Interesting. First time I've seen anyone turn off their phones...

http://www.databreaches.net/?p=22881

Zappos hacked; notifying 24+ million Zappos.com and 6pm.com customers of breach and to reset passwords

January 15, 2012 by admin

Online retailer Zappos has been hacked. Its CEO, Tony Hsieh, posted a copy of an email notification explaining the breach to all employees with a copy of the email notification sent to customers:

The following email was sent to our employees today:

Subject: Important – Security

Dear Zappos Employees -

Please set aside 20 minutes to carefully read this entire email.

We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky. We are cooperating with the FBI to undergo an exhaustive investigation.

Because of the nature of the investigation, the information in this email is being sent a bit more formally, and unfortunately we are not able to provide any more details about specifics of the attack beyond what is in this email and the link at the end of this email, but we can say that THE SECURE DATABASE THAT STORES OUR CUSTOMERS’ CRITICAL CREDIT CARD AND OTHER PAYMENT DATA WAS NOT AFFECTED OR ACCESSED.

… Due to the volume of inquiries we are expecting, we realized that we could serve the most customers by answering their questions by email. We have made the hard decision to temporarily turn off our phones and direct customers to contact us by email because our phone systems simply aren’t capable of handling so much volume. (If 5% of our customers call, that would be over 1 million phone calls, most of which would not even make it into our phone system in the first place.)

What I can’t figure out from the above is whether they are indirectly saying that they stored full credit card numbers on another server. I hope they clarify this in future statements.

The same notification was sent to 6pm.com employees.

So, this was happening over the Christmas break but no one bothered with it until they returned to work? No evidence of hacking, so what will they charge the boys with? Normal backup procedures should insure that no data was lost (I dang sure backup the work I do)

http://www.washingtonpost.com/local/education/fairfax-officials-2-lake-braddock-students-stole-passwords-erased-school-data/2012/01/13/gIQArRuExP_story.html

Fairfax officials: 2 Lake Braddock students stole passwords, erased school data

Two Fairfax County middle-school students used stolen passwords to wreak havoc with a school software application used countywide by thousands of teachers, students and parents, according to authorities.

Officials at Lake Braddock Secondary School in Burke reported the breach to police Jan. 3, the first day of classes after winter vacation. Course content had been erased from the school’s Blackboard site, an online system that teachers use to post assignments, hold discussions and communicate with parents.

… According to one Lake Braddock parent, Facebook began buzzing in late December with students’ complaints about the Blackboard-related oddities, including missing assignments and “poorly written pornographic e-mails” they received via the online system.

An investigation led to the two boys, who had apparently obtained the passwords of a fellow student and 17 teachers, Luftglass said. Officials don’t know how the boys got the passwords, but there is no evidence that they hacked into the Blackboard software or exploited a security loophole, she said.

… This is not the first time a Fairfax student has gotten into Blackboard trouble. In 2010, a third-grader deleted content and changed the passwords of administrators, including Superintendent Jack D. Dale.

I would have thought this strategy was obvious. 1) The government has been buying data for years, long before they were slapped down for the Total Information Awareness project. 2) Google, Facebook and others have shown that selling personal data or using it to direct advertising is hugely profitable.

http://www.pogowasright.org/?p=26822

Automatic License Plate Readers

January 15, 2012 by Dissent

I’ve blogged about license plate recognition previously. Now the PrivacySOS blog has more reason to be concerned about this type of surveillance:

A 2012 investigation by the Center for Investigative Reporting (CIR) showed that, as privacy advocates feared, at least one private manufacturer of license plate recognition systems has been retaining its own ALPR data, creating an enormous, national database. As government accountability groups have feared, information from that database, the National Vehicle Location Service, is not bound by the few privacy regulations governing government ALPR databases. CIR showed that the private firm that owns that database, Vigilant Video, sells our data to police, creating a loophole to skirt around the few public regulations that exist to protect us from improper, retroactive police spying.

Governments have for some time purchased our credit, criminal, residential, employment and other data from private corporations. Now ALPR data is added to that mounting pile of information on each one of us, as multinational intelligence and data firms are integrating their systems with ALPR technology, further expanding the reach of the surveillance matrix.

Read more on PrivacySOS. h/t, ACLU of Massachusetts

“We can't have a really huge bureaucracy until we can cavity search anyone, anywhere, at any time!”

DHS X-ray Car Scanners Now At Border Crossings

"CNET has a story on DHS' whole car X-ray scanners and their potential cancer risks. The story focuses on the Z Portal scanner, which appears to be a stationary version of the older Z Backscatter Vans. The story provides interesting pictures of the device and the images it produces, but it also raises important questions about the devices' cancer risks. The average energy of the X-ray beam used is three times that used in a CT scan, which could be big trouble for vehicle passengers and drivers should a vehicle stop in mid-scan. Some studies show the risk for cancer from CT scans can be quite high. Worse still, the DHS estimates of the Z Portal's radiation dosage are likely to be several orders of magnitude too low. 'Society will pay a huge price in cancer because of this,' according to one scientist."

If she is right, I see a business opportunity and competition...

http://www.bespacific.com/mt/archives/029258.html

January 15, 2012

Commentary: Libraries Succeed by Constantly Evolving

Susan H. Hildreth, Director of the Institute of Museum and Library Services: "People depend on libraries now more than ever. Not only do visits and circulation continue to rise, the role of public libraries in providing Internet resources to the public continues to increase as well. Public libraries have also increased their program offerings to meet greater demand and provide more targeted services. In the business world, such demand for an industry's services would mean big profits for that sector. But despite the demonstrated ability of libraries to adjust to meet the growing needs of the public, many libraries across the country face severe budget cuts. There is no doubt that the future success of libraries depends on their ability to change and evolve to meet the changing ways that people access and use information. As director of the Institute of Museums and Library Services, the federal voice for library and museum service in the U.S. -- I see three big goals for libraries: provide engaging learning experiences, [Supplement schools? Bob] become community anchors, and provide access to content even as the devices for accessing that content change rapidly."

Cool! Now I can design and build those drones I've been thinking about.

NASA Open Sources Aircraft Design Software

"At the American Institute for Aeronautics and Astronautics Aerospace Sciences Meeting in Nashville, NASA engineers unveiled the newly open sourced OpenVSP, software that allows users to construct full aircraft models from simple parameters such as wing span and fuselage length, under the NASA Open Source Agreement. Says the website, 'OpenVSP allows the user to create a 3D model of an aircraft defined by common engineering parameters. This model can be processed into formats suitable for engineering analysis.'"

Keep Current! Someone (and she knows who she is) should expand this theme into a more useful paper...

Monday, January 16, 2012

How Do You Keep Up With All of This?

How do you keep up with all of this? That's a question I am often asked after giving a presentation or when I meet people at conferences. One of the ways I keep up and learn about new things is through Twitter. In a guest post last winter Steven Anderson offered some great advice about using Twitter. Google+ is increasingly becoming a good way to keep up with what the people in my circles are sharing. The other way, in fact the primary way, that I keep up is through my RSS reader.

I am currently subscribed to 273 blogs and websites in my RSS reader. Those 273 subscriptions account for more than 1,000 daily posts. If I had to visit each one of those sites individually I would never have time for anything else (like walking Morrison). So what is an RSS reader and how does it help me efficiently process 1,000 or more blog posts per day? Watch the Common Craft video below to find out.