Saturday, February 28, 2009

So, does we do or does we don't have a new breach? Has an old one gotten much larger? What is going on here?

http://www.databreaches.net/?p=1886

When everything old is new again?

February 27, 2009 by admin

In what comes as no real surprise to me based on what I had been thinking, Jaikumar of Computerworld reports:

Days after Visa Inc. seemingly confirmed that a data breach had taken place at a third payment processor, following on the recent breach disclosures by Heartland Payment Systems Inc. and RBS WorldPay Inc., the credit card company is now saying that there was no new security incident after all.

In actuality, Visa said in a statement issued today, alerts that it recently sent to banks and credit unions warning them about a compromise at a payment processor were related to the ongoing investigation of a previously known breach. However, Visa still didn’t disclose the identity of the breached company, nor did it say why it is continuing to keep the name under wraps.

There’s lots more in the story. It appears that a lot of people — including the CUs — were somewhat misled by the wording of the security alerts. Read more on Computerworld.



“Total Information Awareness” by any other name? Strange how the new administration's approach seems like business as usual in so many areas.

http://www.pogowasright.org/article.php?story=20090228045931724

Homeland Security Secretary Proposes Increase in Spending for Domestic Surveillance Programs

Saturday, February 28 2009 @ 04:59 AM EST Contributed by: PrivacyNews

Homeland Security Secretary Janet Napolitano testified before the House Committees on Homeland Security, and said that DHS plans to connect governmental databases containing personal information, expand the government's employment tracking system, promote passenger screening, use e-passports, employ watchlists and utilize contactless identity verification cards.

Source - EPIC

Related - Testimony of Secretary Janet Napolitano before the House Committee on Homeland Security on DHS, The Path Forward, Feb. 25 2009.


Related Do the figures support DHS' increased budget? (If that isn't the basis for new initiatives, what is?)

http://www.bespacific.com/mt/archives/020692.html

February 27, 2009

National Internal Security/Terrorism Prosecutions for November 2008

"The latest available data from the Justice Department show that during November 2008 the government reported 16 new national internal security/terrorism prosecutions. According to the case-by-case information analyzed by the Transactional Records Access Clearinghouse (TRAC), this number is up from 13 in the previous month. These two months' figures are the lowest recorded in this category since September 2001. The comparisons of the number of defendants charged with national internal security/terrorism-related offenses are based on case-by-case information obtained by TRAC under the Freedom of Information Act from the Executive Office for United States Attorneys.


Also related? Instant surveillance for the masses?

http://news.cnet.com/8301-1023_3-10173971-93.html?part=rss&subj=news&tag=2547-1_3-0-5

Demo 09: Where start-ups show off

by CNET News staff February 27, 2009 12:44 PM PST

roundup The high-tech confab prides itself on putting cutting-edge companies in front of A-list venture capitalists and journalists. Here's this year's crop.

[Bob's pick: http://vuezone.com/



I often agree with Bruce, unfortunately.

http://yro.slashdot.org/article.pl?sid=09/02/27/1916213&from=rss

Privacy In the Age of Persistence

Posted by ScuttleMonkey on Friday February 27, @04:12PM from the hard-to-beat-intertia-of-lazy-people dept.

Bruce Schneier recently wrote another essay on privacy for the BBC concentrating on how data seems to be the "pollution of the information age" and where this seems to be leading.

"We're not going to stop the march of technology, just as we cannot un-invent the automobile or the coal furnace. We spent the industrial age relying on fossil fuels that polluted our air and transformed our climate. Now we are working to address the consequences. (While still using said fossil fuels, of course.) This time around, maybe we can be a little more proactive. Just as we look back at the beginning of the previous century and shake our heads at how people could ignore the pollution they caused, future generations will look back at us — living in the early decades of the information age — and judge our solutions to the proliferation of data."

[From the essay:

You're living in a unique time in history: the technology is here, but it's not yet seamless. Identification checks are common, but you still have to show your ID. Soon it'll happen automatically, either by remotely querying a chip in your wallets or by recognizing your face on camera.

And all those cameras, now visible, will shrink to the point where you won't even see them. Ephemeral conversation will all but disappear, and you'll think it normal. Already your children live much more of their lives in public than you do. Your future has no privacy, not because of some police-state governmental tendencies or corporate malfeasance, but because computers naturally produce data.


Related, kinda... Imagine this technology in the hands of Homeland Security!

http://tech.slashdot.org/article.pl?sid=09/02/28/0352257&from=rss

Face Recognition — Clever Or Just Plain Creepy?

Posted by Soulskill on Saturday February 28, @02:11AM from the can't-it-be-both dept. Software Technology

Simson writes

"Beth Rosenberg and I published a fun story today about our experiences with the new face recognition that's built into both iPhoto '09 and Google's new Picasa system. The skinny: iPhoto is fun, Google is creepy. The real difference, we think, is that iPhoto runs on your system and has you name people with your 'friendly' names. Picasa, on the other hand, runs on Google's servers and has you identify everybody with their email addresses. Of course, email addresses are unique and can be cross-correlated between different users. And then, even more disturbing, after you've tagged all your friends and family, Google tries to get you to tag all of the strangers in your photos. Ick."



Not bad for a Democrat turned almost Republican...

http://news.cnet.com/8301-13578_3-10183191-38.html?part=rss&subj=news&tag=2547-1_3-0-5

Lieberman questions accessibility, privacy of court docs

by Stephanie Condon February 27, 2009 2:31 PM PST

… Senator Joe Lieberman (I-Conn.) sent a letter Friday to the federal court system with concerns about whether court documents are sufficiently accessible to the public and whether private information in those documents is appropriately secured.



Hope or Hype?

http://news.cnet.com/8301-10787_3-10184338-60.html?part=rss&subj=news&tag=2547-1_3-0-5

Cloud fever: What will it take for a breakout?

by Charles Cooper February 27, 2009 5:33 PM PST

MOUNTAIN VIEW, Calif.--George Zachary, a partner with Charles River Ventures, offered an apercu that may wind up getting quoted quite a lot over the coming year. Cloud computing, he said, "is the new dot-com."

… "It's the biggest shift we've had in computing in two decades," said Salesforce.com CEO Marc Benioff.

Benioff, who made his comments at a roundtable discussion on cloud computing organized by TechCrunch, also offered up an anecdote to underscore the speed with which peoples' computing habits are changing.

After closing the company's fiscal quarter, Benioff was scheduled to fly off to Davos, Switzerland, to attend the World Economic Forum. He was supposed to schlep along his laptop for the trip, but ultimately opted to leave his personal computer at home. Instead, he relied on his BlackBerry smart phone, which accessed all of Benioff's applications over the conferences Wi-Fi service.

"Everything ran in the cloud," he said.



The future of trivial law? Towards a fully automated lawyer? Actually, having immediate access to a “Best Practice” procedure to follow sounds quite useful.

http://news.slashdot.org/article.pl?sid=09/02/27/1740221&from=rss

Use Your iPhone To Get Out of a Ticket

Posted by ScuttleMonkey on Friday February 27, @01:52PM from the solid-use-of-your-time dept.

An anonymous reader writes to tell us that Parkingticket.com just announced new compatibility with the Safari web browser on Apple's iPhone, giving you new tools to immediately contest a parking ticket. The site is so confident in their service that if all steps are followed and the ticket is still not dismissed they will pay $10 towards your ticket.

"The process begins by navigating the iPhone's Safari browser to the Parkingticket.com website where you'll find a straightforward means to fight a parking ticket; whether the ticket was issued in New York City, San Francisco, Boston, Philadelphia or Washington, D.C. Simply register for a free account and choose the city in which the ticket was issued. Enter your ticket and vehicle details then answer a few quick questions. The detailed process takes about ten minutes, from A-Z. To allow easy entry of your ticket, a look-a-like parking ticket is displayed — for your specific city — with interactive functionality."



Isn't this even a little bit intimidating to the prosecution?

http://yro.slashdot.org/article.pl?sid=09/02/27/1641257&from=rss

Wife of Harried Pirate Bay Witness Gets Buried in Internet Love

Posted by ScuttleMonkey on Friday February 27, @01:08PM from the thanks-for-lending-us-your-hubby dept. The Courts The Internet

treqie writes

"During the trial of pirate bay yesterday, a professor (Roger Wallis) took the witness stand. He told the court things that the prosecutors did not want to hear. The prosecutors then tried to discredit both him and his team's work in the area, as well as his title, it was a real spectacle. In the end, the judge asked if he wanted compensation for being there — he replied that he did not want anything, but they could send flowers to his wife. Many listening online heard, and began sending her flowers, from all over the world. As of this submission, the sum is over 40,000 SEK worth of flowers. There's even a Facebook group for it."

[Wallis' paper on the industry's resistance to disintermediation: http://www.mandyhaberman.com/media/wallis1.pdf



If the price they quote for my toner is any indication, these prices are pretty good. I haven't compared them to the local re-fill stores though.

http://www.killerstartups.com/eCommerce/inkcartridges-com-discount-printer-ink-cartridges

InkCartridges.com - Discount Printer Ink Cartridges

http://www.inkcartridges.com/

InkCartridges.com offers high quality ink cartridges and toner at affordable prices for most brands and makes of printers, copiers and fax machines. The site allows users to search by brand, compare prices and then buy online in a convenient and immediate manner.



Crude, but funny...

http://www.killerstartups.com/Social-Networking/popjam-com-share-what-makes-you-laugh

PopJam.com - Share What Makes You Laugh

http://www.popjam.com/

PopJam.com is a site that will allow everyone to share what they have found online that has made them laugh.



After a lifetime of hearing “Pay attention, Bob” FINALLY, vindication! (I say the same thing to my Internet surfing students though.)

http://blog.wired.com/wiredscience/2009/02/doodlerecall.html

A Sketchy Brain Booster: Doodling

By Brandon Keim February 26, 2009 8:46:24 PM

… This suggests that a slightly distracting secondary task may actually improve concentration during the performance of dull tasks that would otherwise cause a mind to wander.

Friday, February 27, 2009

At some point, organizations will realize that “good enough,” even “generally accepted,” may not be sufficient to allow survival. At what point will the potential losses (or even the costs of successfully defending against the suits) cause the auditors to question their ability to remain a “going concern?”

http://www.databreaches.net/?p=1862

And the Heartland lawsuits pile on and up

February 26, 2009 by admin

On Tuesday morning, Heartland Payment Systems President and CFO, Bob Baldwin, stated during a conference call:

Today, we have had several lawsuits filed against us and we expect that additional lawsuits will be filed. We are also the subject to several governmental investigations and enquiry , including an informal enquiry by the SEC and a related investigation by the Department of Justice, an inquiry by the OCC, and an inquiry by the FTC, and we may, in the future, be subject to other governmental enquiries and investigation.

As of this afternoon, I see 16 lawsuits for individual or class action as well as the following lawsuits by banks and credit unions in various federal district courts:

More will almost undoubtedly follow.



Interesting. Colorado is Number One in Fraud, but Number 10 in Identity Theft. When we get to the Metropolitan area breakout, it looks like Greeley (Swift meat and illegal immigrant tax returns?) is responsible. NOTE: 65% of these were never reported to the police!

http://www.pogowasright.org/article.php?story=20090226133007757

FTC Releases List of Top Consumer Complaints in 2008

Thursday, February 26 2009 @ 01:30 PM EST Contributed by: PrivacyNews

The Federal Trade Commission today released the list of top consumer complaints received by the agency in 2008. The list, contained in the publication “Consumer Sentinel Network Data Book for January-December 2008,” showed that for the ninth year in a row, identity theft was the number one consumer complaint category. Of 1,223,370 complaints received in 2008, 313,982 – or 26 percent – were related to identity theft.

The report breaks out complaint data on a state-by-state basis and also contains data about the 50 metropolitan areas reporting the highest per capita incidence of fraud and other complaints. In addition, the report sets forth the 50 metropolitan areas reporting the highest incidence of identity theft.

The report states that credit card fraud was the most common form of reported identity theft at 20 percent, followed by government documents/benefits fraud at 15 percent, employment fraud at 15 percent, phone or utilities fraud at 13 percent, bank fraud at 11 percent and loan fraud at four percent.

Source - FTC

Related - Consumer Sentinel Network report (pdf)



Is the Fifth at risk? Perhaps this the equivalent of closing the drapes after the cops watch you water your marijuana plants? However, could there be even more serious crimes revealed by decrypting the drive?

http://yro.slashdot.org/article.pl?sid=09/02/26/2157256&from=rss

US District Ct. Says Defendant Must Provide Decrypted Data

Posted by timothy on Thursday February 26, @05:31PM from the narrow-ruling dept. Privacy Data Storage Encryption The Courts

An anonymous reader writes

"If you're planning on traveling internationally with a laptop, consider the following: District Court Overturns Magistrate Judge in Fifth Amendment Encryption Case. Laptop searches at the border have been discussed many times previously. This is the case where a man entered the country allegedly carrying pornographic material in an encrypted file on his laptop. He initially cooperated with border agents during the search of the laptop [Apparently this was his downfall. Bob] then later decided not to cooperate citing the Fifth Amendment. Last year a magistrate judge ruled that compelling the man to enter his password would violate his Fifth Amendment right against self-incrimination. Now in a narrow ruling, US District Judge William K. Sessions III said the man had waived his right against self-incrimination when he initially cooperated with border agents."

sohp notes that "the order is not that he produce the key — just that he provide an unencrypted copy."



It will be interesting to see if this is the solution the Rocky Mountain News should have tried. My guess is no.

http://news.cnet.com/8301-1023_3-10173378-93.html?part=rss&subj=news&tag=2547-1_3-0-5

Newsday to begin charging for online news

by Steven Musil February 26, 2009 6:25 PM PST

New York newspaper Newsday plans to begin charging online readers for access to its content, rejecting a trend toward free online newspaper content.

… "Our goal was, and is, to use our electronic network assets and subscriber relationships to transform the way news is distributed," said Tom Rutledge, Cablevision's chief operating officer, according to a Reuters report on the call. "We plan to end distribution of free Web content and to make our news gathering capabilities service our customers."

Rutledge did not elaborate on the company's online subscription plans, but Newsday publisher Timothy Knight hinted that the move could be used in a bundling arrangement to cross-promote content on the newspaper site and in Cablevision's television programming. [So someone on the TV news says, “If you want to know more about this story, go online and pay for it?” Bob]



Another new business model? Not what the commenters think.

http://hardware.slashdot.org/article.pl?sid=09/02/27/049245&from=rss

Bunnie Huang on China's "Shanzai" Mash-Up Design Shops

Posted by timothy on Friday February 27, @01:53AM from the gibsonstephensonesque dept. Hardware Hacking Technology

saccade.com writes

"Bunnie (of XBox hacking and Chumby fame) has written an insightful post about how a new phenomena emerging out of China called 'Shanzai' has impacted the electronics business there. A new class of innovators, they're going beyond merely copying western designs to producing electronic "mash-ups" to create new products. [Reminds me of Panasonic, who mashed a clock with a radio and “invented” the clock-radio. Bob] Bootstrapped on small amounts of capital, they range from shops of just a few people to a few hundred. They rapidly create new products, and use an "open source" style design community where design ideas and component lists are shared."


Related? Unintended consequences.

http://www.wired.com/gadgets/wireless/magazine/17-03/mf_netbooks?currentPage=2

The Netbook Effect: How Cheap Little Laptops Hit the Big Time

By Clive Thompson

… By the end of 2008, Asustek had sold 5 million netbooks, and other brands together had sold 10 million. (Europe in particular has gone mad for netbooks; sales there are eight times higher than in the US.) In a single year, netbooks had become 7 percent of the world's entire laptop market. Next year it will be 12 percent.



Worth looking at. Perhaps my White Hat Hackers would find this one useful?

http://www.killerstartups.com/Web-App-Tools/hyperwebenable-com-services-for-a-connected-world

HyperWebEnable.com - Services For A Connected World

http://www.hyperwebenable.com/

Do you want to have your own website for free? Do you want that website to have only your name without any other extension attached to it?

Well, in that case you should take a look at this website. This online resource gives you the unique opportunity to be easily recognized through your website’s name and much more than that.

There are many services that offer you to have a website with your name, but with the scratchy detail that your name will be followed by their company’s name.

… This might be a very good way to monetize your website, getting an unlimited bandwidth along with other services offered by the company.

If you are looking for this kind of services, opening this portal could show you the way to get the website you have always wanted.



Could be handy while traveling. I'll probably add this to my Swiss Army Folder...

http://www.killerstartups.com/Web-App-Tools/icloud-com-getting-in-the-cloud

iCloud.com - Getting In The Cloud

http://www.icloud.com/

iCloud is a solution which serves a specific function: letting you access your desktop from anywhere a web-enabled computer is available. All settings are preserved, while documents and icons are accessed using this tool as if you were sitting in front of your desktop at home.

Moreover, iCloud can be employed both via web browsers and mobile devices. That is a crucial aspect when it comes to applications such as this one, as the contemporary constrains and train of life call for solutions that leave no facet uncovered. It was only natural that a functionality like that would be accounted for.

For its part, social network capabilities are already built it into iCloud, and tools for online collaboration are equally accounted for. This adds more icing to the cake, and it is an aspect that I think should be prioritized.

Thursday, February 26, 2009

When you have a security breach, the fun never stops! It's bad enough to face all those lawsuits. Now they want to blame the recession on you too!

http://www.databreaches.net/?p=1854

SEC, FTC investigating Heartland after data theft

February 26, 2009 by admin

Robert McMillan reports:

Federal agencies, including the U.S. Federal Trade Commission (FTC) and the U.S. Securities and Exchange Commission (SEC), have begun investigating Heartland Payment Systems following a massive data breach at the payment processing company.

Company President and CFO Robert Baldwin Jr. disclosed the investigations during Heartland’s quarterly conference call with investigators Tuesday, saying that the SEC had launched an informal inquiry into the company and that there is a related investigation by the Department of Justice. The U.S. Department of the Treasury’s Office of the Comptroller of the Currency (OCC), which regulates national banks and their service providers, has launched an inquiry, as has the FTC, he said.

Read more in Computerworld

[From the article:

The Treasury's OCC may be taking an interest in the breach because it could be part of a larger problem for the banking industry, said Avivah Litan, an analyst at Gartner Inc. "I think that the criminal gang that targeted Heartland is targeting multiple payment processors, and it's a serious threat to the integrity of the payment systems," she said.

Reached Wednesday, a Heartland spokesman could not say why the SEC is investigating the company.

However, the investigation may relate to stock trades made by Heartland Chairman and CEO Robert Carr after Visa notified Heartland of suspicious activity on Oct. 28, 2008. According to insider trade filings, Carr sold just under $8 million worth of stock between Oct. 29 and the day the breach was disclosed. Heartland's stock was trading in the range of $15 to $20 per share for most of these transactions, but it dropped following the breach disclosure. It closed Wednesday at $5.49 per share.

During the conference call, Carr said that his trades were part of a 10b5-1 plan initiated in August -- months before Heartland knew of any problems [but months after they should have known Bob] -- to pay off his personal debt, and that he stopped selling shares as soon as the company discovered malicious software on its systems on the night of Jan. 12. "I had no discretion regarding the terms or timing of the sales," he said.



So, at least two.

http://www.databreaches.net/?p=1807

No, the unnamed processor breach is not another Heartland breach

February 25, 2009 by admin

Despite what some people might have suggested, Heartland Payment Systems has flatly denied that it is in any way responsible for the newest reports of another payment processor breach.

In response to a blog entry on The Consumerist, Nancy Gross, Heartland’s Executive Director of Marketing, replied:

We, too, have heard of a new breach. But, we can say with confidence that it is not at Heartland.

Although I could not reach Nancy to confirm the statement with her, Jason Maloni, Heartland’s spokesperson, kindly got back in touch with me to confirm that she had posted that statement and that Heartland is not the source of the second breach that is making the news.

And because I realize that some people may not trust denials under such circumstances, I can say that other information I’ve obtained from a confidential and reliable source strongly points away from Heartland.


Related My wife found out her card had been canceled as she tried to buy gas. The first replacement card was returned even though they claim they had the address right. She is not amused.

http://www.databreaches.net/?p=1791

Notifications reduced to green slips

February 25, 2009 by admin

More than one month after Heartland’s disclosure of a major breach, some customers are first finding out about it and that their card or account was affected. In some cases, however, all they are being given by way of explanation is a green slip enclosed with a replacement card. Steve Wartenberg of the Columbus Dispatch reports:

A green slip of paper accompanied each new Huntington card.

We’ve been informed that your bank card may have been recently exposed by a third party to possible fraudulent activity,” it read in part. “Please destroy your old card and begin using your enclosed new card immediately.”

At least one customer was dissatisfied with the bank’s handling of the incident:

They heard about it in January,” he said. “They should have alerted me immediately so I could monitor my account.”

Indeed, all over the internet, one can read comments from irate consumers, most of whom are blaming their banks or credit unions. For their part, the banks and credit unions feel like the victims of the Heartland breach because they bite the bullet on any fraudulent charges. Even though many of them have insurance to cover any losses, they may not file insurance claims out of concern that their insurance premiums will rise even more or because filing insurance claims just takes up more of their personnel’s time. [So why have insurance you won't use? Bob]

… One bank, Lone Summit Bank, headquartered in Lake Lotawana, Missouri, has already filed a lawsuit against Heartland over the breach.


Related. The pros and cons of press releases that can't say too much.

http://www.databreaches.net/?p=1798

Sifting through the tea leaves

February 25, 2009 by admin

In what appears to be a reaction to an article by Kim Zettner of Wired, “Clues to Massive Hacks Hidden in Plain Sight,” the folks at Sûnnet Beskerming posted, “A Data Breach In The Tea Leaves, Or Tilting At Windmills?” today.



The simple questions: Why was this data on a portable computer that was not being used as a portable computer? Why was the computer in a conference room rather than an office or locked cabinet? Will these people learn to search for these types of questions as they plan their security for the next sensitive-data-containing laptop?

http://www.databreaches.net/?p=1836

CO: Stolen computer contained 1,300 Social Security numbers

February 25, 2009 by admin

Zach Fridell reports:

Ten years’ worth of Social Security numbers for 1,300 past and present employees was compromised Tuesday night when a laptop was stolen from the Steamboat Springs School District office.

Read more on Steamboat Today & Pilot


Almost related? Always worth a read.

http://www.wired.com/politics/security/commentary/securitymatters/2009/02/securitymatters_0226

How Perverse Incentives Drive Bad Security Decisions

Commentary by Bruce Schneier



These hacks are just too simple... and pay too well.

http://www.pogowasright.org/article.php?story=20090226052758307

Hacker Claims He Used Celeb E-mail, MySpace Accounts to Send Spam

Thursday, February 26 2009 @ 05:27 AM EST Contributed by: PrivacyNews

A teenager who claims he hacked the e-mail and MySpace accounts of Miley Cyrus earned more than $100,000 by accessing other celebrity accounts and using them to send spam, according to an FBI affidavit.

..... [Josh] Holly told ABC News that he was the one who took racy personal photos of Cyrus from her e-mail account and posted them on the Internet last year, which caused a minor scandal for the previously squeaky-clean teen star.

Source - ABC

[From the article:

The newly filed search warrant affidavit sought permission to perform a forensic search of the computers. In the affidavit, the FBI says Holly made $110,000 between November 2007 and July 2008 from sending spam through hacked accounts. [Reasonable return for a trivial investment. Bob]

… Holly said he was able to access Cyrus' account by hacking MySpace's administrative panel to learn the teen star's MySpace user name and password. He said Cyrus used the same password for her e-mail account.

According to the affidavit, Holly also admitted to the FBI that he had been spamming since 2005. He claimed he used celebrity accounts because they generated high volume traffic, according to the affidavit.

… According to the affidavit, Holly communicated over the course of several months last year with MySpace's head of security about "system weaknesses and potential intrusions" and explained how he had accessed Cyrus' account.

Hacker: Might Go to Prison

In exchange for that information, Holly asked to have his MySpace account, which had been suspended for "suspicious or inappropriate behavior," reactivated, according to the affidavit. [and was it reactivated? Bob]



e-Pimping – ain't technology wonderful?

http://blog.wired.com/27bstroke6/2009/02/pimping.html

Pimps Go Online to Lure Kids Into Prostitution

By Kevin Poulsen February 25, 2009 11:30:00 PM

"I don't put girls on the blade," he wrote an associate in a chat log recovered by police. "It's Y2K pimpin'."



Not to sound negative, but: WE'RE DOOMED!

http://www.bespacific.com/mt/archives/020674.html

February 25, 2009

The Swedish model for resolving the banking crisis of 1991 - 93. Seven reasons why it was successful

The Swedish model for resolving the banking crisis of 1991 - 93. Seven reasons why it was successful (EUROPEAN ECONOMY. ECONOMIC PAPERS. 360. February 2009. European Commission. Brussels. 27pp. Tab. Graph. Ann. Bibliogr. Free) "This study presents the main features of the Swedish approach for resolving the banking crisis of 1991-93 by condensing them into seven policy lessons. The main features of the Swedish approach to the banking crisis of 1991-93 concern:

  • political unity,

  • a government blanket guarantee,

  • swift policy action,

  • an adequate legal and institutional framework,

  • full disclosure of information,

  • a differentiated resolution policy, and

  • the proper design of macroeconomic policies.

  • Related postings on financial system



Remember when an email outage would happen at least once a week?

http://tech.slashdot.org/article.pl?sid=09/02/25/2217243&from=rss

Google Blames Gmail Troubles On Maintenance Goof

Posted by timothy on Wednesday February 25, @05:43PM from the well-that's-reassuring dept. Communications The Internet

Slatterz writes

"Google has apologised for the two-and-a-half-hour Gmail outage on Tuesday morning, and admitted that the cause was down to data center maintenance. 'Lots of people around the world who rely on Gmail were disrupted during their waking and working hours, and we are very sorry. We did everything we could to restore access as soon as possible, and the issue is now resolved,' said Gmail site reliability manager Acacio Cruz in a blog post. Google had been testing new code designed to keep data geographically closer to its owner, which brought about disruption when maintenance in one data center caused another facility to be overloaded. This had a cascade effect, according to Google, and it took the company an hour to get it back under control."



Why I've been teaching my students about Cloud Computing. (And don't forget that Google is tied to Obama.)

http://news.cnet.com/8301-13578_3-10172259-38.html?part=rss&subj=news&tag=2547-1_3-0-5

Is Washington ready for cloud computing?

by Stephanie Condon February 25, 2009 3:31 PM PST

WASHINGTON--Bureaucrats in Washington looking for a silver lining to the economic downturn may want to try looking at the cloud itself.

The financial downturn, momentum from the private sector, and a new Web-savvy administration have come together to create the perfect climate for government adoption of cloud computing, said software as a service vendors, federal information technology purchasers, and others at a cloud-computing conference here Wednesday.


Related There is money to be made.

http://news.cnet.com/8301-1001_3-10172234-92.html?part=rss&subj=news&tag=2547-1_3-0-5

Salesforce.com squeezes $1B from the cloud

by Stephen Shankland February 25, 2009 3:29 PM PST

Salesforce.com showed Wednesday that cloud computing can produce serious money--but also that it's not immune from the current unpleasant economic climate.



Unfortunately, in my remedial math classes, what works for a third grader might be too much for some students. Still, hope springs eternal and if nothing else it gives me more videos for my Math Resources folder.

http://www.killerstartups.com/Web20/edutagger-com-k-12-social-bookmarking

Edutagger.com - K-12 Social Bookmarking

http://www.edutagger.com/

Simply put it, Edutagger is a social bookmarking site that is aimed at a specific range of users – K-12 learners and educators. As it is pointed out online, the objective of this solution is to create a platform where these individuals can openly share the many quality resources available on the Internet, and do so in a centralized location.

There is not a lot to say about a links aggregator that has not been said before. Items are displayed in the section entitled “New links”, and a voting system will let anybody propel them into the “Popular” page.

As regards the categories on offer, these encompass all the subjects that K-12 students and educators have to deal with such as “Art & Design”, “Science” and “Maths”, whereas the most popular keywords are garnered underneath the “Top Tags” banner.

Other than that, it is important to mention that a widget is included for you to add to your website. By cutting and pasting a string of code, you will be able to add a button reading “Edutag this” to make others become aware of your site and what it does.



A tool for HD video

http://www.killerstartups.com/Video-Music-Photo/keephd-com-downloading-hd-videos-off-youtube

KeepHD.com - Downloading HD Videos Off YouTube

http://www.keephd.com/

As the title of the review puts it, this is a tool that plays out a very specific role, namely letting you download these HD videos you come across the popular hosting service and wish to keep for posterity. And you not simply download them – you can always specify the version you want to get, according to the device that you intend to use to reproduce the file later on. As a result, you can download 3GP videos to be played on your mobile, and also MP4 and FLV files for viewing in handheld devices.

The dynamics of the site are simplicity in itself – you simple provide the URL of the video that you want to grab and hit the provided button to start the process. There is no registration to get in the way, and no need to procure or install any plug-in either.

Lastly, the site includes some interesting links that are related to the overall concept such as a link to the Relist.tv site, an online resource that can be used to embed YouTube playlists wherever you want. In that sense, it can be said that the site covers every angle of the process, and it is certain to cater for your online video needs one way or the other.

Wednesday, February 25, 2009

Of course. It's a profitable business, made very profitable if you don't spend much on security.

http://www.databreaches.net/?p=1761

Heartland Payment System reports 4th Quarter Gains

February 24, 2009 by admin

Of course, the fourth quarter ended before they announced that they had been breached. They had this to say about the breach in their press release today (via Marketwatch):

Clearly our biggest challenge in 2009 will arise from the system breach we suffered. There are two main components to the challenge we face: addressing claims that cardholders, card issuers, the Brands, regulators, and others have asserted, or may assert, against us arising out of the breach and managing the potential impact of the breach on the day-to-day operations of our business. With regard to the first challenge, we intend to vigorously defend any such claims and we believe we have meritorious defenses to those claims that have been asserted to date. [Is it meritorious to say “We did what everyone else did?” Bob] At this time we do not have information that would enable us to reasonably estimate the amount of losses we might incur in connection with such claims.

[From the Press Release:

Heartland Payment Systems Reports Fourth Quarter Earnings of $0.21 Per Diluted Share

Net Revenue Up 31% as Total Transaction Processing Volume Rises 23%



...and what about our unknown processor? How long should we expect to wait? Once detected, it shouldn't take too long to patch the hole that allowed the intruders access (if we have a log of their activity) Perhaps they are waiting for the next Inauguration?

http://www.databreaches.net/?p=1756

And the rumor mills kick into higher gear

February 24, 2009 by admin Filed under: Breach Reports

For the past few weeks, some of us have been in communication about reports about a second big processor breach.

… Visa and MasterCard remain mute about the source of the breach, although once the confirmation was found, Visa confirmed to Computerworld that a processior “experienced a compromise of payment card account information from its systems,” and MasterCard’s statement referred to the processor as being in the U.S.

… The recent revelation that the breach also involved ATM/Debit cards and not just card-not-present fraud changes the pool of possible candidate processors.

… Whatever happens, it is clear that hackers have figured out how to successfully gain access to tremendous databases of usable data.

… Earlier today, Breach released its annual report, Web Hacking Incidents Database 2008, noting how little we know because of failures to disclose more information that would enable people to prevent problems:

… Hopefully, Heartland is sharing specific information with other processors so that they can bring in forensic experts to review their systems to determine if they, too, may have been breached without it ever being detected.

… It is also not clear to me (yet) whether this unnamed processor breach is related to another series of fraud reports I have started investigating or whether those reports represent yet another processor breach that was never reported in the mainstream media or to the public.

[The Web Hacking Incidents Database 2008 is available here: http://www.breach.com/resources/whitepapers/2008WHID.html



Remember this one?

http://news.slashdot.org/article.pl?sid=09/02/24/2240241&from=rss

Terry Childs Case Puts All Admins In Danger

Posted by kdawson on Tuesday February 24, @09:02PM from the if-they-want-to-get-you dept. The Courts IT

snydeq writes

"Paul Venezia analyzes the four counts San Francisco has levied against Terry Childs, a case that curiously omits the charge of computer tampering, the very allegation that has kept Childs in jail for seven months and now appears too weak to present in court. Count 1 — 'disrupting or denying computer services' — is moot, according to Venezia, as the city's FiberWAN did not go down due to Childs' actions. Venezia writes, 'Childs' refusal to give up the passwords for several days in no way caused a disruption of the normal operation of the FiberWAN. In fact, it could be argued that his refusal actually prevented the disruption of normal network operation.' Counts 2 through 4 pertain to modems Childs had under his control, 'providing a means of accessing a computer, computer system, or computer network in violation of section 502,' according to case documents. As Venezia sees it, these counts too are spurious, as such devices are essential to the fulfillment of admin job requirements. 'If Childs is convicted on the modem charges, then just about every network administrator in the world could be charged with the same "crime,"' Venezia writes. All the authorities would have to do is 'point out that you have a modem or two, and suddenly you're wearing pinstripes of the jailhouse variety.'"



Interesting. Would the RIAA use this for “new” music?

http://news.slashdot.org/article.pl?sid=09/02/24/2229205&from=rss

Court Upholds AP "Quasi-Property" Rights On Hot News

Posted by kdawson on Tuesday February 24, @06:14PM from the discarded-lo-these-90-years dept.

I Don't Believe in Imaginary Property writes

"A federal court ruled that the AP can sue competitors for 'quasi-property' rights on hot news, as well as for copyright infringement and several other claims. The so-called 'hot news' doctrine was created by a judge 90 years ago in another case, where the AP sued a competitor for copying wartime reporting and bribing its employees to send them a copy of unreleased news. The courts' solution was to make hot news a form of 'quasi-property' distinct from copyright, in part because facts cannot be copyrighted. But now the AP is making use of the precedent again, going after AHN which competes with the AP, alleging that they're somehow copying the AP's news. The AP has been rather busy with lawsuits lately, so even though the AP has a story about their own lawsuit, we won't link to it."



Don't worry, we can be trusted to self-regulate! We just can't figure out how to fill out a simple form!

http://news.cnet.com/8301-13578_3-10171703-38.html?part=rss&subj=news&tag=2547-1_3-0-5

Telecom industry may see more than $12 million in fines

by Stephanie Condon February 25, 2009 6:51 AM PST

A federal regulatory agency on Tuesday proposed more than $12 million in fines for the telecommunications industry, after hundreds of telecommunications carriers failed to ensure to the agency they are instituting proper protections over customer data.

The carriers either failed to file to the Federal Communications Commission, or filed incorrectly, the required paperwork confirming they have implemented a plan to protect customers' proprietary network information. In the notices the FCC sent to the more than 600 carriers who completely failed to file the paperwork, the agency proposed a fine of $20,000 for each carrier. For the carriers who filed noncompliant information, the FCC proposed a range of fines up to $10,000.



An indication that Google is no longer willing to “Play nice?”

http://news.cnet.com/8301-10805_3-10171522-75.html?part=rss&subj=news&tag=2547-1_3-0-5

Google wants to join EU case against Microsoft

by Steven Musil February 24, 2009 5:20 PM PST



http://www.pogowasright.org/article.php?story=2009022506093124

UK: How technology is revolutionising spying

Wednesday, February 25 2009 @ 06:09 AM EST Contributed by: PrivacyNews

Data mining is key to intelligence community, and privacy of personal information cannot be guaranteed, says Sir David Omand

Source - vnunet.com

Related - The National Security Strategy: Implications for the UK intelligence community (free download)

[From the article:

The report says this personal information – known as protected information or "protint" - is mainly found in public and private sector databases, such as advance passenger information, airline bookings, passport and biometric data, immigration, identity and border records, criminal records, financial, telephone and email records.

"Access to such information, and in some cases the ability to apply data mining and pattern recognition software to databases, might well be the key to effective pre-emption in future terrorist cases," says Omand.

Contrary to popular opinion, this information has always been available to the intelligence community. But whereas traditional methods would involve tapping a particular line of communication or searching for a particular record, new data mining software can proactively sift personal information on databases to look for suspicious patterns.



Graphic of the economic downturn. Depressing. (No pun intended.)

http://www.bespacific.com/mt/archives/020658.html

February 24, 2009

CNN Economy Tracker

Based on Bureau of Labor Statistics data, this graphical Economy Tracker chart indicates by state, rates of unemployment, jobs by industry, and foreclosures. The information range is January 2007 to present.



Geek toy! Looks interesting.

http://hardware.slashdot.org/article.pl?sid=09/02/24/1918217&from=rss

$100 Linux Wall-Wart Now Available

Posted by kdawson on Tuesday February 24, @02:25PM from the not-to-be-confused-with-wal-mart dept.

nerdyH sends us to LinuxDevices for a description of a tiny Linux device called the Marvell SheevaPlug.

"A $100 Linux wall wart could do to servers what netbooks did to notebooks. With the Marvell SheevaPlug, you get a completely open (hardware and software) Linux server resembling a typical wall-wart power adapter, but running Linux on a 1.2GHz CPU, with 512MB of RAM, and 512MB of Flash. I/O includes USB 2.0, gigabit Ethernet, while expansion is provided via an SDIO slot. The power draw is a nightlight-like 5 Watts. Marvell says it plans to give Linux developers everything they need to deliver 'disruptive' services on the device."

The article links four products built on the SheevaPlug, none of them shipping quite yet. The development kit is available from Marvell.



Technology builds empires. (and apparently, British naval security was much better 400 years ago than it is today.)

http://tech.slashdot.org/article.pl?sid=09/02/24/2337202&from=rss

Superguns Helped Defeat the Spanish Armada

Posted by kdawson on Wednesday February 25, @04:38AM from the nobody-expects-the-spanish-armada dept. The Military Science

Hugh Pickens writes

"With the discovery last year of the first wreck of an Elizabethan fighting ship off Alderney in the Channel Islands, thought to date from around 1592, marine archaeologists are revising their ideas on how the English defeated the Spanish Armada. Replicas of two cannon recovered from the Alderney wreck were recreated in a modern foundry, and tests carried out showed that the Elizabethans were throwing shot at almost the speed of sound. Elizabeth's 'supergun,' although relatively small, could hit a target a mile away. At a ship-to-ship fighting distance of about 100 yards, the ball would have sufficient punch to penetrate the oak planks of a galleon, travel across the deck, and emerge out the other side. Tests on cannon recovered from the Alderney wreck also suggest that the ship carried guns of uniform size, firing standard ammunition. ' Elizabeth's navy created the first ever set of uniform cannon, capable of firing the same size shot in a deadly barrage,' says marine archaeologist Mensun Bound from Oxford University, adding that that navy had worked out that a lot of small guns, all the same, all firing at once, were more effective than a few big guns. '[Elizabeth's] navy made a giant leap forward in the way men fought at sea, years ahead of England's enemies, and which was still being used to devastating effect by Nelson 200 years later.'"



Being a cheap bastard, I love lists of free stuff – even if I don't have the artistic skills to make use of them. Keep this list in your Swiss Army Folder just in case.

http://news.cnet.com/8301-17939_109-10170333-2.html?part=rss&subj=news&tag=2547-1_3-0-5

15 online photo editors compared

by Josh Lowensohn February 25, 2009 4:00 AM PST

Tools that let you edit photos in the Web browser have come a long way in the last few years. We wanted to take a moment to do a feature comparison with a grouping of editors--big and small, to see what each one is capable of.

Tuesday, February 24, 2009

Once you have a tool that works, why wouldn't you try every payment system you could identify?

http://www.databreaches.net/?p=1728

Just weeks after Heartland breach, another payment processor said to be hit

February 23, 2009 by admin

Jai Vijayan of Computerworld has gotten more info on the as-yet-unnamed processor breach. In addition to getting confirmation from Visa and MasterCard that the breach occurred and that the window was February 2008 to January 2009, Jai also found a more recent advisory from the Alabama Credit Union:

ACU initially posted the alert on Feb. 17, saying then that it had been contacted by Visa about the breach and told that about 250 credit cards issued by the credit union had been compromised. An update posted two days later said Visa had informed ACU that a “lengthy list” of ATM and debit card numbers also had been exposed.

The alert said that fraudulent transactions had been carried out with some of the stolen ATM and debit card numbers, primarily involving $100 purchases of prepaid phone cards, gift cards and money orders from Wal-Mart stores. As a result, ACU said it was limiting purchases on all of the cards on Visa’s list to $99 per day while working to issue new cards to customers. Customers will still be able to conduct PIN-based ATM transactions at the usual dollar limits with their existing cards until the replacement ones arrive, the credit union said, adding that all of the cards on the list will be blocked no later than March 3. [Immediate locks would impact legitimate customers. Bob]

Read more on Computerworld.

[From the article:

But as was the case at Heartland, malicious software was placed on the unidentified payment processor's systems, the credit union said.

… Visa began releasing lists of affected card numbers on Feb. 9, and MasterCard followed suit two days later, according to the credit union.



Counting on the broader definition of “harm?” A new legal strategy for victims?

http://www.databreaches.net/?p=1733

Starbucks sued after laptop data breach

February 23, 2009 by admin

Robert McMillan of IDG News Service reports:

A Chicago-area Starbucks employee has brought a class-action lawsuit against the coffee retailer, claiming damages from an October 2008 data breach.

Laura Krottner was one of 97,000 employees notified late last year after a Starbucks laptop containing employee names, addresses and Social Security numbers was stolen on Oct. 29. Krottner’s suit accuses the company of fraud and negligence.

The lawsuit was filed Thursday in federal court in Seattle. Starbucks has offered employees one-year’s free credit monitoring and protection, but Krottner is asking the court to extend that to five years. She is also seeking unspecified damages and asking that Starbucks be ordered to submit to periodic security audits of its computer systems.

Read more on IT World



The future of the book? Includes a suggestion for bypassing the DRM.

http://www.bespacific.com/mt/archives/020652.html

February 23, 2009

Google Book Search Settlement - New Commercial and Access Models Await Readers

Timothy B. Lee: "Speaking at Princeton on Thursday, Richard Sarnoff, chairman of the Association of American Publishers, discussed the landmark settlement in the Google Book Search case. Sarnoff speculated that the agreement could effectively give Google and Amazon a "duopoly" in the online book market."



Clearly we need a secure (private) way to exchange data. (Don't we HPS & TJX?) Even if some will use it to download the latest U2 album or a copy of Slumdog Millionaire.

http://yro.slashdot.org/article.pl?sid=09/02/23/2245231&from=rss

Combining BitTorrent With Darknets For P2P Privacy

Posted by kdawson on Monday February 23, @06:05PM from the your-move dept. Privacy Security

CSEMike writes

"Currently popular peer-to-peer networks suffer from a lack of privacy. For applications like BitTorrent or Gnutella, sharing a file means exposing your behavior to anyone interested in monitoring it. OneSwarm is a new file sharing application developed by researchers at the University of Washington that improves privacy in peer-to-peer networks. Instead of communicating directly, sharing in OneSwarm is friend-to-friend; senders and receivers exchange data using multiple intermediaries in an overlay mesh. OneSwarm is built on (and backwards compatible with) BitTorrent, but includes numerous extensions to improve privacy while providing good performance: point-to-point encryption using SSL, source-address rewriting, and multi-path and multi-source downloading. Clients and source are available for Linux, Mac OS X, and Windows."



This is an interesting twist. Perhaps I should slap together some credentials identifying me as the senior editor of Centennial-Man. Then I could as rude questions almost anywhere...

http://tech.slashdot.org/article.pl?sid=09/02/23/1625252&from=rss

Chinese Blogger Chosen As Head of Investigation

Posted by ScuttleMonkey on Monday February 23, @12:47PM from the wash-the-people's-truck dept. The Internet Government

Lew Perin writes

"China hasn't developed much of a reputation for government transparency. And in Yunnan province, the case of a guy who died in police custody was starting to look like a cover up. But then the provincial government startled everyone by choosing a prominent local blogger to head the official investigation into the death. 'The unorthodox move to make popular bloggers heads of an investigation committee is a tacit admission by the Yunnan government of the power of the internet — especially blogs — in shaping Chinese public opinion. It also belies the widespread suspicion of the official version of Li's death.'"



Geek stuff. Become your own cloud?

http://it.slashdot.org/article.pl?sid=09/02/23/1851235&from=rss

Citrix XenServer Virtualization Platform Now Free

Posted by ScuttleMonkey on Monday February 23, @03:01PM from the gateway-drugs-and-other-business-models dept. Software IT

Pedro writes

"Citrix announced today that they are giving away their Xen OSS based virtualization platform XenServer with all the goodies included for free. The big highlights are XenMotion, which lets you move VMs from box to box without downtime, and multi server management. The same stuff in VMware land is $5k. They plan to sell new products for XenServer and also the same stuff on Microsoft's virtualization technology called Hyper-V. It will be interesting to see what VMware does. The announcement comes the day before VMware's big user event VMworld."



This is clearly opportunistic marketing, but it looks like there may be some real value hidden here.

http://it.slashdot.org/article.pl?sid=09/02/23/220227&from=rss

Microsoft Unveils "Elevate America"

Posted by ScuttleMonkey on Monday February 23, @05:15PM from the we-really-need-some-good-pr-what-can-we-do dept. Microsoft IT

nandemoari writes

"In response to the current economic crisis, Microsoft Corp. has come out with a stimulus plan of their own. Their goal is to help a large group of individuals use their computers to land employment in ways other than to generate a compelling resume. The new online initiative, Elevate America, is set to equip close to 2 million people (over the next three years) with the skills needed to succeed in the field of technology."



When I think of it, several of my friends are looking for sponsors (donors) Why didn't I think of this approach? (Attention White Hat Hacker Club!)

http://www.killerstartups.com/Web20/groupable-com-find-a-sponsor-for-your-group

Groupable.com - Find A Sponsor For Your Group

http://www.groupable.com/

No matter what cause you champion, or the group you are part of – this site will let you connect with sponsors on both a local and global scale. The aim of Groupable is to let you further your passion and spread the word in order to keep the flame alive. Book lovers, wine aficionados, otakus and stamp collectors are all accounted for. In actuality, anybody who is a fervent follower and defender of any concept or idea is going to put this site to immediate use.

In order to reach out to the world, all you have to do is create a free account. When doing so, you will be able to pick the group’s name at the same time that you select a category from the many ones on offer.

Once an account has been created, your group will be visible to hundreds of sponsors that will provide you with the resources for furthering your message by sponsoring your cause.

All in all, the site acts as an effective marketplace where corporate sponsors and groups of different denomination come together and connect. If you have a group or are part of one, and think that a little pushing is necessary in order to go forwards, you might just find a helping hand in here.



So, this is good news? “The gooder you txt the smrtr u b?”

http://news.cnet.com/8301-17852_3-10170480-71.html?part=rss&subj=news&tag=2547-1_3-0-5

Your little texting runt may not be illiterate

by Chris Matyszczyk February 23, 2009 7:37 PM PST

… Researchers at Coventry University in the United Kingdom decided to test whether those who are stunted texters really are literate-lite.

The academics' paper, published in the British Journal of Developmental Psychology, has a title that has one desperate to see the 12-year-old's texted version: "Exploring the Relationship Between Children's Knowledge of Text Message Abbreviations and School Literacy Outcomes."



Now they'll have to kill him! Something for the conspiracy fans.

http://blog.wired.com/27bstroke6/2009/02/dtv-converters.html

Hidden Cameras in DTV Converters? YouTube Hoax Fans Conspiracy Fears

By Kevin Poulsen February 23, 2009 3:42:24 PM

[Don't tell anyone:

In an interview with Threat Level, Chronister admits the whole thing was a hoax, concocted in about five minutes with a hot glue gun and parts from an old cell phone. The reaction surprised even him.

[Here's the video: http://www.youtube.com/watch?v=TQ4iIM8Eljc&feature=related

Monday, February 23, 2009

Is this normal or is NY setting the stage for legal action?

http://www.databreaches.net/?p=1704

NYS Consumer Protection says “Action Needed in Heartland Breach”

February 22, 2009 by admin

The following was sent to me by the NYS Consumer Protection Board:

DATE: February 22, 2009

NYS CONSUMER PROTECTION BOARD CALLS FOR ACTION TO PROTECT CONSUMERS WHO MAY BE AFFECTED BY HEARTLAND BREACH

The New York State Consumer Protection Board (CPB) today called on financial institutions and corporations with knowledge of customer data compromised by the Heartland Payment Systems (Heartland) security breach disclosed to the public on January 20, 2009, to immediately take action to protect their consumers.

A breach of this enormity necessitates action on behalf of consumers who, to date, probably don’t even know that their personal and private information may have been affected,” said Mindy A. Bockstein, Chairperson and Executive Director of the CPB. “After careful scrutiny of the actions taken and current law, financial institutions should not sit idly by and do nothing to inform or protect the consumers who rely on them.”



Just suppose it isn't one more large processor – suppose it's all of them. Would that justify withholding notification? Avoiding panic in the financial world?

http://www.databreaches.net/?p=1711

Banks starting to report breach at unnamed processor

February 22, 2009 by admin

In an earlier post, I questioned whether banks were just sitting on the breach at the as-yet-unnamed processor. According to a spokesperson from the New York State Consumer Protection Board:

While some banks have reported this breach, the CPB awaits formal notification pursuant to New York State law. Until such time as we can review the filing, we do not know the full extent of its affect on New York consumers. Meanwhile, we understand that some banks and financial institutions have already begun to issue new credit cards to those affected, and the CPB applauds this action. As with all data breaches, the CPB encourages full transparency on behalf of consumers to protect their personal identifiable information and avoid the prospect of identity theft. We continue to watch this breach and review all notifications sent to us in accordance with the law.

If banks are beginning to notify consumers and replace cards, that’s good news, indeed, for consumers, although they may understandably feel battle-weary if they also received notification due to the Heartland breach.


Related

http://www.databreaches.net/?p=1697

Another small detail or two on as-yet-unnamed processor breach

February 22, 2009 by admin

Still no real facts, but more hints of impact. This from the Community Bankers Association of Illinois (emphasis added by me):

(February 11,2009) Today, VISA announced that an unnamed processor recently reported that it had discovered a data breach. The processor’s name has been withheld pending completion of the forensic investigation. According to VISA officials, the breach affected all card brands. Evidence indicates that the account number, PAN and expiration dates were stolen. No cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers or other personal information were involved in the breach. VISA officials have indicated that the Account Data Compromise Recovery (ADCR) procedure will not apply to this event. The ADCR process is used exclusively for magnetic-strip data compromise events. An increase in card-not-present fraud suggests some BIN number have been targeted by criminals. CAMS reports were sent to banks beginning on Monday, February 9, 2009, and are expected to conclude by Friday, February 13, 2009. We have already heard from Illinois bankers that have been affected. VISA officials reported that while the number of accountholders affected is undetermined, it appears to be fewer than those affected by the recent Heartland Payment Systems breach, but a significant number nonetheless. And unlike the Heartland breach, where thieves also captured Track 2 data, [New factoid! Bob] officials reiterated that no personal information was taken in this most recent event. The status of the processor’s PCI compliance is unknown at this time. Bankers are encouraged to read their daily CAMS reports and monitor CVV responses.


Issuers have chargeback rights. MORE TO COME….

So far, I haven’t found any updates subsequent to Feb. 13, but if any site visitor finds any, please let me know.

I freely admit my ignorance on the way things are done, but if banks were already reporting being affected by this breach by this February 11 posting, has anyone contacted the customers whose accounts were affected or is everyone just going to sit on this breach until the processor is ready to issue a public statement?



Very interesting. Includes discussion of the legal requirements under HIPAA and other Privacy laws

http://www.pogowasright.org/article.php?story=2009022305100723

World Privacy Forum Report Tackles The Privacy and Confidentiality Issues of Cloud Computing

Monday, February 23 2009 @ 05:10 AM EST Contributed by: PrivacyNews

... The report includes a detailed analysis of current law as it intersects with various aspects of cloud computing, detailed findings, and a discussion of responses to the privacy and confidentiality risks of cloud computing. Those responses include better policies and practices by cloud providers, changes to laws, and more vigilance by users.

Source - World Privacy Forum Press Release Full Report (pdf)



It's not just pencils and paper clips any more...

http://www.pogowasright.org/article.php?story=20090223064630248

More Than Half of Ex-Employees Admit to Stealing Company Data According to New Study

Monday, February 23 2009 @ 06:46 AM EST Contributed by: PrivacyNews

Symantec Corp. (NASDAQ: SYMC) and the Ponemon Institute, a leading privacy and information management research firm, today announced the findings of a joint survey of employees who lost or left a job in 2008, which revealed 59 percent of ex-employees admit to stealing confidential company information, such as customer contact lists. The results also show that if respondents' companies had implemented better data loss prevention policies and technologies, many of those instances of data theft could have been prevented.

Source - CNN

[Form the article:

The results also show that if respondents' companies had implemented better data loss prevention policies and technologies, many of those instances of data theft could have been prevented.



Somehow the numbers don't seem right...

http://www.pogowasright.org/article.php?story=20090222192536429

AU: Arrests soar after new wiretap law

Sunday, February 22 2009 @ 07:25 PM EST Contributed by: PrivacyNews

Criminal arrests made under more powerful wiretapping laws have increase by 96 percent following reforms that make it easier for police to intercept and access telecommunications.

In a report tabled in parliament, Attorney General Robert McClelland said 45 arrests were made during the year ending June 2008, thanks to amendments to the Telecommunications (Interceptions) Act that allow police to access stored intercepted telecommunications data.

Source - Computerworld (AU)


Related? If they can't tap them, how do they know criminals are using them? (Perhaps they are suspicious of all Skype users?)

http://yro.slashdot.org/article.pl?sid=09/02/23/0332207&from=rss

European Crackdown On Skype "Loophole"

Posted by timothy on Monday February 23, @07:36AM from the only-the-suspicious-ones-of-course dept. Privacy Communications Security

angry tapir writes

"Suspicious phone conversations on Skype could be targeted for tapping as part of a pan-European crackdown on what law authorities believe is a massive technical loophole in current wiretapping laws, allowing criminals to communicate without fear of being overheard by the police. Eurojust, a European Union agency responsible for coordinating judicial investigations across different jurisdictions, has announced the opening of an investigation involving all 27 countries of the European Union."



No one asked me!

http://www.bespacific.com/mt/archives/020642.html

February 22, 2009

Declassified Oral History Interviews Posted by National Security Agency

"The National Security Agency (NSA) has recently declassified and posted lengthy, formerly Top Secret oral history interviews with four of its most prominent personnel: Arthur J. Levenson, Dr. Solomon Kullback, Oliver R. Kirby, and Benson K. Buffham." [The Memory Hole]

Note: "the NSA The National Security Agency/Central Security Service launched its newly redesigned public web site - www.nsa.gov. Visitors to the site, "NSA/CSS - Defending our Nation. Securing the Future" will discover many new features including:

  • A video overview of the NSA/CSS mission, a virtual tour of the National Cryptologic Museum and an NSA/CSS photo gallery;

  • "Latest News" showcasing NSA/CSS-generated press releases and features of interest as well as media coverage of NSA initiatives;

  • A "Doing Business with NSA" section to guide businesses through the contracting process;

  • An area dedicated to NSA's commitments - to the country, the community, and the environment; and,

  • A video message from LTG Keith B. Alexander, Director, National Security Agency / Chief, Central Security Service.



Apparently it takes an entire operating system to browse securely. Perhaps Microsoft should make a secure operating system its next goal? (Or perhaps this indicates that each device/function should have its own operating system?)

http://tech.slashdot.org/article.pl?sid=09/02/22/1724244&from=rss

MS Publishes Papers For a Modern, Secure Browser

Posted by Soulskill on Sunday February 22, @01:11PM from the new-and-different dept. The Internet Microsoft Technology

V!NCENT writes with an excerpt from a new publication by Microsoft:

"As web sites evolved into dynamic web applications composing content from various web sites, browsers have become multi-principal operating environments with resources shared among mutually distrusting web site principals. Nevertheless, no existing browsers, including new architectures like IE 8, Google Chrome, and OP, have a multi-principal operating system construction that gives a browser-based OS the exclusive control to manage the protection of all system resources among web site principals. In this paper, we introduce Gazelle, a secure web browser constructed as a multi-principal OS. Gazelle's Browser Kernel is an operating system that exclusively manages resource protection and sharing across web site principals."

Here's the full research paper (PDF).



How to market yourself? After some geek humor, there are some serious comments here.

http://ask.slashdot.org/article.pl?sid=09/02/22/2053258&from=rss

Linked In Or Out?

Posted by timothy on Sunday February 22, @04:30PM from the won't-you-be-my-neighbor-today dept. Privacy Social Networks

Mr_Whoopass writes

"I am the IT Administrator for a regional restaurant chain, and as of late I am noticing more and more people sending me invitations to sites like LinkedIn, FaceBook, etc. Mother always taught me to be a skeptic, and, knowing more than the average Joe about how information can be used in this digital era, I am reticent to say the least about posting such personal details as my full name and where I work on the net for all to see. I have thus far managed to stay completely below the radar, and a search on Google has nothing on my real persona. However, now times are tough, and I see sales dropping in the industry I work in as it is a discretionary spending market to be sure. I wonder if I should loosen up on the paranoia a bit and start networking with some of these folks in case of the all too common layoff scenario that seems to be happening lately. What do other folks here think about this? I am specifically interested in what people who work in IT think (since I know that just about every moron who has 'Vice President' or sits on the 'Executive Team' is already on LinkedIn and has no clue about why they should be trying to protect their identity)."