Wednesday, September 29, 2010

All in all, Heartland has responded well to their breach. Therefore I'm inclined to believe this indicates how difficult it is to implement encryption on large numbers of devices at customer sites rather than any great reluctance on Heartland's part..

http://www.databreaches.net/?p=14228

Heartland Payment Systems bolsters encryption

September 28, 2010 by admin

Ellen Messmer reports:

Heartland Payment Systems, which last year suffered a devastating data breach, has been on a mission to secure payment-card processing .

After introducing the E3 terminal for point-of-sale transactions last May, which has gone into use with about 5,000 Heartland merchant customers for encryption of sensitive cardholder data, Heartland Tuesday introduced yet another encryption device, called the E3 magnetic stripe reader wedge, which will be available next month.

Read more about how the E3 wedge works on Network World.



It's one thing if a small business has an existing wire transfer relationship with the bank. It's something else when the crooks can open one for you!

http://www.databreaches.net/?p=14249

Wire-transfer fraud poses a growing problem

September 29, 2010 by admin

Doreen Hemlock filed this report last week:

Identity theft takes many forms, but Lenny Vigliotti never imagined it would show up as somebody wiring $12,000 from his South Florida saving account through multiple banks to end up in the Ukraine.

Nearly three months after he noticed the money missing, he’s yet to recoup the cash. As investigations proceed, he’s found out there’s a chance he may never get those savings back either.

Rules governing wire transfers place a larger burden on account holders than laws on credit cards or debit cards, Vigliotti has learned. And his Fort Lauderdale bank says he may not have met required security requirements on his computer system — even though he has secured wireless, firewalls, anti-virus software and other protection — and so, the bank may not be liable to pay him back.

“They say someone got into my computer, not their system,” said Vigliotti, a Hollywood resident. “But my point is: If you know fraud is a problem, and you see an account that has never had wire-transfers before, how do you let someone with a fax take out thousands of dollars without checking? All they needed to do was call me and ask: Are you applying for wire transfers? And I would have said: What are you talking about?”

Read more in the Orlando Sentinel.

I’m not sure why the reporter didn’t name the bank. Isn’t it newsworthy and wouldn’t other bank customers want to know that this is how the bank responds to its customers? Did the bank do enough to authenticate before making the transfer? [Isn't it obvious that they did not? Bob] The customer says ‘no,’ and many of us would likely agree with him:

The bank said it had received an authorization by fax to withdraw the money with a signature, phone number and fax number, which Vigliotti said were not his.



Unintended consequences?

US Gov't Assisted Iranian Gov't Mobile Wiretaps

Posted by CmdrTaco on Tuesday September 28, @04:27PM

bdsesq sent in a story on Ars Technica highlighting how the US government's drive for security back doors has enabled the Iranian government to spy on its citizens.

"For instance, TKTK was lambasted last year for selling telecom equipment to Iran that included the ability to wiretap mobile phones at will. Lost in that uproar was the fact that sophisticated wiretapping capabilities became standard issue for technology thanks to the US government's CALEA rules that require all phone systems, and now broadband systems, to include these capabilities."


(Related)

http://www.networkworld.com/community/blog/crypto-wars-eff-urges-us-stand-and-defend-pri?source=nww_rss

Crypto Wars: EFF Urges Us To Stand Up and Defend Privacy

The disturbing news today is that the government intends to expand its ability to surveill us by putting government-mandated back doors in all communications systems and in all encryption software. [The previous article suggest they already have... Bob]

… Charlie Savage of The New York Times described how U.S. feds claim "that their ability to wiretap criminal and terrorism suspects is 'going dark' as people increasingly communicate online instead of by telephone." In fact, federal law enforcement and national security officials want Congress "to require all services that enable communications — including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct 'peer to peer' messaging like Skype — to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages." [..and that's the kicker. Bob]



Is California moving toward the kind of 'preemptive injunction' soccer players can get in the UK? (Did this law just make Identity theft a misdemeanor?)

http://www.pogowasright.org/?p=14903

California bans malicious online impersonation

September 28, 2010 by Dissent

Robert McMillan reports:

A new law makes it illegal in California to maliciously impersonate someone online.

On Monday California Governor Arnold Schwarzenegger signed the law, which makes it a misdemeanor in the state to impersonate someone online for “purposes of harming, intimidating, threatening, or defrauding another person.”

The bill’s author, State Senator Joe Simitian, said that Senate Bill 1411 brings California’s impersonation laws into the 21st century by addressing “the dark side of the social networking revolution.”

Read more on Computerworld.



This is similar to Australia's ruling earlier this week. Should the US follow suit?

http://www.databreaches.net/?p=14235

India amends telecom rules over security fears

September 28, 2010 by admin

India’s Department of Telecommunications has amended the telecom licensing rules for national and international long-distance operators, asking them to address security concerns on their networks.

Telecom companies offering national and international long-distance communications services must now have a “well-outlined organizational policy on security and security management of their networks and shall be completely and totally responsible for security of their networks.”

The changes were made effective by the Department of Telecommunications–the licensing body for telecom services in India–through an amendment dated Aug. 11, a copy of the changed rules on the department’s website showed Tuesday.

Read more on MarketWatch.

Related: Expansion of Telecom Services in various zones of the country


(Related)

http://www.pogowasright.org/?p=14920

India Launches Project to ID 1.2 Billion People

September 29, 2010 by Dissent

Amol Sharma reports:

India’s vaunted tech savvy is being put to the test this week as the country embarks on a daunting mission: assigning a unique 12-digit number to each of its 1.2 billion people.

The project, which seeks to collect fingerprint and iris scans from all residents and store them in a massive central database of unique IDs, is considered by many specialists the most technologically and logistically complex national identification effort ever attempted. To pull it off, India has recruited tech gurus of Indian origin from around the world, including the co-founder of online photo service Snapfish and employees from Google Inc., Yahoo Inc. and Intel Corp. [Did their employers allow them to participate in exchange for the knowledge they would gain? Bob]

Read more on WSJ



When will these parents learn that the government knows best? “Besides, we need to train the little bastids how to knuckle under to authority.”

http://www.pogowasright.org/?p=14937

Parents sue Springfield schools over lockdowns and searches

September 29, 2010 by Dissent

Chris Coughlin reports:

Parents sued the Springfield Public Schools, saying the repeated “mass lockdowns of public schools,” during which sheriff’s officers search virtually everything – backpacks, lockers, and students’ bodies, if the police dogs “alert” on them – are unconstitutional. When the parents complained, they say the school board said it was their “policy” to conduct five such lockdowns a year, though there was no probable cause for them.

[...]

When the Burlisons complained about the lockdown and warrantless searches, a publicist for the school district “publicly announced that the ‘lockdown’ and searches were a ‘standard drill’ and not prompted by any incident that had occurred at Central High School. The spokesman also announced that it was the intent and policy of defendants SPS to conduct similar ‘lockdowns at all SPS high schools.”

Read more on Courthouse News, where you can also read the complaint.



“Hey, If you don't like it, remember that we have the death penalty and are not reluctant to use it!”

http://www.phiprivacy.net/?p=3986

Texas state health agency sells — or gives away — patient data

By Dissent, September 28, 2010

If you’ve ever been in hospitalized in Texas, do you know who has bought or obtained your patient data?

Okay, this is mind-boggling. Truly. Even though I know that patient information is sold a lot, what’s going on in Texas seems really appalling.

First read this investigative report by Suzanne Batchelor of the Austin Bulldog. Here’s part of it:

Texas hospital-patient data for the years 1999 through 2003 are available at no charge. [So, I could get it for my Statistics class? Bob] Data for the years 2004 through 2009 must be purchased, but the cost is minimal for a commercial user (more about that later).

The hospital-patient Public Use Data Files contain more than 200 fields of information, naming everything from your insurance coverage, or lack of it, to whether or not your stay included placement of a heart stent, “sterilization,” “abortion performed due to rape,” or a drug- or alcohol-related diagnosis, along with what tests you got and when, and what medications you received.

Buyers may order one of two versions of the hospital-patient files.

Research version—This version of the Public Use Data Files contains complete personal information including date of birth, date of admission and discharge, and the patient’s full address.

De-identified version—For this version DSHS has removed some but not all personal information, in a privacy protection process called “de-identification.” DSHS removes the patient’s dates of admission and discharge from the hospital, but leaves in the dates of diagnoses, treatments, medications, and payments. A four-year age range is substituted for the patient’s exact age, and the street address is removed. The de-identified version includes the patient’s gender and full zip code in most cases.

After you read the full investigative report — and do read it all to learn who’s been buying your identifiable patient data for “research” purposes — then trot on over to the state’s site and prepare to breathe into a brown paper bag when you see this offer for sale:

The data files for 2009 include 255 data fields in a base data file and 13 data fields in a detailed charges file. Data files for years before 2004 include only 205 data fields.

As I read the report and looked at the site, I kept thinking about Professor Paul Ohm’s ”database of ruin.” If you’ve been hospitalized in Texas, you may be closer to ruin than you know.

Over on Patient Privacy Rights, Dr. Deborah Peel has also blogged about this investigative report and urges members of the public to sign the “Do Not Disclose” petition.



Once upon a time, the sheriff could identify criminals because they looked “shifty”

http://www.pogowasright.org/?p=14944

Behavioral biometrics to detect terrorists entering U.S.

September 29, 2010 by Dissent

Fingerprinting air passengers entering the United States is one counter-terrorism method used today. DHS, however, has another idea in the works: a behavioral biometrics monitoring system that gauges small changes in a person’s body, dubbed the “fidget factor,” especially in answer to a question such as “Do you intend to cause harm to America?”

Ellen Messmer writes that DHS has actually developed a prototype for putting subjects on a monitoring pad next to a battery of remote-sensing equipment that can very quickly measure ocular changes, heart, and respiration rates and even slight changes in the skin’s thermal properties as a way to detect suspicious behavior. [Or maybe they just need the bathroom? Bob] Dr. Starnes Walker, director of the research at the Science and Technology Directorate (S&T) at the DHS, discussed the effort during a keynote address at last week’s Biometric Consortium Conference in Tampa.

Read more on Homeland Security Newswire.

Not ready for prime time, though? See Automated Biometric Recognition Technologies ‘Inherently Fallible,’ Better Science Base Needed.



Inevitable? How could individuals respond?

http://tech.slashdot.org/story/10/09/28/1750209/UKs-Two-Biggest-ISPs-Rip-Up-Net-Neutrality?from=rss

UK's Two Biggest ISPs Rip Up Net Neutrality

Posted by CmdrTaco on Tuesday September 28, @02:59PM

"The UK's two biggest ISPs have openly admitted they'd give priority to certain internet apps or services if companies paid them to do so. Speaking at a Westminster eForum on net neutrality, senior executives from BT and TalkTalk said they would be happy to put selected apps into the fast lane, at the expense of their rivals. Asked specifically if TalkTalk would afford more bandwidth to YouTube than the BBC's iPlayer if Google was prepared to pay, the company's executive director of strategy and regulation, Andrew Heaney, argued it would be 'perfectly normal business practice to discriminate between them.' Meanwhile, BT's Simon Milner said: 'We absolutely could see a situation when content or app providers may want to pay BT for quality of service above best efforts,' [What, exactly, is “better than best?” Bob] although he added BT had never received such an approach."



Is it Censorship or does Google just want to avoid “recommending” certain topics? Strangely, “Republican” isn't on their list. But “Pamela Anderson?” Really?

http://yro.slashdot.org/story/10/09/29/0526215/Seven-Words-You-Cant-Say-On-Google-Instant?from=rss

Seven Words You Can't Say On Google Instant

Posted by timothy on Wednesday September 29, @05:03AM

"Back in 1972, Georgle Carlin gave us the Seven Words You Can Never Say on Television. Thirty eight years later, Valleywag reports on The Definitive List of Words Google Thinks Are Naughty. You've probably noticed how the new Google Instant tries to guess what you're searching for while you type — unless it thinks your search is dirty, in which case you'll be forced to actually press ENTER to see your results. Leave it to the enterprising folks at 2600 to compile an exhaustive list of words and phrases Google Instant won't auto-search for."



This is interesting for those of us who use this Microsoft Office alternative...

http://developers.slashdot.org/story/10/09/28/143204/OpenOfficeorg-Declares-Independence-From-Oracle-Becomes-LibreOffice?from=rss

OpenOffice.org Declares Independence From Oracle, Becomes LibreOffice

Posted by CmdrTaco on Tuesday September 28, @10:42AM

"The OpenOffice.org Project has unveiled a major restructuring that separates itself from Oracle and that takes responsibility for OpenOffice away from a single company. From now on, OpenOffice's development and direction will be decided by a steering committee of developers and national language project managers. Driving home the changes, the OpenOffice.org project is now The Document Foundation, while the OpenOffice.org suite has been given the temporary name of LibreOffice."



This should start some lawsuits flying...

http://apple.slashdot.org/story/10/09/29/0446224/Chinese-Apple-Peel-Turns-iPods-Into-iPhones?from=rss

Chinese 'Apple Peel' Turns iPods Into iPhones

Posted by timothy on Wednesday September 29, @04:00AM

"The Apple Peel 520, a Chinese-developed product that drew the media's attention for being able to turn an iPod Touch into an iPhone-like device, is coming to America. The add-on device, which just went on sale in China, has been billed as a more affordable option for users wanting to get their hands on an iPhone, but lack the budget."


(Related)

http://techcrunch.com/2010/09/28/ipod-touch-calls-pinger/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Pinger Now Turns Your iPod Touch Into A Free Cell Phone

Earlier this month we took a look at Pinger, the company behind Textfree, a massively popular application for the iPhone and iPod Touch that gives users free, unlimited text messaging.

… And today at TechCrunch Disrupt, the company is announcing that it’s venturing into new territory: voice calls.

Textfree will soon include a true SIP-based VOIP client that works over both 3G and Wifi.



For my Statistics class. Nothing is certain (even the “obvious”) until you measure it and even then you can only be so “confident.”

http://www.bespacific.com/mt/archives/025336.html

September 28, 2010

Pew Forum: U.S. Religious Knowledge Survey

U.S. Religious Knowledge Survey, POLL - September 28, 2010

  • Executive Summary: "Atheists and agnostics, Jews and Mormons are among the highest-scoring groups on a new survey of religious knowledge, outperforming evangelical Protestants, mainline Protestants and Catholics on questions about the core teachings, history and leading figures of major world religions. On average, Americans correctly answer 16 of the 32 religious knowledge questions on the survey by the Pew Research Center’s Forum on Religion & Public Life. Atheists and agnostics average 20.9 correct answers. Jews and Mormons do about as well, averaging 20.5 and 20.3 correct answers, respectively. Protestants as a whole average 16 correct answers; Catholics as a whole, 14.7. Atheists and agnostics, Jews and Mormons perform better than other groups on the survey even after controlling for differing levels of education."


(Ditto) Perhaps we don't know everything we think we know?

http://www.networkworld.com/news/2010/092810-texting-bans-dont-work.html

Texting while driving bans don't work, may actually hurt, study finds



I use the Download Helper add-on and really find it useful.

http://www.makeuseof.com/tag/capture-streaming-video-website-5-tools/

Capture Streaming Video From Any Website With These 5 Tools

No comments: