As we migrate to online (Cloud)
services, the probability of failure decreases. However, the impact
of a failure increases exponentially. Rather than knocking 1,000
users offline for a day, we now have the power(?) to knock hundreds
of millions of users offline, if only for a few hours.
Microsoft’s
Cloud Briefly Evaporates, Leaves Up To 365 Million Users Without
Access For Four Hours
Contains a lot of the provisions you
would expect. What are the odds it will pass?
New
Blumenthal bill would require firms to beef up security and privacy
practices
Sen. Richard Blumenthal (D-Conn.)
introduced a new bill Thursday aimed at protecting consumers by
punishing businesses, individuals and data brokers that misuse or
fail to protect their data.
The Personal Data Protection and Breach
Accountability Act would require businesses with the personal
information of more than 10,000 customers to implement privacy and
security programs to ensure the safety of pertinent data.
That includes regular
testing of key controls and systems to prevent and respond
to intrusions or attacks, with a frequency depending
on a risk assessment also required by the law. Companies
that allow a user’s data to be breached must foot the bill for two
years of credit monitoring and other remedies.
… The Justice Department will be
able to fine firms that violate the law $5,000 per violation per day,
with a maximum of $20 million per violation. Individuals affected by
violations of the law will also have the ability to bring civil
actions against the businesses involved.
The bill also includes a data breach
notification provision that is designed to amalgamate the patchwork
of state laws that currently apply in the event of an attack.
… Finally, the legislation attempts
to regulate the practices of data brokers, firms that collect the
personal information of more than 5,000 individuals that are not
direct consumers. The legislation would give consumers the ability
to see their own records for a reasonable fee and request timely
corrections to their data.
If BoA is violating the law, we can
expect many more lawsuits.
Bank
of America Sued Over Privacy Violations Due to Overseas Outsourcing
September 8, 2011 by Dissent
Jim Malmberg writes:
Last month, a new
lawsuit
was filed in District Court for the District of Columbia against Bank
of America Corporation; the nations largest bank holding company.
The suit alleges that B of A has been outsourcing certain functions
to overseas companies and that as a result has given access to the
personal financial records of American citizens to foreign nationals.
If the allegation is correct, it would appear that B of A has
violated the Right to Financial Privacy Act – a federal law – and
could have exposed millions of account holders in such a way that
they can easily become victims of financial crimes. Just as
importantly, those same account holders may also be targeted for
government snooping; no search warrant required.
Read more on GuardMyCreditFile.
I thought we were trying to reduce the
population of Guantanamo?
FBI
says Anonymous is a potential threat to national security
No doubt we share the same information
with other countries...
Canadians
denied U.S. entry over mental illness
September 9, 2011 by Dissent
Sarah Bridge reports:
More than a dozen
Canadians have told the Psychiatric Patient Advocate Office in
Toronto within the past year that they were blocked
from entering the United States after their records of mental illness
were shared with the U.S. Department of Homeland Security.
Lois Kamenitz, 65,
of Toronto contacted the office last fall, after U.S. customs
officials at Pearson International Airport prevented her from
boarding a flight to Los Angeles on the basis of her
suicide attempt four years earlier. [Note: This is from Police
records, not medical records Bob]
[...]
So far, the RCMP
hasn’t provided the office with clear answers about how or why
police records of non-violent mental health incidents are passed
across the border.
But according to
diplomatic cables released earlier this year by WikiLeaks, any
information entered into the national Canadian Police Information
Centre (CPIC) database is accessible to American authorities.
Local police
officers take notes whenever they apprehend an individual or respond
to a 911 call, and some of this information is then entered into the
CPIC database, says Stylianos. He says that occasionally this can
include non-violent mental health incidents in which police are
involved.
In Kamenitz’s
case, this could explain how U.S. officials had a record of the
police response to the 911 call her partner made in 2006, after
Kamenitz took an overdose of pills.
RCMP Insp. Denis
St. Pierre says information on CPIC not only contains a person’s
criminal record, but also outstanding warrants, missing persons
reports and information about stolen property, along with information
regarding persons of interest in ongoing cases. It also can contain
individuals’ history of mental illness, including suicide attempts.
Read more on CBCnews.
Since only the audio recording is at
issue, there is a simple and obvious fix – but I bet they change
the law rather than give up the audio. Another “Police are not
regular citizens” exemption?
Privacy
laws may prevent Seattle police from wearing body cameras
September 9, 2011 by Dissent
Parella Lewis reports:
Could the Seattle
Police Department improve its public image by wearing body cameras?
Seattle City
Councilmember Bruce Harrell is spearheading a pilot program that
could put small cameras on officers by the end of 2012. However, Bob
Scales who work at the Seattle City Attorney’s Office, said a few
issues under current Washington State privacy laws may stand in the
way.
During a city
council meeting on September 8, Scales said, “Under the Washington
state Privacy Act, it is unlawful to make an audio recording of a
private conversation except as authorized by the Act.”
Read more on MyFOX
Spokane.
Here is how you do it. Not that it
requires anyone to actually do it.
Mozilla
issues do-not-track guide for advertisers
September 9, 2011 by Dissent
Loek Essers reports:
Mozilla issued a
Do Not Track Field Guide to encourage advertisers and publishers to
implement do-not-track (DNT) functionality.
The guide contains
tutorials, case studies and sample code to illustrate how companies
use the DNT technology. Mozilla aims to inspire developers,
publishers and advertisers to adopt DNT and wants to put the control
over Internet tracking into the hands of users. The browser maker
wants to put a stop to behavioral targeting and pervasive tracking on
the Web.
Read more on Computerworld.
Logic, what a concept!
"A file-sharing lawyer admitted
this week that IP addresses don't by themselves identify someone
accused of sharing copyrighted material online. To figure out who
actually shared the pornographic movie at the center of the case,
lawyer Brett Gibbs of Steele Hansmeier LLC told
the judge (PDF) he would
need to search every computer in the subscriber's household."
[...and if there is a WiFi link, every computer in
the neighborhood and any that happened to drive by... Bob]
Illogic, what a concept!
The
Amazon-California tax debacle: We all lose
In this winter, summer, spring, and
fall of our discontent, every politician with a larynx is opining on
how best to reduce the country's unemployment rate. All
the more reason, then, for California to ram through a piece of tax
legislation that could cost a lot of new jobs.
So it was that today, Amazon caved,
dropping
its opposition to California's plan to force cyberretailers to
collect taxes on online sales. The plan, originally slated to start
in July, now will take effect next year as part of a deal under which
Amazon agreed to end its push for a ballot
referendum in return for a temporary delay.
Watching the down-to-the-wire
maneuvering,
the big surprise is that it's taken this long for states to go on the
offensive. But a faltering economy has given them added incentive to
change the rules. With e-commerce accounting for more than 20
percent of sales of consumer electronics and office supplies, this is
expected to turn into a considerable windfall. For instance,
California expects to rake in an extra $200 million annually.
The Economics of virtual money...
"Prominent Keynesian economist
Paul Krugman has left a note on his blog at NYTimes about his view of
Bitcoin, discussing its similarity to the gold standard and
suggesting a drop in 'real gross Bitcoin product' as its users hoard
the currency rather than spend it."
Well, I suppose it's better than
nothing.
September 08, 2011
Early
Journal Content on JSTOR, Free to Anyone in World
News
release: "On September 6, 2011, we announced
that we are making journal content in JSTOR published prior to 1923
in the United States and prior to 1870 elsewhere freely available to
anyone, anywhere in the world. This “Early Journal Content”
includes discourse and scholarship in the arts and humanities,
economics and politics, and in mathematics and other sciences. It
includes nearly 500,000 articles from more than 200 journals. This
represents 6% of the content on JSTOR. While JSTOR
currently provides access to scholarly content to people through a
growing network of more than 7,000 institutions in 153 countries, we
also know there are independent scholars and other people that we are
still not reaching in this way. Making the Early Journal Content
freely available is a first step in a larger effort to provide more
access options to the content on JSTOR for these individuals. The
Early Journal Content will be released on a rolling basis beginning
today. A quick
video tutorial about how to access this content is also
available."
Researching very large datasets.
September 08, 2011
Opensource
software framework project makes big business inroads
Bloomberg
BusinessWeek: "...Hadoop...helps
businesses quickly and cheaply sift through terabytes or even
petabytes of Twitter posts, Facebook updates, and other so-called
unstructured data. Hadoop,
which is customizable and available free online,
was created to analyze raw information better than traditional
databases like those from Oracle."
For my Ethical Hackers: Why go to the
effort of actually hacking when you can have your victims send you
their data. (Would that be a viable defense in court?)
Researchers’
Typosquatting Stole 20 GB of E-Mail From Fortune 500
“Twenty gigs of data
is a lot of data in six months of really doing nothing,”
said researcher Peter Kim from the Godai Group. “And nobody knows
this is happening.”
Doppelganger domains are ones that are
spelled almost identically to legitimate domains, but differ
slightly, such as a missing period separating a subdomain name from a
primary domain name – as in the case of seibm.com as opposed to the
real se.ibm.com domain that IBM uses for its division in Sweden.
Kim and colleague Garrett Gee, who
released
a paper this week (.pdf) discussing their research, found that 30
percent, or 151, of Fortune 500 companies were potentially vulnerable
to having e-mail intercepted by such schemes, including top companies
in consumer products, technology, banking, internet communication,
media, aerospace, defense, and computer security.
Also for my Ethical Hackers
Rip
A DRM’d DVD Disk To ISO Format With BDlot DVD ISO Master [Windows]
BDlot DVD ISO Master is a free piece of
software that does what very few free programs can do – bypass the
various Digital Rights Management (DRM) technologies used to stop
people from ripping DVDs, including Disney’s infamously tricky
protection.
Yet another Ethical Hacker project...
DIY
flying robo hacker threatens wireless networks
SkyNET
combines a toy helicopter and a computer configured to attack Wi-Fi
networks. The result is a drone the CIA would be proud of. The
nasty little device can compromise computers on wireless networks and
dragoon them into botnets. Botnets are widely used for hacking,
denial-of-service attacks, and spamming.
No comments:
Post a Comment