Thursday, May 27, 2010

The restaurants would immediately notice if they weren't getting paid, but that bit about “secure transfer” isn't as important to them. Does the credit card industry certify any of these products?

http://www.databreaches.net/?p=11876

Restauranteurs threaten to sue POSitouch and NJ reseller

May 27, 2010 by admin

Yesterday’s press releases brought news of another potential lawsuit involving the restaurant industry and a POS vendor and reseller. I recognize the attorneys’ names as the same attorneys who filed suit on behalf of some Louisiana restauranteurs against another POS vendor, Radiant Systems, and their reseller, Computer World, last year. According to the press release, this potential lawsuit would be against Restaurant Data Concepts, Inc. of Warwick, Rhode Island, vendors of the POSitouch system, and CC Productions of Hoboken, New Jersey, the reseller.

At the core of the allegations in the developing lawsuit:

1) POSitouch’s POS system failure: The facts emanating from a forensic audit reveal that POSitouch sold a system that was non-compliant with PCI-DSS.

2) CC Productions’ mismanagement: This POSitouch reseller engaged in flagrant violations of PCI standards that gave rise to the security breaches. When companies such as CC Productions engage in the support and management of a merchants’ POS application system they need to ensure that they are not engaging in suspect actions that open up the ports so that hackers may penetrate the entire system through malware.

[...]

While the exact amount of the identify theft losses to banks, the financial losses to the restaurants, fines, investigatory costs, fines imposed by the credit card companies and other costs attributed to fixing the computer systems’ security breaches are still being tallied, the lawsuit is seeking compensation to repay the penalties levied by the credit card companies and the massive costs to track down and repair the POS system problems. According to the attorneys, damages “could run well into seven figures.”

I’ve sent out inquiries to the lead attorney and to Restaurant Data Concepts and will be following any developments in this case on this site. At this point, I’m not even sure whether we already knew about any of these incidents but the coverage didn’t mention the POS, or if most of the breaches alluded to flew under the media radar.



Is this a Class Action slam dunk or just another bandwagon for state AGs (and others) to leap on?

http://www.wired.com/threatlevel/2010/05/google-sued/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Lawsuits Pour in Over Google’s Wi-Fi Data Collection

By Kim Zetter May 26, 2010 1:33 pm

At least three lawsuits have been filed against search engine giant Google for collecting Wi-Fi user data through its Street View cameras.

The lawsuits have been filed in California, Massachusetts and Oregon. They allege that Google violated federal and state privacy laws in collecting fragments of data from unencrypted wireless networks as its fleet of camera-equipped cars moseyed through neighborhoods snapping pictures.

The Massachusetts lawsuit, filed Tuesday by Galaxy Internet Services, is seeking class-action status for all Wi-FI users in the state who may have been affected, and is asking for $10 million in damages.

… Not everyone believes the plaintiffs in the lawsuits have a winning case. One attorney noted to The Recorder that the Electronic Communications Privacy Act contains a safe harbor for breaches that involve collections of data that is already publicly accessible.

The plaintiffs also may not have standing for a suit unless they can prove that their personal data specifically was among the information that was collected.



Another instance where the breach is not immediately reported in full, so the story will drag out as each client acknowledges the breach and drags Tower Watson's name back into the news.

http://www.databreaches.net/?p=11855

City of Charlotte joins list of Towers Watson data loss victims

May 26, 2010 by admin

The City of Charlotte becomes the third entity to reveal that their data were on two DVDs lost by Towers Watson.

In April, DataBreaches.net reported that Lorillard Tobacco was notifying employees that their names, addresses, dates of birth, and Social Security numbers were on two missing DVDs. General Agencies Welfare Benefits Program also reported that they had notified 1,874 employees, former employees, and family members that information provided to Towers Watson in 2001 were on the missing DVDs. The information included first and last names, health insurance plan numbers and/or the Social Security numbers of the covered employees. At the time, Towers Watson did not respond to a request from DataBreaches.net for a statement about the breach. And now we learn that the City of Charlotte was also impacted by the breach. DataBreaches.net has just sent Towers Watson another request, but so far, no response.

This is beginning to remind me of the Colt Express breach where a lot of old data were left unencrypted and a lot of entities were affected by what, in that case, was a burglary. If anyone knows of other entities affected by this Towers Watson incident, please let me know. In the meantime, Steve Lyttle reports on the City of Charlotte news:

Charlotte officials say personal data from about 5,200 current and former employees and elected officials has been lost.

[...]

The data loss affects those who were receiving health coverage from the city in early 2002, and the information was contained on two DVDs kept by Towers Watson, a company which handles the city’s payroll, health insurance and other human resources operations.

The DVDs contained Social Security numbers, health plan coverage numbers, and prescription information.

Read more in the Charlotte Observer.



Some evidence of how the Identity wholesalers clean up their data. They wouldn't want to get a bad reputation for selling sub-standard Identities.

http://www.databreaches.net/?p=11880

44 million stolen gaming credentials found in online warehouse

May 26, 2010 by admin

Ellen Messmer reports:

Symantec says it has unearthed a server hosting the credentials of 44 million stolen gaming accounts — and one of the most surprising aspects of it is that the accounts were being validated by a Trojan distributed to compromised computers.

The purpose of this Trojan-based validation is apparently to figure which credentials are valid and can be sold. Symantec is calling this the Trojan.Loginck, and as described in a blog post by Symantec researcher Eoin Ward, the database of stolen information includes about 210,000 stolen accounts for World of Warcraft, 60,000 for Aion, 2 million for PlayNC and 16 million for Wayi Entertainment, all of which were being sold online.

Read more on Network World.



I'm amused to see that other also see the Forest Gump Syndrome in action.

http://www.databreaches.net/?p=11866

Stupid is as stupid does: the Lake Ridge Middle School breach

May 26, 2010 by admin

As a follow-up to previous coverage about the stolen Lake Ridge Middle School stolen thumb drive here and here, Andrea McCarren of WUSA-9 provides some additional details that have infuriated parents (emphasis added by me):

The device was taken from a bag in an administrator’s unlocked car in her unlocked garage.

….. On the stolen thumb drive: personal information on more 1,200 students-their names, phone numbers and sensitive information, including whether they have a medical condition.

Dollars to donuts says they don’t report this to HHS even though it has names and medical conditions, because these things are considered education records. There is a huge gap in protection and notification laws here, folks…..


(Related) If true, this is much more serious than a relatively small entity failing to secure data. Did no one learn from TJX and Heartland?

http://thenextweb.com/us/2010/05/25/american-express-has-abysmal-online-security/

American Express Might Not Be Encrypting Your Credit Card Number Online

… Unix man Joe Damato has recently uncovered what appears to be a flagrant abdication of even the most basic rules of security online by American Express.



Are we moving toward a “You have no right to privacy” law?

http://www.pogowasright.org/?p=10555

U.S. lawmakers target pre-paid cellphone anonymity

May 26, 2010 by Dissent

AFP reports:

U.S. lawmakers unveiled a bill Wednesday to enable law enforcement to identify users of pre-paid cell phones, charging that anonymity makes the devices attractive to terrorists, drug kingpins and gangs.

The legislation would require buyers of pre-paid cell phones to show identification when they purchase them and mandate that telephone companies keep the information on file as they do with subscription cell phones.

Read more in the Vancouver Sun.

Michael McAuliff of the NY Daily News also covers the story, commenting:

We suspect most people will like this measure, but the phone companies, libertarians, and immigrant groups may not be pleased. [Note that libertarians and immigrants are not people. Bob]

Oh goody, here we go again with trading a leeetle bit — just a smidgeon — of privacy for security…. or so they’d have us believe.


(Related) The EU seems to be going the other way... Are these the basic right we should see in all Privacy Law?

http://www.pogowasright.org/?p=10581

European Commission adopts draft mandate for EU-US data sharing deal

May 26, 2010 by Dissent

From the European Commission:

The European Commission today adopted a draft mandate to negotiate a personal data protection agreement between the European Union and the United States when cooperating to fight terrorism or crime. The aim is to ensure a high level of protection of personal information like passenger data or financial information that is transferred as part of transatlantic cooperation in criminal matters.

[...]

Under the Commission’s proposal:

- The transfer or processing of personal data by EU or US authorities would only be permitted for specified, explicit and legitimate purposes in the framework of fighting crime and terrorism;

- There would be a right to access one’s personal data and this would be enforceable in courts;

- There would be a right to have one’s personal data corrected or erased if it is found to be inaccurate.

- There would be an individual right of administrative and judicial redress regardless of nationality or place of residence.

Read more on Finextra.


(Related) Further basic rights?

http://www.pogowasright.org/?p=10586

Google, Yahoo and Microsoft Data Retention Practices Run Afoul Of EU Authorities

May 26, 2010 by Dissent

Wendy Davis reports:

European authorities told the three major search engines on Wednesday that their data retention practices violate a rule requiring the deletion of users’ personal information after six months.

The Article 29 Working Party alleged in letters to Google, Yahoo and Microsoft that they don’t adequately anonymize information about search users. “Therefore,” the letters state, “WP29 cannot conclude your company complies with the European data protection directive.”

Read more on MediaPost.


(Related) A solution or window dressing?

http://www.technewsworld.com/story/Facebooks-New-New-Privacy-Settings-Same-Old-70080.html?wlc=1274909278&wlc=1274966179

Facebook's New, New Privacy Settings: Same Old?

… "Facebook made some positive changes today, but only because of political pressure from policymakers and privacy advocates on both sides of the Atlantic," Jeffrey Chester, executive director of the Center of Digital Democracy, told TechNewsWorld.

"Unfortunately, Facebook still refuses to give its users control over the data it collects for its targeted advertising products," Chester pointed out. "The defaults should also be initially set for non-sharing, with the minimization of data collection at the core of Facebook's approach to privacy."

… Jeremy Mishkin, chair of the litigation department of legal firm Montgomery, McCracken, Walker & Rhoads, told TechNewsWorld.

… "I guess Facebook will try to play up what good citizens they are by making controls simpler and hope that people don't realize they're being sold to advertisers," he said.



I see this as smart lawyering. It definitely cuts down the time and expense of evidence gathering and probably gives them a slam dunk in court!

http://torrentfreak.com/law-firm-asks-alleged-file-sharers-to-incriminate-themselves-100526/

Law Firm Asks Alleged File-Sharers To Incriminate Themselves

… Davenport Lyons (DL), the law firm which pioneered the “pay-up-or-else” scheme in the UK, are facing disciplinary proceedings by the Solicitors Regulation Authority on allegations of misconduct. Knowing full well that they cannot make the same mistakes as DL, ACS:Law are trying to be a little more careful in the way they try to force money out of letter recipients.

According to ACS:Law owner Andrew Crossley, his company does not state that the people they send their letters to are guilty of anything, only that their connection has been used to infringe. He also goes on to say that his letters are merely an offer to settle any potential legal case in the future and people aren’t obliged to pay anything.

… Yesterday consumer magazine Which? reported on the questionnaires being sent out by ACS:Law. The law firm sends these out once people have written to them denying they did anything wrong. All they are designed to do is to enable the letter recipient to incriminate themselves or, in some cases, other people.

The advice from Deborah Prince, Which?’s head of legal affairs, is that people are under no obligation to fill in these questionnaires. These bits of paper simply amount to a fishing trip by a law firm clutching at straws in the face of a recipient who won’t be bullied and won’t pay up.



Good news. Bad news. Being number one is good in some ways...

http://www.wired.com/epicenter/2010/05/apple-passes-microsoft/

Apple Passes Microsoft as World’s Largest Tech Company


(Related) But it also triggers the “If they're big, they must be evil” response.

http://www.electronista.com/articles/10/05/25/apple.said.abusing.itunes.lead.to.hurt.amazon/

DoJ investigating Apple for antitrust abuses in music



Death to the RIAA??? Are we seeing “Music Label 2.0” at last? Anyone interested in finding and signing the next 12 year old sensation?

http://media.venturebeat.com/2010/05/26/lady-gaga-and-justin-biebers-managers-myspace-is-dead-we-make-music-videos-for-youtube/

Gaga and Bieber’s managers: MySpace is dead, we make music videos for YouTube

May 26, 2010 Devindra Hardawar

In one of the more intriguing panels to come out of the TechCrunch Disrupt conference, this morning Troy Carter (Lady Gaga’s manager, and Founder & CEO of Coalition Media Group) and Scooter Braun (Justin Bieber’s manager, and Founder & Chair of SB Projects) discussed how the Web was impacting the music industry.

Specifically, they focused on the importance of YouTube, Twitter, and the management of an artist’s online identity.

Carter went as far to say that he and Lady Gaga now develop music videos with YouTube in mind. Traditionally, the music industry aimed for MTV and foreign markets with videos. Now pop stars like Gaga are following in the footsteps of smaller web music video pioneers like OK Go. Braun also reminded the audience of how Bieber started out on YouTube, where his videos hit 55 million views before he signed his record deal.

After Braun discovered Bieber on YouTube, he came up with a strategy of creating more online content to promote the singer. This flew in the face of what the record labels were used to — they believed young singers needed a Disney or Nickelodeon show to become a viable act.

Carter mentioned that Gaga started out on MySpace about four years ago, but Braun was quick to point out that “nobody does MySpace anymore.” Carter is currently eying YouTube star Grayson Chance.

Both managers agreed that Twitter is an important tool, especially for artists that started out on the web. It’s a way to remove the layers between the fans and artist, and Carter believes that the younger generation today wants that unfiltered communication. They don’t want to hear the label speaking on behalf of the artist.

You can find a selective transcript of the chat over at TechCrunch.


(Related) Or is this just a fad? Does Oprah have one?

http://www.nytimes.com/2010/05/27/arts/television/27arts-RECORDCOMPAN_BRF.html

New Role for Degeneres: Record Company Mogul

By BEN SISARIO; Compiled by DAVE ITZKOFF

Published: May 27, 2010

A month after David Letterman said he had started a record company, Ellen DeGeneres has followed him with an announcement that she has created her own label.


(Related) Is this the other extreme? The opposite of “as visible as possible?” Will Rupert make this work, or kill his empire trying?

http://news.slashdot.org/story/10/05/27/0315243/UK-Newspaper-Web-Sites-To-Become-Nearly-Invisible?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

UK Newspaper Websites To Become Nearly Invisible

Posted by samzenpus on Thursday May 27, @04:52AM

"Various websites have tried to make readers pay for access to select parts of their sites. Now, in a bid to counter what he claims is theft of his material, Rupert Murdoch's Times and Sunday Times sites will become essentially invisible to web users. Except for their home pages, no stories will show up on Google. Starting in late June, Google and other search engines will be prevented from indexing and linking to stories. Registered users will still get free access until the cut off date."



Just to show my Math students that there are jobs waiting for them if they can get past their fear of fractions...

http://science.slashdot.org/story/10/05/27/0258245/Sudden-Demand-For-Logicians-On-Wall-Street?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Sudden Demand For Logicians On Wall Street

Posted by samzenpus on Thursday May 27, @01:46AM

"In an unexpected development for the depressed market for mathematical logicians, Wall Street has begun quietly and aggressively recruiting proof theorists and recursion theorists for their expertise in applying ordinal notations and ordinal collapsing functions to high-frequency algorithmic trading. [See! Simple! Bob] Ordinal notations, which specify sequences of ordinal numbers of ever increasing complexity, are being used by elite trading operations to parameterize families of trading strategies of breathtaking sophistication. The monetary advantage of the current strategy is rapidly exhausted after a lifetime of approximately four seconds — an eternity for a machine, but barely enough time for a human to begin to comprehend what happened. The algorithm then switches to another trading strategy of higher ordinal rank, and uses this for a few seconds on one or more electronic exchanges, and so on, while opponent algorithms attempt the same maneuvers, risking billions of dollars in the process." [Don't forget, I want a percentage! Bob]



This is for my Criminal Justice students – kind of like a “build a picture of your suspect” kit. WARNING: Be real careful of caricatures of your favorite professor, at least until I turn in your grades!

http://www.makeuseof.com/dir/caricaturemaker-caricature-faces

CaricatureMaker: Create Funny Caricatures Faces Online

www.digibody.com/avatar-maker/index.php

Similar sites: MrPicassoHead, PimpTheFace, PsykoPaint and FlashPaint.



Some inspiration for my Small Business Management students?

http://www.entrepreneur.com/magazine/entrepreneur/2010/june/206722.html

Entrepreneur's Annual 100 Brilliant Ideas



Bob's rant on North Korea – How will the US respond? It depends on who does the reporting, I guess.

http://theweek.com/article/index/203359/how-to-avert-a-new-korean-war-4-suggestions

4 strategies to avert a new Korean War

Kim Jong Il is telling his troops to prepare for battle as tensions escalate over the sinking of a South Korean warship. What now?

posted on May 26, 2010, at 12:42 PM

Keep up the pressure and hope for a coup: The population in the North is starving and the military is likely on the edge of revolt, says Ed Morrissey in Hot Air. Kim Jong Il is hoping that the U.S. "will come riding to rescue" with food aid to ease the desperate situation. It's tricky balance and at some point Obama will probably have to do just that — but if he can steel his resolve and hold out long enough, the North Korean military "may just decide that [Kim's] not worth the trouble any longer" and get rid of him. Here's hoping... [But, Kim Joun Un is only in his 20s. Will the Military support him or use him? Bob]

"North Korea severs ties, communications with South"

Launch a preemptive strike: The worst-case scenario is that the North will lob artillery shells into Seoul with guns positioned near the border, says Richard Halloran in RealClearPolitics. The U.S. and South Korea should take them out in a three-pronged "surprise attack" using B-1 bombers, sea-launched guided missiles, and artillery shelling. That will remove the biggest threat, and "shock the poorly trained North Korean Army into standing down."

"War of words with North Korea"

Make sure Kim knows the score: If there's one thing that Kim Jong Il needs to be aware of, it's that the South will answer military action in kind next time, says Bill Powell in Time. Knowing this ought to go a long way toward keeping him in line, since a "hot war" would certainly mean the end of his regime. Unfortunately, the North has been cutting off even the meager lines of communication that exist between the countries, so it's hard to be sure he actually knows it. The solution? China needs step up and forcefully convey the message to him.

"War in the Korean Peninsula: Thinking the unthinkable"

Let them get away with it, as usual: "The only government with the power to squeeze North Korea where it hurts is China," its biggest trading partner, says Richard Lloyd Parry in the London Times. But China doesn't seem interested in doing much squeezing. The only other viable option is to get behind a United Nations Security Council resolution condemning North Korea, and trumpet the sternness and significance" of the rebuke. Sure, it's only theater — but hopefully it will provide some cover for the West's "impotence" in this situation.

"Analysis: North Korea will get away with this outrage — again"


(Related) The AP is for peace (Option 4?)

http://www.arkansasonline.com/news/2010/may/26/clinton-offers-olive-branch-north-korea-expels-sou/

Clinton offers olive branch as North Korea expels South Koreans

By The Associated Press

There is an opportunity here for the North Koreans to see that their behavior is unacceptable,” Clinton said in Seoul on Wednesday after meeting with Foreign Minister Yu Myung-hwan. “They need to look internally to see what they could do to improve the standing of their own people and provide a different future.”


(Related) The US seems to be hoping for Option 1. I think that can only lead to chaos…

http://www.kwtx.com/nationalnews/headlines/94933709.html

Clinton: World Must Act On Sinking Of South Korean Ship

U.S. State Department Website

SEOUL, South Korea (May 26 2010)--U.S. Secretary of State Hillary Rodham Clinton says the world has a duty to respond to sinking of a South Korean warship blamed on North Korea.

No comments: