Sunday, July 24, 2011

Are they saying it is impossible to prevent card skimming?

http://www.databreaches.net/?p=19795

Margarita’s Mexican Restaurant breach raises issues of law enforcement’s role in notifying the public

July 23, 2011 by admin

Brandon Scott reports that authorities have now named the source of a rash of card fraud reports in Huntsville, Texas. But what may be most significant about the news report is its focus on how law enforcement decided whether to – or when – reveal the point of compromise:

… Huntsville Police Department, Walker County Sheriff’s Office, University Police Department and the U. S. Secret Service worked together to determine the source of the thefts of debit and credit card numbers by virus-infected computers at Margarita’s Mexican Restaurant.

Margarita’s was hit by a type of “skimming,” in which credit card numbers are stolen before they can be encrypted by the restaurant’s point of sale system.

Skimming debit and credit cards numbers can occur many ways, remotely by computer hacking or on-site by a device placed on a computer, authorities said.

Residents began alerting the police to the problem almost three weeks ago, and a large jump in reported cases occurred about two weeks ago. Victims are still bringing cases to authorities as they find evidence in their bank and credit card statements.

At some point in the investigation, authorities knew most of the cases were connected to computers at Margarita’s, but they said they were reluctant to release the business’s name to the public for fear of retribution against the restaurant.

“We had determined it was Margarita’s, but it wasn’t necessarily something they had done,” said Huntsville Police Department Lt. Curt Landrum. “This was not one of their employees or a situation where someone who was directly affiliated with Margarita’s was selling information. We were seeing they had done the things they should do to prevent this. [Apparently, “doing everything you should” is insufficient to prevent skimming. Bob] We were afraid that it would hurt their business.”

Once it became clear that the credit card numbers had been sold by thieves in a batches on an underground market but not yet used by thieves, investigators decided the threat to the public took precedence over the threat to Margarita’s. [“It hadn't, until the mayor pointed out that people voted, and restaurants did not.” Bob]

Read more on the Huntsville Item.

Should law enforcement be withholding information like point of compromise for fear of hurting a business? Law enforcement may take the position that it’s not their place to notify the public and that it’s on the entity to disclose the information, but there’s something that doesn’t sit right about this approach. Doesn’t law enforcement work for us and not for the business? I wouldn’t mind if they tell an entity, “Look, we’ll give you today to get a press release or notice out to the media or on your web site or store door, but after that, we will disclose if you haven’t.” But that doesn’t seem to be what happened here. In this case, law enforcement decided that the risk to consumers outweighed other concerns. But if it hadn’t….. then what?

The banks cancel cards and don’t tell us where a breach occurred – often because they’re not told, either.

Law enforcement may not tell us where a breach occurred.

Breached entities may not tell us when they’ve been breached.

This is really unacceptable.

And no, there’s no notice on Margarita’s web site about the breach as of the time of this posting.



Leading or following?

http://www.pogowasright.org/?p=23818

Privacy law updated for California libraries

July 23, 2011 by Dissent

Richard Chang reports:

With the enactment of stricter privacy regulations for library patrons in California, you need not worry about Googling “how to divorce your spouse” at the local library. Before the new law, your spouse could request and possibly obtain all your Internet records from the library.

Authored by Sen. Joe Simitian, D-Palo Alto, the law was suggested by one of Simitian’s constituents through his annual “There Oughta Be A Law” contest. Cupertino resident and library law consultant Mary Minow proposed the law after hearing about an event in Florida.

Read more on the Ventura County Star

[From the article:

"In Florida, marketers and politicians were requesting email addresses from libraries," said Minow. [Were the libraries acting as ISP's? If so, weren't they covered by the same laws? If not, why would they have the email addresses? Bob]



I suppose this is cheaper than separating international and domestic flights?

Heathrow To Install Facial Recognition Scanners

"Slashdot readers will recall that back in February, Heathrow airport required full body scanning for select individuals. Now we learn that the airport is installing facial recognitions scanners. The scanners will be used to capture passengers' faces before entering security checks and again before boarding. The stated goal is to prevent illigal immigration."

[The Comments point to the major security hole that they are trying to close:

… The facial recognition scanners will ensure that ticketed passengers board their correct flight. It will prevent, for example, a passenger who arrives from Miami from trying to use a domestic ticket obtained from someone else in the departure lounge and then flying to Glasgow. Since domestic flights do not have immigration counters, it would be possible with the departure lounge arrangement in those terminals for a passenger from Miami to avoid immigration.



It's in the constitution, we just haven't bothered to enact any laws...

The Politics of Surveillance: The Erosion of Privacy in Latin America

While most Latin American countries have democratically-elected governments, many still fail to respect human rights, including the right to privacy. Across the region, there have been multiple scandals involving government officials and intelligence agencies engaged in illegal surveillance of communications. These include numerous chilling examples of how interception technologies are being misused to spy on politicians, dissidents, judges, human rights organizations and activists. Although privacy violations vary from country to country, and the full extent of government surveillance in the region remains largely unknown, newly disclosed data gathering programs hint at the architecture of surveillance lying beneath the surface of ostensibly democratic societies.



Wouldn't this make an interesting final exam: “Build a tutorial that explains the things you were supposed to learn...”

http://www.makeuseof.com/dir/tildee-create-step-by-step-tutorial/

Tildee: Search, Share & Create Step By Step Tutorials For A Variety Of Tasks

www.tildee.com

  • Also read related articles:

5 Free Screencasting Apps for Creating Video Tutorials
12 Great Free Video Tutorial Sites To Brush Up Your Tech Skills
6 Digital Photography Websites With Free Tutorials


No comments: