http://www.databreaches.net/?p=11135
HBDirect.com customers notified of hack
April 8, 2010 by admin
HBDirect.com suspects that its web site was breached and that customers’ names, addresses, phone numbers, e-mail addresses and credit card numbers were stolen.
In a letter to those affected which is not the typical letter I’m used to reading, company principal Paul Ballyk not only explained what an SQL injection attack is, but noted that even though the customer data were encrypted on the site, they believe that the hackers may have cracked the encryption code. Kudos to them for not trying to minimize the risk.
Customers who used the web site between December 1, 2009 and February 10, 2010 were notified of the potential compromise of their information. While the company did not offer free services such as credit monitoring, I liked how the president of the company invited people to email him or call him directly if they had questions.
Complexity simply requires more control. There is no reason this should be true.
http://www.databreaches.net/?p=11128
Data breaches to cost more in the cloud
April 8, 2010 by admin
Liz Tay reports:
Remedying a data breach costs 40 percent more for businesses that store their data offshore, a study of Australian incidents has found.
Conducted by the Ponemon Institute and PGP Corporation, the inaugural Australian Cost of a Data Breach report aimed to quantify the costs associated with public and private sector data breaches.
Sixteen organisations participated in the study between September 2009 and January, all of which had experienced one or more data breach incidents during the past year.
Read more on IT News.
Copies of the full study are available at: www.encryptionreports.com.
Privacy breaches aren't so cheap either...
http://www.pogowasright.org/?p=8795
Judge Demands $50 Million From Plain Dealer
April 8, 2010 by Dissent
I was waiting for the other shoe to drop on this one, and now it has. As reported previously, the Cleveland Plain Dealer recently unmasked an online commenter and identified her as a judge. Now the judge is suing the paper for $50 million. Jeff Gorman of Courthouse News reports:
A state court judge demands $50 million from the Cleveland Plain Dealer, claiming it wrongfully exposed her and her daughter as the source of online comments about the judge’s cases. Cuyahoga County Court of Common Pleas Judge Shirley Strickland Saffold and her daughter, Sydney, seek damages for fraud, defamation, tortious interference, breach of contract, and invasion of privacy.
The Saffolds sued in the Cuyahoga County Court of Common Pleas over a story by James McCarty in the Plain Dealer’s March 26 edition.
Named as defendants are the Plain Dealer Publishing Co., editor Susan Goldberg, and the companies that run the Cleveland.com Web site, which include Advance Publications. McCarty is not named as a defendant.
The Saffolds say McCarty identified them as the source of online comments posted by “lawmiss,” from Judge Saffold’s computer.
Some of the comments dealt with cases in Saffold’s court, including the pending case against Anthony Sowell, who has been accused of murdering 11 Cleveland women.
The Plain Dealer story reported that Judge Saffold denied making any of the comments about her cases, but that her daughter admitted making some of them.
The Saffolds claims that the Plain Dealer violated its privacy policy by revealing the identity of “lawmiss.”
Read more on Courthouse News.
From the complaint, it seems that the plaintiffs allege that the paper’s primary motive in breaching the commenter’s privacy was that the commenter had made a comment about the mental health of a relative of a Plain Dealer reporter.
This is the second case this year where a commenter on a newspaper’s site has either been unmasked or negatively affected by the paper revealing the source of comments. In an earlier case, St. Louis Post-Dispatch social media editor Kurt Greenbaum was offended by a commenter’s language and after deleting the inappropriate comment only to have it resubmitted, he contacted the school identified in the commenter’s IP to alert them that someone at the school had posted inappropriate comments on the paper’s site.
Occasionally the FTC looks at businesses to see if they are living up to their stated privacy policy. Online privacy policies may be business decisions, but they are part of the public’s ability to trust sites. Would you post comments on a site if their stated privacy policy was, “We will respect your privacy and not reveal any account information unless obligated to by legal process or unless you piss us off?”
I would like to see the FTC take a look at the Plain Dealer case to see if they think that the paper’s action was consistent with its stated policy.
Related: Strickland-Saffold v. Plain Dealer.
(Related) Seems there's a lot of this going on.
http://www.pogowasright.org/?p=8808
Prosecutor who unmasked blogger may not have immunity – court
April 9, 2010 by Dissent
As a follow-up to a case in Florida that was mentioned on this site last year, there’s a decision in the case of Tom Rich and his wife, who had sued the Jacksonville Police Department for “outing” Rich to his church as the author of a blog critical of the church. Rich had been blogging anonymously (and critically) about the church until the church asked one of its members, a police officer, to find out who was behind the blog. The officer went to a state attorney who issued the subpoena.
In their attempt to get charges dismissed based on qualified immunity, the defendants won some and lost some. Most notably, the court held that if state attorney issued a subpoena without any criminal investigation, it would be a violation of Rich’s First Amendment rights. Now they progress to the next round where Rich will need to prove that claim.
Hat-tip, Eugene Volokh.
Computers are a wonderful weapon for asymmetric warfare.
http://www.forbes.com/2010/04/08/cyberwar-obama-korea-technology-security-clarke.html?feed=rss_home
Security Guru Richard Clarke Talks Cyberwar
Andy Greenberg, 04.08.10, 11:45 AM EDT
The antiterrorism czar who foresaw 9/11 discusses Obama's cybersecurity plans and North Korea.
… Around the world 20 to 30 nations have formed cyberwar military units. Everything we were talking about 10 or even 20 years ago in terms of cyberwar is happening, except for the development of relevant international law.
… With more time, I think we can solve the attribution problem. You can't find the origin of an attack in real time. But ultimately you can do the forensics if you can hack into all the servers. The NSA can do that. And the NSA tells me that attribution isn't really a problem.
… What I'm talking about would have no economic effect. [Isn't that impossible? Bob] The FCC can tell the tier one Internet service providers that they--not the DHS or the NSA--have to use a sophisticated search capability to look for patterns of malware. AT&T and Verizon tell me they can do that tomorrow.
We'd do this with the involvement of the privacy community. And it would solve 70% to 80% of the problem.
… The best-prepared country for cyberwar is one that can't be attacked but can perform its own attacks. North Korea, like Afghanistan, has nothing to attack. But they're launching cyberattacks from South Korea and China. They're taking over whole floors of hotels in cities in China to set up teams of cyberwarriors.
In pure capability, our biggest enemy is Russia, followed closely by China. But if you ask who's the biggest threat in the sense that they might use their abilities, it might be North Korea. First, they're crazy, and second, they have nothing to lose.
… China won't engage in cyberwar with us unless they're at war with us for some other reason or there's an accidental cyberwar. I think an accidental cyberwar could happen, and escalation could occur very rapidly.
Undue reliance again? Perhaps just inadequately tested software. Poor management in either case.
Warhammer Online Users Repeatedly Overbilled
Posted by Soulskill on Thursday April 08, @11:53PM
TheSpoom writes
"A screw-up in EA's Warhammer Online billing system has resulted in many players being charged upwards of 22 times for a one-month subscription, filling bank accounts with overdraft fees and the Warhammer forums with very angry players, who are discussing the issue quite vocally. EA has said that refunds are in progress and that '[they] anticipate that once the charges have been reversed, any fees that have been incurred should be refunded as well.' They haven't specifically promised to refund overdraft charges, only to ask customers' banks to refund them once the actual charges are refunded. They seem to be assuming banks will have no problem with this."
Why I don't allow comments – I can make my own problems thank you...(Thou shalt remain ignorant?)
http://www.pogowasright.org/?p=8792
UK: High Court ruling serves as a warning against any moderation of user comments
April 8, 2010 by Dissent
A blog owner can avoid liability for user-generated content that appears on his site without being checked or moderated, the High Court has ruled. But fixing the spelling or grammar in users’ posts could lose him that protection, it said.
The Court ruled that the operator of blogging site Labourhome.org could not have a libel case struck out. The site operator, Alex Hilton, had said that his argument that he deserved exemption as a service provider was so strong that a trial was not necessary. The Court disagreed.
Read more on Out-Law.com
Is this the start of the push-back against extended copyright?
The Economist Weighs In For Shorter Copyright Terms
Posted by timothy on Friday April 09, @01:38AM
lxmota writes
"The Economist says that long copyright terms are hindering creativity, and that shortening them is the way to go: 'Largely thanks to the entertainment industry's lawyers and lobbyists, copyright's scope and duration have vastly increased. In America, copyright holders get 95 years' protection as a result of an extension granted in 1998, derided by critics as the 'Mickey Mouse Protection Act'. They are now calling for even greater protection, and there have been efforts to introduce similar terms in Europe. Such arguments should be resisted: it is time to tip the balance back.'"
Never challenge a hacker! Always assume that your tools can be hacked.
http://www.physorg.com/news189435284.html
Can Clever Hackers Target Smart Phones?
For my website class
Check Out Tagxedo, A Ridiculously Cool Word Cloud Generator
For Academic purposes only
http://www.makeuseof.com/dir/savevideo-instant-video-downloader
SaveVideo: Instant Video Downloader with MultiSite Support
Similar tools: KeepHD, Youtube Catcher and ExtractVideo.
For my students who complain about spending $195 for a Math textbook?
The $20 DIY Book Scanner
… For those willing to put in a little effort, though, a book-ripper can be made for pennies. At Instructables you can learn how to make a “Portable, Paperless, Digital Copy Machine” from a few metal strips and rods and an old digital camera.
New & Improved Portable, Paperless, Digital Copy Machine [Instructables]
No comments:
Post a Comment