Wednesday, April 14, 2010

For my Business students. Think of this as a model for a global business you can start in your basement “hacker lair!”

http://www.databreaches.net/?p=11186

Data stolen from 95,000 credit card customers

April 13, 2010 by admin

Kim Mi-ju reports:

A single information trafficker managed to steal the personal data of more than 95,000 Korean credit card users – and sell it to thieves who created cloned credit cards, police said Sunday.

Police said a Romanian used the Internet to install spyware in point-of-sale systems at 36 large discount stores, restaurants and gas stations in Korea, then stole card information from 95,266 customers last August. The Romanian sold the data to Malaysian traffickers, who in turn sold part of it to four men whom police arrested Sunday.

[...]

Police said 943 credit cards were cloned and used to charge 677 million won in 49 countries. The losses will be borne by the issuing credit card companies and banks, which in turn may seek reimbursement from the card-reading companies whose system the hacker broke.

Read more from JoongAng Daily



Didn't the bank know what was taken? What (feeble?) encryption method was used?

http://www.databreaches.net/?p=11190

79,000 clients identified from stolen HSBC data: prosecutor

April 13, 2010 by admin

Some 79,000 customers have been identified from data stolen from a Swiss unit of HSBC bank, a French prosecutor said Tuesday, citing a far higher number than previously made public.

The chief executive of HSBC Private Bank (Switzerland) said last month that details on 24,000 bank customers may have been leaked in the theft three years ago by an IT worker at the bank.

However, French prosecutor Eric de Montgolfier said the stolen files, which have now been decrypted, allowed for the identification of 127,000 accounts belonging to 79,000 people.

Read more from AFP.


(Related) Ethics? Or part of their new “You can't trust the Swiss” AD campaign?

http://www.databreaches.net/?p=11201

Liechtenstein digs in heels against stolen bank data

April 14, 2010 by admin

The small tax haven of Liechtenstein is preparing to backpedal on an agreement with Germany to crack down on tax dodgers, and now plans to give no help if investigations are based on stolen data, a report said Wednesday.

The tiny alpine principality, which lies between Switzerland and Austria, intends to introduce new clauses into an agreement it made in March with the German government, daily Süddeutsche Zeitung reported.

The changes mean it would give no help to countries such as Germany in investigating tax evasion if a case involved stolen bank data.

Read more in The Local (De)



http://www.databreaches.net/?p=11207

Almost Half of Disclosed Breaches Do Not Include Number of Records Compromised

April 14, 2010 by admin

Perimeter E-Security today unveiled the results of its annual U.S. Data Breach Study, a review of the scope and impact of data security breaches that occurred in the past year.

“While 2009 had the fewest number of data breach incidents reported in the last four years, there was a dramatic increase in the average number of records lost in each incident and a rise in the costs associated with a breach,” said Kevin Prince, Chief Technology Officer, Perimeter E-Security. “The most disturbing trend is that almost half of publicly disclosed data breaches do not include the total number of records compromised.”

[...]

Amongst the key study findings:

  • 2009 had the fewest number of data breach incidents reported in the last four years.

  • Nearly 40 percent of publicly disclosed data breaches in 2009 did not include the number of records compromised.

  • Stolen laptops remain the number one cause of a data breach incident in 2009.

  • Improper disposal of documents that lead to a data breach rose a sharp 130 percent over 2008.

  • Third parties caused 12 percent of data breach incidents in 2009.

Read more of the press release here.

Related: U.S. Data Breach Study of 2009.



Google was one of Obama big supporters. Is it possible they feel betrayed? Or is this just a good strategy for promoting their “Cloud Computing” business?

http://news.cnet.com/8301-13578_3-20002423-38.html?part=rss&subj=news&tag=2547-1_3-0-20

Google backs Yahoo in privacy fight with DOJ

by Declan McCullagh April 13, 2010 5:27 PM PDT

Google and an alliance of privacy groups have come to Yahoo's aid by helping the Web portal fend off a broad request from the U.S. Department of Justice for e-mail messages, CNET has learned.

In a brief filed Tuesday afternoon, the coalition says a search warrant signed by a judge is necessary before the FBI or other police agencies can read the contents of Yahoo Mail messages--a position that puts those companies directly at odds with the Obama administration.

Yahoo has been quietly fighting prosecutors' requests in front of a federal judge in Colorado, with many documents filed under seal. Tuesday's brief from Google and the other groups aims to buttress Yahoo's position by saying users who store their e-mail in the cloud enjoy a reasonable expectation of privacy that is protected by the U.S. Constitution.

… For its part, the Justice Department has taken a legalistic approach: a 17-page brief it filed last month acknowledges that federal law requires search warrants for messages in "electronic storage" that are less than 181 days old. But, Assistant U.S. Attorney Pegeen Rhyne writes in a government brief, the Yahoo Mail messages don't meet that definition.

"Previously opened e-mail is not in 'electronic storage,'" Rhyne wrote in a motion filed last month. "This court should therefore require Yahoo to comply with the order and produce the specified communications in the targeted accounts." (The Justice Department's position is that what's known as a 2703(d) order--not as privacy-protective as the rules for search warrants--should let police read e-mail.)

On December 3, 2009, U.S. Magistrate Judge Craig Shaffer ordered Yahoo to hand to prosecutors certain records including the contents of e-mail messages. Yahoo divulged some of the data but refused to turn over e-mail that had been previously viewed, accessed, or downloaded and was less than 181 days old.

… A few weeks ago, for instance, Justice Department prosecutors told a federal appeals court that Americans enjoy no reasonable expectation of privacy in their mobile device's location and that no search warrant should be required to access location logs.

Update 8:15 p.m. PT: I've heard back from a Justice Department representative who says he'll be able to answer questions on Wednesday after he talks to the cyber crime section.


(Related) Or maybe the lower courts are taking longer to understand the implications of technology?

http://www.pogowasright.org/?p=8912

Where is the Fourth Amendment docket?

April 14, 2010 by Dissent

Orin Kerr writes:

Next Monday, the Court will hear oral argument in City of Ontario v. Quon, a Fourth Amendment case on employee rights in text messages. Notably, Quon is one of only two Fourth Amendment cases to be decided this Term. And the other Fourth Amendment case, Michigan v. Fisher, was at best a minor footnote: Fisher was a per curiam summary reversal, meaning that the Court thought the case was so easy that it reversed without merits briefing or oral argument. The presence of only two search and seizure cases is a bit surprising. In the previous Term, for example, the Court handed down decisions in five such cases. The dearth of cases raises a question: What happened to the Court’s Fourth Amendment docket?

If you look closely, some clues emerge.

Read more on SCOTUSblog. Orin hypothesizes that what may be happening is that justices who are more inclined to rule for defendants are denying cert because they have some fear or uncertainty as to how the cases will turn out in light of the pro-government justices on the current court.


(Related)

http://www.pogowasright.org/?p=8915

Some Thoughts on the Reply Brief in City of Ontario v. Quon

April 14, 2010 by Dissent

Orin Kerr writes:

The Reply Brief in the Court’s only major Fourth Amendment case this term, the text-messaging case City of Ontario v. Quon, has now been filed and is available here. Here are a few thoughts on it.

(1) The parties focus significant attention on the Stored Communications Act, somewhat to my surprise. The Stored Communications Act (SCA) is the federal statute that governs access to e-mail and the like: The Quon case was originally litigated under both the SCA and the Fourth Amendment. Quon argues that the SCA helps create a reasonable expectation of privacy in the stored text messages. By creating statutory privacy rights, Quon argues, the SCA helped make any expectation of privacy “reasonable.”

I don’t think that’s a persuasive argument, with a possible caveat I’ll get to in a minute. As a general rule, I think statutory privacy laws have to be considered independently from the Fourth Amendment: The creation of statutory privacy laws cannot make an expectation of privacy constitutionally reasonable, and the absence of them cannot make an expectation of privacy constitutionally unreasonable.

Read more on The Volokh Conspiracy.



Clearly the government will have to make telling the truth mandatory! Just like they ensured everyone files their taxes honestly.

http://www.phiprivacy.net/?p=2431

Survey: Patients May Lie if Electronic Medical Records Are Shared

By Dissent, April 13, 2010 10:05 am

Katherine Hobson reports:

Patients already lie to their doctors. And almost half of respondents in a new survey said if there was any hint their health information — even stripped of identifying details like name or date of birth — would be shared with outside organizations, they might be even less forthcoming.

A study on electronic medical records use by the California HealthCare Foundation, a philanthropic group, found that 15% of the 1,849 adults surveyed said they’d conceal information from a physician if “the doctor had an electronic medical record system” that could share that info with other groups. Another 33% would “consider hiding information.”

Read more on the WSJ Health Blog.



This story hasn't made so much as a ripple, but isn't it an indication that even Microsoft finds supporting Microsoft software expensive and difficult?

http://www.thetechherald.com/article.php/201015/5503/Microsoft-hands-internal-tech-support-to-India-s-Infosys

Microsoft hands internal tech support to India's Infosys

by Stevie Smith - Apr 14 2010, 06:13

In a move to reduce IT costs and add flexibility to its tech operations, American software titan Microsoft has announced a three-year deal that will see its worldwide internal technical support outsourced to India-based Infosys.



A new media needs a new Prize. Since Rupert Murdock is unlikely to fund one, we need to find an appropriate Daddy Warbucks who would like to be immortalized for a mere few millions...

http://news.slashdot.org/story/10/04/13/2020227/First-Pulitzer-Awarded-To-an-Online-News-Site?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

First Pulitzer Awarded To an Online News Site

Posted by kdawson on Tuesday April 13, @05:47PM

Hugh Pickens writes

"The Columbia Spectator reports that ProPublica, an independent, non-profit online newsroom, is the first online organization to win a Pulitzer Prize. Propublica reporter Sheri Fink won a Pulitzer Prize for Investigative Reporting for her story about the deadly choices faced at one New Orleans hospital in the days after Hurricane Katrina. The winning article was published in the New York Times Magazine and on ProPublica.org. Pulitzer Prize administrator Sig Gissler says that ProPublica's model represents a mode of journalism that will become increasingly influential, as fewer resources for investigative journalism remain available at the disposal of news outlets. In addition to ProPublica, another online entry won for the first time in the category of cartooning — Mark Fiore was awarded a Pulitzer for his self-syndicated animated cartoons, which appeared on the San Francisco Chronicle website."


(Related) Fertile ground for Innovation Awards (telling the old school how it should be done)

http://www.bespacific.com/mt/archives/024015.html

April 13, 2010

News Leaders and the Future The State of Journalism

News release: "America's news executives are hesitant about many of the alternative funding ideas being discussed for journalism today and are overwhelmingly skeptical about the prospect of government financing, according to a new survey by the Pew Research Center's Project for Excellence in Journalism in association with the American Society of News Editors (ASNE) and the Radio Television Digital News Association (RTDNA). Many news executives, however, sense change for the better in their newsrooms despite cutbacks and declining revenue. Editors at newspaper-related companies praise the cultural shifts in their organizations, the younger, tech-savvy staff, and a growing sense of experimentation. Many broadcast executives see so-called one-person crews -- in which the same individual reports, produces and shoots video -- as improving their journalism by getting more people on the street. But the leaders of America's newsrooms are nonetheless worried about the future. Fewer than half of all those surveyed are confident their operations will survive another 10 years -- absent significant new sources of revenue. Nearly a third believe their operations are at risk in just five years or less. And many blame the problems not on the inevitable effect of technology but on their industry's missed opportunities."



This is inevitable.

http://techcrunch.com/2010/04/13/800000-households-abandoned-tvs-web/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Estimate: 800,000 U.S. Households Abandoned Their TVs For The Web



Tools & Techniques

http://developers.slashdot.org/story/10/04/13/1951246/How-To-Exploit-NULL-Pointers?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

How To Exploit NULL Pointers

Posted by kdawson on Tuesday April 13, @05:03PM

An anonymous reader writes

"Ever wondered what was so bad about NULL pointer exceptions? An MIT Linux kernel programmer explains how to turn any NULL pointer into a root exploit on Linux. (There was also a previous installment about virtual memory and how to make NULL pointers benign.)"



For my website students

http://www.makeuseof.com/dir/css3-generator-quick-reference-creating-css3-tidbits/

CSS3 Generator: A Quick Reference For Creating CSS3 Tidbits

.. Just select what you want to accomplish from the pull-down menu and you’ll be presented with options related to it. Fill in the form and CSS3 Generator will output code for you, perfect for use in your latest project.

A single drop-down menu gives you access to border radius, box shadow, text shadow, RGBA, @FontFace, multiple columns, box resize, box sizing, outline and selectors. Select any of these functions and you’ll be presented with a few options; fill those in and you’ll have your code. You’ll also see a preview of the function you’re experimenting with, so if you’re not sure what these functions do you can find out quickly and easily. Simple, right?

www.css3generator.com

No comments: