Wednesday, November 28, 2012

Will Romania send a copy of the credit card data to someone (e.g. the credit card companies?) who can tell breach victims that the actors have been identified?
Romanian authorities dismantle cybercrime ring responsible for $25 million credit card fraud
November 27, 2012 by admin
I wonder how many breaches this bust clears up? For IDG News Service, Lucian Constantin reports:
Romanian law enforcement authorities have dismantled a criminal group that stole credit card data from foreign companies as part of an operation that resulted in fraudulent transactions totaling US$25 million.
[...]
According to DIICOT, the group’s members gained unauthorized access to computer systems belonging to foreign companies that operate gas stations and grocery stores, and installed computer applications designed to intercept credit card transaction data.
The applications were configured to store the captured data locally for later retrieval, upload it automatically to external servers or send it to email addresses controlled by the gang’s members, the agency said. The stolen credit card information was then sold or used to create counterfeit cards.
For example, between December 2011 and October 2012 members of the group sold 68,000 credit cards at $4 each through a specialized online shop, making a profit of $270,000, DIICOT revealed.


I wonder if this information sells for moer that $4? How big is an average refund check?
FL: Broward man pleads guilty in massive identity theft
November 27, 2012 by admin
Wayne K. Roustan reports that a former employee of an unnamed North Miami law firm was involved in an ID theft/tax refund scheme:
Rodney Saintfleur, 28, of West Park, plead to one count of conspiracy to defraud the government, one count of access device fraud, and one count of aggravated identity theft, prosecutors said.
Evidence showed that between April 2009 and July 2012, Saintfleur tapped into to the Lexis/Nexis online proprietary database where he worked.
He accessed the names, birth dates, and social security numbers of more than 26,000 people and gave this sensitive information to co-conspirators to file fraudulent income tax returns seeking refunds, according to court documents.
Read more on the Sun Sentinel. The law firm is not named in the court filings, as far as I can tell.
BrowardNet Online has a copy of the press release from the U.S. Attorney’s Office.
One question: how is that he accessed 26,000 SSN and LexisNexis didn’t flag this? Or did they detect it, but just not in a timely fashion? I’ve sent them an inquiry about that.


Who comes up with this stuff, Alfred E. Newman?
"A new flaw has been discovered in printers manufactured by Samsung whereby a backdoor in the form of an administrator account would enable attackers to not only take control of the flawed device, but will also allow them to attack other systems in the network. According to a warning on US-CERT the administrator account is hard-coded in the device in the form of an SNMP community string with full read-write access. The backdoor is not only present in Samsung printers but also in Dell printers that have been manufactured by Samsung. The administrator account remains active even if SNMP is disabled from the printer's administration interface."


Perhaps a site that offers the plans for “Do It Yourself” surveillance equipment? (I told you 3D printers were going to be fun!)
Want a Flying Drone? These Students 3D-Printed Their Own
… The “Wendy” aircraft — named for Turman and Easter’s mother — is the latest demonstration of the power of 3D prototyping. The project is the brainchild of Michael Balazs and Jonathan Rotner, two scientists at research and engineering firm MITRE’s Center for Integrated Intelligence Systems. Their mission, jointly funded by the Department of Defense and MITRE, is to develop cheaper and faster solutions to expensive government programs, such as building autonomous aircraft.
“[We're] trying to achieve 90 percent capabilities of what the big companies can do, but at 10 percent of the cost,” Balazs says. “So we leverage everything from open technologies to commercial off-the-shelf systems to agile advanced manufacturing, to show the government that they can meet their robotics goals of unmanned systems, whether they’re ground, aerial, underwater or whatever it is.”
Wendy is their best example so far. In addition to its 3D-printed body, it uses a common Android smartphone as the sophisticated on-board brain of the aircraft’s system.

(Related) It's a whole new type of war.
U.S. Buys Yemen a Fleet of Spy Planes for Growing Shadow War
It’s not enough for Yemen’s skies to fill up with armed U.S. drones. Now the Pentagon wants to buy its Yemeni ally small, piloted spy planes. It’s a sign that the U.S. is upgrading the hardware it gives the Yemeni military, and digging in for a long shadow war.

(Related)
China Unveils New Killer Drones, Aims Them at Russia
… This year, Beijing’s most prominent new drone is the dinosaur-named Wing Loong, or Pterodactyl, according to a round-up at Defense News. The drone is reportedly operational — China has previously shown only models of the drone — and closely resembles the U.S. MQ-9 Reaper, which the Pentagon uses to bomb insurgent hideouts in Pakistan. Few foreign journalists were reportedly allowed to see it, but photos and videos that appeared online prompted ace aviation journalist David Cenciotti to remark that the Wing Loong appeared “largely copied from the U.S. version.”
But a lot cheaper. The Wing Loong reportedly comes at a rather incredible bargain price of $1 million, compared to the Reaper’s varying price tags in the $30 million range.


So the next question is: How do you cover your tracks?
Should you cover your tracks from government snooping?
November 27, 2012 by Dissent
Peter Fleischer writes:
[…] Seen from a global perspective, it’s important to realize that most governments around the world are accessing user data. It’s not just one or two governments. I can’t count the number of times privacy advocates in Europe have warned users that the US government could potentially access their data in the cloud, without mentioning the risks that their own governments could do the same thing. In fact, to take the French example, the French government is trying to launch a “French cloud”, explicitly to try to evade US government surveillance, even though this taxpayer-funded initiative is based on “bad assumptions about cloud computing and the Patriot Act“, and even though France’s own anti-terrorism law “has been said to make the Patriot Act look “namby-pamby by comparison”, as reported on ZDNet. I think it’s fair to assume that most people would be far more uncomfortable with foreign governments, rather than their own governments, accessing their data. That points to one of the hardest issues in the cloud, namely, that multiple governments can (and do) have the power to demand access to user data, if they follow appropriate legal procedures.


Porn makes headlines! (Sex sells legal arguments?)
Verizon Sued For Defending Alleged BitTorrent Pirates
November 27, 2012 by Dissent
Ernesto writes:
A group of adult movie companies is suing Verizon for failing to hand over the personal details of alleged BitTorrent pirates. The provider systematically refuses to comply with court-ordered subpoenas and the copyright holders see these actions as more than just an attempt to protect its customers. According to the them, Verizon’s objections are in bad faith as the Internet provider is profiting from BitTorrent infringements at the expense of lower-tier ISPs.
Read more on TorrentFreak.
[From the article:
In many cases the person who pays for the account is not the person who shared the copyrighted material. However, this is the person who gets sued, something that can have all kinds of financial implications.
To shield their customers from this kind of outcome Verizon now objects to subpoenas granted by courts in these cases. Not in one case, but in dozens. One of the arguments cited by Verizon’s attorneys is that the requests breach the privacy rights of its customers.
“[The subpoena] seeks information that is protected from disclosure by third parties’ rights of privacy and protections guaranteed by the first amendment,” their counsel informed the copyright holders.
Verizon further cites arguments that have previously been successful in similar cases, including the notion that mass lawsuits are not proper as the defendants did not act in concert.

(Related) How to win friends and indict people?
"A forensic software company has collected files on a million Canadians who it says have downloaded pirated content. The company, which works for the motion picture and recording industries, says a recent court decision forcing Internet providers to release subscriber names and details is only the first step in a bid to crack down on illegal downloads. 'The door is closing. People should think twice about downloading content they know isn't proper,' said Barry Logan, managing director of Canipre, the Montreal-based forensic software company."


Sometimes. Ignorance is not bliss...
UK: PCC rejects complaint over Facebook injuries photo
November 27, 2012 by Dissent
Helen Lambourne reports:
A complaint against a weekly newspaper which published a story on an assault victim which included a photo of his injuries taken from Facebook has been rejected.
The Press Complaints Commission has published a ruling on a story by the Farnham Herald from 15 June with the headline “Assaulted after night out”.
Once again, it seems, users do not fully understand how their Facebook privacy controls work and how they are usually not as protected as they think they are:
The newspaper said one of its reporters, who had a mutual acquaintance with the complainant, had seen a comment – posted by this shared Facebook friend – identifying the complainant as the victim of the attack.
The reporter had then accessed the complainant’s Facebook page, which had no privacy settings, where the complainant had posted the photograph and had identified himself as the victim of an attack.


Facebook isn't the only one who can change policies without notice...
Ca: LCBO wants personal data of wine club members
November 28, 2012 by Dissent
CBC News reports:
An Ontario wine club says it’s being forced to hand its members’ personal information over to Ontario’s Liquor Control Board in what it calls a breach of privacy.
Warren Porter, the president of the Toronto-based Vin de Garde wine club, said he’s upset the Liquor Control Board of Ontario wants his members’ personal information including names, addresses, as well as the size of each order.
Porter said he has complained to Ann Cavoukian, the province’s privacy commissioner, because he believes the LCBO is breaching his members’ privacy.
Read more on CBC.
[From the article:
Since May, Porter said his members have had to reveal more personal information for each order. That has turned one large order into hundreds of separate orders due to the mandatory release of private information.
That is irritating some of his members, especially clubs, he said, and he worries the wine club could soon be put out of business.
"We have to take all of their data — name, address, quantities ordered — all on separate order forms," Porter said, adding it creates a large administrative burden.
"A member of our wine club should be afforded the same level of anonymity that someone walking into an LCBO is."
… LCBO spokeswoman Heather MacGregor said the policy requiring the release of personal information has been around for decades.
She could not explain why Vin de Garde was only obligated to follow the policy as of six months ago, but MacGregor did say the information prevents fraud, including illegal resale, and helps the LCBO locate any recalled products.


Just a quick review of this “Guidance” but the assumption seems to be that the holder of the data anonymizes and then gives the presumably anonymized dataset to someone else – the end user. This seems backwards. Why not have the analysis done by a trusted entity (business opportunity?) and give the results to the “someone else?” Far less likely to de-anonymize if they don't have individual records.
By Dissent, November 27, 2012
Yesterday, OCR released the guidance on de-identification of PHI:
Now I just need to find time to read it…


Clearly they are not valuable – no one stole them.
concealment writes with news of dissatisfaction with a pilot program for stoplight-monitoring cameras. The program ran for several years in New Jersey, and according to a new report, the number of car crashes actually increased while the cameras were present.
"[The program] appears to be changing drivers’ behavior, state officials said Monday, noting an overall decline in traffic citations and right-angle crashes. The Department of Transportation also said, however, that rear-end crashes have risen by 20 percent and total crashes are up by 0.9 percent at intersections where cameras have operated for at least a year. The agency recommended the program stay in place, calling for 'continued data collection and monitoring' of camera-monitored intersections. The department’s report drew immediate criticism from Assemblyman Declan O’Scanlon, R-Monmouth, who wants the cameras removed. He called the program 'a dismal failure,' saying DOT statistics show the net costs of accidents had climbed by more than $1 million at intersections with cameras."
Other cities are considering dumping the monitoring tech as well, citing similar cost and efficacy issues.


Illogic Alert! Let's not anthropomorphize. I will reprogram my car to protect me, not some random school bus that's blocking my way.
"If your driverless car is about to crash into a bus, should it veer off a bridge? NYU Prof. Gary Marcus has a good essay about the need to program ethics and morality into our future machines. Quoting: 'Within two or three decades the difference between automated driving and human driving will be so great you may not be legally allowed to drive your own car, and even if you are allowed, it would immoral of you to drive, because the risk of you hurting yourself or another person will be far greater than if you allowed a machine to do the work. That moment will be significant not just because it will signal the end of one more human niche, but because it will signal the beginning of another: the era in which it will no longer be optional for machines to have ethical systems.'"


I like it! Now I can have an open “Good Bob” system and a seperate, heavily encrypted “Evil Bob” system that I use “only to communicate with my lawyer” that is therefore immune from subpoena!
"Next year, smart phones will begin shipping with the ability to have dual identities: one for private use and the other for corporate. Hypervisor developers, such as VMware and Red Bend, are working with system manufacturers to embed their virtualization software in the phones, while IC makers, such as Intel, are developing more powerful and secure mobile device processors. The combination will enable mobile platforms that afford end users their own user interface, secure from IT's prying eyes, while in turn allowing a company to secure its data using mobile device management software. One of the biggest benefits dual-identity phones will offer is enabling admins to wipe corporate data from phones [That ain't gonna happen Bob] without erasing end users profiles and personal information."


Tools for electronic discovery
Escape From Babel: The Grossman-Cormack Glossary
… A glossary, which I was surprised to learn when researching for this blog is also called an idioticon, provides an alphabetical list of terms in a particular domain of knowledge with definitions for those terms.


Interesting. A tool for podcast fans...
Pod Bay is an online way to listen to your favourite podcasts, eliminating the need for desktop and iOS clients which download each episode. Search the directory to find great new podcasts to listen to.
… If you stop listening to the podcast you can return to the same spot later and pick up where you left off. If you’d like to share a clip of the podcast with friends, you can do so very easily.
Similar tools: Flapcast and Stitcher.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)