Thursday, May 20, 2010

Only a few thousand more like this and this case is closed!

http://www.databreaches.net/?p=11727

MasterCard Reaches Settlement With Heartland Payment Systems To Provide Issuers Worldwide Up To $41.4 Million For Data Breach Claims

May 19, 2010 by admin

MasterCard Worldwide today announced it has reached a settlement with Heartland Payment Systems (Heartland) to resolve claims by MasterCard and its issuers in connection with Heartland’s previously announced data security breach.

The settlement agreement calls for Heartland to fund up to $41.4 million of “alternative recovery offers” [Translation: I'll give you this if you promise not to sue. Bob] to be made to eligible MasterCard card issuers to settle their claims for operational costs and fraud losses alleged to have been incurred by them as a result of the breach. Issuers accepting their offers must agree to certain terms and conditions.

Source: Press Release


(Related) There's settlement and there's settlement.

http://dallas.bizjournals.com/dallas/stories/2010/05/17/daily24.html

PlainsCapital, former customer settle cyber fraud dispute

Dallas Business Journal - by Chad Eric Watt Staff Writer Wednesday, May 19, 2010, 10:37am CDT

PlainsCapital Bank has settled a lawsuit it brought against a Plano business after cyber thieves transferred more than $800,000 from the company's PlainsCapital bank account.

Hillary Machinery Inc. and PlainsCapital were able to recover about $600,000 of the funds sent from its account to eastern Europe.

When it asked PlainsCapital to repay the remaining $229,000, the bank responded by filing a lawsuit, said Troy Owen, sales vice president and co-owner at Hillary.

After we were ripped off, PlainsCapital filed suit against us for protection from us getting money back from them,” Owen said before the case was settled.

Hillary countered with its own claims, arguing that the Sunday morning wire transfers from Plano to Romania and Italy should have set off red flags in the bank’s fraud detection systems.

A PlainsCapital spokesman declined to comment Wednesday. Hillary has moved its bank accounts to another institution. Terms of the settlement were not disclosed. [Darn... Bob]



Clearly, they are capable of learning all the basic (if not “Best”) security practices – so I can only conclude they had no interest in actually implementing any of them before they were breached.

http://www.phiprivacy.net/?p=2761

BCBS of Tenn. Breach: Lessons Learned

By Dissent, May 19, 2010 4:49 pm

Howard Anderson writes:

In the wake of an information breach affecting nearly 1 million people, executives at BlueCross BlueShield of Tennessee have many lessons to share and plenty of advice to offer.

On Oct. 2, 2009, someone stole 57 unencrypted hard drives from servers at a call center the insurer had recently closed. So far, there have been no arrests, nor any evidence of fraud committed, the company reports.

[...]

Among the actions the Tennessee plan has taken and the lessons it has learned are:

  • Adding a layer of physical security [Doors got locks! Bob] to protect servers is a prudent step.

  • Encryption should be applied widely, including on servers. [Theft of encrypted data is not a Breach! Bob]

  • Appointing a chief security officer [Find someone other than Senior Management to blame! Bob] helps to ensure coordination of all security efforts.

  • Organizations should carefully assess how long to store information. [Have a Records Retention Policy! Bob]

  • In preparing a breach notification plan, be sure to prepare a pre-selected list of vendors that can help with various tasks. [Avoid vendors who are too expensive and those whose services suck! Bob]

  • Train customer service representatives to deal with breach-related questions from the public.

  • Communicate frequent updates on breach investigations through the media and a Web site.

Read more on HealthInfoSecurity.com. Interestingly, one of the lessons that I think everyone should have learned from this incident is not included in their list: think about recording calls for quality assurance purposes and ensure you have a way to retrieve PII and PHI if need be — and securely destroy such data on a frequent and regular basis. BCBS spent extraordinary time trying to figure out what was on the audio tapes. Of course, if strong encryption is used, some of that might not be necessary.

Previous coverage of the BCBS Tennessee breach can be found in these earlier blog entries.



Don't get mad, get even!

http://www.pogowasright.org/?p=10335

Corbett’s attempt to unmask anonymous critics sparks outrage

May 19, 2010 by Dissent

Earlier today, I posted a link to a TechCrunch story by Robin Wauters about how Pennsylvania Attorney General Tom Corbett, now the Republican candidate for Governor, had a grand jury subpoena Twitter to appear before the grand jury to “testify and give evidence regarding alleged violations of the laws of Pennsylvania.” As part of the subpoena, Twitter is to provide “any and all information” pertaining to two Twitter accounts, @bfbarbie and @CasaBlancaPA. Both of those accounts, and their companion blog, CasablancaPA, have been the source of frequent criticism of Corbett.

Not surprisingly, the blogosphere is lighting up over this subpoena, with most commenters speculating that Corbett is abusing his office and power to uncover the names of people who have anonymously criticized him. For his part, Corbett has not made any statement about the nature of the investigation or what Pennsylvania laws might have been violated. As WTAE reports:

During a Wednesday afternoon campaign rally at the Allegheny County Airport in West Mifflin, Corbett told Channel 4 Action News, “I can’t comment on that right now. That’s something that it’s a grand jury matter.” But Corbett did say the legal action is not about targeting people on Twitter who say things that he doesn’t like. Instead, he said this is related to an investigation.

Corbett was also quoted as saying:

“I don’t care about Twitter. If people — they twitter all the time. You know, I read it once. In fact, I only read — my only use of Twitter was to watch what you guys were saying during the (Bonusgate) trial. That’s how I kept on top of it day by day.”

So why, then, does Corbett want to know the identities of the two Twitter account holders? What did they tweet in 140 characters that is relevant to the grand jury? And if it was their blog entries that contain information relevant to an investigation, why not subpoena the account information on the blog? Is Corbett gambling that Twitter won’t put up as much of a fight as Google would?

And did Corbett inform the grand jury that he was asking them to subpoena the information on two people who had been highly critical of him?

Civil liberties groups are already watching this case. WTAE reported that:

Vic Walczak, of the ACLU’s Pittsburgh office, told Channel 4 Action News that the organization expects to get involved in this case.

“Attorney General Corbett’s subpoena to Twitter for identity information about people who have been criticizing him raises grave concerns about abuse of the grand jury process to retaliate against political critics and opponents, a most serious First Amendment violation,” Walczak said. “People in this country have a right to criticize government officials and to do so anonymously, as did Thomas Payne and the authors of the Federalist Papers.”

Matt Zimmerman of the Electronic Frontier Foundation also has concerns based on what’s been publicly revealed. In a statement to PogoWasRight.org, Zimmerman noted that EFF has had frequent concerns about attempts to unmask anonymous Does because of critical speech, but

the concerns are heightened even more in this context, when you have the chief law enforcement officer of the state going after people who said mean things about him. It doesn’t look very good.

Zimmerman notes that things may not be what they seem, however, and that “we may all be wrong.”

Has there been an abuse of power or abuse of process? Without more facts, it is impossible to know. What is clear to this blogger, however, is that at the very least, Corbett has a serious public perception problem over the use of his police power in this case.

For its part, Twitter has apparently notified the account holders so that they can fight the subpoena, and the bloggers note that they are trying to arrange for legal representation.


(Related) You know you're in trouble when:

http://www.pcworld.com/article/196505/wikileak_founders_passport_confiscated.html

Wikileak Founder's Passport Confiscated

Siobhan Chapman, computerworlduk.com May 17, 2010 10:50 pm

Julian Assange, the founder of the whistleblower website Wikileaks, has had his passport confiscated by immigration officials when he arrived at Melbourne Airport last week.

According to reports, the passport was returned to him after about 15 minutes, but Assange was told by authorities that his passport was going to be cancelled because it was looking worn.

But Assange told the Australian current affairs programme Dateline that he has since received a letter from the Australian Communication Minister Steven Conroy's office stating that the the Australian Federal Police (AFP) has been asked to investigate the recent disclosure on Wikileaks of the Australian government's blacklist of banned websites.



Somehow, I never viewed Aussies as Puritans.

http://yro.slashdot.org/story/10/05/20/1313213/Australia-Air-Travelers-Laptops-To-Be-Searched-For-Porn?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Australia Air Travelers' Laptops To Be Searched For Porn

Posted by CmdrTaco on Thursday May 20, @09:20AM

"Australian customs officers have been given the power to search incoming travelers' laptops and mobile phones for porn. Passengers must declare whether they are carrying pornography on their Incoming Passenger Card. The Australian government is also planning to implement an Internet filter. Once these powers are in places, who knows how they will be used."



Is this how the Founding Fathers would have written it into the Constitution?

http://www.pogowasright.org/?p=10333

A Bill of Privacy Rights for Social Network Users

May 19, 2010 by Dissent

Kurt Opsahl writes:

Social network service providers today are in a unique position. They are intermediaries and hosts to our communications, conversations and connections with loved ones, family, friends and colleagues. They have access to extremely sensitive information, including data gathered over time and from many different individuals.

Here at EFF, we’ve been thinking a lot recently about what specific rights a responsible social network service should provide to its users. Social network services must ensure that users have ongoing privacy and control over personal information stored with the service. Users are not just a commodity, and their rights must be respected. Innovation in social network services is important, but it must remain consistent with, rather than undermine, user privacy and control. Based on what we see today, therefore, we suggest three basic privacy-protective principles that social network users should demand:

#1: The Right to Informed Decision-Making

#2: The Right to Control

#3: The Right to Leave

Read more on EFF.



Interesting. Apparently a rootkit (maybe) on the defendants computer logged everything he did (to send home to the rootkit author?) including his hack of the email. Note to Hackers: Make certain your systems are malware free!

http://www.pogowasright.org/?p=10315

Malware and Search Warrant

May 19, 2010 by Dissent

Susan Brenner discusses an aspect of the search warrant and inspection of computer belonging to David C. Kernell, the young man who was subsequently convicted of hacking into Sarah Palin’s e-mail account:

A recent decision from a federal district court addresses an issue I hadn’t seen before: whether searching malware on the suspect’s computer was outside the scope of the search warrant issued for that computer. It seems a narrow issue, and unfortunately the opinion issued in the case doesn’t tell us a whole lot about what happened; but I thought the issue was worth writing about, if only to note that it arose.

Read excerpts from the court record and her commentary on Cyb3rcrim3.



Everything you ever said is on the Internet!

http://judiciary.senate.gov/nominations/SupremeCourt/KaganQuestionnaire.cfm

Elena Kagan - Nominee to be an Associate Justice of the U.S. Supreme Court - Committee Questionnaire



We need a “stock market” for Alternative Litigation. I'd like to invest in a few myself!

http://www.bespacific.com/mt/archives/024292.html

May 19, 2010

Rand: Overview of Alternative Litigation Financing in the United States

  • Alternative Litigation Financing in the United States: Issues, Knowns, and Unknowns - May 17, 2010, Steven Garber: "Alternative litigation financing (ALF) — also known as “third-party” litigation financing — refers to provision of capital by parties other than plaintiffs, defendants, their lawyers, or defendants' insurers to support litigation-related activity. This paper provides an overview of policy issues related to the legal ethics, social morality, and, especially, potential economic effects of ALF. It provides a snapshot of the only three segments of the ALF industry that appear to be fairly active as of early 2010, all of which provide support to plaintiffs or their lawyers. It offers lessons for policymakers, emphasizing distinctions that are often under appreciated in discussions of ALF. The paper concludes by suggesting that, for the next five to ten years, policymakers might best limit themselves to interventions that do not fundamentally interfere with the potential for increased competition to solve what appear to be important information problems that may limit the contributions of ALF to national economic performance."



Coming soon! HP Brand Dairy Products! Can Google Cheese be far behind?

http://hardware.slashdot.org/story/10/05/20/030245/10000-Cows-Can-Power-1000-Servers?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

10,000 Cows Can Power 1,000 Servers

Posted by samzenpus on Thursday May 20, @03:37AM

"Reducing energy consumption in data centers, particularly with the prospect of a federal carbon tax, is pushing vendors to explore an ever-growing range of ideas. HP engineers say that biogas may offer a fresh alternative energy approach for IT managers. Researchers at HP Labs presented a paper (download PDF) on using cow manure from dairy farms and cattle feedlots and other 'digested farm waste' to generate electricity to an American Society of Mechanical Engineers conference, held this week. In it, the research team calculates that 'a hypothetical farm of 10,000 dairy cows' could power a 1 MW data center — or on the order of 1,000 servers. One trend that makes the idea of turning organic waste into usable power for data centers is the moves by several firms to build facilities in rural locations, where high-speed networks allow them to take advantage of the cost advantages of such areas. But there are some practical problems, not the least of which is connecting a data center to the cows. If it does happen, the move could call for a new take on plug and play: plug and poo."



Might make a great tool for Student collaboration...

http://mashable.com/2010/05/19/google-wave-everyone/

Google Wave Now Open to All

Last year at the Google I/O conference, the search giant created a tsunami of interest when it revealed Google Wave. This year the company is making the invite-only, real-time communication tool available to everyone — including Google Apps users — at wave.google.com.

As you may recall, when invites first started rolling out last September, online users were clamoring to get in to Google Wave. Since then, Google. has made a number of important tweaks to the preview stage product, including e-mail notifications, read-only wave access and undo/redo options.



What? Times New Roman isn't sufficient?

http://news.cnet.com/8301-30685_3-20005467-264.html?part=rss&subj=news&tag=2547-1_3-0-20

Google offers free fonts for the Web



Anything that guide students through the resume creation process is good.

http://techcrunch.com/2010/05/20/doyoubuzz-launches-in-the-us-to-crush-word-processed-resumes/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Doyoubuzz Launches In The US To Crush Word-Processed Resumes

http://www.doyoubuzz.com/us/



Failure to backup your data is an admission that it is worthless.

http://www.makeuseof.com/tag/top-10-backup-software-for-pc/

Top 10 Backup Software Apps For Your PC



How to research when you have no idea what you are looking for? I resemble that remark!

http://www.makeuseof.com/tag/3-google-tricks-search/

3 Google Tricks When You Don’t Know What to Search For



Dilbert: How the tech-literate view the tech-illiterate.

http://dilbert.com/strips/comic/2010-05-20/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+DilbertDailyStrip+%28Dilbert+Daily+Strip%29

No comments: