-Develops-Social-Media-Sleuth?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Narus Develops Social Media Sleuth

Posted by samzenpus on Wednesday March 03, @07:16PM

maximus1 writes

"Narus is developing a new technology code-named Hone that can be used to identify anonymous users of social networks and Internet services. Hone can do some pretty 'scary' things, says Antonio Nucci, chief technology officer with Narus. Hone uses artificial intelligence to analyze e-mails and can link mails to different accounts, doing what Nucci calls topical analysis. 'It's going to go through a set of documents and automatically it's going to organize them in topics — I'm not talking about keywords as is done today, I'm talking about topics,' he said. That can't be done with today's technology, he said. 'If you search for fertilizers on Google ... it's going to come back with 6.5 million pages. Enjoy,' he said. 'If you want to search for non-farmers who are discussing fertilizer ... it's not even searchable.' Nucci will discuss Hone at the RSA Conference in San Francisco Friday."



I'll have to share this with my fellow teachers – sorry students! (Interesting that my first thought and the first comment were “A Clockwork Orange”)

http://tech.slashdot.org/story/10/03/04/0258221/Using-Classical-Music-As-a-Form-of-Social-Control?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Using Classical Music As a Form of Social Control

Posted by samzenpus on Thursday March 04, @01:34AM

cyberfringe writes

"Classical music is being used increasingly in Great Britain as a tool for social control and a deterrent to bad behavior. One school district subjects badly behaving children to hours of Mozart in special detention. Unsurprisingly, some of these youth now find classical music unbearable. Recorded classical music is blared through speakers at bus stops, outside stores, train stations and elsewhere to drive away loitering youth. Apparently it works. Detentions are down, graffiti is reduced, and naughty youth flee because they find classical music repugnant."



Might be useful for iPad owners.

http://www.makeuseof.com/tag/free-multiplatform-tools-create-ibooks/

Two Free Multiplatform Tools To Create iBooks

By Jeffry Thurana on Mar. 3rd, 2010

… Even though iPad is said to be capable of opening several standard ebook formats from simple text to Adobe’s PDF, Apple adopted the free and open source ePub as the format of their iBooks.

… Here are two free multiplatform tools to create iBooks – a.k.a: ePub books.

  1. eCub: A lightweight ePub publisher to create iBooks available for Windows, Mac, Linux, FreeBSD and Solaris platform.

  2. Sigil: Describes itself as a WYSIWYG ebook editor. Available for Windows, Mac and Linux. Some of the features are:

… If you like eBooks, you might want to check out our other ebook articles: The Best 6 Sites to Get Free Ebooks, How To Convert Scanned Pages Into eReader eBook Format, Calibre – Mighty eBook Management Software (Multi-OS) and How To Download Books From Google Books,



Color printer ink costs a Bazillion dollars an ounce. Here's how to use it by the gallon!

http://www.makeuseof.com/tag/posterazor-simple-tool-posters/

PosteRazor – Another Simple Tool To Make Your Own Posters

By Saikat Basu on Mar. 3rd, 2010

PosteRazor is a free software that easily helps you make your own posters at home. All that you need is an idea, the PosteRazor freeware and a standard color printer. PosteRazor is open source and a really small download at 484KB.

Poster lovers can check out a very early MakeUseOf HowTo: Free & Huge Custom Poster For Your Wall article that shows how to print out sections of a large image on standard size paper, and assemble it all as a huge poster.


(Also see)

http://www.makeuseof.com/tag/make-your-own-motivational-posters/

4 Apps To Make Motivational Posters

No comments: