Second suit over Lower Merion webcam snooping
The letter from Lower Merion school administrators delivered the news three weeks ago [If the school district is just now notifying the students it “spied on,” we can expect more of these. Bob]- her son had been secretly monitored by the webcam on his school-issued laptop. But only when Fatima Hasan saw the evidence did the scope of the spying on her son Jalil become apparent.
There were more than 1,000 images surreptitiously captured by the computer - 469 webcam photographs and 543 screen shots.
… The cases are similar in their broad outlines. The electronic monitoring began after school-issued computers were reported missing. In both cases, the system was simply left on long after the laptops were recovered. Hundreds of photos and screen shots were captured on a predetermined schedule.
The photos from Hasan's computer included shots of him in his bedroom and of other family members and friends
… According to the suit, Hasan forgot his computer in cooking class on Dec. 18, a Friday. A teacher turned it in to the technology department that day. On Dec. 21, Hasan retrieved his computer from the technology office.
At some point that day, school officials activated the security system. The system kept capturing images for nearly two months and was only deactivated after the first lawsuit was filed.
… The district did not respond to the allegations in the suit, but in a statement said "continued litigation is clearly not the right way to proceed." It noted that new policies governing the use of technology had been drafted.
"While the results of that investigation reveal that mistakes were made, there is no evidence that any students were individually targeted," the statement said. [But surveillance was initiated on specific computers (specific students). Perhaps they believe studentsa aren't individuals? Bob]
[Court documents here: http://www.wired.com/images_blogs/threatlevel/2010/07/hasan.pdf
A minor variation on “Because that's where the money is.” And a serious failure of Disclosure?
http://www.databreaches.net/?p=12730
Hackers add new twist to check counterfeiting
July 28, 2010 by admin
Jordan Robertson of the Associated Press reports:
Think of it as one more reason not to write checks.
Hackers believed to be operating out of Russia have figured out a high-tech way to carry out the decidedly low-tech crime of check fraud, a computer security company says — writing at least $9 million in fakes against more than 1,200 legitimate accounts.
But these hackers got the account information in an unusual way: They broke into three websites that specialize in a little-known type of business — archiving check images online.
[...]
Stewart uncovered the scam while investigating malicious software that steals banking passwords. In eavesdropping on one criminal group’s communications, which he was able to do by infecting his own computer with the malicious program the group was using, he noticed they were doing something unexpected: collecting massive amounts of images of checks.
He found a file logging all of their transactions, which revealed that 3,285 checks were written against 1,280 accounts since June 2009. Most checks were written for less than $3,000 to evade banks’ anti-fraud measures. [See? They have lawyers too. Bob] Overall, he saw about 200,000 stolen check images — suggesting the criminals have exploited only a fraction of the accounts on which they have information.
SecureWorks isn’t identifying the hacked sites. [“We want customers to continue to believe they are trustworthy.” Bob]
Read more in the Portland Press Herald.
Incompetent security managers? Inadequate testing?
http://news.cnet.com/8301-27080_3-20011871-245.html?part=rss&subj=news&tag=2547-1_3-0-20
Report: Most data breaches tied to organized crime
Organized criminals were responsible for 85 percent of all stolen data last year and of the unauthorized access incidents, 38 percent of the data breaches took advantage of stolen login credentials, according to the 2010 Verizon Data Breach Investigations report to be released on Wednesday.
While external agents were behind 70 percent of the breaches, nearly 50 percent were caused by insiders and only 11 percent were attributed to business partners, concluded the report, which focused on data breaches that took place in 2009.
… Most of the externally originated breaches came from Eastern Europe, North America, and East Asia, the data shows.
Nearly 50 percent of breaches involved misuse of user privileges, while 40 percent resulted from hacking, 38 percent used malware, 28 percent used social engineering tactics, and about 15 percent were physical attacks.
There was not one single confirmed intrusion that exploited a patchable vulnerability, reflecting that fact that many of the most common hacking methods--SQL injection, stolen credentials, and backdoors--exploit problems that can't be readily patched.
"Attackers really do seem to be not so much concerned with finding software vulnerabilities as much as finding types of misconfigurations that let them in the door," Wade Baker, director of risk intelligence for Verizon Business, told CNET on Tuesday.
[The correct link to the report:
http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf
Are these users in the 5% of users who respond (fall victim) to SPAM? If so, they are even more ignorant that I assumed.
Rogue Anti-Virus Victims Rarely Fight Back
Posted by kdawson on Tuesday July 27, @07:04PM
"One big reason why rogue anti-virus continues to make major bucks for scam artists: relatively few victims ever ask their credit card company or bank to reverse the charges for the phony security software — even when the victims don't even receive the worthless software they were promised. I recently found several caches of data for affiliates of a rogue anti-virus distribution program, and the data showed that in one set of attacks only 367 out of more than 2,000 scammed disputed the charge. A second rogue anti-virus campaign scammed more than 1,600 people, and yet fewer than 10 percent fought the charges."
A Privacy Infographic...
http://www.wordstream.com/articles/google-privacy-internet-privacy
Do You Know Who's Watching You?
(Related) Do you know who keeps your deleted messages? For my Forensics students.
http://www.pogowasright.org/?p=12374
Rape charges dropped after deleted messages recovered from iPhone
July 28, 2010 by Dissent
There was a case in Australia that may be of interest to readers, as a defendant in a rape case was able to get the charges dismissed after his attorney retained a forensics expert who was able to recover messages the victim/accuser had sent to his iPhone, even though the messages had been deleted:
Apple has sold more than 50 million iPhones since 2007 but few users know how much information they collect. The keyboard logging cache means an expert can retrieve anything typed on it for up to 12 months. Its internal mapping and ”geotags” attached to photos indicate where a user has been.
An iPhone has up to 32 gigabytes of data that can be ”imaged” or decoded with the right equipment, Mr Coulthart said, even if it has been deleted.
Read more of the story by Joel Gibson in the Sydney Morning Herald.
They may not have it figured out, but they are trying...
http://www.hhs.gov/news/press/2010pres/07/20100708c.html
HHS Strengthens Health Information Privacy and Security through New Rules
The proposed rule announced today would strengthen and expand enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Enforcement Rules by:
expanding individuals’ rights to access their information and to restrict certain types of disclosures of protected health information to health plans.
requiring business associates of HIPAA-covered entities to be under most of the same rules as the covered entities;
setting new limitations on the use and disclosure of protected health information for marketing and fundraising; and
prohibiting the sale of protected health information without patient authorization.
HHS also launched today a privacy website at http://www.hhs.gov/healthprivacy/index.html to help visitors easily access information about existing HHS privacy efforts and the policies supporting them.
There seems to be a lot of articles related to “Behavioral Advertising” today.
Now you don't even need to “Click!” What relationship do you need with Google? Do you have to be on Google.com, or will it work on any site you visit after the search?
Google Nabs Patent To Monitor Your Cursor Movement
Posted by CmdrTaco on Tuesday July 27, @01:14PM
"Google has been awarded a patent for displaying search results based on how you move your mouse cursor on the screen... Google's plans are to monitor the movements of the cursor, such as when a user hovers over a certain ad or link to read a tooltip, and then provide relevant search results, and ads, based on that behaviour. It means that it does not require users to actually click a link to know that they were interested in it, opening a world of opportunity for even more focused ads."
[From the article:
The patent, entitled System and Method for Modulating Search Relevancy Using Pointer Activity Monitoring and numbered 7756887, was filed on February 16 2005, but it was only this month that it was published and released to the public. It is also a continuation of a previous patent filed in December 2004.
… To monitor the cursor would require potential invasion of privacy by stepping off the web itself and into the user's browser.
(Related) Facebook has all this personal data users provide, why not exploit it?
http://gigaom.com/2010/07/27/amazon-connects-with-facebook-but-doesnt-kiss-and-tell/
Amazon Connects With Facebook, but Doesn’t Kiss and Tell
Amazon has launched a new feature that connects users to their Facebook profiles, and then makes product suggestions based on their “likes” and other activity on the social network — but the online retailer also stresses that it will not share any of the data it has about its users or their purchasing behavior with Facebook.
(Related) How would you prove the data you have on an individual was collected from sources not flagged as do-not-track?
http://www.pogowasright.org/?p=12382
FTC Considers Do-Not-Track List
July 28, 2010 by Dissent
Wendy Davis reports:
The Federal Trade Commission is considering proposing a do-not-track mechanism that would allow consumers to easily opt out of all behavioral targeting, chairman Jon Leibowitz told lawmakers on Tuesday.
Testifying at a hearing about online privacy, Leibowitz said the FTC is exploring the feasibility of a browser plug-in that would store users’ targeting preferences. He added that either the FTC or a private group could run the system.
Leibowitz said that while Web users on a no-tracking list would still receive online ads, those ads wouldn’t be targeted based on sites that users had visited in the past.
Read more on MediaPost.
Lots of questions: How often does it “ping?” What information is sent to Google? Is it legal to by-pass this as it is a dongle?
Android Takes A New Approach To Fighting Piracy With Licensing Service
Pirates looking to illegally copy Android applications are about to face a new challenge: today, Google’s Android team announced that it is releasing a new application Licensing Service for Android. The service, which is meant to help developers secure their applications from piracy, forces apps to ping Google’s home server at regular intervals to verify that they were legitimately purchased. Fail that check, and the app can lock you out.
According to the Dev Guide, developers are free to decide how they want to deal with an application that is deemed to be pirated (a developer could disable the app entirely, or perhaps they could activate a trial mode prompting the user to purchase the real thing).
How to use Copyrighted works
http://www.bespacific.com/mt/archives/024813.html
July 27, 2010
Rulemaking on Exemptions from Prohibition on Circumvention of Technological Measures that Control Access to Copyrighted Works
Statement of the Librarian of Congress on the Anticircumvention Rulemaking, July 26, 2010
The Recommendation of the Register of Copyrights: "The Librarian of Congress has announced the classes of works subject to the exemption from the prohibition against circumvention of technological measures that control access to copyrighted works. Persons making noninfringing uses of the following six classes of works will not be subject to the prohibition against circumventing access controls (17 U.S.C. § 1201(a)(1)) until the conclusion of the next rulemaking."
(Related) Lawyers don't find humor funny?
Did you hear the joke about the comedian and copyright law?
The notoriously litigious music industry often resorts to the legal system to protect itself from pirates and samplers. But comedians don't. So why hasn't the joke well gone dry?
That's the question asked by a forthcoming book chapter from the University of Chicago Press called "Intellectual Property Norms in Stand-Up Comedy." Written by two professors from the University of Virginia School of Law, the chapter offers a case study in the axiom that more IP rights aren't always better IP rights.
Interesting specs...
http://www.electronista.com/articles/10/07/27/augen.gentouch78.takes.on.apple.through.price/
iPad gets odd rival in $150 Android tablet at Kmart
The online edition of a Kmart flyer has revealed plans for what could be an unusual entry into competition against Apple in the still young tablet market. The Augen Gentouch78 should run Android 2.1 on a seven-inch screen and will keep simple with just 2GB of internal storage and Wi-Fi alone for Internet access. At $150, though, it would cost less than a third the price of an iPad while offering many more features than a similarly priced Nook Wi-Fi.
More things you can do with WolframAlpha
http://www.makeuseof.com/tag/10-search-terms-put-wolfram-alpha-good-everyday/
10 Search Terms To Put Wolfram Alpha To Good Use Everyday
Sort of a MindMap for navigating the Internet? Maybe linked bookmarks would be a better description.
http://www.makeuseof.com/dir/pearltrees-organize-store-online-content/
PearlTrees: Store, Share & Organize Web Content Visually
Pearltrees is a browser addon for Mozilla Firefox. The developers of the addon provide users with a great new way of storing and connecting the web content they want to save.
Basically you can create different map-like structures out of nodes; each node can be connected to one another. These nodes are shortcuts to websites. You can create more than one map and add as many nodes as possible. Nodes can be rearranged as you like.
www.addons.mozilla.org/en-US/firefox/addon/11255
Similar tools: BagTheWeb, DropVine, Shareaholic, Linkli.st, NiceSharing, ShareTabs and MinMu.
This has potential! Watch the video. Look at the “Featured Binders” Make students do all the work?
http://www.killerstartups.com/Web-App-Tools/livebinders-com-store-everything-you-want-online
LiveBinders.com - Store Everything You Want Online
A site that defines itself as “the knowledge sharing place”, LiveBinders.com will let you create a binder in which you can organize all your resources and access them far more easily than ever before.
These binders can be created for free, and they can contain pretty much anything you like - images, videos, Word documents, PDFs… the choice is entirely yours, and it will depend on which uses you intend to put this application to - personal and professional uses are entirely compatible with the way in which Live Binders has been devised.
Of course, you can actually share the content that you have stored on your binder. In that way, LiveBinders.com stands as a great tool for collaboration.
And note that paid Binders are also going to be implemented soon. The free version of the service is limited to 100 MB per account, and 5 MB per file. These limitations will be automatically lifted the moment that you go for a paid account. Premium services will also come with better overall management features, such as the ability to monitor file uploads.
No comments:
Post a Comment