“Yes we follow Best Practices and
encrypt your data, but we also follow Worst Practices and provide the
decryption App on the same server.”
From the this-doesn’t-sound-good
dept.:
Smartphone
Experts discovered
that the system used for customer payments for online shopping had
been hacked. Although stored customer data were encrypted, Diana
Kingree, the Senior Vice President of Commerce, noted that the
hacker may have been able to use a
decryption feature of the system to view customers’
names, addresses, credit or debit card number, CVV, and card
expiration date. Why all that information was even stored on the
system or for how long it was stored was not disclosed.
The breach was discovered by the
Florida-based e-tailer on July 12, but the firm does not indicate how
it learned of the breach or, more importantly, perhaps, when
the breach actually occurred. California’s breach submission form
requires entities to report the date of breach if known. Smartphone
Experts did not provide that information, which may indicate that the
forensic investigators have yet to determine when the breach actually
began.
In their notification
letter to customers dated August 6, Smartphone Experts does not
offer customers any free credit monitoring service. Indeed, they say
they are notifying customers “out of an abundance of caution.”
Not only do I disagree that notification is ”an abundance of
caution” for this situation, I think affected customers should have
been offered some free credit monitoring services.
Note that there is no way to find the
email that mentions “EvilGuys@Terrorists-R-Us.org” without
reading ALL emails. We've always assumed they could ignore emails
that didn't interest them. This could be a minor variation added to
Googles email “search” looking for ways to target Ads. (Adding
“Bad Behavior” to the Behavioral Advertising tool?)
Charlie Savage reports:
The National
Security Agency is searching the contents of vast amounts of
Americans’ email and text communications into and out of the
country, hunting for people who mention information about foreigners
under surveillance, according to intelligence officials.
The NSA is not
just intercepting the communications of Americans who are in direct
contact with foreigners targeted overseas, a practice that government
officials have openly acknowledged. It is also casting a far wider
net for people who cite information linked to those
foreigners, such as a little-used email address, according
to a senior intelligence official.
Read more of this NYT story on Pioneer
Press.
Another failure in the land of 32 ounce
sodas?
John Caher reports:
The Bloomberg
administration has agreed under a settlement announced on Wednesday
to purge a New York City Police Department database containing
personal information on individuals who were stopped by authorities,
and also agreed to pay $10,000 to the lead plaintiff in a putative
class action.
Under the terms of
the
settlement, the city will within 90 days delete the names and
addresses of all individuals who were stopped, questioned and/or
frisked. It will also pay a settlement to the only plaintiff seeking
damages, freelance journalist Daryl Khan. The other members of the
class sought only injunctive relief.
Read more on The
New York Times.
All this for a mere 91 Suspicious
Activity Reports? Only a government could think this made sense.
National
Network of Fusion Centers Final Report 2012
DHS Office of Intelligence and
Analysis, 2012
National Network of Fusion Centers Final Report, Released July
15, 2013.
“Threats to the homeland are
persistent and constantly evolving. Domestic and foreign terrorism
and the expanding reach of transnational organized crime syndicates
across cyberspace, international borders, and jurisdictional
boundaries within the United States highlight the continued need to
build and sustain effective intelligence and information sharing
partnerships among the federal government; state, local, tribal, and
territorial (SLTT) governments; and the private sector. These
partnerships are the foundation of a robust and efficient homeland
security intelligence enterprise that goes beyond shared access to
information and intelligence to foster sustained collaboration in
support of a common mission. This collaboration enables the fusion
process and provides decision makers across all levels of government
and within the private sector with the knowledge to make informed
decisions to protect the homeland from a variety of threats and
hazards. State and major urban area fusion centers (fusion centers)
are the nexus of the homeland security intelligence enterprise at the
state and local level. They serve as focal points for the receipt,
analysis, gathering, sharing, and safeguarding of threat-related
information between the federal government and SLTT and private
sector partners. As such, fusion centers provide a state and local
context that enhances the national threat picture and enables local
officials to better protect their communities. They also provide
critical information and subject matter expertise that allows the
Intelligence Community (IC) to more effectively “connect the dots”
to prevent and protect against threats to the homeland.”
What strategic (or even tactical)
advantage did the government gain by leaking these emails?
From the no-surprise dept.:
The Justice
Department has asked for a 30-day extension, until Sept. 4, to
respond to her lawsuit against the government for violating her
family’s privacy, rifling through her e-mails and leaking
confidential information about her.
Read more on USA
Today.
[From the article:
Kelley had been an unpaid social
liaison to the military and had hosted parties for military
officials, including Petraeus and Gen. John Allen, at her home on
Tampa's Bayshore Boulevard. The headquarters of Central Command,
which oversees military action in the Middle East, is a few miles
away.
Petraeus' extramarital affair with his
biographer, Paula Broadwell, was exposed after Kelley complained to
the FBI about harassing e-mails she had received. Broadwell was
behind them.
… That prompted then-Defense
Secretary Leon Panetta to call for an investigation of Allen's
relationship with Kelley to determine if there had been "professional
misconduct" on his part. Allen and Kelley say there was nothing
inappropriate about their relationship. The Pentagon inspector
general agreed, although the Defense Department refuses to release
its findings.
… Kelley and her husband, Scott,
want an apology and unspecified damages for what they say were
willful leaks by federal officials of false and damaging information
about them. Those officials should have been protecting them and
their privacy, they say in their lawsuit.
Violating the law is not enough?
Should he have tried the “not what the contract promised”
approach?
John D. Seiver and Ronald G. London
write:
In Padilla v.
DISH Network L.L.C., a former subscriber alleged DISH failed to
destroy his personally identifiable information (PII) upon
cancellation of service, and failed to continue sending annual
privacy notices while retaining his PII. A Chicago federal district
judge dismissed claims for damages under the satellite subscriber
privacy provisions (identical to cable’s), holding that the
subscriber was not “aggrieved” because indefinite PII retention
caused no actual damage, despite being contrary to
the statute.
Read more on Lexology.
For my Computer Science students...
– is a new cloud storage service that
helps people upload all their files quickly and efficiently from
anywhere. Upload any file and send a link to anyone – there’s no
requirement for them to sign up and there’s nothing to install. If
you sign up today, you will receive 100GB of cloud storage space
free, with the option to upgrade to paid plans with more storage
and features.
For my Website students...
– has free interactive online courses
that teach the basics of web development and computer programming
(HTML5, CSS3 and JavaScript), in a way that makes learning fun and
effective. All levels are free for registered
teachers – for students, level 1 is free while other
levels are $5 per student. CA also has a 2-5 day camp that teaches
10-16 year olds the basics of computer programming.
Because I like lists...
Best
of the Web for #TLC13
This morning at the Teaching &
Learning Conference held on the campus of Gaston College I presented
the best of the web 2013. The slides are embedded below.
Just because I'm a geek...
NASA's
Massive Free E-Book Collection
Behold, the hundreds of free e-books
about space history contained on this
webpage.
No comments:
Post a Comment