Saturday, May 28, 2011

Perhaps Sony is discovering a bit about what happened?

http://www.databreaches.net/?p=18466

Sony Will Testify on PlayStation Hack; Hirai Letter Answers Questions

May 27, 2011 by admin

Mark Hachman reports:

Sony will testify at a House privacy hearing on June 2, after earlier refusing to appear. In a letter to lawmakers, Sony also provided more details about the attacks.

An aide for Rep. Mary Bono Mack (R-Calif.), chairwoman of the House Energy and Commerce Committee’s subcommittee on Commerce, Manufacturing, and Trade, said Friday that Sony has agreed to testify next week, joined by representatives from Epsilon, itself the victim of a date breach in April.

Read more on PC Magazine.

Related: The Subcommittee on Commerce, Manufacturing, and Trade has scheduled a hearing on Thursday, June 2, 2011, at 9:00 a.m. in 2123 Rayburn House Office Building. The hearing is entitled “Sony and Epsilon: Lessons for Data Security Legislation.” Witnesses to be announced.

[From the article:

However, Hirai also added that the company has not been able to identify the individual or individuals responsible for the breach.

Four servers were initially isolated as possibly hacked, and then the entire system was shut down as other abnormalities were discovered. The delays, Hirai explained, were due to the problems in mirroring the affected data to preserve evidence. [This is a clear indication that they had no logs of the hacking activity, but only the results. Bob]

… Sony said that it was unable to determine conclusively what information was taken, so it assumed each of the 77 million accounts on the network could have been compromised. [Another way that accurate logging will save you big money... Bob]



A few 'suggestive' phrases that this may not be a large card skimming operation but rather a direct hack on a merchants database. (a la TJX) Still, why are they protecting the merchant?

http://www.databreaches.net/?p=18453

Update: More AU cards canceled after breach

May 27, 2011 by admin

Chris Zappone and Jared Lynch provide an update on a breach reported on this blog earlier today:

The Westpac-owned St George Bank is at the centre of one of the nation’s biggest credit card security breaches after financial information was leaked from one of its clients.

The breach has already has forced banks to cancel and reissue more than 10,000 cards this week, while thousands of customers also face the sudden malfunction of their credit cards over the weekend.

The giant fraud will also affect thousands of automatic credit payments such as gym memberships and phone bills.

So far, the Commonwealth Bank has cancelled 8000 cards after detecting suspicious activity linked to an unnamed retailer. Bendigo Bank has also cancelled 2300 cards, while Westpac and St George cancelled and reissued ”a small number of cards” – believed to be fewer than 1000 – as a result of the suspicious activity. ANZ has not reported any cancellations but was monitoring the situation.

Read more in the Blacktown Sun

[From the article:

Given the size and rapid spread of the fraud, it is believed the security breach occurred online.


(Related)

http://www.scmagazine.com.au/News/258803,8000-cba-credit-card-details-unleashed-in-breach.aspx

8000 CBA credit card details unleashed in breach

Mastercard and Visa may issue penalties including fines to the acquiring bank, not CommBank, under the payment industry’s PCI-DSS compliance rules.

The rules impose minimum security standards on merchants according to their size. It demands, among other requirements, that credit card data be encrypted so it could not be read in the event of a data breach.



Do you suppose there is money in helping schools avoid situations like taking pictures of their students in their bedrooms? (a la Lower Merion High School)

http://www.pogowasright.org/?p=23108

Education Privacy in Peril

May 27, 2011 by Dissent

Daniel Solove writes:

I have been spending a lot of time examining education privacy lately, and there are some very troubling things going on in this field. At a general level, schools lack much sophistication in how they handle privacy issues. Other industry sectors that handle sensitive personal data have Chief Privacy Officers and a comprehensive privacy program. Most schools lack anyone to handle privacy or any kind of privacy program. I recently started a new company called TeachPrivacy [ http://www.teachprivacy.com/ ] to address these issues and help schools better develop a privacy program.

Another problem with education privacy involves the growing effort by the government to amass data about students. The Obama Administration is aggressively pushing this information gathering — the development of what is called “longitudinal databases” — to study how students perform over the duration of their education. This effort, although certainly for laudable goals, carries significant privacy risks.

Read more on Concurring Opinions.



Yet another indication that just because you can parrot the laws does not mean you understand them.

BBC Site Uses Cookies To Inform Visitors of Anti-Cookie Law

"As of 26 May 2011 web sites in the UK must get a user's permission to set cookies. If you go to the BBC's commercial TV listings site Radio Times you'll see a message telling you about the new law. Go to the site again, though, and you don't see the message. How does the site know you've already seen it? By setting a cookie of course! It doesn't ask for permission."



Apparently minds are shrinking. Here's one that has already reached the size of a pea...

DoD Paper Proposes National Security Through a Culture of Restraint (and Stigma)

"An SAIC analyst has written a paper [PDF] calling for the 'stigmatization' of the 'unattractive' types who tend to discuss government secrets in public. The plan, described in the Naval Postgraduate School Homeland Security Affairs journal, is to promote self-censorship as a 'civic duty'. Who needs to censor themselves? Amateur enthusiasts who describe satellite orbits, scientists who describe threats to the food supply, graduate students mapping the internet, the Government Accountability Office, which publishes failure reports on the TSA, the US Geologic Survey, which publishes surface water information, newspapers (the New York Times), TV shows, journalism websites, anti-secrecy websites, and even security author Bruce Schneier, to name a few."


Friday, May 27, 2011

Sounds like this could be big, but why would they not tell us who owned the terminal? Who are they covering for?

http://www.databreaches.net/?p=18440

AU: Major banks cancel credit cards after breach

May 27, 2011 by admin

Chris Zappone reports

A breach at a merchant has forced Commonwealth Bank, National Australia Bank, Westpac and its St George unit to cancel thousands of credit cards in the latest security issue to affect bank customers.

BusinessDay understands the matter is under police investigation, with CommBank issuing replacement cards from yesterday afternoon to about 8000 customers who might have been affected.

Read more in Brisbane Times

[From the Brisbane Times article:

CommBank discovered suspicious transactions on a number of credit card holders’ transactions and began cancelling the cards late yesterday. The bank pinpointed the merchant in common between the accounts and, as a precaution, cancelled the cards and reissued them, while notifying the bank that provides services to the merchant.

ABC News also reports on the breach:

All major banks have blocked, restricted or cancelled what totals thousands of credit cards in response to a potential security breach.

All four major banks and St George have confirmed to the ABC that some customers’ cards have been cancelled, blocked or restricted due to fears they had been compromised and would be open to fraud.

The Commonwealth Bank was the first to release information to the media, and says it detected the potential security breach through its continuous monitoring process.

CBA says a merchant EFTPOS terminal used by some of its customers was not secure, and there is a possibility customer information was ‘skimmed’.

Read more on ABC News.

[From the ABC article:

The banks' fraud detection systems can tell which customers have made transactions at the business where the security breach has occurred, and those customers have been deemed 'at risk'.



Another Japanese company breached?

http://www.databreaches.net/?p=18413

Honda Canada notifies customers of breach (UPDATED)

May 26, 2011 by admin

A DataBreaches.net reader alerted me that Honda Canada has been notifying some customers of a breach.

According to a May 13th letter he received (French version, pdf), a breach involving unauthorized access of the My Honda (myhonda.honda.ca) and My Acura (myacura.acura.ca) web sites was detected in March 2011 and affected customers who were on certain mail lists in 2009. Customers’ names, addresses, and vehicle identification numbers were involved.

Unless, of course, you got a letter dated May 12, which was sent to a different subset of customers for whom Honda Financial Service Account numbers were also involved. According to their representatives, the FSA number is an internal number only and cannot be used to access your bank account information.

So how many people were affected? Honda’s not saying, but a representative told our reader that the breach affected anyone who was on certain mailing lists in 2009. It appears that even if you didn’t create an account on their web sites, if they mailed you about upcoming specials in 2009, your data were involved.

An undated notice on Honda’s main web site, which is not easy to find because there is no link from the homepage, reads:

To our valued Honda customers:

Honda has learned of unauthorized access of some customer data. We would like to apologize for this incident and assure our customers that the protection and safe-keeping of your information is a responsibility that we take very seriously.

The incident involved the unauthorized access of information as held in our records in 2009, specifically name, address, Vehicle Identification Number (VIN), and in a small number of cases, Honda Financial Services (HFS) account numbers.

The information did not include any data that would typically be used for identity theft or fraud such as birth dates, telephone numbers, email addresses, credit card numbers, bank account numbers, driver’s license numbers, social insurance numbers, or dollar amounts of HFS financing or payments. [So, was notice even required? Bob]

We are in the process of notifying all the potentially affected customers by mail. We do not recommend that customers take any specific action at this time, other than being alert for marketing campaigns from third parties that reference your ownership of a Honda vehicle. Honda does not share its customer information with unauthorized third parties and does not contact customers asking for financial information.

Thanks to the reader who provided the letter.

Update: Jaikumar Vijayan of Computerworld reports that the company is notifying 280,000 customers. His coverage also provides an explanation of why customers who never created accounts on MyHonda or MyAcura were affected: the company prepopulated forms using customer data. Read more on Computerworld.



Another attempt to “eliminate cash” by replacing it with electronic money (rather than plastic money)

Google Wallet: the End of Anonymous Shopping

"Google today announced Google Wallet, an NFC-base payment system that will allow people to pay for purchases just by waving their phone across a reader. It's the beginning of a future where commercial transactions are 'frictionless' and convenient — but it's a future where every transaction can be tracked and data-mined, as Dan Tynan points out. Stores can user information about your Doritos purchases to rearrange their wares; Google could push coupons via its new Google Offers service; your health insurance company might be interested in your sodium intake."


(Related)

http://news.cnet.com/8301-27080_3-20066647-245.html

How secure is your wallet in Google's hands? (FAQ)



I'm sure this has mothing to do with Microsoft's purchase of Skype...

http://www.thetechherald.com/article.php/201121/7209/Skype-update-blamed-for-sudden-global-outage

Skype update blamed for sudden global outage

According to an official Skype blog post regarding the matter, sporadic outages around the world were arising due to the mistaken deletion of a file called “shared.xml”, which left a “small number” of users unable to sign-in or make Internet calls.

The overall Skype service was consequently shunted further askew when the Skype.com website was knocked offline as large volumes of customers sought out a solution to the initial connectivity problem.



Dilbert explains why many corporations are encouraging the use of Smartphones by their employees...

http://dilbert.com/strips/comic/2011-05-27/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+dilbert%2Fdaily_strip+%28Dilbert+Daily+Strip+-+UU%29


Thursday, May 26, 2011

But the have that huge vault! How could they not be secure?

http://www.databreaches.net/?p=18406

BofA Breach: ‘A Big, Scary Story’

May 25, 2011 by admin

Tracy Kitten reports:

An internal breach at U.S. financial giant Bank of America shows how some corporations do not focus enough attention on mitigating internal fraud risks.

According to news reports, a BofA employee with access to accountholder information allegedly leaked personally identifiable information such as names, addresses, Social Security numbers, phone numbers, bank account numbers, driver’s license numbers, birth dates, e-mail addresses, family names, PINs and account balances to a ring of criminals. With that information, the fraudsters reportedly hijacked e-mail addresses, cell phone numbers and possibly more, keeping consumers in the dark about new accounts and checks that had been ordered in their names.

Some 300 BofA customers in California and other Western states have reportedly had their accounts hit, and 95 suspects linked to the breach were arrested by the Secret Service in Feb.

BofA says it detected the fraud a year ago, but only recently began notifying affected customers of the breach.

Read more on BankInfoSecurity.com

Update: It’s come to my attention that David Lazarus of the Los Angeles Times originally broke this story and has more details on it.

[From the BankInfoSecurity article:

Privacy expert and attorney Kirk Nahra calls the BofA incident "a big, scary story," and says account-management checks should have picked up on the fraud before more than $10 million was drained from customer accounts. "Money was missing, so there should have been some trigger just identifying that there was a problem," he says. "It's just weird that the problem wasn't picked up on sooner."



If these aren't directly related, at least the bad guys read the same instruction manual...

http://www.databreaches.net/?p=18427

NC: Charges mount in Asheville credit card fraud case

May 26, 2011 by admin

And yet another where we don’t yet know how data were stolen or acquired. Sabian Warren reports:

Police working in conjunction with the U.S. Secret Service have filed additional charges against a Florida man who police say is involved in a multistate crime operation involving the theft of credit card information.

Abe Nassar, 39, of Brandon, Fla., now faces 22 charges that include financial card fraud, financial card forgery, financial card theft and criminal receipt of goods or services, according to warrants on file at the Buncombe County Magistrate’s Office.

[...]

Glen Kessler, assistant special agent with the Secret Service’s North Carolina office in Charlotte, declined to give details about how the credit card information was being stolen, [Why keep it secret? Bob] noting that the investigation is ongoing and more charges are possible against other suspects, including federal indictments.

Read more in the Citizen-Times.


(Related)

http://www.databreaches.net/?p=18424

GA: Camden sheriff among victims of recent debit card fraud

May 26, 2011 by admin

There have been a rash of debit/credit card fraud reports in the media recently. In none of the situations has the point of compromised yet been identified, but I’m including them on this blog when I come across them in the hopes that one day, we will find out what happened. Here’s another one from today’s news, reported by Teresa Stepzinski:

WOODBINE — Camden County Sheriff Tommy Gregory found himself in an uncomfortable situation all too familiar to hundreds of Southeast Georgia residents recently.

[...]

Debit and credit card fraud is a year-round problem, Southeast Georgia law enforcement officials say, but the number of cases reported has spiked in recent weeks, particularly in Camden County.

“We’ve probably had at least 400 cases in the county that we know of … and that includes cases handled by us, the Kingsland Police Department and the St. Marys Police Department,” Gregory said. “We get these complaints throughout the year but we’ve had a big increase in the last three weeks.”

It’s likely the number of victims in Camden and neighboring counties is “in the thousands,” with new cases reported daily, said Sheriff’s Office spokesman William Terrell.

Read more on Jacksonville.com


(Related)

http://www.databreaches.net/?p=18419

SC: More debit/credit fraud cases

May 25, 2011 by admin

Elizabeth Bush reports:

The list of victims of debit/credit card fraud on Daniel Island is growing. Both island residents and island employees have been affected. City of Charleston Police and the Charleston office of the United States Secret Service are now investigating the string of cases. After an article on the subject appeared in last week’s Daniel Island News, multiple new cases have been reported to the paper via phone, email and Facebook postings. Approximately 30 people have notified the paper about their debit or credit card numbers being compromised in recent weeks. Unauthorized charges continue to be posted all across the United States and at international locations.

Blackbaud sent out an email alert to employees last week about the fraud cases. According to Blackbaud spokesperson Melania Mathos, twenty employees were identified as potential victims.

Read more on Daniel Island News.



Thank you, Google-ing public!

http://www.pogowasright.org/?p=23066

Dutch researcher downloads 35 million Google Profiles

May 25, 2011 by Dissent

Bas van den Beld reports:

Aren’t they lovely, the new Google Profiles? And you can put so much information in it. Information which everybody can see. And download… We’ve discussed the privacy matters around the profiles before and I will be talking about the presentation I did at SMX about the profiles soon too. But there is a lot more to the Google Profiles. A Dutch researcher was able to download, export and import 35 million Google Profiles, with data.

The researcher Matthijs Koot, working for the University of Amsterdam, is writing a research paper about anonymity and privacy. For that research he decided to look at the Google Profiles. He noted that a lot of the information can be downloaded pretty easy.

Last February Koot created “a database containing ALL ~35.000.000 Google Profiles without Google throttling, blocking, CAPTCHAing or otherwise make more difficult mass-downloading attempts.”

Read more on State of Search.



For my PS3 using Computer Security students...

http://news.cnet.com/8301-13506_3-20066378-17.html

Sony offers sign-up page for identity-theft protection

Subscribers to those services can go to a new page that Sony has set up and input an e-mail address to start the process of joining AllClear ID Plus from identity-protection company Debix. Within 72 hours, according to the page, the person will receive a free activation code, giving them access to the service for one year at no charge.



Does this provide a “guaranteed defense” if I'm accused of something the “Black Box” reports I didn't do? If so, how do I access it to know?

http://www.pogowasright.org/?p=23094

Automotive Black Boxes, Minus the Gray Area

May 26, 2011 by Dissent

Keith Barry writes:

The National Highway Traffic Safety Administration will later this year propose a requirement that all new vehicles contain an event data recorder, known more commonly as a “black box.” The device, similar to those found in aircraft, records vehicle inputs and, in the event of a crash, provides a snapshot of the final moments before impact.

That snapshot could be viewed by law enforcement, insurance companies and automakers. The device cannot be turned off, and you’ll probably know little more about it than the legal disclosure you’ll find in the owner’s manual.

Read more on Threat Level.



This pains me to say, but Sen. Franken and I might agree on this one. (But, why stop at “some apps?”)

http://www.pogowasright.org/?p=23080

Senator wants privacy policies for mobile apps

May 25, 2011 by Dissent

Grant Gross reports:

A U.S. senator wants Apple and Google to require some applications in their mobile app stores to have privacy policies as a way to protect users against location tracking.

Sen. Al Franken (D-Minn.), chairman of the Senate Judiciary Committee’s privacy subcommittee, called on the two mobile OS makers to require privacy policies for “location-aware” apps in a letter sent to the CEOs of Apple and Google on Wednesday. Neither company requires apps they sell to have privacy policies in place, he said in the letter.

Read more on Computerworld.

I would really like to see a thoughtful response from both Google and Apple as to why they haven’t imposed this requirement already. Like Senator Franken, I don’t think it’s enough, but it is a first step and on some level, forms a basis for consumer protection if companies then violate their own policies.


(Related) Perhaps the Senator would ask them about this?

http://news.cnet.com/8301-27080_3-20066266-245.html

Why is Sprint installing junk apps on my Android phone?

A few days ago I noticed a strange app on my HTC Evo Android smartphone. It's a demo version of a sci-fi shooter game called N.O.V.A. It wasn't preinstalled, I didn't download it, and I can't uninstall it.

I checked to see what it does on my phone and was shocked to see the long list of permissions it has: edit, read, and receive SMS; send SMS messages that cost money; full Internet access; change network connectivity; change Wi-Fi state; prevent phone from sleeping; read phone state and identity; and modify/delete SD (Secure Digital memory) card contents. Granted, some of these permissions certainly have legitimate uses and at least one may be required for newer versions of Android, but this list still concerns me. (The Technically Personal blog explains what the permissions mean.)



Is there a 'long cycle' of activity that indicates terrorism? I don't have a clue what it would be.

http://www.pogowasright.org/?p=23083

US to store passenger data for 15 years

May 25, 2011 by Dissent

Alan Travis reports:

The personal data of millions of passengers who fly between the US and Europe, including credit card details, phone numbers and home addresses, may be stored by the US department of homeland security for 15 years, according to a draft agreement between Washington and Brussels leaked to the Guardian.

The “restricted” draft, which emerged from negotiations between the US and EU, opens the way for passenger data provided to airlines on check-in to be analysed by US automated data-mining and profiling programmes in the name of fighting terrorism, crime and illegal migration. The Americans want to require airlines to supply passenger lists as near complete as possible 96 hours before takeoff, so names can be checked against terrorist and immigration watchlists.

More government over-reach/data grabbing. Where is there any empirical evidence that data over 10 years old has been key in thwarting any terrorist threat?

Enough of this mentality. I hope the EU says no and tells the U.S. that this is a deal-breaker.

Read more on The Guardian.



For my Computer Security students. Would it be so difficult to get a warrant?

http://www.pogowasright.org/?p=23073

Des Moines and KCLS at odds over surviellance camera policy

May 25, 2011 by Dissent

Keith Daigle reports:

The city of Des Moines and the King County Library System (KCLS) are at odds over surveillance camera’s and library patron’s privacy.

On March 14 an elderly man was robbed and assaulted in the parking lot of the Woodmont Library in Des Moines. Shaken up by the crime, he was not able to give police a description of his assailant.

The strong-arm robbery, a felony crime, was caught on the Library’s surveillance cameras on the parking lot. KCLS denied both the initial request and a public records request by Des Moines Police to view the footage, telling them they would need a warrant.

“We are not in the business of the video surveillance of the community,” Director of KCLS Bill Ptacek said.

Read more on SeaTac News.



We kinda knew that, right? (What other “colors” do that offer?)

http://english.peopledaily.com.cn/90001/90776/90786/7392068.html

China confirms deployment of online army

The development of China's "Online Blue Army" unit is for improving the defense capabilities of the People's Liberation Army (PLA), a Chinese Defense Ministry spokesman said on Wednesday, citied by Beijing News.



“Want better laws? Make larger bribes campaign contributions.” sometimes you gotta remind them how congress works!

http://www.pogowasright.org/?p=23088

Wireless providers exempted from data-logging plan

May 26, 2011 by Dissent

Declan McCullagh reports:

Wireless providers won’t have to comply with extensive requirements in a new bill that would force Internet companies to log data about their customers.

CNET was the first to report this exemption for wireless carriers in an article a few weeks ago. That legislation was publicly announced today by U.S. Reps. Lamar Smith (R-Texas), the head of the House Judiciary Committee, and Debbie Wasserman Schultz (D-Fla.).

That appears to be the result of lobbying from wireless providers, which don’t want to have to comply with any new governmental mandates. But the exemption has already drawn the ire of the U.S. Justice Department, and is likely to attract strong opposition from cable and DSL providers who would be the ones singled out for regulation.

Read more on cnet.


Wednesday, May 25, 2011

Yup, I was right, Blood in the water...

http://www.databreaches.net/?p=18393

Sony Music Japan hacked through SQL injection flaw

May 24, 2011 by admin

Chester Wisniewski writes:

Another day, another attack on Sony. I reported yesterday on the SQL injection attack exposing user information on SonyMusic.gr and today attackers have found flaws in SonyMusic.co.jp.

The Hacker News sent us a tip this evening documenting a couple of vulnerable web pages on SonyMusic.co.jp that allowed hackers to access their contents through SQL injection.

The good news? The database information that was published does not contain names, passwords or other personally identifiable information. The attackers noted that there are two other databases on the site that are vulnerable and it remains unclear whether they contain sensitive information.

Read more on Naked Security.


(Related)

http://www.databreaches.net/?p=18396

Sony Ericsson Got Hacked by Idahca (Lebanese hacker Group) (update1)

May 24, 2011 by admin

From Hacker News:

Again, DAMN … Whats Going on with Sony ?.. Idahca (Lebanese hacker Group) hack The database of ca.eshop.sonyericsson.com with a simple sql injection. Two attacks on Sony in one day. Today’s Morning LulzSec Leak Sony’s Japanese websites Database and Now Sony Ericsson’s Eshop Database Hacked. Email, Password and names of 1000′s of users are exposed via text file on pastebin.

Read more on Hacker News.

Update: PCWorld reports that 2,000 users’ data were involved in the breach.



'cause my Computer Security students should learn something!

http://www.makeuseof.com/tag/combat-wifi-security-risks-connecting-public-network/

How To Combat WiFi Security Risks When Connecting To A Public Network

… Let’s have a look at the exact WiFi security risks of public networks, and the solutions available to counter those risks.



So, is increased power usage now “Probable Cause” (for a pot growing warrant) or just “Possible Cause?”

http://idle.slashdot.org/story/11/05/24/1257229/Increased-Power-Usage-Leads-to-Mistaken-Pot-Busts-for-Bitcoin-Miners?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Increased Power Usage Leads to Mistaken Pot Busts for Bitcoin Miners

"The Canadian town of Mission, BC has a bylaw that allows the town's Public Safety Inspection Team to search people's homes for grow ops if they are using more than 93 kWh of electricity per day. There have allegedly been reports floating in IRC of two different cases of police showing up at a Bitcoin miner's residence with a search warrant. Ohio police and the DEA file at least 60 subpoenas each month for energy-use records of people suspected of running an indoor pot growing operation. DEA Agent Anthony Marotta said high electricity usage does not always mean the residence is an indoor pot farm and has surprised federal agents. 'We thought it was a major grow operation ... but this guy had some kind of business involving computers. I don't know how many computer servers we found in his home.'"



Now isn't that interesting – Congress is exempt from Insider Trading rules?

http://www.huffingtonpost.com/2011/05/24/members-of-congress-get-a_n_866387.html

Members of Congress Get Abnormally High Returns From Their Stocks

Four university researchers examined 16,000 common stock transactions made by approximately 300 House representatives from 1985 to 2001, and found what they call "significant positive abnormal returns," with portfolios based on congressional trades beating the market by about 6 percent annually.

What's their secret? The report speculates, but does not conclude, it could have something to do with the ability members of Congress have to trade on non-public information or to vote their own pocketbooks -- or both.



Perspective.

http://techcrunch.com/2011/05/25/as-youtube-turns-6-years-old-daily-views-shoot-up-to-3-billion-yes-3-billion-daily/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

YouTube Turns 6 Years Old, Daily Views Shoot Up To 3 Billion (Yes, 3 Billion. Daily.)

YouTube says global daily views have gone up 50 percent in the past 12 months, which means they currently handle a whopping 3 billion views per day.

To put that in some perspective: comScore said last week that the total U.S. Internet audience engaged in roughly 5.1 billion viewing sessions for the entire month of April 2011 (which also tells you something about YouTube’s global appeal).

Or as the company puts it in the blog post:

“That’s the equivalent of nearly half the world’s population watching a YouTube video each day, or every U.S. resident watching at least nine videos a day.”

Also worth noting: YouTube says it has exceeded over 48 hours of video uploaded to the site every single minute (which, they add, represents a 100 percent increase year over year).


Tuesday, May 24, 2011

With almost no risk, why spend money on security?

http://www.databreaches.net/?p=18384

Michaels Breach: Who’s Liable?

May 23, 2011 by admin

Tracy Kitten reports:

…. What role should merchants play, when it comes to ensuring transactional security, and how should financial institutions, as card-issuers, fall into the fray?

Attorney Randy Sabett, partner and co-chair of the Internet and Data Protection practice at law firm SNR Denton LLP, says the liability lines are often blurred and hard to define after a breach. Despite that card fraud usually occurs outside banking institutions’ control, banks and credit unions, as the card issuers, usually absorb losses and expenses associated with breach recovery.

“There is a lot of entanglement in the credit card industry,” Sabett says. “It all goes back to the contract. It’s often hard to pin anything down in the contract. But the way most of these contracts are written, the retailers aren’t liable.”

Read more on BankInfoSecurity.com



This is temporary. When the technology can be shrunk to an injectable RFID chip, we will no longer need a black box. Meanwhile, they make a great target for my Ethical Hackers.

Mandatory Automotive Black Boxes May Be On the Way

"The National Highway Traffic Safety Administration is expected to announce a new regulation requiring all vehicles to contain a 'black box.' Not only that, but the devices would be designed to make it difficult (possibly illegal) to modify what information these devices collect or to disbale them even though the courts have ruled that the owner of the vehicle owns the data. The courts have also ruled that authorities may access that data (to what degree and whether a warrant is necessary depends on the state)."



Gary Alexander provides a cautionary article for lawyers...

Attorneys Who Work in the 'Cloud' May Get ABA Wake-Up Call With Proposed Rules

The Connecticut Law Tribune

The ABA's Commission on Ethics 20/20 has issued proposed changes to the Model Rules of Professional Conduct designed to remind lawyers of the need to safeguard client confidentiality when engaging in "cloud computing," sparking concern nationwide from small firms and solo practitioners.



An easy revenue source?

http://torrentfreak.com/hurt-locker-makers-target-record-breaking-24583-bittorrent-users-110523/

Hurt Locker Makers Target Record Breaking 24,583 BitTorrent Users

March last year the law firm Dunlap, Grubb and Weaver imported the mass litigation “pay up or else” anti-piracy scheme to the United States.

The initial customers of the lawyers – who are also known as the U.S. Copyright Group – were relatively unknown indie film producers. But this changed when the makers of the Oscar-winning Hurt Locker (Voltage Pictures) joined up and sued 5,000 alleged file-sharers.

Voltage Pictures always threatened that this figure was just the start, and it now turns out that they were speaking the truth. In their quest to recoup their claimed losses, the studio has now added nearly 20,000 new defendants to the lawsuit, bringing the total up to 24,583.



Because backups are good.

http://www.makeuseof.com/tag/effectively-backup-archive-read-emails-mailstore-home-windows/

MailStore Home – One Of the Easiest Free Email Backup Tools Available [Windows]

MailStore Home (ver.4.2) is a Windows only freeware that is a single stop backup and archiving solution for all your email accounts scattered across the digital world. In brief, MailStore allows you to create a central storehouse of all your emails from all your accounts and makes it searchable so that you always have ready access to a buried but important email.


Monday, May 23, 2011

Once your systems are hacked it’s like blood in the water to other hackers.
http://www.databreaches.net/?p=18381
Sony BMG Greece hacked
May 23, 2011 by admin
Add to that scorecard. John Leyden reports:
Sony BMG Greece has became the latest property of the entertainment giant to be hacked. The miscreants attacked over the weekend.
Hackers News Network uploaded sample extracts from a database of users’ names and email addresses onto pastebin after hackers who broke into SonyMusic.gr sent them a dump from their hack, as explained here. The data as uploaded omits telephone numbers and password hashes that the unidentified hackers claimed to have swiped from the site.
Read more in The Register.

(Related) Mother Nature hates Sony too
https://www.nytimes.com/2011/05/24/technology/24sony.html
Sony Swings to Big Loss After Natural Disasters
The March 11 earthquake and tsunami probably pushed Sony to a $3.2 billion loss in the just-ended fiscal year, the electronics and entertainment giant warned Monday, the latest Japanese manufacturer to report a huge economic hit from the disaster.
The annual loss would be Sony’s biggest in 16 years, a major setback to chief executive Howard Stringer’s drive to turn around the once-legendary maker of PlayStation video game consoles, Bravia flat-panel TVs and Vaio laptops.
Sony suffered damage at nine plants in northeastern Japan in the quake and tsunami, which also disrupted supply chains and put a damper on domestic consumption.

(Related) Hackers are just a drop in the bucket.
http://www.pcworld.com/article/228391/playstation_network_hack_will_cost_sony_170m.html
PlayStation Network Hack Will Cost Sony $170M

Sunday, May 22, 2011

If they know you are impaired and still let you drive, doesn’t that increase liability?
http://news.yahoo.com/s/yblog_technews/20110520/tc_yblog_technews/new-ford-smart-car-tech-wants-to-monitor-your-allergies-blood-sugar
New Ford smart car tech wants to monitor your allergies, blood sugar
On Wednesday, Ford announced that it is looking to add some rather interesting functionality to its Sync "infotainment" system. While other automakers are looking to make driving safer through improved dashboards and navigation, Ford is taking a more direct approach by monitoring allergen content and blood sugar, and providing health-based navigation assistance.
The automaker is partnering with three medical technology firms to make web-connected apps that are specifically designed to communicate with its improved Sync system, as well as integrate with the driver's smartphone. One app in discussion helps protect asthma sufferers from allergens by automatically rolling up the windows, or suggesting a new allergen-free route. Another app wirelessly connects to a diabetes sufferer's blood sugar monitor, informing the driver if their blood sugar is getting too low.
One surprising thing that Ford is opting not to monitor is blood alcohol levels, citing that it prefer to focus on more proactive health and wellness items instead. It's also worth mentioning that none of the apps in the Sync system can actually control the car to prevent driving while impaired. So even if Sync notices that, for instance, you are going into diabetic shock, it can only suggest that you pull over and grab a bite to eat — not do it for you, like a self-steering Google car might.


For my Computer Security students. If you believe in a Right to Privacy, “nothing to hide” waves that right.
http://www.pogowasright.org/?p=23010
Solove: Why Privacy Matters Even if You Have ‘Nothing to Hide’
May 21, 2011 by Dissent
Daniel J. Solove has a wonderful article in Chronicle of Higher Education, adapted from his book Nothing to Hide: The False Tradeoff Between Privacy and Security. Here’s the beginning:
When the government gathers or analyzes personal information, many people say they’re not worried. “I’ve got nothing to hide,” they declare. “Only if you’re doing something wrong should you worry, and then you don’t deserve to keep it private.”
The nothing-to-hide argument pervades discussions about privacy. The data-security expert Bruce Schneier calls it the “most common retort against privacy advocates.” The legal scholar Geoffrey Stone refers to it as an “all-too-common refrain.” In its most compelling form, it is an argument that the privacy interest is generally minimal, thus making the contest with security concerns a foreordained victory for security.
Go read the rest on Chronicle of Higher Education. You’ll thank me later


How you achieve your strategic objective may vary from technology to technology. Your strategic objectives should not.
http://www.pcworld.com/article/228026/european_commission_needs_help_on_cloud_computing_strategy.html
European Commission Needs Help on Cloud Computing Strategy
By Jennifer Baker, IDG News May 17, 2011 4:50 am
The European Commission wants feedback on how to manage its cloud computing strategy for Europe, where legislation is trailing behind the new technology.
Digital Agenda Commissioner Neelie Kroes launched a public consultation on Monday. Cloud computing is already in wide use in the European Union, with cloud services there expected to generate revenues of around €35 billion (US$50 billion) by 2014.
The Commission now wants all interested parties, especially cloud developers and cloud users, to explain their "experience, needs, expectations and insights into the use and provision of cloud computing." The consultation particularly wants to hear views on data protection and liability as well as standardization and interoperability issues.