ATTENTION HACKERS! Hacking into bank accounts in tax havens can pay for your college education and fully fund your retirement, all in one swell foop! Remember our deal. If you are one of my students, I get 10% (or I'll create an account for you in Lichtenstein and rat you out to the Germans.)
http://www.databreaches.net/?p=9800
Why Germany Is Paying Millions in Ransom For Stolen Bank Data
February 3, 2010 by admin Filed under Financial Sector, Insider, Non-U.S.
Tristiana Moore reports:
The announcement may have caused some super-rich Germans to tremble in their designer shoes. On Tuesday, German Finance Minister Wolfgang SchaĆ¼ble said the government has agreed to buy a computer CD from an anonymous informant that contains the stolen bank details of up to 1,500 people suspected of evading German taxes by stashing their money away in Swiss bank accounts.
[...]
Two years ago, Germany paid an informant $6.3 million to obtain stolen bank details for several hundred members of the LGT banking group who were suspected of evading taxes by putting their money in bank accounts in Liechtenstein. That deal reportedly helped the government recover $250 million in lost revenue by the end of last year. One of the suspects, Klaus Zumwinkel, the former head of Deutsche Post, was also convicted of tax evasion and received a two-year suspended prison sentence and a fine of $1.4 million. “We can’t do the opposite now of what we did two years ago,” [Are you sure this guy is a politician? Bob] SchaĆ¼ble said in an interview with ZDF public television on Monday night.
Read more in Time.
(Related) Need a hacker?
http://www.pogowasright.org/?p=7570
Clinton calls parliament chief over bank data deal
February 4, 2010 by Dissent Filed under Non-U.S., Surveillance
Valentina Pop reports:
US secretary of state Hillary Clinton has called EU parliament chief Jerzy Buzek to voice concern over a vote due next Tuesday in which MEPs could scrap a deal allowing American investigators to track down terrorist funding via European bank transactions.
Ms Clinton’s late-night phonecall to Mr Buzek comes on top of other efforts by the US administration to try and convince EU lawmakers not to reject the agreement.
On Wednesday, US ambassador to Brussels William E. Kennard went to the European Parliament and held talks with several political group leaders and MEPs dealing with justice and home affairs.
Read more on the EUobserver.
Update (Register for a copy of the report) If this is not the Chinese government, (and I'll be shocked if it isn't),it looks like it could be the electronic equivalent of Murder, Inc. (Perhaps Hackers, Inc.?)
http://www.databreaches.net/?p=9802
Report Details Hacks Targeting Google, Others
February 3, 2010 by admin Filed under Commentaries and Analyses, Hack
Kim Zetter reports:
It’s been three weeks since Google announced that it and numerous other U.S. companies were targeted in a recent sophisticated and coordinated hack attack dubbed Operation Aurora.
Until now we’ve only known that the attackers got in through a vulnerability in Internet Explorer and that they obtained intellectual property and access to the Gmail accounts of two human rights activists whose work revolves around China. We also know a few details about how the hackers siphoned the stolen data, which went to IP addresses in Taiwan, and about 34 mostly undisclosed companies were breached.
Now a leading computer forensic firm [Mandiant] is providing the closest look so far at the nature of the attacks, and attackers, that struck Google and others. The report never mentions Google by name, or any other companies, but focuses on information gathered from hundreds of forensic investigations the firm has conducted that are identical to what we know about the Google hack.
Read more on Threat Level.
[From the article:
What the information indicates is that the attack that hit Google is identical to publicly undisclosed attacks that have quietly plagued thousands of other U.S. companies and government agencies since 2002 and are rapidly growing. They represent a sea change from the kinds of attacks that have commonly hit networks and made headlines.
“The scope of this is much larger than anybody has every conveyed,” says Kevin Mandia, CEO and president of Virginia-based computer security and forensic firm Mandiant. “There [are] not 50 companies compromised. There are thousands of companies compromised. Actively, right now.”
… Called Advanced Persistent Threats (APT), the attacks are distinctive in the kinds of data the attackers target, and they are rarely detected by antivirus and intrusion programs. What’s more, the intrusions grab a foothold into a company’s network, sometimes for years, even after a company has discovered them and taken corrective measures.
… The non-APT hackers target only financial data or sensitive customer data for identity theft, while the APT attackers never target such data. Instead, their focus is espionage. [Do breach laws require disclosure of espionage? Bob] They attempt to take every Microsoft Word, PowerPoint and Adobe PDF document from every machine they compromise, as well as all e-mail, says Mandia.
… One mark of APT attacks is that they have especially hit companies with dealings in China, including more than 50 law firms.
“If you’re a law firm and you’re doing business in places like China, it’s so probable you’re compromised and it’s very probable there’s not much you can do about it,” Mandia says.
(Related) Who will be the student, who the master?
http://news.slashdot.org/story/10/02/04/131224/Google-and-NSA-Teaming-Up?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29
Google and NSA Teaming Up
Posted by samzenpus on Thursday February 04, @09:28AM from the meet-my-big-brother dept.
i_frame writes
"The Washington Post reports that 'Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google — and its users — from future attack.'"
(Related) Wouldn't China be very interested in Carbon Swaps?
http://news.slashdot.org/story/10/02/03/2042209/Huge-Phishing-Attack-On-Emissions-Trade-In-Europe?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29
Huge Phishing Attack On Emissions Trade In Europe
Posted by timothy on Wednesday February 03, @04:09PM from the feel-good-measures dept.
bratgitarre writes
"A targeted phishing scam on companies trading with greenhouse gas emission certificates in Europe has reaped millions, Der Spiegel reports. By sending phishing e-mails to companies in Australia and New Zealand purporting to be from the German Ministry for Environmental Protection (German article, Google translation) the criminals obtained login credentials for companies owning polluting permissions. They then swiftly sold them to other polluters in various European countries. Damages are probably huge for a single incident, as 'one medium-sized German company alone had lost allowances worth €1.5 million ($2.1 million).' German federal officials, who can trace some of the transactions, claim that out of 2000 certificate sellers, seven responded to the scam."
For Computer Security people, this is a “Well, DUH!” article. But it never hurts to remind the C-levels that they can't always control who sees their data (and would you like encryption now?)
http://www.pogowasright.org/?p=7554
Cisco’s Backdoor For Hackers
February 3, 2010 by Dissent Filed under Breaches, Featured Headlines, Internet
Andy Greenberg reports:
Activists have long grumbled about the privacy implications of the legal “backdoors” that networking companies like Cisco build into their equipment–functions that let law enforcement quietly track the Internet activities of criminal suspects. Now an IBM researcher has revealed a more serious problem with those backdoors: They don’t have particularly strong locks and consumers are at risk.
In a presentation at the Black Hat security conference Wednesday, IBM Internet Security Systems researcher Tom Cross unveiled research on how easily the “lawful intercept” function in Cisco’s IOS operating system can be exploited by cybercriminals or cyberspies to pull data out of the routers belonging to an Internet service provider (ISP) and watch innocent victims’ online behavior.
Read more on Forbes.
Most interesting! I wonder if the court would buy the argument that cell phones send a whole bunch of very small files (packets) and therefore I can intercept them without running afoul of the Privacy laws? (Cordless phones are already wide open...)
http://www.pogowasright.org/?p=7551
File sharing on an unsecured wireless network? No reasonable expectation of privacy – court
February 3, 2010 by Dissent Filed under Court, Internet
Sharing files on an unsecured wireless router? Be very careful about what files you are willing to share with the world — and the courts. Over on FourthAmendment.com, John Wesley Hall Jr. notes a recent Oregon ruling:
Defendant’s computer was set to share files on his wireless network. A neighbor’s wireless router failed, and her computer which regularly shared files, too, automatically picked up defendant’s system, and she saw folders indicative of child pornography. The defendant had no reasonable expectation of privacy in the files that could be shared by anybody who accessed his wireless network. United States v. Ahrndt, 2010 U.S. Dist. LEXIS 7821 (D. Ore. January 28, 2010)
Read more on FourthAmendment.com.
A soft target? Even if their security (Prevent) wasn't adequate, they did notice (Detect) the breach and take immediate action. (Or maybe the bank noticed transfers to the Cayman Islands.)
http://www.databreaches.net/?p=9813
Hackers Try to Steal $150,000 from United Way
February 4, 2010 by admin Filed under Hack, Miscellaneous, U.S.
Brian Krebs writes:
Hackers broke into computer systems at a Massachusetts chapter of the United Way last month and attempted to make off with more than $150,000 from one of the nation’s largest charities.
Patricia Latimore, chief financial officer at the United Way of Massachusetts Bay and Merrimac Valley, said unknown attackers tried to initiate a number of bogus financial transfers out of the organization’s bank account, but that the United Way was able to work with its bank to block or reverse the unauthorized transfers.
Read more on KrebsonSecurity.
(Related) This is what happens when a bank assumes transfers to the Ukraine are normal.
http://www.databreaches.net/?p=9823
NY: Hacker stole $378,000 from town account, sent it to Ukraine
February 4, 2010 by admin Filed under Government Sector, Hack, U.S.
Michael Valkys reports:
A computer hacker broke into a Town of Poughkeepsie bank account and stole $378,000 by transferring the money to banks in Ukraine, Supervisor Patricia Myers said Wednesday.
Ending two weeks of silence about the incident, Myers read a statement before the Town Board’s meeting at Town Hall. She said four illegal transfers from the town’s TD Bank account were made last month over two business days — and that “efforts are still under way to catch those responsible.”
Officials said $95,000 of the stolen money, one of the unauthorized transfers, was recovered from a Ukraine bank. In all, she said “nine attempts were made via online access to steal monies” from the TD Bank account.
Read more in the Poughkeepsie Journal.
State laws are for second class citizens. File this in the “How the world REALLY works” folder.
http://www.pogowasright.org/?p=7563
Australia Post ’spying’ on workers
February 4, 2010 by Dissent Filed under Court, Non-U.S., Workplace
Kirsty Needham reports:
Australia Post has been accused of secretly monitoring Sydney postal workers using computerised street-side red letter boxes in breach of NSW surveillance laws.
But the postal service says it is entitled to spy on its staff because it is not subject to state laws.
The NSW Attorney-General, John Hatzistergos, has intervened in the dispute and will appear personally in the Federal Court today to argue Australia Post is answerable to criminal prosecution under the state workplace surveillance act.
Read more in The Age.
[From the article:
All street-side collection mail boxes in NSW are monitored by computer. Australia Post is able to track when and where each postie or driver accesses the boxes with individual computer keys.
[The “excuse” given at the time was: Bob] The system was introduced as a measure to stop mail theft.
If at first you don't succeed, be sure to point out that you are right and the rest of the world (including those ignorant, incompetent judges) are wrong. Then you are justified (in your own mind) to keep to your strategy.
http://www.pogowasright.org/?p=7558
AU: Film industry loses landmark piracy case
February 4, 2010 by Dissent Filed under Court, Featured Headlines, Internet, Non-U.S.
Andrew Ramadge reports:
Internet service provider iiNet has won a major legal battle over whether it should be held responsible for its customers downloading content illegally.
The case, against the Australian Federation Against Copyright Theft, could have had major implications for the way internet providers police their users.
If AFACT had won, providers would likely have been forced to penalise or disconnect users who illegally downloaded copyrighted material such as movies and songs.
However Federal Court judge Justice Dennis Cowdroy today found iiNet was not responsible for the infringements of its users.
[...]
AFACT hit back by saying the ruling hinged on a technicality.
“We believe this decision was based on a technical finding [Computers don't work the way we said they do. Bob] centred on the court’s interpretation [The judge didn't listen to us! Bob] of the how infringement’s occur and (iiNet’s) ability to control them,” said executive director Neil Gane.
“We are confident that the Government does not intend a policy outcome where rampant copyright infringement is allowed to continue unaddressed and unabated via the iiNet network.”
Read more on news.com.au
Wow! Next they'll be telling us they need to give telecom companies billions of dollars to spread broadband. Oh... Wait! (I'd like to ask Mr Technology here if we would have this problem if broadband in this country was a fast as, say, Outer Mongolia?
http://www.tuaw.com/2010/02/03/feds-ipad-network-congestion/
US Government: iPad and other smart mobile devices may strain networks
by Dave Caolo (RSS feed) on Feb 3rd 2010 at 6:30PM
Not much on computers or the internet. Are we legally ready for a cyber war?
http://www.bespacific.com/mt/archives/023421.html
February 03, 2010
Law of War Deskbook, 2010
Law of War Deskbook, 2010, International and Operational Law Department, The United States Army Judge Advocate General’s Legal Center and School, Charlottesville, VA
"This Law of War Deskbook is intended to replace, in a single bound volume, similar individual outlines that had been distributed as part of the Judge Advocate Officer Graduate and Basic Courses and the Operational Law of War Course. Together with the Operational Law Handbook and Law of War Documentary Supplement, these three volumes represent the range of international and operational law subjects taught to military judge advocates. These outlines, while extensive, make no pretence of comprehensively covering this complex area of law. Our audience is the beginning and intermediate level practitioner; our hope is that this material will provide a solid foundation upon which further study may be built."
(Related) Contrast the Law of War with Regulation.gov, which returned 36940 results for keyword "computer" and 30836 results for keyword "privacy"
http://www.bespacific.com/mt/archives/023426.html
February 03, 2010
Improvements to Regulations.gov Make for Easier Access to Federal Regulations
News release: "As part of President Obama’s commitment to more effective and open government, the public can more quickly access federal regulations at Regulations.gov, thanks to comments received during the Regulations.gov Exchange online forum held last year. Regulations.gov provides one-stop public access to information related to current and forthcoming regulations issued by the federal government. The eRulemaking Program made the following specific-site improvements to Regulations.gov:
a new rotating panel of images and video clips offering a preview to the latest Web site changes
a dashboard of regulatory documents housed on Regulations.gov
a new A-Z index of rules and proposed rules categorized by topic
instructional video-clips highlighting site functions
improvements to the site's homepage and search wizard."
If you missed this on Broadcast TV, or on Cable, Don't Panic! You can still watch it on your computer or your cell phone.
http://www.bespacific.com/mt/archives/023427.html
February 03, 2010
PBS - Digital Nation: Life on the Virtual Frontier
"Within a single generation, digital media and the World Wide Web have transformed virtually every aspect of modern culture, from the way we learn and work to the ways in which we socialize and even conduct war. But is the technology moving faster than we can adapt to it? [No, axiomatically. Bob] And is our 24/7 wired world causing us to lose as much as we've gained? [No, logically. Bob] In Digital Nation: Life on the Virtual Frontier, FRONTLINE presents an in-depth exploration of what it means to be human in a 21st-century digital world. Continuing a line of investigation she began with the 2008 FRONTLINE report Growing Up Online, award-winning producer Rachel Dretzin embarks on a journey to understand the implications of living in a world consumed by technology and the impact that this constant connectivity may have on future generations. "I'm amazed at the things my kids are able to do online, but I'm also a little bit panicked when I realize that no one seems to know where all this technology is taking us, or its long-term effects," says Dretzin."
(Related) An example of people overwhelmed by technology? (After all, faxes have only been around since 1848, they'll take some getting used to.)
http://yro.slashdot.org/story/10/02/04/045243/USPTO-Wont-Accept-Upside-Down-Faxes?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29
USPTO Won't Accept Upside Down Faxes
Posted by samzenpus on Thursday February 04, @08:41AM from the left-handed-reading-glasses dept.
bizwriter writes
"This may seem like a joke, but it's not. The US Patent and Trademark Office will not accept patent filings faxed in if they arrive upside down. That's right, the home of innovation of the federal government is incapable of rotating an incoming fax file, whether electronically or on paper."
Just in case you every want to research a company.
http://www.bespacific.com/mt/archives/023419.html
February 03, 2010
New on LLRX.com - Business Intelligence Online Resources
Business Intelligence Online Resources: This extensive guide by search expert Marcus P. Zillman includes a wide range of sources designed to serve as a foundation for knowledge discovery specific to business intelligence resources on the Internet.
This could be the most valuable scientific journal ever! However, I suspect that no one will read it. Politicians have this type of information readily available (it's called History) but none of them ever bother to try to understand it. Humans seems convinced that they would never make the mistakes hundred or thousand have made before them.
http://science.slashdot.org/story/10/02/03/2332233/The-Journal-of-Serendipitous-and-Unexpected-Results?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29
The Journal of Serendipitous and Unexpected Results
Posted by samzenpus on Thursday February 04, @12:23AM from the well-that-didn't-work dept.
SilverTooth writes
"Often, when watching a science documentary or reading an article, it seems that the scientists were executing a well-laid out plan that led to their discovery. Anyone familiar with the process of scientific discovery realizes that is a far cry from reality. Scientific discovery is fraught with false starts and blind alleys. As a result, labs accumulate vast amounts of valuable knowledge on what not to do, and what does not work. Trouble is, this knowledge is not shared using the usual method of scientific communication: the peer-reviewed article. It remains within the lab, or at the most shared informally among close colleagues. As it stands, the scientific culture discourages sharing negative results. Byte Size Biology reports on a forthcoming journal whose aim is to change this: the Journal of Serendipitous and Unexpected Results. Hopefully, scientists will be able to better share and learn more from each other's experience and mistakes."
“Dude, I got a hot stick! I'll send you a letter, technology is banned!”
http://yro.slashdot.org/story/10/02/03/2339200/Brokers-Get-Strict-Social-Networking-Rules?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29
Brokers Get Strict Social Networking Rules
Posted by samzenpus on Thursday February 04, @03:17AM from the no-farmville-at-work dept.
eldavojohn writes
"If you're a broker or work for a brokerage firm then you better think twice before posting content to Facebook and Twitter. It seems the static parts of the pages like your profile must be approved and fall under the watch of FINRA. But a post to Facebook or a tweet might constitute a 'public appearance' representing your firm. Which means that 'firms must supervise these interactive electronic communications under NASD Rule 3010 in a manner reasonably designed to ensure that they do not violate the content requirements of FINRA's communications rules.' It's days like these I'm glad I don't work on Wall Street or have jury duty."
Another industry in consolidation.
http://news.cnet.com/8301-30684_3-10447082-265.html?tag=digg2
Monster buys Yahoo's HotJobs for $225 million
by Tom Krazit February 3, 2010 2:51 PM PST
For my students
http://www.networkworld.com/news/2010/020110-best-it-jobs.html
10 best IT jobs right now
With many industry watchers speculating about a jobless economic recovery, IT job seekers could find work in a few key technology areas.
By Denise Dubie, Network World February 02, 2010 12:02 AM ET
1. Security specialist/ethical hacker
2. Virtual systems manager
5. Open source specialist
Electronic health records systems manager
Not for my students. They goof off enough as it is.
http://www.killerstartups.com/Video-Music-Photo/freetubetv-net-watching-tv-on-the-internet
FreeTubetv.net - Watching TV On The Internet
http://www.freetubetv.net/
FreeTube is a site that will let you watch television on your browser without having to pay anything for the privilege, and without having to go out of pocket for any software or hardware in order to get connected either. As long as you have a web-enabled computer you are ready to start watching live Internet channels.
Tools & Techniques “You will weawy weawy wove this one!” E. Fudd
http://www.killerstartups.com/Web-App-Tools/twiangulate-com-who-knows-who-on-twitter
Twiangulate.com - Who Knows Who On Twitter
http://www.twiangulate.com/search/
Do you ever wonder in which ways people are connected which other on the Twitterverse? It has nothing to do with being merely nosy - if you were to do business with anybody, knowing the connections he has would give you something of a headstart and a much better understanding of where to put your expectations on. This site will enable you to do exactly that, and find out who follows who straightaway. The provided search functionality will allow you to see who share the same followers, and determine how influential someone is.
For me: I WANT ONE!
http://www.fastcompany.com/blog/kit-eaton/technomix/multitouch-future-stick-plastic-film-can-make-108-inch-touchscreens
Multitouch Future: Stick-on Plastic Film Can Make 108-Inch Touchscreens
Be the cloud! (Do we trust French companies enough to use their services?)
http://www.killerstartups.com/Web-App-Tools/nuxinov-com-cloud-computing-made-easy
Nuxinov.com - Cloud Computing Made Easy
http://www.nuxinov.com/tour.php
Nuxinov is a company providing services in the field of cloud computing. They have developed a solution named Feel Home in order to give everybody a ready chance to access different data or files
The aim of FeelHome is to connect both personal and professional computers to the cloud in a one-click procedure. The system dispenses with configuring anything, and upon carrying out the basic connection you can access your files and your folders from practically anywhere. You have to download a small application in order to make the connection and create an account first, but that is mostly it. There is no initial charge or periodic fees to be paid at all.