But the have that huge vault! How could they not be secure?
http://www.databreaches.net/?p=18406
BofA Breach: ‘A Big, Scary Story’
May 25, 2011 by admin
Tracy Kitten reports:
An internal breach at U.S. financial giant Bank of America shows how some corporations do not focus enough attention on mitigating internal fraud risks.
According to news reports, a BofA employee with access to accountholder information allegedly leaked personally identifiable information such as names, addresses, Social Security numbers, phone numbers, bank account numbers, driver’s license numbers, birth dates, e-mail addresses, family names, PINs and account balances to a ring of criminals. With that information, the fraudsters reportedly hijacked e-mail addresses, cell phone numbers and possibly more, keeping consumers in the dark about new accounts and checks that had been ordered in their names.
Some 300 BofA customers in California and other Western states have reportedly had their accounts hit, and 95 suspects linked to the breach were arrested by the Secret Service in Feb.
BofA says it detected the fraud a year ago, but only recently began notifying affected customers of the breach.
Read more on BankInfoSecurity.com
Update: It’s come to my attention that David Lazarus of the Los Angeles Times originally broke this story and has more details on it.
[From the BankInfoSecurity article:
Privacy expert and attorney Kirk Nahra calls the BofA incident "a big, scary story," and says account-management checks should have picked up on the fraud before more than $10 million was drained from customer accounts. "Money was missing, so there should have been some trigger just identifying that there was a problem," he says. "It's just weird that the problem wasn't picked up on sooner."
If these aren't directly related, at least the bad guys read the same instruction manual...
http://www.databreaches.net/?p=18427
NC: Charges mount in Asheville credit card fraud case
May 26, 2011 by admin
And yet another where we don’t yet know how data were stolen or acquired. Sabian Warren reports:
Police working in conjunction with the U.S. Secret Service have filed additional charges against a Florida man who police say is involved in a multistate crime operation involving the theft of credit card information.
Abe Nassar, 39, of Brandon, Fla., now faces 22 charges that include financial card fraud, financial card forgery, financial card theft and criminal receipt of goods or services, according to warrants on file at the Buncombe County Magistrate’s Office.
[...]
Glen Kessler, assistant special agent with the Secret Service’s North Carolina office in Charlotte, declined to give details about how the credit card information was being stolen, [Why keep it secret? Bob] noting that the investigation is ongoing and more charges are possible against other suspects, including federal indictments.
Read more in the Citizen-Times.
(Related)
http://www.databreaches.net/?p=18424
GA: Camden sheriff among victims of recent debit card fraud
May 26, 2011 by admin
There have been a rash of debit/credit card fraud reports in the media recently. In none of the situations has the point of compromised yet been identified, but I’m including them on this blog when I come across them in the hopes that one day, we will find out what happened. Here’s another one from today’s news, reported by Teresa Stepzinski:
WOODBINE — Camden County Sheriff Tommy Gregory found himself in an uncomfortable situation all too familiar to hundreds of Southeast Georgia residents recently.
[...]
Debit and credit card fraud is a year-round problem, Southeast Georgia law enforcement officials say, but the number of cases reported has spiked in recent weeks, particularly in Camden County.
“We’ve probably had at least 400 cases in the county that we know of … and that includes cases handled by us, the Kingsland Police Department and the St. Marys Police Department,” Gregory said. “We get these complaints throughout the year but we’ve had a big increase in the last three weeks.”
It’s likely the number of victims in Camden and neighboring counties is “in the thousands,” with new cases reported daily, said Sheriff’s Office spokesman William Terrell.
Read more on Jacksonville.com
(Related)
http://www.databreaches.net/?p=18419
SC: More debit/credit fraud cases
May 25, 2011 by admin
Elizabeth Bush reports:
The list of victims of debit/credit card fraud on Daniel Island is growing. Both island residents and island employees have been affected. City of Charleston Police and the Charleston office of the United States Secret Service are now investigating the string of cases. After an article on the subject appeared in last week’s Daniel Island News, multiple new cases have been reported to the paper via phone, email and Facebook postings. Approximately 30 people have notified the paper about their debit or credit card numbers being compromised in recent weeks. Unauthorized charges continue to be posted all across the United States and at international locations.
Blackbaud sent out an email alert to employees last week about the fraud cases. According to Blackbaud spokesperson Melania Mathos, twenty employees were identified as potential victims.
Read more on Daniel Island News.
Thank you, Google-ing public!
http://www.pogowasright.org/?p=23066
Dutch researcher downloads 35 million Google Profiles
May 25, 2011 by Dissent
Bas van den Beld reports:
Aren’t they lovely, the new Google Profiles? And you can put so much information in it. Information which everybody can see. And download… We’ve discussed the privacy matters around the profiles before and I will be talking about the presentation I did at SMX about the profiles soon too. But there is a lot more to the Google Profiles. A Dutch researcher was able to download, export and import 35 million Google Profiles, with data.
The researcher Matthijs Koot, working for the University of Amsterdam, is writing a research paper about anonymity and privacy. For that research he decided to look at the Google Profiles. He noted that a lot of the information can be downloaded pretty easy.
Last February Koot created “a database containing ALL ~35.000.000 Google Profiles without Google throttling, blocking, CAPTCHAing or otherwise make more difficult mass-downloading attempts.”
Read more on State of Search.
For my PS3 using Computer Security students...
http://news.cnet.com/8301-13506_3-20066378-17.html
Sony offers sign-up page for identity-theft protection
Subscribers to those services can go to a new page that Sony has set up and input an e-mail address to start the process of joining AllClear ID Plus from identity-protection company Debix. Within 72 hours, according to the page, the person will receive a free activation code, giving them access to the service for one year at no charge.
Does this provide a “guaranteed defense” if I'm accused of something the “Black Box” reports I didn't do? If so, how do I access it to know?
http://www.pogowasright.org/?p=23094
Automotive Black Boxes, Minus the Gray Area
May 26, 2011 by Dissent
Keith Barry writes:
The National Highway Traffic Safety Administration will later this year propose a requirement that all new vehicles contain an event data recorder, known more commonly as a “black box.” The device, similar to those found in aircraft, records vehicle inputs and, in the event of a crash, provides a snapshot of the final moments before impact.
That snapshot could be viewed by law enforcement, insurance companies and automakers. The device cannot be turned off, and you’ll probably know little more about it than the legal disclosure you’ll find in the owner’s manual.
Read more on Threat Level.
This pains me to say, but Sen. Franken and I might agree on this one. (But, why stop at “some apps?”)
http://www.pogowasright.org/?p=23080
Senator wants privacy policies for mobile apps
May 25, 2011 by Dissent
Grant Gross reports:
A U.S. senator wants Apple and Google to require some applications in their mobile app stores to have privacy policies as a way to protect users against location tracking.
Sen. Al Franken (D-Minn.), chairman of the Senate Judiciary Committee’s privacy subcommittee, called on the two mobile OS makers to require privacy policies for “location-aware” apps in a letter sent to the CEOs of Apple and Google on Wednesday. Neither company requires apps they sell to have privacy policies in place, he said in the letter.
Read more on Computerworld.
I would really like to see a thoughtful response from both Google and Apple as to why they haven’t imposed this requirement already. Like Senator Franken, I don’t think it’s enough, but it is a first step and on some level, forms a basis for consumer protection if companies then violate their own policies.
(Related) Perhaps the Senator would ask them about this?
http://news.cnet.com/8301-27080_3-20066266-245.html
Why is Sprint installing junk apps on my Android phone?
A few days ago I noticed a strange app on my HTC Evo Android smartphone. It's a demo version of a sci-fi shooter game called N.O.V.A. It wasn't preinstalled, I didn't download it, and I can't uninstall it.
I checked to see what it does on my phone and was shocked to see the long list of permissions it has: edit, read, and receive SMS; send SMS messages that cost money; full Internet access; change network connectivity; change Wi-Fi state; prevent phone from sleeping; read phone state and identity; and modify/delete SD (Secure Digital memory) card contents. Granted, some of these permissions certainly have legitimate uses and at least one may be required for newer versions of Android, but this list still concerns me. (The Technically Personal blog explains what the permissions mean.)
Is there a 'long cycle' of activity that indicates terrorism? I don't have a clue what it would be.
http://www.pogowasright.org/?p=23083
US to store passenger data for 15 years
May 25, 2011 by Dissent
Alan Travis reports:
The personal data of millions of passengers who fly between the US and Europe, including credit card details, phone numbers and home addresses, may be stored by the US department of homeland security for 15 years, according to a draft agreement between Washington and Brussels leaked to the Guardian.
The “restricted” draft, which emerged from negotiations between the US and EU, opens the way for passenger data provided to airlines on check-in to be analysed by US automated data-mining and profiling programmes in the name of fighting terrorism, crime and illegal migration. The Americans want to require airlines to supply passenger lists as near complete as possible 96 hours before takeoff, so names can be checked against terrorist and immigration watchlists.
More government over-reach/data grabbing. Where is there any empirical evidence that data over 10 years old has been key in thwarting any terrorist threat?
Enough of this mentality. I hope the EU says no and tells the U.S. that this is a deal-breaker.
Read more on The Guardian.
For my Computer Security students. Would it be so difficult to get a warrant?
http://www.pogowasright.org/?p=23073
Des Moines and KCLS at odds over surviellance camera policy
May 25, 2011 by Dissent
Keith Daigle reports:
The city of Des Moines and the King County Library System (KCLS) are at odds over surveillance camera’s and library patron’s privacy.
On March 14 an elderly man was robbed and assaulted in the parking lot of the Woodmont Library in Des Moines. Shaken up by the crime, he was not able to give police a description of his assailant.
The strong-arm robbery, a felony crime, was caught on the Library’s surveillance cameras on the parking lot. KCLS denied both the initial request and a public records request by Des Moines Police to view the footage, telling them they would need a warrant.
“We are not in the business of the video surveillance of the community,” Director of KCLS Bill Ptacek said.
Read more on SeaTac News.
We kinda knew that, right? (What other “colors” do that offer?)
http://english.peopledaily.com.cn/90001/90776/90786/7392068.html
China confirms deployment of online army
The development of China's "Online Blue Army" unit is for improving the defense capabilities of the People's Liberation Army (PLA), a Chinese Defense Ministry spokesman said on Wednesday, citied by Beijing News.
“Want better laws? Make larger bribes campaign contributions.” sometimes you gotta remind them how congress works!
http://www.pogowasright.org/?p=23088
Wireless providers exempted from data-logging plan
May 26, 2011 by Dissent
Declan McCullagh reports:
Wireless providers won’t have to comply with extensive requirements in a new bill that would force Internet companies to log data about their customers.
CNET was the first to report this exemption for wireless carriers in an article a few weeks ago. That legislation was publicly announced today by U.S. Reps. Lamar Smith (R-Texas), the head of the House Judiciary Committee, and Debbie Wasserman Schultz (D-Fla.).
That appears to be the result of lobbying from wireless providers, which don’t want to have to comply with any new governmental mandates. But the exemption has already drawn the ire of the U.S. Justice Department, and is likely to attract strong opposition from cable and DSL providers who would be the ones singled out for regulation.
Read more on cnet.
No comments:
Post a Comment