Eventually, the pain goes away. How
long “eventually” is remains undetermined.
Update:
Texas pays for data breach
February 13, 2012 by admin
Kelley Shannon provides an update on
one of the biggest breaches in 2011:
The taxpayer tab
for individual credit monitoring after a data breach in Comptroller
Susan Combs’ office has topped $600,000, and Combs’ campaign is
paying extra to resolve routine credit glitches in some cases.
Though
investigations continue into the data exposure revealed in April
2011, there is no evidence of misuse of any personal
information [Imagine what that would cost! Bob] belonging
to 3.5 million Texans, state officials said.
Read more on ReporterNews.
It makes little difference if this was
a hack through Microsoft's best corporate security or the misguided
efforts of an under-trained new guy – the word is out that
Microsoft's security stinks. What will that cost to repair?
Microsoft
Store hacked in India, passwords stored in plain text
February 12, 2012 by admin
Sean Buckley reports:
Frequenters of
India’s online Microsoft
Store were briefly greeted with the suspicious visage of a Guy
Fawkes mask this morning, following a hack that compromised the
site’s user database. According toWPSauce, Microsoft
Store India’s landing page was briefly taken over by a hacker group
called Evil Shadow Team, who, in addition to putting a new face on
Windows products, revealed that user passwords were saved in plain
text.
Read more on Engadget.
That's a bit harsh, isn't it?
The
Only Reason Companies Delete Emails Is To Destroy Evidence
The News Corp. phone-hacking scandal
continues to spiral out of control, sweeping up more and more of the
companies employees and executives. In the UK, 8
people were arrested, including five News Corp journalists, in
the broadening scandal, which may embroil deputy COO James
Murdoch—Rupert’s son and heir-apparent. A paper copy of a
deleted email found in a crate ties James Murdoch directly to the
events under investigation, which involved the routine and illegal
hacking of phone voicemails on behalf of a News Corp publication.
This email evidence would never have
been found if it wasn’t printed out because News Corp, like many
corporations, regularly deletes archived emails. It is standard
practice, but the technical reasons given for deleting emails are
usually not the real reason they are eliminated. The only real
reason to destroy old emails is to avoid liability and future
lawsuits.
Is the same information available
elsewhere?
Ie:
Insurance companies admit data law breach
February 13, 2012 by Dissent
How many times have we talked about the
risks of information being used against us
by insurance carriers? Here’s a case where it reportedly happened
in Ireland:
Three insurance
companies have pleaded guilty to breaching the Data Protection laws
by using social welfare information obtained by a private
investigator.
The Office of the
Data Protection Commissioner said the breaches by Zurich,
FBD and Travellers were “very
serious” and sent a message to the industry that information needed
to be obtained lawfully.
In December 2010
the office of the Data Protection Commissioners was notified of a
possible breach of the act by the Department of Social Protection.
As part of the
investigation they visited the office of Reliance Private
Investigators in Kildare.
They found
evidence of social welfare data being passed onto three insurance
companies.
Read more on RTÉ.
[From the article:
He said the three companies had pleaded
guilty at an early stage and co-operated fully with the inquiry.
[Couldn't they foresee this outcome? Or was no one
looking forward? Bob]
(Related) Not exactly the same, but
definitely of interest...
By Dissent,
February 13, 2012
A German company
which studies drug prescription habits for the pharma industry is
accused of selling raw data to drug companies, in what magazine Der
Spiegel said on Monday could be a huge data protection scandal.
A former member of
staff at the data processing firm Pharmafakt GFD told the magazine
under oath that data from millions of pharmacy prescriptions had been
saved and analysed then sold to pharma firms.
Read more on The
Local. So far, GFD has denied the allegations. GFD counts some
large pharmaceuticals among its clients: Pfizer, Sanofi, Bayer,
Novartis, Roche and GlaxoSmithKline, but it’s not yet clear how far
and wide this scandal might reach if the former employee’s
allegations are true.
It also confuses the heck out of TSA
when you try to re-enter the US.
"What
may once have sounded like the behavior of a raving paranoid [I
resemble that remark Bob] is now considered
standard operating procedure for officials at American government
agencies, research groups and companies as the NY Times reports how
businesses sending representatives to China give them a loaner laptop
and cellphone that they wipe clean before they leave and wipe again
when they return. 'If a company has significant intellectual
property that the Chinese and Russians are interested in, and you go
over there with mobile devices, your devices
will get penetrated,' says Joel F. Brenner,
formerly the top counterintelligence official in the office of the
director of national intelligence. The scope of the problem is
illustrated by an incident at the United States Chamber of Commerce
in 2010 when the chamber learned that servers in China were stealing
information from four of its Asia policy experts who frequently
visited China. After their trips, even the office printer and a
thermostat in one of the chamber's corporate offices were
communicating with an internet address in China. The chamber did not
disclose how hackers had infiltrated its systems, but its first step
after the attack was to bar employees from taking devices with them
'to certain countries,' notably China. 'Everybody knows that if you
are doing
business in China, in the 21st century, you don't bring anything with
you,' says Jacob Olcott, a cybersecurity expert at Good Harbor
Consulting. 'That's "Business 101"
— at least it should be.'"
Is this sufficient?
February 12, 2012
FAQ
- What is a privacyscore?
"A privacyscore
is a way to assess the privacy risk of using a website. Privacy risk
is the chance that data about you will be used or shared in ways that
you probably don't expect. Privacyscores cover two kinds of data:
- We estimate privacy risk to personal data (such as your name or email address) based on the published policies of the website.
- We estimate privacy risk to anonymous data (such as your interests and preferences) based on the privacy qualifications of the other companies who collect this kind of data across websites.
- You can see privacyscores of the sites as you visit by using the privacyscore add-on for Firefox and Chrome."
If we can establish a price, can I flag
my information as “not for sale?”
Start-Ups
Seek to Help Users Put a Price on Their Personal Data
February 13, 2012 by Dissent
Joshua Brustein reports:
… People have
been willing to give away their data while the companies make money.
But there is some momentum for the idea that personal data could
function as a kind of online currency, to be cashed in directly or
exchanged for other items of value. A number of start-ups allow
people to take control — and perhaps profit from — the digital
trails that they leave on the Internet.
“That
marketplace does not exist right now, because consumers are not in on
the game,” said Shane Green, who founded a company called Personal
in 2009.
Read more on The
New York Times.
Perspective
"It's somewhat hard to imagine
that NASA doesn't need the computing power of an IBM mainframe any
more, but NASA's CIO posted on her blog today that at the end of the
month, the
Big Iron will be no more at the space agency. NASA CIO Linda
Cureton wrote: 'This month marks the end of an era in NASA computing.
Marshall Space Flight Center powered down NASA's last mainframe, the
IBM Z9 Mainframe.'"
(Related) Get the T-shirt: “I for
one welcome our robot overlords”
One
year later, IBM Watson goes to work (and the cloud)
… IBM is taking Watson to the next
level, having created a commercial business unit working to offer
Watson both on-premise and as a hosted cloud service.
Always worth reading... Something for
my Techie students? More for the Professors.
February 12, 2012
Deloitte’s
3rd Annual Tech Trends Report: Top 10 Trends to Help Elevate
Information Technology for Digital Business
"The unique convergence of five
emerging technology forces – analytics, mobility, social, cloud and
cyber security – provide the opportunity for businesses to
accelerate performance in 2012, according
to Deloitte’s 3rd annual Tech Trends report Elevate
IT for Digital Business, released February 6, 2012. The Deloitte
report identifies the top 10 technology trends that will have the
most potential to impact businesses over the next 18-24 months,
grouping the trends into two categories: Disruptors and Enablers.
- Disruptors – Social Business, Gamification, Enterprise Mobility Unleashed, User Empowerment and Hyper-hybrid Cloud – are technologies that can create sustainable positive disruption in IT capabilities, business operations and sometimes even business models.
- Enablers – Big Data Goes to Work, Geospatial Visualization, Digital Identities, Measured Innovation and Outside-in Architecture – are technologies in which many CIOs have already invested time and effort, but which may warrant another look this year because of new developments."
(Related)
Cyber-security:
The vexed question of global rules
By
Peggy Garvin
Source: Security and Defence Agenda Sunday, 12th February
2012
From the report:
This report is
made up of a survey of some 250 leading authorities worldwide and of
interviews carried out in late 2011 and early 2012 with over 80
cyber-security experts in government, companies, international
organisations and academia. It offers a global snapshot of current
thinking about the cyber-threat and the measures that should be taken
to defend against it, and assesses the way ahead. It is aimed at the
influential layperson, and deliberately avoids specialised language.
For the moment,
the "bad guys" have the upper hand – whether they are
attacking systems for industrial or political espionage reasons, or
simply to steal money – because the lack of international
agreements allows them to operate swiftly and mostly with impunity.
Protecting data and systems against cyber-attack has so far been
about dousing the flames, although recently the focus
has been shifting towards more assertive self-protection. [Armed
drones? Bob]
+ Link
to full report (PDF; 2.48 MB)
An idea for funding seminars? How much
to start a series of seminars or keep one going? (There are several
similar websites)
"Crowd-funding website
Crowdtilt officially
launched last week, expanding upon the collective fundraising model
pioneered by Kickstarter to enable raising money for any project —
even a beer blitz. Like Kickstarter, Crowdtilt allows users to
create a fundraising campaign with a tipping point. If
the effort falls short of the set amount, would-be donors are not
charged. However, unlike Kickstarter, the
platform allows users to "group fund anything." Users
can initiate campaigns without first getting the approval of service
administrators, which they must do on Kickstarter."
No comments:
Post a Comment