AT&T Leaks Emails Addresses of 114,000 iPad Users
Posted by samzenpus on Wednesday June 09, @09:56PM
"Daily Tech reports that in what is one of the biggest leaks of email addresses in recent history, a group called Goatse Security has published the personal email addresses of 114,067 iPad 3G purchasers in what appears to be a legal fashion by querying a public interface that AT&T accidentally left exposed. Apparently AT&T left a script on its public website, which when handed an ICC-ID would respond back with the email address of the subscriber. This apparently was intended for an AJAX-style response inside AT&T's web apps. Gawker reports that it's possible that confidential information about every iPad 3G owner in the US has been exposed. ' This is going to hurt the telecommunications company's already poor image with iPhone and iPad customers, and complicate its very profitable relationship with Apple,' writes Ryan Tate, adding that the leak is likely to unnerve customers thinking of buying iPads that connect to AT&T's cellular network. 'Although the security vulnerability was confined to AT&T servers, Apple bears responsibility for ensuring the privacy of its users, who must provide the company with their email addresses to activate their iPads.' In a statement, AT&T says that the issue was escalated to the highest levels of the company and that it has essentially turned off the feature that provided the email addresses. 'We are continuing to investigate and will inform all customers whose email addresses and ICC IDS may have been obtained,' says AT&T. 'We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.'"
Same old story. Unencrypted data on a laptop left unattended. Company doesn't know what data is in the file.
http://www.databreaches.net/?p=12098
(UPDATE) Over 21,000 affected by DentaQuest breach in March still have not been notified
June 9, 2010 by admin
Cross-posted from phiprivacy.net:
From the what-took-so-long dept:
On May 11, this site reported that the New Mexico Human Services Department had just revealed that a laptop theft that occurred on March 20 affected about 9,600 people. The laptop was stolen from the car of an employee of West Monroe Partners, a subcontractor for DentaQuest, the company that does Medicaid billing for the state agency.
No explanation was given in the media report as to why it took from March 20 until May 11 to disclose the breach. Now, almost another month later, Daniel Potter reports that those affected will first start getting notifications next week:
More than 10 thousand Tennesseans’ names and social security numbers were on a laptop that was stolen this spring. The computer belonged to a contractor for DentaQuest, which manages dental benefits for several government agencies, including TennCare….. DentaQuest opened a call center today, and will start mailing out notifications next week.
The more than 10,000 Tennesseans are apparently in addition to the 9,600 affected individuals in New Mexico. So our initial reports that the breach affected 9,600 was only a partial report. It now appears that over 21,000 individuals had their first and last names and Social Security Numbers in the stolen database. Another 55,000 individuals had partial or non-personal information on the stolen laptop.
A statement on DentaQuest’s site explains some of the delay in notification by saying that they were first notified of the March 20th theft on April 1.
DentaQuest, a dental benefits manager for multiple government programs in the U.S., was informed on April 1, 2010 that one of its contractors had experienced the theft of a laptop containing confidential patient information. The laptop was stolen on March 20, 2010 and contained a database with approximately 76,000 individuals’ information. Most of the data was not sensitive in nature, but nearly 21,000 individuals’ first names, last names, and Social Security Numbers were contained on the device. Approximately 10,500 Tennesseans were included in the 21,000 total.
Read more of the statement on their site. I note that they omit any mention that the laptop was stolen from an employee’s car.
And do you think that their press release claiming that “DentaQuest Officials Move Quickly to Notify…” is accurate if it is taking them over two months to send out notifications?
I still think this was intended to collect and map open Wifi systems, possibly for a “Where to find” database – fairly common on the Internet.. It is unlikely that a drive-by would capture a significant amout of traffic from any single source. Could it have been done better? Sure!
http://www.bespacific.com/mt/archives/024448.html
June 09, 2010
Google Posts Audit of WiFi Code Used to Collect Data in Europe
Official Google Blog: "When we announced three weeks ago that we had mistakenly included code in our software that collected samples of payload data from WiFi networks, we said we would ask a third party to review the software at issue, how it worked, and what data it gathered. That report, by the security consulting firm Stroz Friedberg, is now complete and was sent to the interested data protection authorities today. In short, it confirms that Google did indeed collect and store payload data from unencrypted WiFi networks, but not from networks that were encrypted. You can read the report here. We are continuing to work with the relevant authorities to respond to their questions and concerns.
Privacy International: "Google today published an audit on its blog of the code used to collect Wi-Fi data as part of the company's global Street View operation. The report asserts that the system had intent to identify and store all unencrypted Wi-Fi content. This analysis establishes that Google did, beyond reasonable doubt, have intent to systematically intercept and record the content of communications and thus places the company at risk of criminal prosecution in almost all the 30 jurisdictions in which the system was used. The independent audit of the Google system shows that the system used for the Wi-Fi collection intentionally separated out unencrypted content (payload data) of communications and systematically wrote this data to hard drives. This is equivalent to placing a hard tap and a digital recorder onto a phone wire without consent or authorisation. The report states: "While running in memory, gslite permanently drops the bodies of all data traffic transmitted over encrypted wireless networks. The gslite program does write to a hard drive the bodies of wireless data packets from unencrypted networks." This means the code was written in such a way that encrypted data was separated out and dumped, leaving vulnerable unencrypted data to be stored on the Google hard drives. This action goes well beyond the "mistake" promoted by Google. It is a criminal act commissioned with intent to breach the privacy of communications. The communications law of nearly all countries permits the interception and recording of content of communications only if a police or judicial warrant is issued. All other interception is deemed unlawful."
[From the audit report:
The executable program, gslite, works in conjunction with an open source network and packet sniffing program called Kismet, which detects and captures wireless network traffic. The program facilitates the mapping of wireless networks. It does so by parsing and storing to a hard drive identifying information about these wireless networks – including but not limited to their component devices’ numeric addresses, known as MAC addresses, and the wireless network routers’ manufacturer-given or user-given names, known as “service set identifiers,” or “SSIDs.” The “parsing” involves separating these identifiers into discrete fields. Gslite then associates these identifiers with GPS information that the program obtains from a GPS unit operating in the Google Street View vehicle. Gslite captures and stores to a hard drive the header information for both encrypted and unencrypted wireless networks
… The gslite program does write to a hard drive the bodies of wireless data packets from unencrypted networks. However, it does not attempt to analyze or parse that data.
Should this be a concern? Clearly, they would never store classified data on their iP ad and then leave it in their car – would they?
http://www.washingtonpost.com/wp-dyn/content/article/2010/06/07/AR2010060701140.html
At the White House, getting in touch with the inner circle's inner iPads
… Practically everyone has an iPad -- or will have one very soon.
… But the big question is: What's on your iPad? So we asked.
… Summers has the Bloomberg app for financial information, says adviser Matt Vogel. Also Scrabble.
… Burton, who has been a bit of an iPad evangelist at the White House, has the app for Vanity Fair magazine, Scrabble, a news app and the entire last season of ABC's "Lost."
… Emanuel has "all the newspaper apps," says a top aide, and has installed the iBooks app so he can read books on the device, just like on a Kindle.
… Axelrod has only downloaded a couple of apps so far, his assistant, Eric Lesser, said. They include the Major League Baseball app and the National Public Radio one.
Interesting statistics, but is the graphic really necessary?
http://www.istrategy2010.com/blog/social-media-in-business-fortune-100-statistics/
Social Media in Business: Fortune 100 Statistics
I've been posting articles on the trend toward free journals. This is “Rupert Murdock-ing” science.
Univ. of California Faculty May Boycott Nature Publisher
Posted by timothy on Wednesday June 09, @05:29PM
"Nature Publishing Group (NPG), which publishes the prestigious journal Nature along with 67 affiliated journals, has proposed a 400% increase in the price of its license to the University of California. UC is poised to just say no to exorbitant price gouging. If UC walks, the faculty are willing to stage a boycott; they could, potentially, decline to submit papers to NPG journals, decline to review for them and resign from their editorial boards."
Our language has added LOL and OMG, but I suspect it's not at the same intellectual level.
Official Kanji Count Increasing Due To Electronics
Posted by timothy on Wednesday June 09, @04:42PM
"Those who have studied Japanese know how imposing kanji, or Chinese characters, can be in learning the language. There is an official list of 1,945 characters that one is expected to understand to graduate from a Japanese high school or be considered fluent. For the first time in 29 years, that list is set to change — increasing by nearly 10% to 2,136 characters. 196 are being added, and five deleted. The added characters are ones believed to be found commonly in life use, but are considered to be harder to write by hand and therefore overlooked in previous editions of the official list. Japanese officials seem to have recognized that with the advent and spread of computers in daily life, writing in Japanese has simplified dramatically. Changing the phonetic spelling of a word to its correct kanji only requires a couple of presses of a button, rather than memorizing an elaborate series of brush strokes. At the same time, the barrage of words that people see has increased, thereby increasing the necessity to understand them. Computers have simplified the task of writing in Japanese, but inadvertently now complicated the lives of Japanese language learners. (If you read Japanese and are interested in more details on specific changes, Slashdot.jp has some information!)"
Unfortunately, Dilbert has this right too.
For the Computer Design students.
http://www.downloadsquad.com/2010/06/09/sculptris-is-insanely-cool-free-3d-modeling-software/
Sculptris is insanely cool, free 3D modeling software
http://www.killerstartups.com/Web-App-Tools/letsannotate-com-annotate-pdfs-in-an-easy-way
LetsAnnotate.com - Annotate PDFs In An Easy Way
As the title of the review puts it, Lets Annotate is a tool that can be used in order to make annotations on any PDF, either for quicker reference or for having your insight shared with fiends and colleagues.
This is accomplished by way of an online interface that has the added advantage of letting you dispense with emailing files. That is, the whole application is browser-based. You don’t have to install anything, and files are edited while you are online.
The Free Plan: 5 MB storage, 2 collaborators*per document Unlimited uploads Free forever
For my students who can't seem to remember to bring their thumb drives to school...
http://www.killerstartups.com/Web-App-Tools/fiabee-com-a-tool-for-backing-everything-up
Fiabee.com - A Tool For Backing Everything Up
Backing up your files should never be an afterthought, and I am speaking from experience here.
… Fiabee is a tool that will let you carry out both automatic and selective backups by simply signing up for an account. It can back mostly anything that has a certain degree of relevance - from photos and documents to even you email messages, you will be capable of storing your data and accessing your files whenever you want, and also share them effortlessly with your contacts.
Furthermore, a mobile version is provided in the shape of an iPhone app.
Hey, it was fun!
http://www.killertechtips.com/
Download Google Pacman
Free Download Google Pacman, Play Offline! If you went to Google’s homepage today and got disappointed that the Pacman Google doodle is no more, don’t worry – you can download Google’s Pacman game and play it offline on your computer. All you need to do is download this file from Mediafire, unzip it and then open “Play Google Pacman” HTML file to play it offline.
http://www.mediafire.com/?kml3oz0mwyy
SHORT NOTICE!
Wednesday, June 9, 2010
Free Webinar - Teach With Video
Tomorrow (June 10) at 3pm EST, Steven Katz and Simple K12 are presenting a free webinar about teaching with video. Steven is the author of Teach With Video, a practical guide to integrate video projects into the subjects you teach. Register for the webinar here.
Here are some related items that may be of interest to you:
Free Guide - Making Videos on the Web
Using Screen Captures to Enhance Instructions
How to Put a Video Editor on Your School's Website
No comments:
Post a Comment