Tuesday, July 06, 2010

“We couldn't stuff all your cash into the envelope, so we just sent the cards.”

http://news.slashdot.org/story/10/07/05/2235205/HSBC-Bank-Sends-Activated-Debit-Cards-Through-Mail?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

HSBC Bank Sends Activated Debit Cards Through Mail

Posted by kdawson on Monday July 05, @08:04PM

"At least two divisions at HSBC Bank apparently failed card issuing 101 and are mailing out debit cards pre-activated. Because they are debit cards, fraudulent transactions come directly out of a victim's checking account. A similar report from 2004 suggests this issue is longstanding and widespread. When confronted with the evidence, HSBC would not commit to fixing this issue, preferring instead to offer vague statements like, 'Through our systems and analytics, we focus on the greatest and most active threats in an effort to avoid negatively impacting customer experience.'"


(Related) What were they thinking? “We can save one ten-thousandth of a cent per picture if we leave off all security!”

http://it.slashdot.org/story/10/07/06/0019234/Photo-Kiosks-Infecting-Customers-USB-Devices?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Photo Kiosks Infecting Customers' USB Devices

Posted by kdawson on Tuesday July 06, @05:29AM

The Risky Biz blog brings news that Big W, a subsidiary of Woolworths, has Windows-based Fuji photo kiosks in at least some of its stores that don't run antivirus software, and are therefore spreading infections, such as Trojan-Poison-36, via customers' USB storage devices. Here is the account of the original reporter.

"It's not just the lack of AV that's the problem... it appears there's been zero thought put into the problem of malware spreading via these kiosks. Why not just treat customers' USB devices as read-only? Why allow the kiosks to write to them at all? It would be interesting to find out which company — Fuji, Big W, or even some other third party — is responsible for the maintenance of the machines. It would also be interesting to find out if there are any liability issues here for Big W in light of its boneheaded lack of security planning."



Old school, but if no one is thinking it still works. (How many “The check is in the mail” jokes can you generate in 10 minutes?)

http://www.databreaches.net/?p=12388

FL: Citizens Property Insurance didn’t get its mail, warns of fraud

July 6, 2010 by admin

Jeff Harrington reports:

Someone filled out a change-of-address form for Citizens Property Insurance. But it wasn’t Citizens.

Now the state-run insurer is warning policyholders that mail sent to its headquarters in late June, including payment checks, may have been fraudulently misdirected to a Hialeah apartment.

The insurer of last resort, which has more than 1 million policyholders, said U.S. Postal Service investigators and other agencies are working to figure out the scope of the fraud.

Read more on TampaBay.com



If you want to create a “Thought Police” you must first make certain the thoughts of the police are controlled. I'm sure we could find scenarios where access to each of these categories was essential to TSA's mission, but I also certain that Osama appreciates knowing where he can send messages without worrying about someone at TSA noticing...

http://yro.slashdot.org/story/10/07/05/1943259/TSA-Internally-Blocking-Websites-With-Controversial-Opinions?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

TSA Internally Blocking Websites With 'Controversial Opinions'

Posted by Soulskill on Monday July 05, @04:10PM

"The Transportation Security Administration is blocking certain websites from the federal agency's computers, including halting access by staffers to any Internet pages that contain a 'controversial opinion,' according to an internal email obtained by CBS News. The new rules came into force on July 1, and prevent TSA employees from accessing such content, though what is deemed 'controversial opinion' is not explained."

[From the CBS News article:

The categories include:

• Chat/Messaging

• Controversial opinion

• Criminal activity

• Extreme violence (including cartoon violence) and gruesome content

• Gaming


(Related) What Oil Spill? Another attribute of Big Brother: He never does anything evil where innocent eyes can watch. Perhaps they are soaking up the oil with baby pelicans? Perhaps they are pumping oil from the booms rather than sucking it up? Enquiring minds want to know...

http://politics.slashdot.org/story/10/07/05/2358259/Ban-On-Photographing-Near-Gulf-Oil-Booms?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Ban On Photographing Near Gulf Oil Booms

Posted by kdawson on Monday July 05, @11:55PM

"The day before yesterday CNN's Anderson Cooper reported that, from now on, there is a new rule in effect, which de facto bars photographers from coming within 65 feet of any deployed boom or response vessel around Deepwater Horizon (official announcement). The rule, announced by the US Coast Guard, forbids 'photographers and reporters and anyone else from coming within 65 feet of any response vessel or booms out on the water or on beaches. In order to get closer, you have to get direct permission from the Coast Guard captain of the Port of New Orleans,' while 'violators could face a fine of $40,000 and Class D felony charges. What's even more extraordinary is that the Coast Guard tried to make the exclusion zone 300 feet, before scaling it back to 65 feet.'"

Read below for the Coast Guard's statement on the new rule.

"The Coast Guard Captain of the Port of New Orleans has delegated authority to the Coast Guard Incident Commander in Houma to allow access to the safety zones placed around all Deepwater Horizon booming operations in Southeast Louisiana. The Coast Guard Incident Commander will ensure the safety of the members and equipment of the response before access is granted. The safety zone has been put in place to prevent vandalism to boom and to protect the members and equipment of the response effort by limiting access to, and through, deployed protective boom."



“We've got plenty of lawyers. What we don't have is a budget to fix our ATMs!”

http://news.slashdot.org/story/10/07/05/1740205/ATM-Vendors-Threaten-Stop-Research-Presentation?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

ATM Vendors Threaten, Stop Research Presentation

Posted by Soulskill on Monday July 05, @01:41PM

"A presentation about 'The Underground Economy,' by Italian white hat hacker and security expert Raoul Chiesa, was replaced at the last minute during last week's Hack In The Box conference. The reason behind this cancellation was that Chiesa received legal pressure from ATM vendors over the fact that the originally scheduled presentation covers details of various techniques and exploits of vulnerabilities that cyber criminals use to break into ATMs — flaws that have been known for a long time."



Never challenge a hacker! One thing a Security Geek should not be is arrogant. What else has this guy screwed up?

http://techcrunch.com/2010/07/05/employees-challenged-to-crack-facebook-security-succeed/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Employees Challenged To Crack Facebook Security, Succeed

Apparently Facebook noticed the slap down that the FTC gave Twitter in June because it “failed to prevent unauthorized administrative control of its system.” Shortly afterwards one of the senior engineers at Facebook responsible for SRE (site reliability engineering) challenged Facebook employees to try to compromise him and gain access to Facebook’s administrative system via information obtained from him.

They succeeded.

It’s absolutely a smart thing for Facebook to do this, and other companies should too. But if a security engineer at Facebook was compromised, even though he knew it was coming, imagine how trivial it would be for other people to get hit, too.



“We don't bother to check legalities, we leave that to our entry level computer geeks.”

http://www.networkworld.com/community/node/63286

Many companies distributing open source software don't know it

Too many companies have no idea that they're distributing open source software and therefore violating the GPL, a survey by OpenLogic found.



“Ignorance of the _____ is no excuse!” But is it criminal or a breach of contract?

http://econsultancy.com/blog/6189-can-terms-of-service-turn-you-into-a-criminal

Can terms of service turn you into a criminal?

If you live in the United States, a warning: you may want to read the terms of service of the websites you use a little more carefully. That's because a government prosecutor in New Jersey is pursuing criminal charges against the operators of a company that used an automated process to purchase event tickets on Ticketmaster.com for resale.

The charges are being brought under the Computer Fraud and Abuse Act (CFAA), which was passed in 1986 with the purpose of cracking down on the unauthorized accessing of computers (read: hacking). In U.S. v. Lowson, the prosecutor seeks to extend the CFAA to cover the violation of the Ticketmaster.com terms of service, which forbids individuals and companies from accessing the website in an automated fashion.

The Electronic Frontier Foundation (EFF), which filed an amicus brief in the matter, thinks this extension of the CFAA could have profound implications.


(Related) Some terms of service are self-defeating...

http://yro.slashdot.org/story/10/07/06/0040208/Paperless-Tickets-Flourish-Despite-Grandma-Problem?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Paperless Tickets Flourish Despite 'Grandma Problem'

Posted by kdawson on Tuesday July 06, @08:17AM

"Is a concert ticket a piece of property that its holder has the right to buy and sell as he sees fit, or is it merely a seat-rental contract subject to restrictions determined by its issuer? The Washington Post reports that in an effort to thwart scalpers and dampen ticket reselling on the so-called secondary market, musicians as diverse as Bruce Springsteen, Miley Cyrus, and Metallica have adopted 'paperless ticketing' for some or all of the seats at their live shows. Ticket issuers Ticketmaster and Veritix tout paperless tickets as a way to eliminate worries about lost, stolen, or counterfeit tickets, and to banish long will-call lines. But paperless tickets aren't really tickets at all, but essentially personal seat reservations, secured electronically like airline tickets. Fans buy tickets with a credit card and must then go to the venue with the same credit card and a photo ID to gain admittance. The problem is that Ticketmaster's paperless tickets can't be transferred from a buyer to a second party. The inability to pass along a seat creates what has become known in the industry as the 'grandma problem': it's almost impossible for a grandma living at one end of the country to buy a paperless ticket to giver to a grandchild living at the other end. Without the ability to transfer virtual tickets, brokers and dealers fear being run out of business, and consumers have a harder time selling unwanted tickets. 'People should be free to give away or sell their tickets to whomever they want, whenever they want,' says Gary Adler, a Washington attorney who represents the National Association of Ticket Brokers. 'An open market is really best for consumers.'"


(Related) Can your terms of service be used against you?

http://techcrunch.com/2010/07/06/woot-ap/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Woot To The AP: Nice Story About Our Sale — You Now Owe Us $17.50

… Woot noticed that the AP covered the story of their sale five days ago. But in doing so, they also noticed that the AP used a number of quotes from CEO Matt Rutledge’s blog post about the sale. According to the AP’s own ridiculous rules for using quotations, Woot figures that the AP owes them $17.50.


(Completely unrelated) This is explained under the “You can't believe a thing I say” section... And this article falls under the Streisand Effect...

http://politics.slashdot.org/story/10/07/06/1239218/Copyright-As-Weapon-In-US-Senate-Campaign?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Copyright As Weapon In US Senate Campaign

Posted by timothy on Tuesday July 06, @09:05AM

"Sharron Angle, the Republican candidate for US Senate in Nevada, is using a copyright 'cease-and-desist' letter to stop her opponent, incumbent Harry Reid (currently majority leader in the US Senate), from reposting old versions of her campaign website. The old pages are politically sensitive because Angle campaigned from the far right in the primary, but is now toning that down for the general election."

As kfogel notes, the letter "also accuses the Reid campaign of intending to impersonate Angle's campaign, which seems doubtful, but who knows?


Best summation I've heard in a long while... Available as a eBook – see below!

http://www.guardian.co.uk/technology/2010/jul/05/clay-shirky-internet-television-newspapers

Clay Shirky: 'Paywall will underperform – the numbers don't add up'

If you are reading this article on a printed copy of the Guardian, what you have in your hand will, just 15 years from now, look as archaic as a Western Union telegram does today. In less than 50 years, according to Clay Shirky, it won't exist at all. The reason, he says, is very simple, and very obvious: if you are 25 or younger, you're probably already reading this on your computer screen. "And to put it in one bleak sentence, no medium has ever survived the indifference of 25-year-olds."



I'm not an old fuddy-duddy, I'm a techno-historian (technology-reenactor?)

http://www.pcworld.com/article/200325/10_technologies_that_should_be_extinct.html?tk=rss_news

10 Technologies That Should Be Extinct (But Aren't)

1. The Telegraph

2. Typewriters

3. Fax Machines

4. Landline Telephones

5. Turntables

6. Cash Registers

7. Instant Cameras

8. Disc Drives

9. Cathode Ray Tubes

10. CB Radios



Great summary.

http://www.makeuseof.com/tag/url-domain-extensions-stand-needed-case-wondering/

What Do the URL Domain Extensions Stand For and Why Are They Needed? [In Case You Were Wondering]



For my Computer Security class

http://www.makeuseof.com/tag/8-sources-follow-computer-virus-news-alerts/

8 Best Sources to Follow Computer Virus News and Alerts



Sure enough, my local library subscribes.

http://www.bespacific.com/mt/archives/024648.html

July 05, 2010

Internet Archive's Launches Digital Lending Library

"Checking out digital versions of books that are automatically returned after two weeks is as easy as logging onto the Internet Archive’s Open Library site, announced digital librarian and Internet Archive founder Brewster Kahle. By integrating this new service, more than seventy thousand current books – best sellers and popular titles – are borrowable by patrons of libraries that subscribe to Overdrive.com's Digital Library Reserve. Additionally, many other books that are not commercially available but are still of interest to library patrons, are available to be borrowed from participating libraries using the same digital technology. According to Kahle, "Digital technologies promise increased access to both old and new books. The Internet Archive, through its OpenLibrary.org site, is thrilled to be adding the capacity to lend newer books over the internet, in addition to continuing to provide the public with all access, free downloadable older materials.” He added, "We expect the number of books in the digital lending library to grow annually."

Currently, OpenLibrary.org is making available:

  • More than one million digital versions of older books are now available for free download in a variety of formats.

  • Over 70,000 current digital books to those with a library card from many of the over 11,000 libraries that subscribe to the OverDrive service.

  • Genealogical books from the Boston Public Library.

  • How-to and technical book collection via the Internet Archive.

  • Marine life reference materials from the Marine Biological Laboratory and Woods Hole Oceanographic Institution in Woods Hole, Massachusetts.

  • Spanish texts from Universidad Francisco Marroquín in Guatemala.



Useful little tool..

http://www.makeuseof.com/tag/create-hosted-online-survey-limesurvey/

How To Create Your Own Hosted Online Survey With LimeSurvey



For the Swiss Army Toolkit. (Seriously, I have a Bookmark folder named 'Swiss Army')

http://www.killerstartups.com/Web-App-Tools/online-convert-com-converting-files-of-every-type

Online-Convert.com - Converting Files Of Every Type

Online Converter will let you do exactly what its name implies: take a file (any kind of file) and have it converted into a different format.

You can convert audio, videos, images, documents, ebooks and hashes by merely clicking on the corresponding drop-down menus and picking the desired output files.

Using this service does not require you to download or install any kind of software. There is no need to set up or configure anything either. And there are no fees to be paid.

http://www.online-convert.com/

No comments: