Security looks too expensive until you
find out what it costs to skimp...
Lax
Security at LinkedIn Is Laid Bare
Last week, hackers breached the site
and stole more than six million of its customers’ passwords, which
had been only lightly encrypted. They were posted to a Russian
hacker forum for all to see.
That LinkedIn was attacked did not
surprise anyone.
… What has surprised customers and
security experts alike is that a company that collects and profits
from vast amounts of data had taken a bare-bones approach to
protecting it. The breach highlights a disturbing truth about
LinkedIn’s computer security: there isn’t much. Companies
with customer data continue to gamble on their own computer security,
even as the break-ins increase.
(Related)
How
long ago did the Last.fm security breach happen?
Last.fm's security breach that left
user passwords open on a Russian hacker site last week might have
shown its ugly face months ago, according to a new report.
Back in May, several Last.fm users took
to the company's forums, saying that they had been receiving massive
amounts of spam on e-mail addresses they created solely for Last.fm.
Soon after, Last.fm customer support manager Matt Knapman said that
his company was "investigating this matter
urgently, running a security audit, and looking at alternative ways
the spamming of Last.fm users might have occurred."
[Translation: Looking for an excuse... Bob]
According to GigaOm, reporting today on
that event, the
audit apparently yielded no evidence of a major security breach.
… However, GigaOm's Bobbie Johnson
also said today, citing a source, that the security breach that left
Last.fm passwords open occurred in February or March. That followed
a claim made by a Reddit poster, named "mingaminga," who
said over the weekend that the password list "has
been out there for a long time," adding that there were
discussions about it at Defcon last year. So, Johnson argues, if a
security audit was, in fact, conducted, it failed to discover a
breach that had already occurred.
Is this a criminal prosecution or
“sending a message to anyone who uses a service that MPAA doesn't
like?”
DOJ
tries to block return of data to MegaUpload user
Returning videos to Kyle Goodwin, a
former MegaUpload user, would set a bad precedent,
[Translation: There might be legal uses of this service... Bob]
the U.S. said in documents, copies of which were obtained by CNET.
The fate of "legitimate" user
data that was locked up following the shut down of MegaUpload, one of
the world's most popular cloud-storage services, continues to vex the
court overseeing the case. Negotiations between the stakeholders
involved, including MegaUpload, the Motion Picture Association of
America, the Electronic Frontier Foundation (the advocacy group
representing Goodwin) and the U.S. Attorney's office, can't agree on
what should be done with the information former users stored on
MegaUpload's servers.
… "Mr. Goodwin's proposed
solution is to have the government bear the financial cost of
restoring his data," the U.S. Attorney's office wrote in its
filing, "even if that means releasing assets of the defendants
which are subject to mandatory forfeiture. Twenty-three years ago,
the Supreme Court made clear that a criminal defendant does not have
a right to use someone else's money to finance his defense."
[No clue what this means. Goodwin is not charged
(presumed innocent?) If MegaUpload was holding stolen goods, would
they be returned to the victims? Bob]
(Related) The DA “didn't know” the
deadline had passed? Doesn't care if the guy is innocent?
Oregon
judge orders Google searches by alleged rape victim turned over to
accused man
June 10, 2012 by Dissent
Aimee Green reports on a case in Oregon
that got complicated in a hurry when a prosecutor
failed to appeal a judge’s order in a timely fashion:
In a first of its
kind ruling in Oregon, a Deschutes County judge has ordered that a
young woman’s Google searches must be turned over to the man
accused of beating and raping her.
The Oregon Supreme
Court this week refused to rule on the constitutionality of the
order, saying the alleged victim waited too long to appeal Circuit
Judge A. Michael Adler’s decision.
And so Adler’s
order stands — though the district attorney says he
can’t comply with it.
In brief, the defense wants the records
of her searches before and after the alleged rape. They also wanted
her emails and her hard drive. The judge refused to order her to
turn over her hard drive, and when the defense attorney subpoenaed
Google for her search records and emails, Google refused to comply
without a warrant, citing ECPA. So the defense counsel went back to
the judge, who ordered the prosecutor to obtain the search records
from Google and turn them over to the defense.
The prosecutor refused to do that,
saying that he would need a warrant and couldn’t
justify seeking a warrant as the records were not necessary to his
prosecution. Unfortunately, he didn’t appeal the
judge’s order within the 7-day period allowed to file appeals.
Why the judge didn’t order Google
directly to produce the records to the court is unclear to me, and
maybe some kind lawyer can explain whether that is even an option.
In any event, Google won’t produce
the records without a warrant, the prosecutor says it’s problematic
and he can’t seek a warrant, and I have no idea where this will go.
You can read more about the case on The
Oregonian.
[From the article:
The judge's broad ruling is "hugely
disturbing" -- unprecedented in Oregon and extremely rare in the
nation, said Meg Garvin, director of the National
Crime Victim Law Institute.
Victim advocates worry about the
standard it could set. Such orders, they said, could discourage rape
victims from pressing charges out of fear that their attackers will
gain an invasive window into their thoughts via all the information
they've queried on their personal computers.
… Deschutes
County District Attorney Patrick Flaherty said he can't legally
abide by the judge's order. He said he would need a search warrant
to do so, and he can do that only if he believes it
would further his office's criminal investigation into the case.
He doesn't.
Do you suppose people even recognize
this as surveillance?
"GeekWire reports on a
newly-surfaced Microsoft
patent application for 'Targeting
Advertisements Based on Emotion',
[I'm
angry! Show me gun ads! Bob] which describes
how information gleaned from Kinects, webcams, online games, IMs,
email, searches, webpage content, and browsers could be used to build
an 'Emotional State Database' of individuals' emotions over time for
advertisers to tap into. From the patent application: 'Weight-loss
product advertisers may not want their advertisement to appear to
users that are very happy. Because, a person that is really happy,
is less likely to purchase a self-investment product that leverages
on his or her shortcomings. But a really happy person may purchase
electronic products or vacation packages. No club or party
advertisers want to appear when the user is sad or crying. When the
user is emotionally sad, advertisements about club parties would not
be appropriate and may seem annoying or negative to the user. Online
help or technical support advertisers want their advertisements to
appear when the user is demonstrating a confused or frustrated
emotional state.'"
No doubt they are shocked to finally
discover that this has been going on since the time of the founding
fathers. I doubt it will cause them to stop.
Pelosi
to McCain: ‘Really sad’ to say security leaks were ‘politically
motivated’ by White House [VIDEO]
House Minority Leader Nancy Pelosi fired back at Arizona Republican
Sen. John McCain for claiming that the “highest levels” of the
Obama administration leaked sensitive national security information.
“The
fact that this administration would aggressively pursue leaks by a
22-year-old Army private in the Wikileaks matter and former CIA
employees in other leaks cases, but apparently sanction leaks made by
senior administration officials for political purposes is simply
unacceptable,” McCain said on Wednesday.
Because they've always been smarter?
Parent company Conde Nast may
still think the web is not that important, but The New Yorker
does.
The 87-year-old magazine decided to
make a “big investment” in its website six to eight months ago,
Nicholas
Thompson, editor of newyorker.com,
says.
… Within the last year,
newyorker.com has streamlined its navigation and launched a politics
vertical, a “healthcare
hub” and Page-Turner,
a blog for literary criticism. The latest addition, Jonah Lerer’s
Frontal
Cortex blog, was imported from sister website wired.com
earlier this week.
Traffic has grown as a result. The
website brought in 5 million unique visitors in May, up “about 50%
from last year,” says Thompson, who pulled the numbers from
Omniture. Between 12 and 15 pieces of original content are posted
per day on average. About a quarter to a third of the magazine’s
content is made available freely on the website each week.
There have also been efforts to boost
traction on social networks. The publication offered
access to a Jonathan Franzen story in exchange for Facebook Likes
in April 2011. Its Tumblr,
one of the first to be launched by a major media brand, is updated
several times per day during the week. More recently, the magazine
tweeted
a short sequel to Jennifer Egan’s Pulitzer Prize-winning novel,
A Visit from the Goon Squad, through 140-character
installments on Twitter.
The trick will be to find a politician
willing to look past re-election...
"While the official target of
NASA's space exploration program remains exploring Earth approaching
asteroids, the case for a return to the moon has been made from a
variety of quarters. The most
recent attempt to make a case for the moon is in a paper, titled
Back
to the Moon: The Scientific Rationale for Resuming Lunar Surface
Exploration, soon to be published in the journal Planetary
and Space Science."
No comments:
Post a Comment