Wednesday, May 26, 2010

Interesting. If several students analyzed their laptops and discovered that someone had hacked them and was snapping pictures, would the school have any liability?

http://www.wired.com/threatlevel/2010/05/lanrev-security-holes/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Spyware Installed on Student Laptops Has More Security Problems

By Kim Zetter May 25, 2010 1:52 pm

A remote administration program installed on student laptops by a Pennsylvania school district and used by numerous companies to manage their computers is even more vulnerable than previously reported.

The LANrev program can be exploited from anywhere on the internet, not just from an attacker on the same local area network as a victim’s computer, according to researchers who say that a second key used by the system is just as insecure as one that was previously disclosed.



Unlike the taxpayers who must make do when revenues decline, governments simply take more – never to return to lower tax levels.

http://www.pogowasright.org/?p=10541

Colorado’s Big Brother E-Commerce Law

May 26, 2010 by Dissent

Stephen P. Kranz reports:

Record-breaking budget shortfalls have caused states to search for new revenue using tools that arguably are unconstitutional and, at a minimum, violate the consumer privacy that online shoppers have come to expect. A new twist to increasing taxes is an effort — adopted by Colorado and under consideration in California and Tennessee — to force online retailers to reveal their customers and their customers’ purchases. The Colorado law will be challenged as unconstitutional. Meantime, Colorado consumers should be concerned that their state government is busy collecting data about their purchases that will be used to send them a tax bill.

Read more on InformationWeek.



It's like the holes in security are built in... If strong security isn't designed in, you have allowed the previous (lack of) design to rule.

http://www.phiprivacy.net/?p=2796

Yet another Veterans Administration breach

By Dissent, May 25, 2010 7:46 pm

What on earth is going on with all these Veterans Administration data breaches?

OCR just added another VA breach to its web site, again out of Texas. The description doesn’t match the breaches that Representative Buyer recently talked about in Congress, which were also from facilities in Texas:

VA North Texas Health Care System

State: Texas

Approx. # of Individuals Affected: 4,083

Date of Breach: 5/04/10

Type of Breach: Improper Disposal

Location of Breached Information: Paper Records



Should your bank be allowed to “discover” public information in order to make better evaluations of risk, or should they just guess?

http://www.pogowasright.org/?p=10538

Fake ANZ Facebook profile may breach laws

May 26, 2010 by Dissent

Sarah Gerathy reports:

Consumer rights advocates say ANZ bank employees may have breached privacy laws and the Trade Practices Act when they allegedly used Facebook to gather customers’ information.

It is alleged that someone in the bank’s debt collection team secretly set up a fake Facebook profile.

Using this false identity, they then befriended ANZ customers with bad credit in order to track down their current contact details.

The fake Facebook profile was set up under the name of Max Bourke, but did not mention ANZ in any way.

Read more on ABC (AU). There’s an interesting discussion of how this type of deception, frequently used offline, translates into online and what the regulatory bodies might think about it.



Who should you send this to?

http://www.phiprivacy.net/?p=2791

Webinar: Ready for Data Breaches under the HITECH Act?

By Dissent, May 25, 2010 2:18 pm

Webinar: Ready for Data Breaches under the HITECH Act?

Thursday, May 27, 2010

10:00 a.m. – 11:00 a.m. PST

Carrying Out Security Breach Incident Risk Assessments Mandated for Covered Entities

The HITECH Act requires HIPAA covered entities to carry out a careful risk assessment, including an evaluation of potential harm, for every potential data breach incident.

Kirk Nahra, CIPP & Partner at Wiley Rein, a premier healthcare law firm, and Rick Kam, President and Founder of ID Experts, will cover:

  • HITECH Act data breach notification provisions

  • HHS mandated data security incident risk assessment requirements

  • HHS rules for carrying out a compliant risk assessment

  • Evolving best practices to accommodate HITECH data breaches

  • Implications on data breach notification plans for HIPAA covered entities

Registration:

(https://www2.gotomeeting.com/register/666004955)

  • Learn about how to comply with HITECH/HHS data breach risk assessment rules.



My suggestion: A simple Cash Flow analysis. Where do government revenues come from and where do they go – with a history showing all those “temporary taxes” that never go away...

http://it.slashdot.org/story/10/05/26/1226201/Recrafting-Government-As-an-Open-Platform?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Recrafting Government As an Open Platform

Posted by CmdrTaco on Wednesday May 26, @09:47AM

"How effective are the world's governments at using technology to become more responsive? Technology has revolutionised the way that we do business, but the public sector has traditionally moved more cautiously than the private one. Now, a report from the Centre for Technology Policy Research in the UK has made some recommendations for the use of technology as an enabling mechanism for government."

I have one simple requirement: all laws must be written in a Wiki with full history.



Not sure about the smart part, but I'm definitely paranoid!

http://www.computerworld.com/s/article/9176406/The_smart_paranoid_s_guide_to_using_Google

The smart paranoid's guide to using Google

Here are down-and-dirty details on how to maintain your privacy while using Google's myriad services.

By Logan Kugler May 25, 2010 06:00 AM ET

… By taking some basic -- and not-so-basic -- precautions, you can minimize your exposure to bad guys, wherever and whoever they are. Read on to learn about things you can do to minimize the security risks involved in using Google, whether for search or for one of its myriad other online services.

For good measure, we've included two levels of advice on how you can protect yourself:

  • "Defcon 2" (good security) tips are things you can do with the tools already at your disposal to keep yourself safe against typical attacks -- but not against a determined attacker.

  • "Defcon 1" (best security) tips -- a.k.a. "the celebrity solution" (steps to take if you have, or intend to have, a highly visible public profile) -- offer far more security but are far less practical and often require using third-party tools.


(Related) Did you know what happens when you “Google?”

http://www.techi.com/2010/05/a-matter-of-trust-10-places-google-collects-user-data-from/

A Matter of Trust: 10 Places Google Collects User Data From

So where, exactly, is Google’s data collected from? Here’s a rundown of 10 of Google’s most valuable sources of data.


(Related) “But hey, we're tossing lots of money around!”

http://news.cnet.com/8301-30684_3-20005948-265.html?part=rss&subj=news&tag=2547-1_3-0-20

Google's primer on how it helps the economy

… In an effort to shine a brighter light on its economic contributions, Google held a series of press conferences around the country Tuesday highlighting the impact that AdWords, AdSense, and Google nonprofit grants have on the small business community. The events accompanied the release of a report claiming that Google advertisers generated $54 billion in U.S. economic activity during 2009, and that doesn't even count the taxes that co-founders Sergey Brin and Larry Page will inject into state and federal coffers over the next five years as they sell off stock.



“All your IP belong to us!”

http://gawker.com/5547420/twitter-gets-greedy-with-your-tweets

Twitter Gets Greedy With Your Tweets

… Here's how the Twitter business now works: Millions of people, including elected officials, Hollywood celebrities, you name it, supply the San Francisco startup with a huge quantity of free content. Twitter publishes this content, gets the right to sell ads against it and—here's the new part—gets a cut of any ads sold against the content when republished elsewhere, according to new terms of service noted by Peter Kafka of All Things D:

In cases where Twitter content is the basis (in whole or in part) of the advertising sale, we require you to compensate us (recoupable against any fees payable to Twitter for data licensing).



Would this suggest more rapid (seasonal?) changes of 'fashionable' books and movies? Or do we do that now?

http://news.slashdot.org/story/10/05/25/2222207/The-Fashion-Industry-As-a-Model-For-IP-Reform?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

The Fashion Industry As a Model For IP Reform

Posted by kdawson on Wednesday May 26, @04:12AM

"In this 15-minute TED talk, Johanna Blakley addresses a subject alien to most here — fashion — but in a way sure to grab our attention. The lesson is about how the fashion industry's lack of copyright protection can teach other industries about what copyright means to innovation. And yes, she mentions open source software. There is one killer slide at 12:20 comparing the gross sales of low-IP-protection industries with those of films and books and music. If you want to know more, or if you prefer text, the Ready To Share project website should give you all the data you crave on the subject."



Ah, to be getting speeds as great as those in Latvia or the Republic of Moldova!

http://tech.slashdot.org/story/10/05/25/1924235/Global-Last-Mile-Performance-Stats-Going-Public?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Global "Last Mile" Performance Stats Going Public

Posted by kdawson on Tuesday May 25, @05:28PM

Ookla, the company behind Speedtest.net, Pingtest.net, and the bandwidth testing apps deployed at many ISPs, has gone public with Net performance stats from 1.5 billion users (and counting). Their Net Index page displays download speed, upload speed, and connection "quality" from the EU and the G8, to countries, worldwide cities, and US states. Beginning today, the company is also making detailed (anonymized) data available to academics.

"Ookla will also start surveying users about how much they pay for broadband and how much bandwidth they were promised by their ISPs. The results of those questions will go into building a Value Index, which will show how much people around the world pay per megabit-per-second for Internet access. In addition, by collecting postal codes from Speedtest users, Ookla hopes to map broadband service to local economic conditions, Apgar said. The Speedtest data could give the US government far more information to work with in setting priorities for its National Broadband Plan..."

No comments: