“Hey! Someone stole some credit card
data!” Not the most useful of notices – do you reissue all your
cards?
Developing….
It seems that every
bank in the Bahamas has been notified of a breach
at a foreign processor or acquiring bank. Most of the banks do
not yet know how many of their customers’ card numbers are
compromised, and while some banks have already started re-issuing
cards, others are taking a wait-and-see approach. The foreign
processor has not been named, but Visa and MasterCard reportedly
notified
banks last Friday.
[From the article:
Most banks responded by lowering the
call-back threshold for customers to $500. In other words, if you
spent more than that on the weekend, the bank would immediately
verify your identity.
… According to a global research
team from Websense Inc., a leader in Internet security, The Bahamas
is ranked second among the top five countries in the world which host
phishing sites.
… The report said that
organizations face an average of 1,719 attacks for
every 1,000 users.
Another “not thought through”
example...
"Educause members and 7,000
university websites are being forced to change account passwords
after a security breach involving the organization's .edu domain
server. However, some initially hesitated to comply because the
Educause notification email bore tell-tale
markings of a phishing attempt. 'Given what is
known about phishing and user behavior, this was bad form,' says Gene
Spafford, a Purdue University computer science professor and security
expert. 'For an education-oriented organization to do this is
particularly troubling.'"
Rules alone do not good security make.
By Dissent,
February 20, 2013 12:24 pm
Winston J. Maxwell writes:
An article published by specialist
healthcare news website Actusoins has revealed
data breaches at several French hospitals and clinics,
demonstrating that such incidents can occur even in a
highly regulated jurisdiction.
The journalist was researching another
article and entered the name of a physician into Google. She was
astonished to find, at the top of the results, a scanned copy of the
doctor’s prescription for a PET scan for a cancer patient whose
name was still on the prescription. The journalist continued her
investigation and discovered numerous other data breaches, including:
- lists of patients admitted to various services in different hospitals;
- a list of disableed adults and children; and
- patients’ test results.
Read more on InternationalLawOffice.com
reg. required). It appears from the article that both Hopital
Foch and Pôle de Santé du Plateau had web
exposure breaches, as did other healthcare facilities who were not
named because their patients’ data was still available on the
Internet at the time of the article’s publication.
Is this the model we've been looking
for?
State
helps parents access dead child's Facebook content
Virginia has made it easier for parents
and legal guardians to obtain Facebook content and other digital
assets created by a child who has passed away.
This week, the Virginia General
Assembly voted to adopt a new bill, HP
1752, that compels online account service providers such as
Facebook to provide the guardian of a deceased minor with online
assets within 30 days after receiving a written request.
The bill, which currently awaits the
governor's signature, passed the state Senate on Monday before
gaining approval in the House yesterday.
Could be the first slip on the slope...
A ruling by the Pennsylvania Supreme
Court says the state constitution doesn’t give people a right to
privacy when it comes to their home addresses, clarifying what has
been a major point of dispute in the open records law.
Read more on WITF.
Does this also “Green light” my
Ethical Hackers?
Ontario’s
highest court has signalled that the right of police officers to look
through someone’s phone depends on whether there’s a password.
The Court of
Appeal for Ontario says it’s all right for police
to have a cursory look through the phone upon arrest if
it’s not password protected, but if it is, investigators should get
a search warrant.
Read more on Global
Ontario. The court’s reasoning is a bit of a head-scratcher,
as they seem to be saying that if you password
protect your cellphone, it’s functioning as a computer,
which does have a (higher) expectation of privacy. So what happens
to people who don’t password protect their laptops? Can the police
search them on arrest by arguing that the failure to password protect
means no expectation of privacy?
In any event, it’s always a good idea
to password protect your devices if they contain anything you don’t
want law enforcement or others to be able to easily access.
Like Scotch, it's an acquired taste...
Mosquito
repellent Deet 'losing its effectiveness'
People living or travelling in areas
plagued by mosquitoes are more at risk of bites after researchers
found the insects are first deterred by Deet, but then later ignore
it.
… Researchers from the London
School of Hygiene and Tropical Medicine took a species of mosquito
that spreads dengue and yellow fever and put it in a room with a
human arm covered in Deet.
The first time the mosquitoes were
tempted with the arm, they were putt off by the smell. However, the
second time, researchers found the Deet was less effective.
No comments:
Post a Comment