Wow, they still use tapes in Canada?
(Impacts customers from Maine to Florida only?)
Missing
backup tapes reported to TD Bank customers
October 9, 2012 by admin
A letter from TD Bank to affected
customers reads, in part:
Some of your
personal information was included on two data backup tapes that we
shipped to another one of our locations in late March
2012. The tapes have been missing since then, and we have
been unable to locate them despite diligent efforts. This isolated
incident has been the subject of an internal investigation by our
corporate security and information security teams. We have also
notified law enforcement. Your personal information included on the
tapes may have included your name or address, Social Security Number,
and account, debit or credit card number.
We are not
currently aware of any misuse of the personal information. However,
because we are unable to locate the tapes or to account for their
disappearance, we want to provide you with advice on ways to protect
yourself.
The sample
notification letter was not dated, so it’s not clear to me when
customers were actually notified of this incident, but the letter was
just posted to the California Attorney General’s web site this
week. The letter also does not make clear whether the tapes ever
arrived at the destination or were lost in transit, and if the
latter, how they were shipped or transported.
Update: According to
the Portland
Press Herald, the letters are in the process of being sent out,
and no, they couldn’t get an explanation of why the six-month
delay in notification.
I would suspect this will be
investigated as a potential 'dry run' by terrorists or nation state
actors, at least until they find the Ethical Hacking class
responsible...
"A single mysterious computer
program that placed orders — and then subsequently canceled them —
made up 4 percent of all
quote traffic in the U.S. stock market last week, according to
the top tracker of high-frequency trading activity. The motive of
the algorithm is still unclear. The program placed orders in
25-millisecond bursts involving about 500 stocks, according to Nanex,
a market data firm. The algorithm never
executed a single trade, and it abruptly ended at about 10:30 a.m. ET
Friday."
(Related) Of course, it might just be
Gordon Geeko (Greed is good)
Unknown
High-Frequency Trading Algorithm Detected
Market-data tracking firm Nanex said
the algorithm behind the trades was routed from the Nasdaq, placing
numerous orders and then canceling them repeatedly. In
doing so, it managed to use 10% of available trading bandwidth.
High-frequency traders might use such a
program to hog bandwidth, slowing down the system for other traders
for arbitrage purposes. That sort of trading and market interference
has caught the attention of regulators. Last month, a U.S. Senate
committee held discussions on how to prevent such incidents.
Some industry experts called for a tax
on “order-stuffing,” the deliberate placement of fake bids and
offers that then get canceled, in order to discourage the practice.
Perspective
Average
insurance cost per data breach rises to $3.7M: Study
October 9, 2012 by admin
Mike Tsikoudakis reports:
The average
insurance cost per data breach incident increased sharply from $2.4
million in 2010 to $3.7 million in 2011, according to a new
NetDiligence study released Tuesday.
Based on insurance
claims that were submitted in 2011 for incidents that occurred from
2009 to 2011, the average number of records exposed
decreased 18% to 1.4 million, according to NetDiligence’s
“Cyber Liability & Data Breach Insurance Claims — A Study of
Actual Payouts for Covered Breaches.”
A typical breach
ranged from $25,000 to $200,000 in insurance costs, according to the
study.
Read more on Business
Insurance.
If NetDiligence’s figures seem lower
than Ponemon’s, they offer an explanation:
When compared with
the Ponemon Institute’s Seventh Annual U.S. Cost of a Data
Breach Study, our figures appear to be extremely low. The
institute reported an average cost of $5.5 million per breach and
$194 per record. However, Ponemon differs from our study in two
distinct ways: the data they gather is from a consumer perspective
and as such they consider a broader range of cost factors such as
detection, investigation and administration expenses, customer
defections, opportunity loss, etc1. Our study concentrates strictly
on costs from the insurer’s perspective and therefore provides a
more focused view of breach costs.
The NetDiligence
study also focuses primarily on insured per-breach costs, rather than
per-record costs.
You can find the study on NetDiligence.
It's not enough to know “There's an
App for that...” You have to actually use it!
"Neal Ungerleider notes that
cryptography pioneer and Pretty Good Privacy (PGP) creator Phil
Zimmermann has launched a new startup that provides
industrial-strength encryption for Android and iOS
where users will have access to encrypted phone calls, emails, VoIP
videoconferencing, SMS, and MMS. Text and multimedia messages are
wiped from a phone's registry after a pre-determined amount of time,
and communications within the network are allegedly completely
secure. An 'off-shore' company with employees from many countries,
Silent
Circle's target market includes troops serving abroad, foreign
businesspeople in countries known for surveillance of electronic
communications, government employees, human rights activists, and
foreign activists. For encryption tools, which are frequently used
by dissidents living under repressive regimes and others with
legitimate reasons to avoid government surveillance, the
consequences of failed encryption can be deadly. 'Everyone has a
solution [for security] inside your building and inside your network,
but the big concern of the large multinational companies coming to us
is when the employees are coming home from work, they're on their
iPhone, Android, or iPad emailing and texting,' says Zimmermann.
'They're in a hotel in the Middle East. They're not using secure
email. They're using Gmail to send PDFs.' Another high-profile
encryption tool, Cryptocat, was at the center of controversy earlier
this year after charges that Cryptocat
had far too many structural flaws for safe use in a repressive
environment."
This may be important.
another random user sends word of a
case in Pennsylvania District Court in which Judge Michael Baylson
has ordered a trial to resolve the issue of whether
an IP address can identify a particular person. The plaintiff,
Malibu Media, has filed 349 lawsuits against groups of alleged
infringers, arguing that getting subscriber information from an ISP
based on an IP address that participated in file-sharing was suitable
for identification purposes. A motion filed by the defendants in
this case explains "how computer-based technology would allow
non-subscribers to access a particular IP address," leading
Judge Baylson to rule that a trial is "necessary
to find the truth."
"The
Bellwether trial will be the first time that actual evidence against
alleged BitTorrent infringers is tested in court. This is relevant
because the main piece of evidence the
copyright holders have is an IP-address, which by
itself doesn't identify a person but merely a connection. ...
Considering what's at stake, it would be no surprise if parties such
as the Electronic Frontier Foundation (EFF) are willing to join in.
They are known to get involved in crucial copyright troll cases,
siding with the defendants. We asked the group for a comment, but
have yet to receive a response. On the other side, Malibu Media may
get help from other copyright holders who are engaged in
mass-BitTorrent lawsuits. A ruling against
the copyright holder may severely obstruct the thus far lucrative
settlement business model, meaning that millions of
dollars are at stake for these companies. Without a doubt, the trial
is expected to set an important precedent for the future of
mass-BitTorrent lawsuits in the U.S. One to watch for sure."
Really dumb? Perhaps it will stimulate
some thought?
Judge:
Takeover of employee LinkedIn account doesn’t violate hacking law
October 10, 2012 by Dissent
Timothy B. Lee writes:
A federal judge
rejected a Pennsylvania woman’s argument that her employer violated
a federal anti-hacking statute when it took control of her LinkedIn
account after firing her. The court ruled the harms
cited by the plaintiff were too speculative to pass muster
under the Computer Fraud and Abuse Act (CFAA).
Linda Eagle was
the head of a company called Edcomm when it was acquired in 2010.
But relations soured and Eagle was fired the following year. Eagle
had shared her LinkedIn password [Don't do that! Bob]
with another Edcomm employee so that she could help Eagle manage the
account. When Eagle was shown the door, her former assistant changed
the password on her account, freezing Eagle out of it. Edcomm then
replaced Eagle’s name and picture with the name and photograph of
her successor.
Eagle sued in
federal court, arguing among other things that the company’s
actions violated the CFAA. But the court dismissed
that argument last week.
Read more on Ars
Technica. The decision can be found here.
[From Ars Technica:
Eagle had argued the loss of her
LinkedIn account damaged her reputation, since she was unable
to respond in a timely fashion to messages sent to her on the site.
She also claimed that as a result, she lost business opportunities
including one valued at more than $100,000.
But the court ruled those
were not the kind of harms that triggered liability under the CFAA.
… Additionally, the court dismissed
Eagle's argument that replacing her name with that of her successor
violated trademark law. However, this case will go forward based on
Pennsylvania state law charges.
The obvious lesson of this incident is
employers and employees should be sure to establish,
in writing, whether a social media account is a personal account or
belongs to the employer. And if you have a personal
account, it can be risky to share the password with
coworkers.
And so the escalation begins...
Navy
Lasers’ First Target: Enemy Drones
One of the first tasks the Navy expects
to assign its forthcoming arsenal of laser guns: shooting down drones
that menace its ships.
The Navy is confident that laser
cannons will move out of science fiction and onto the decks of its
surface ships by
the end of the decade. Its futurists at the Office of Naval
Research still have visions of scalable laser blasts that can fry an
incoming missile at the rate of 20
feet of steel per second. But now that laser guns are
approaching reality, Pentagon officials are starting to consider the
practicalities of what they’ll be used for, and they’re not
thinking missiles — yet. Among their initial missions will be the
relatively easier task of tracking and destroying unmanned aerial
vehicles, or UAVs, that fly too close to Navy ships.
Only fair. Proving you are dead should
be harder than proving you are alive...
Social
Security record limits hinder research
October 9, 2012 by Dissent
Kevin Sack of the New York Times
reports:
A Social Security
Administration shift last year to limit access to its death records
amid identity-theft concerns is beginning to hamper a broad swath of
research, including federal government assessments of hospital safety
and financial industry efforts to spot consumer fraud.
For example, a
research group that produces reports on organ-transplant survival
rates is facing delays because of extra work required to determine
whether patients are still alive. The federal agency that runs
Medicare uses the data to determine whether some transplant programs
have such poor track records that they should be cut off from
government financing.
Read more on Pittsburgh
Post-Gazette.
(Related) Which costs more? New IDs
or dealing with thousands for bogus claims? Note that “Connected
to SSANs” is not “the same as” a SSAN
Despite
thefts, no new Medicare IDs
October 10, 2012 by Dissent
Kelly Kennedy reports:
More than a
quarter-million Medicare beneficiaries are victims of identity theft
and hampered in getting health care benefits because the government
won’t issue new IDs, according to an investigation report released
today.
Medicare
officials say it’s too expensive and too many agencies are involved
to reissue those numbers to patients victimized by identity theft
— about 284,000 beneficiaries, according to a report by the
Department of Health and Human Service’s inspector general.
Beneficiary
numbers are directly connected to a patient’s Social Security
number, and the government is unable to create a new Social Security
number for a patient whose Medicare identity has been stolen,
according to the report, which was obtained by USA TODAY.
And beneficiaries
can do little more than report abuse of their beneficiary numbers
because the government does not provide them with updates about
investigations or amend their records with correct billing
information. That, investigators say, slows down access to care.
Read more on PressConnects.
Perhaps sorting the wheat from the
chaff takes more than 60 days?
Interesting
Article on United States v. Collins, Case on Ex Ante Limitations on
Computer Warrants
October 9, 2012 by Dissent
Orin Kerr comments on a situation
discussed in a recent Law.com article on U.S. v. Collins
(mentioned here).
One of the issues raised by defense
counsel concerns the prosecution hanging on to unnecessary and
irrelevant computer files on seized computers when the
warrants contained clauses saying that materials not needed for
prosecution would be deleted or returned within 60 days.
Orin’s position seems to be that any
such conditions included in warrants “are not permissible in the
first place.” You can read his commentary on The
Volokh Conspiracy, but it seems to me if such statements were
included in the applications for the warrants, the prosecution should
be bound by them. Otherwise, one could argue that
the court might never have approved the warrant in the first place
as it might seem overly broad. But then, I am not a lawyer and Orin
is
The RIAA is gonna have a stroke.
(Unless you think they can top these payouts?)
"Today in a blog post, Pandora
has shared some details of the
fees they pay to musical artists for playing songs over their music
streaming service. Over 2,000 different artists will pull in
$10,000 or more in the next year, and 800 will get paid over $50,000.
They provided a few specific examples as well. Grupo Bryndis, who
has a sales rank on Amazon of 183,187 (in other words, who is not at
all a household name), is on track to receive $114,192. A few
earners are getting over $1 million annually, such as Coldplay and
Adele. 'Drake and Lil Wayne are fast approaching a $3 million annual
rate each.' The post segues into a broader
point about the age of internet radio: 'It's hard to look at these
numbers and not see that internet radio presents an incredible
opportunity to build a better future for artists. Not only is it
bringing tens of millions of listeners back to music, across hundreds
of genres, but it is also enabling musicians to earn a living. It's
also hard to look at these numbers, knowing Pandora accounts for just
6.5% of radio listening in the U.S., and not come away thinking
something is wrong. ... Congress must stop the discrimination against
internet radio and allow it to operate on a level playing field,
under the same rules as other forms of digital radio.'"
(Related)
Following on the success of the various
Humble Bundles for DRM-free video games, the organization has just
launched its
first Humble eBook Bundle. It includes Pirate Cinema by
Cory
Doctorow, Pump Six by Paolo Bacigalupi, Zoo City
by Lauren
Beukes, Invasion by Mercedes Lackey, Stranger Things
Happen, and Magic for Beginners, both by Kelly Link.
If you choose to pay more than the average
[Statistics students, what does that do to the average? Bob]
(about $11 at this writing), you also get Old Man's War by
John
Scalzi, and Signal to Noise, by Neil Gaiman and Dave
McKean. The books are available in PDF, MOBI, and ePub formats,
without DRM. As with all the Humble Bundles, you can choose how much
you'd like to pay, and how the proceeds are split between any of the
authors and/or among three charities.
Somehow I don't think they realize just
how unstable statements like this make them sound.
North
Korea claims US mainland within range of its missiles
Isolated North Korea claimed Tuesday
that the U.S. mainland is "within the scope" of its
missiles, two days after South Korea struck a deal with the United
States to extend the range of its ballistic missiles.
… North Korea's National Defense
Commission said in a statement that the North was prepared to counter
any U.S. military threats, its KCNA news agency said.
"We do not hide (the fact) that
the revolutionary armed forces ... including the strategic rocket
forces are keeping within the scope of strike not only the bases of
the puppet forces and the U.S. imperialist aggression forces' bases
in the inviolable land of Korea, but also Japan, Guam and the U.S.
mainland," KCNA said.
Didn't Madonna sing, “We live in a
digital world and I am a digital girl”
October 09, 2012
Chronicle
of Higher Education: Research Libraries Increase Spending on Digital
Materials
Alisha
Azevedo: "Spending by research libraries appears to be
rising, especially for digital materials, according to new data from
the Association of Research Libraries. The data are part of the
association's Library
Investment Index, which ranks the association's member libraries
each year based on total library expenditures, salaries and wages of
professional staff, spending on library materials, and the number of
professional and support staff. The upward trend for the 2011 fiscal
year was the first in several years. The economic downturn in 2008
and the tight budgets that followed caused a drop in spending on all
of the index's categories, said Martha Kyrillidou, senior director of
the association's statistics and service-quality programs, in an
e-mail interview. She added that it "remains to be seen if this
is a temporary reversal or a true shift to sustain itself more than a
year."
Not all my students are uber geeks...
No comments:
Post a Comment