“Hey, we were only off by 80%...”
http://www.databreaches.net/?p=18931
Citigroup reveals breach affected over 360,000 cards
June 16, 2011 by admin
John Ribeiro reports that Citigroup has updated its initial statement about its breach. Their updated statement is likely to fuel debate about time frames for disclosing breaches.
It now seems that over 360,083 credit card accounts in North America were accessed by the hacker(s) during the compromise of its card account management website in May. Some of those accounts, however, were duplicates or already-closed accounts, resulting in the bank having to reissue a total of 217,657 cards along with a notification letter.
Citigroup has been criticized for delaying in communicating to customers that their personal data had been compromised. The details released on Wednesday confirm that Citibank issued notification letters to customers on June 3, over 20 days after it detected a data breach.
[...]
The majority of accounts impacted were identified within seven days of discovery. By May 24, the bank confirmed the full extent of information accessed on 360,069 accounts. An additional 14 accounts were confirmed subsequently. To determine the cardholder impact required analysis of millions of pieces of data, Citigroup said. [I have an idea – use a computer! Bob]
Read more on
Citigroup joins the ranks of those who are having to defend what the public seems to see as significant or unacceptable delays in revealing breaches. The bank says it discovered the breach on May 10 (but when did it occur?). They say that by May 24, they had confirmed the full extent of information accessed. Under the provisions of a bill proposed by Congresswoman Mary Bono Mack, they would have had to reveal the breach by May 26 at the latest – and there’s some debate as to whether entities should be allowed to wait until they have fully confirmed so much. As it was, the bank started sending out letters on June 3 but did not publicly acknowledge the breach to the media until June 9 after Financial Times contacted them and pushed for a response – almost a full month after discovery of the breach.
Ignorance (of computer security) can be costly – but this seems a bit draconian.
http://www.databreaches.net/?p=18910
Owners of hacked computers will be punished, says official
June 15, 2011 by admin
Wow. Look at this news from Turkey:
Computer users whose computers are hacked by Anonymous, an international group of hackers that has vowed to attack government websites in protest of an Internet filter system the government plans to introduce in late August, will be held legally accountable for the use of their computers in the attack, an official at the Ministry of Transportation and Communication has said.
Head of the Internet Council, a part of the ministry, Serhat Özeren, said on Tuesday that if a user’s IP address is detected as having been used in an Anonymous attack, they will be held responsible. Özeren warned users to take computer safety measures, including password protection for Wi-Fi modems and updating the latest security software and installing firewalls to protect their computers from hacker intervention.
Read more on Today’s Zaman
New economy, new methods of bank robbery.
$500,000 Worth of Bitcoins Stolen
"A Bitcoin user allegedly has had $500,000 worth of Bitcoins stolen from him. A hacker supposedly gained access to the user's home computer and managed to get the user's wallet.dat file, which contained the cryptographic keys that allowed him to drain the user's balance."
With all that public(?) data out there, this was inevitable.
FTC Okays Social Media Background Check Company
"The FTC has dropped its investigation of a new company that runs social media background checks and ongoing Internet/social media monitoring of employees, determining its compliant with the Fair Credit Reporting Act. So make sure your gun photos are private and that you're not part of any 'Legalize marijuana' Facebook groups."
[From the article:
Andrews says that in a given pool of candidates they screen, there are usually 20% who don’t pop up in an Internet/social media screen (“despite what some media have claimed, we don’t see a no-hit candidate as a negative thing”), 60% have a neutral or positive Internet footprint (“we’ll flag positive things in addition to the negative, such as awards received or an active presence on an industry blog”), and 5-20% of applicants have something negative out there about them. In an executive screen of older candidates, it’s closer to 5%, but in an applicant pool for a lower level of job with younger applicants who are more likely to have an Internet presence, it hits that higher 20%.
… The company only provides monitoring services if a client has a social media policy set up with its employees. Most of the time, Social Intelligence is scanning the Web for employees’ disclosure of confidential or proprietary information, professional misconduct, or illegal activity. Andrews said though that monitoring does sometimes extend to looking to make sure an employee isn’t criticizing the company somewhere or getting into Internet fights with colleagues. (The company will not monitor ex-employees.)
Why outsource this? For one, it can be hard to keep track of lots of employees. Plus Social Intelligence has proprietary technology for linking people with pseudonyms or online names they might use in place of the offline name known to their employer. For another, Social Intelligence can screen out information that an employer shouldn’t see — or risk discrimination charges — such as an employee’s religion or sexuality (depending on the state), before sending their report along.
(Related)
http://www.makeuseof.com/dir/profile-defenders-protecting-companys-online-reputation/
ProfileDefenders: Get Help In Protecting Your Company’s Online Reputation
(Related) This was more than inevitable...
British Tax System Uses Web Robots To Find Cheats
"HM Revenue & Customs (HMRC) is extending its campaign against tax cheats with the news that it will use web robots to trawl cyberspace. The system will check eBay and Google to identify traders who aren't declaring all their earnings. From the article: 'The decision to target cyberspace to hunt down those evading tax comes as HMRC continues its campaign to recover around £7 billion lost to the Treasury each year. It is thought that this latest development, the use of ‘web robots’, will help HMRC track down rogue eBay and Gumtree businesses, as well as people earning second incomes by acting as private tutors. It will also help it hunt down so called cash-in-hand handymen and traders.'"
(Related) On the other hand...
Iceland Taps Facebook To Rewrite Its Constitution
"Iceland is finally overhauling its constitution, and it has turned to the Internet to get input from citizens. More specifically, the 25-member council drafting the new constitution is reaching out to its citizens through Facebook. Two thirds of Iceland's population (approximately 320,000) is on Facebook, so the constitutional council's weekly meetings are broadcast live not only on the council's website, but on the social network as well. 'It is possible to register through other means, but most of the discussion takes place via Facebook,' said Berghildur Bernhardsdottir, spokeswoman for the constitutional review project."
Bypassing Big Brother...
Look Ma, No Internet! Free Software Gives Text-Messaging New Reach
Here’s how it works: After downloading and installing the Frontline SMS software to a computer (it works on Windows, Mac or Linux), you use a USB cable to attach a cell phone or GSM modem with a SIM card. With Frontline SMS open and running, you can then create groups of contacts and send them messages. Any text they send back will appear on screen and be added to a database of messages.
(Related) Using plain language to defeat the censors. Obvious and brilliant.
Jargon Watch: Antilaser, Steppenwolf Planets, Diabetes Belt
Lianghui n. Chinese euphemism for protest. After the government began censoring certain words, including Egypt and Tunisia, on the Internet, activists adopted the Communist party’s lingo for two successive political meetings—lianghui—so that censoring calls for dissent would entail blocking news about state proceedings.
No comments:
Post a Comment