Saturday, May 21, 2011

If at first you don’t succeed, fail, fail again.
http://www.databreaches.net/?p=18368
Hackers hit Sony sites raising more security issues
May 20, 2011 by admin
It’s getting so that I need a scorecard to keep track of all of the recent Sony breaches. These would appear to be #’s 3 and 4….
Reuters reports:
Sony Corp has been hacked again, exposing more security issues for the company less than a month after intruders stole personal information from more than 100 million online user accounts.
A hacked page on a Sony website in Thailand directed users to a fake site posing as an Italian credit card company. The site was designed to steal information from customers, Internet security firm F-Secure disclosed on Friday.
[...]
The latest hacking, which the security company said occurred separately from the April attack, was reported just hours after Sony told customers of another breach on one of its units.
So-Net, the Internet service provider unit of Sony, alerted customers on Thursday that an intruder had broken into its system and stolen virtual points worth $1,225 from account holders.
Read more on Thomson Reuters.


(Related)
Phishing Site Discovered On Sony Thailand Servers
mcgrew tips news that security firm F-secure has found a live phishing site running on Sony's Thailand servers. "Basically this means that Sony has been hacked, again. Although in this case the server is probably not very important." This comes alongside news that a point service run by So-net, a Sony subsidiary, was accessed by an unknown intruder, who stole about $1,200 worth of virtual tokens. "The intrusions are believed to have taken place on May 16 and 17. So-net discovered the breach on May 18, after receiving consumer complaints. So-net halted the point redemption service following the discovery of the breach. The latest breaches are relatively minor in scale compared to the massive breach at PSN and Sony Entertainment Online. Even so, it only adds to the company's embarrassment."



“Thanks for letting us know. Be careful.” That’s it?
http://www.databreaches.net/?p=18371
Information and Privacy Commissioner issues his decisions about the Epsilon data breach that affected Best Buy and Air Miles
May 20, 2011 by admin
From the press release:
The Information and Privacy Commissioner of Alberta, Frank Work issued his decisions today in regard to Best Buy Canada Ltd., and Air Miles Reward Program’s breach incident reports involving unauthorized access to personal information.
… Commissioner Work reviewed the incident reports by Best Buy and Air Miles and concluded that although the information at issue (name, email addresses and organization membership (in the Best Buy case) was relatively minor compared to other data breaches which involve the unauthorized access of financial or other sensitive information, the sheer magnitude of the breach and the evidence that the information will likely be used for malicious purposes indicated there was a real risk of significant harm to affected individuals. He noted in his decisions that Best Buy and Air Miles had already notified the affected customers in compliance with section 19.1 of the PIPA Regulation, and therefore did not require the organizations to notify again.
The Commissioner stated that the number of affected individuals increases the likelihood that spear phishing attempts will be successful and significant harm to individuals could occur as a result of the breach.
What’s significant about this finding is that the Commissioner says that even (just) name and email addresses in the context of a large breach of this kind indicates a “real risk of significant harm.”



It’s one thing to enjoin news services (who are used to complying with the Official Secrets Act) but quite another to expect individuals to stop tweeting the latest gossip.
http://www.pogowasright.org/?p=22994
Twitter and “unknown persons” sued by UK athlete who had secured superinjunction
May 20, 2011 by Dissent
Josh Halliday reports:
A footballer has sued Twitter after a number of the microblogging site’s users purported to reveal the name of the player who allegedly had an affair with model Imogen Thomas.
The footballer’s legal team began the legal action at the high court in London on Wednesday, in what is thought to be the first action against the US social media firm and its users.
The lawsuit lists the defendants as “Twitter Inc and persons unknown”. The latter are described as those “responsible for the publication of information on the Twitter accounts” in the court document, according to reports.
Read more in The Guardian.
James Lumley and Lindsay Fortado of Bloomberg also report on the lawsuit:
Twitter Inc. and some of its users were sued by an entity known as “CTB” in London, according to a court filing.
While the document gave no details, CTB are the initials used by the court in a separate lawsuit to refer to an athlete who won an anonymity order banning the media from publishing stories about his alleged affair with a reality-television star.
[...]
The case is: CTB v. Twitter Inc., Persons Unknown, High Court of Justice (Queens Bench Division), HQ11X01814.
Read more on Bloomberg Businessweek.



Who said, “War is an economic event?”
A New Approach To Reducing Spam: Go After Credit Processors
WrongSizeGlass writes
"A team of computer scientists at two University of California campuses has been looking deeply into the nature of spam, and they think found a 'choke point' [PDF] that could greatly reduce the flow of spam. It turned out that 95 percent of the credit card transactions for the spam-advertised drugs and herbal remedies they bought were handled by just three financial companies — one based in Azerbaijan, one in Denmark and one in Nevis, in the West Indies. If a handful of companies like these refused to authorize online credit card payments to the merchants, 'you'd cut off the money that supports the entire spam enterprise,' said one of the scientists."
Frequent Slashdot contributor (and author of a book on Digital Cash) Peter Wayner wonders if "the way to get a business shut down is to send out a couple billion spam messages in its name."



Shocker! Could we be looking at a “Korean Summer?” (a la “Arab Spring”) Or are these half-million phones just issued to the Army? (Over 1 million active, 7 million reserve)
North Korean 3G Mobile Subscriptions Hit Half a Million
"The number of 3G cellular subscriptions in North Korea passed half a million during the first quarter, according to the country's only 3G cellular operator. The Koryolink network had 535,133 subscriptions at the end of March, an increase of just over 100,000 on the end of December 2010."
[From the article:
The company's network now covers 92 percent of the population.
North Korea is one of the world's most heavily controlled countries and communication is severely restricted. Most cell phones don't have the ability to make or receive international calls.

No comments: