“We know so
little about how our system works or what our security does that we
are truly ignorant of the security implications” and “We built
accounts for you so we could charge higher advertising rates...”
If
it’s Friday, it’s time to reset almost 18 million passwords?
December 30, 2011 by admin
Care2 has notified
users of a security
breach. In its FAQ, the online community said that it discovered
the breach on December 27, but as of December 28, “We
are currently unable to determine the full extent of the security
breach.” The site is forcing a password reset and
urging members to change their passwords on other sites if they
re-use passwords.
A copy of the e-mail notification sent
to members today was forwarded to DataBreaches.net by a recipient:
To All Care2
Members:
We have discovered
that Care2.com servers were attacked, resulting in a security breach.
The hackers were able to access login information for Care2 member
accounts. Our team has worked to secure Care2.com against this type
of attack from recurring.
To protect Care2
members we are resetting access to all Care2 accounts. The next time
you login to Care2, you will be automatically emailed a new password,
which will enable you to access your Care2 account as usual.
To recover your
password, you can also visit our password retrieval form
http://www.care2.com/go/z/e/Ag5Vq/zLzm/SxwU and enter your username
or email. Your password will be emailed to you.
To secure your
privacy, we highly recommend you immediately change your password for
any accounts that share the password you previously used on Care2.
If you have any
questions or concerns, please email us at:
care2support@care2team.com.
We sincerely
apologize for this inconvenience. We take the security of our
members very seriously and are taking these extreme steps to reduce
the chances of any possible negative consequences.
Randy
Paynter
Founder & President, Care2
Founder & President, Care2
Care2′s home page indicates it has
17,900,617 members, but the notification says that the hackers were
(only?) able to access login information for a “limited number”
of Care2 member accounts. I wonder what they consider “limited
number.” And I wonder what other information the hackers acquired.
Significantly, perhaps, a
number of commenters noted that they were surprised to learn of a
breach involving their login information as they had never signed up
for an account. An administrator replied:
To the best of my
knowledge, anyone who has ever signed a petition at the Petition Site
run by Care2, is automatically given a profile / account. That may
be how many of you were added. Also, long ago, Care2 had a number of
very popular newsletters, and people who subscribed to those were
given profile pages when the newsletters were turned into groups.
So I also wonder whether Care2.com ever
sought or obtained consent to create profile pages for individuals
who only signed up to receive a newsletter by e-mail.
And I wonder why they are reportedly
e-mailing passwords to users in clear text.
Yup! So is oxygen, but I don't see
that being banned either... Dang that First Amendment!
wiredmikey writes with word (and the
following extract from a CNN report) that
"Nitsana
Darshan-Leitner, director of the Shurat HaDin Israel Law Center, sent
a letter to Twitter on Thursday asserting
that the company is violating U.S. law by allowing groups such as
Hezbollah and al Qaeda affiliate al-Shabaab to use its popular online
network. ... In her letter, Darshan-Leitner noted that Hezbollah and
al-Shabaab are officially designated as terrorist organizations under
U.S. law. She also cited a 2010 Supreme Court case — Holder v.
Humanitarian Law Project — which upheld a key provision of the
Patriot Act prohibiting material support to groups designated as
terrorist outfits."
Interesting how
quickly this generated a storm of comments...
"Cory
Doctorow's keynote at 28C3 was about the
upcoming war on general-purpose computing driven
by increasingly futile regulation to appease big content.
'The last 20 years of Internet policy have been dominated by the
copyright war, but the war turns out only to have been a skirmish.
The coming century will be dominated by war against the general
purpose computer, and the stakes are the freedom, fortune and privacy
of the entire human race.'"
If you don't have time for the entire
55-minute video, a
transcript is available that you can probably finish more
quickly.
Perhaps this is
the future?
A
Web Of Apps
It is remarkable to think that we’re
in the early days of the app era, when there are already close to
600,000 iOS applications and nearly 400,000 on Android (source:
Distimo). The growth
of these app ecosystems has been rapid, exponential and shows no
signs of slowing down. As well it shouldn’t: the untapped,
addressable
market for mobile apps involves hundreds of millions of users.
And yet, app discovery remains a
challenge. Whether in an app store, on
the device itself, or via a third-party service. Whoever
cracks the nut of app discovery will have the potential to be the
next Google: the search engine of the modern age. The
search engine for a web of apps.
I'll review these
to find one or two to add to my morning reading.
December 30, 2011
The
2011 ABA Journal Blawg 100
[One from DU:
TheRacetotheBottom.org
[Considering:
For those highly suspect (student
submitted) files...
How
to scan files with multiple antivirus apps all at once
… For added peace of mind, you can
scan a file using VirusTotal to get infection reports from several
different antivirus programs all at once.
For my Math students...
Friday, December 30, 2011
… To start off the new year, each
day this week I'll be posting a list of eleven resources to try in a
particular content area. Today's list is for mathematics teachers,
tomorrow's list will be for science teachers.
For all my students. Someone spent way
too much time on these – grab them while you can.
… Let’s fire up MS Word and take
a look at 8 free Office.com
templates that help you generate ideas with Microsoft Word. You
can use the search field to get to the template if you have a
specific term; you can drill down the categories; or you can follow
the links below.
Remember when the US used to be able to
do this?
China
aims to put astronauts on moon
Happy New Year? Perhaps they are
feeling frisky because they were able to drive the US out of Iraq?
"The high stakes standoff
between Iran and the U.S. over the Strait of Hormuz, the passageway
for one-fifth of the world's oil, escalated this week as Iran's navy
claimed
to have recorded video of a U.S. aircraft carrier entering the Port
of Oman and the deputy chief of Iran's Revolutionary Guard
Hossein Salami rejected U.S. claims that it could prevent Iran from
closing the strait. To drive the point home, Iran has started a
10-day naval exercise in the Persian Gulf to show off how it could
use
small speedboats and a barrage of missiles to combat America's naval
armada while in a report for the Naval War College, U.S. Navy
Commander Daniel Dolan wrote that Iran
has acquired 'thousands of sea mines, wake homing torpedoes, hundreds
of advanced cruise missiles (PDF) and possibly more than one
thousand small Fast Attack Craft and Fast Inshore Attack Craft.'"
(Read more, below.)