Centennial Man: 2011-06-26

Saturday, July 02, 2011

Isn't keeping quiet about the breach offset by all the reporting on the lawsuit?

Cancer Center Blamed for Stolen Laptop; Delayed Notice Blamed for ID Theft

By Dissent, July 1, 2011

Okay, here’s a breach I never saw reported anywhere in my usual sources, until I read about it in a lawsuit. Via Courthouse News’ Joe Harris:

A hospital and cancer center allowed a laptop computer stuffed with unencrypted, confidential information on its patients to be stolen, and did not notify patients of the data theft for 8 weeks, patients say in a class action.

Named plaintiff Rita Barricks claims the laptop was stolen during the weekend of Dec. 4, 2010 from Barnes-Jewish Hospital dba The Siteman Cancer Center, a joint venture between Washington University and Barnes-Jewish Hospital.

Barricks says the computer contained patients’ names, addresses, phone numbers, birth dates, Social Security numbers, medical records, diagnoses, lab results, email addresses, insurance information and employment information.

“WashU and BJC have a policy of encrypting the sensitive information of plaintiffs,” according to the complaint City Court. “However, the stolen laptop was unencrypted and contained unencrypted sensitive information.”

Barricks claims the defendants immediately knew about the theft, but waited 8 weeks – until Jan. 28 – to inform patients.

During that time, Barricks says, her identity was stolen.

Friday, July 01, 2011

Local breach. “We don't need no stinking encryption!”

Lost in transit: Colorado Department of Health Care Policy and Financing notifies over 3,500 of missing disk

By Dissent, July 1, 2011

Michael Booth reports:

The state Department of Health Care Policy and Financing has lost thousands of applicant names on a computer disk for the second time in a year, triggering a public notice under federal privacy rules.

HCPF officials said the names of 3,590 medical-aid applicants were on the lost disk, though the data did not include dates of birth, Social Security numbers or other personal information that could lead to identity-theft cases. Some of the lost information includes health data protected under the privacy rules of the Health Insurance Portability and Accountability Act.

The data did include the addresses and the state identification numbers for the applicants. The disk was lost on its way between two state agencies, the HCPF notice said, and was discovered May 6.

Thursday, June 30, 2011

Since rootkits like this one are so difficult to remove, think of their value as a Cyber-weapons. A more subtle infection could go unnoticed until “e-Day.”

Massive Botnet "Indestructible," Say Researchers

"A new and improved botnet that has infected more than four million PCs is 'practically indestructible,' security researchers say. TDL-4, the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is 'the most sophisticated threat today,' said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis on Monday. Others agree. 'I wouldn't say it's perfectly indestructible, but it is pretty much indestructible,' Joe Stewart, director of malware research at Dell SecureWorks and an internationally-known botnet expert, told Computerworld on Wednesday. 'It does a very good job of maintaining itself.' Because TDL-4 installs its rootkit on the MBR, it is invisible to both the operating system and more, importantly, security software designed to sniff out malicious code. But that's not TDL-4's secret weapon. What makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers. 'The way peer-to-peer is used for TDL-4 will make it extremely hard to take down this botnet,' said Roel Schouwenberg, senior malware researcher at Kaspersky. 'The TDL guys are doing their utmost not to become the next gang to lose their botnet.'"

Jurisdiction be damned? Virtual access to data now depends only on who can threaten profitability? ...call in the anti-trust guys at DOJ?

The Patriot Act and the EU Cloud

"Gordon Frazer, managing director of Microsoft UK said that the Patriot Act allows government access to data in its cloud services even in Europe. Though he said that 'customers would be informed wherever possible,' he could not provide a guarantee that they would be informed if a gagging order, injunction or U.S. National Security Letter permits it."

(Related) ...and it's just gonna get worse.

http://www.zdnet.com/blog/igeneration/microsoft-we-can-hand-over-office-365-data-without-your-permission/11041

Microsoft: 'We can hand over Office 365 data without your permission'

Hidden within a whitepaper, detailing the security features in the upcoming Office 365 suite, it reveals links to the Trust Center; a treasure trove of data protection policies and legalities of how Microsoft will handle your data in its cloud datacenters.

(Related) Think of this as a way to gain physical access to foreign data.

Chinese City Wants To Build a Censorship-Free Hub

"The city of Chongqing's proposed Cloud Computing Special Zone would be home to 'a handful of state-of-the-art data centers and is designed to attract investment from multinational companies and boost China's status as a center for cloud computing,' writes the IDG News Service's Michael Kan. The part that's drawing the ire of Chinese Internet users: This censorship-free hub would only be for foreign companies."

(Related) Another “Cloud” story that I could also categorize under “It's not a One-Strategy-Fits-All world”

http://www.wired.com/dangerroom/2011/06/spycloud-intel-agencies-look-to-keep-secrets-in-the-ether/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

SpyCloud: Intel Agencies Look to Keep Secrets in the Ether

Dropbox for files, Google for mail, iCloud for well, everything. Average citizens have all kinds of options for storing their information in the cloud. Now, spies want in. Soon, our nation’s secrets may take on a slightly more nebulous form.

In-Q-Tel, the investment arm of the CIA and U.S. intelligence community, recently sunk money into a cloud-based storage company called Cleversafe. It says the platform is “ideal for storing mission critical data by addressing the core principles of data confidentiality, integrity and availability.” (Incidentally, those principles also spell out CIA). [So does Cunning if Idiotic Acronym Bob]

This is only one of a series of new government initiatives to move into the cloud. Since last year, the administration has embraced a “cloud first” policy, which encourages cloud-based solutions “whenever a secure, reliable, cost-effective cloud option exists.” The Pentagon is already planning its migration, and the 2011 Cloud Computing Act, expected out in a few weeks, may put in place even more incentives for investing in cloud computing options.

I guess you could call this another jurisdictional question...

Amazon Drops California Associates to Avoid Sales Tax

"Residents of California who participate in the Amazon Associates Program received an email warning them that the program will be terminated as soon as a new California law goes into effect. The law, which CA governor Jerry Brown signed, would require online retailers to collect sales tax on purchases. According to Amazon's statement, 'We oppose this bill because it is unconstitutional and counterproductive. It is supported by big-box retailers, most of which are based outside California, that seek to harm the affiliate advertising programs of their competitors.'"

(Related) So, will this make things “unfriendly” enough to cause Silicon Valley to move to New Jersey? I kinda doubt it.

http://news.cnet.com/8301-31921_3-20075651-281/california-targets-kindle-lab-in-amazon-tax-spat/

California targets Kindle lab in Amazon tax spat

Amazon.com said today that it's reluctantly severing ties with affiliates in California, a move that it hopes will let it continue shipping products to state residents without collecting sales taxes.

But a little-noticed clause in the legislation that Gov. Jerry Brown, a Democrat, signed into law today gives California tax collectors a second, albeit legally untested, cudgel to use against the Seattle-based company. The law takes effect immediately.

The measure says that any retailer who "through a subsidiary" has any "place of business" in California must collect sales taxes. And--surprise!--Amazon has two subsidiaries in California: A9, in Palo Alto, which works on search technology, and Cupertino-based Lab126, which designed the Kindle and is rumored to be working on much more.

Very high level, but no endorsement for “3 strikes” or similar (that I can see)

http://www.bespacific.com/mt/archives/027629.html

June 29, 2011

Organization for Economic Cooperation and Development's proposed online copyright protection plan

OECD draft Communiqué on Principles for Internet Policy-Making, June 29, 2011

"The policy-making principles in this communiqué are designed to help preserve the fundamental openness of the Internet while concomitantly meeting certain public policy objectives, such as the protection of privacy, security, children online, and intellectual property, as well as the reinforcement of trust in the Internet. Effective protection of intellectual property rights plays a vital role in spurring innovation and furthers the development of the Internet economy. Internet policy making principles need to take into account the unique social, technical and economic aspects of the Internet environment. It is clear that the open and accessible nature of the Internet needs to be supported for the benefit of freedom of expression, and to facilitate the legitimate sharing of information, knowledge and exchange of views by users including research and development that has brought about widespread innovation to our economies."

OECD Internet Economy (Home)

EFF Declines to Endorse OECD Draft Communiqué on Principles for Internet Policy-Making: "We oppose legal and policy frameworks that encourage Internet intermediaries to filter and block online content or disconnect Internet users under a “graduated response” system after alleged copyright violations. Civil society calls on OECD member states to defend free expression and support due process and procedural safeguards in the protection of intellectual property rights."

Oh no! This theory did not “evolve” it was the result of intelligent design!

http://www.wired.com/wiredscience/2011/06/darwin-marginalia/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Young Darwin’s Marginalia Shows Evolution of His Theory

A trove of books from Charles Darwin’s personal library is now digitized, online and free for all to view. The collection, displaying Darwin’s scrawled-in-pencil marginalia, tantalizingly reveals his thought process as he developed the theory of evolution.

It's like free crack...

World of Warcraft Goes Free With Starter Edition

"Blizzard Entertainment has announced that its enormously popular online role-playing game World of Warcraft will be free to play for characters up to level 20. WoW has always offered free trials of one of the world's biggest multi-player online games but previous offers have always been limited to a set number of days. The new policy means that first-time visitors to Azeroth will be able to build an unlimited number of characters and classes up to level 20 at their leisure, although there will be some limitations."

Free is good.

http://www.makeuseof.com/tag/6-live-professional-news-streams-watch-online-free/

6 Live Professional News Streams You Can Watch Online For Free

Everyone has an opinion

107 Best Websites On The Web

Wednesday, June 29, 2011

Now we will be treated to swarms of “journalists” trying to interpret the raw data out of any context.

http://news.cnet.com/8301-27080_3-20075245-245/hackers-heres-zimbabwe-brazil-umg-viacom-data/

Hackers: Here's Zimbabwe, Brazil, UMG, Viacom data

Hackers today released data they said was from the governments of Zimbabwe and Brazil, entertainment giants Universal Music Group and Viacom, and a municipal government in Australia.

Meanwhile, the Anonymous group also reportedly temporarily shut down a tourism Web site for Orlando, Fla., with a distributed denial-of-service (DDoS) attack today to protest the arrest of Food not Bombs volunteers for serving food in public in Orlando without a permit.

The “Harrisburg Project” (subcontractor to the state) released this data originally. Did they not know what was on the laptops or did they just lie?

http://www.databreaches.net/?p=19326

(update) Laptops stolen from a contractor’s van had a slew of sensitive student data

June 29, 2011 by admin

Remember the Illinois State Board of Education laptops stolen from a Harrisburg Project van recently? I was reading more about the incident and noticed that there was even more sensitive data on the laptops than originally indicated in media coverage:

The staff data stored on the computers included name, demographics, Social Security number, teacher certification number and work assignment. The student data included resident school district, birth date, name, student identification number, Social Security number, student’s identified disability, bilingual special education and other information.

And Social Security Numbers were being used in student files…. why?

Read more on Beacon News and remember that the federal government wants to compile and track even more data on students. Oh yeah, what could possibly go wrong?

I thought this might be an “Executive Privilege” argument, but apparently the just didn't want to be bothered...

http://www.databreaches.net/?p=19323

Texas Official Must Talk About Data Leaks

June 29, 2011 by admin

David Lee reports:

A state judge ordered the Texas Comptroller of Public Accounts to comply with a request for a deposition on the leak of personal information of more than 3.5 million people.

Comptroller Susan Combs disclosed in April that the personal information of 3.5 million state employees and former employees had been stored on a publicly accessible computer server for about a year.

Travis County Judge Rhonda Hurley ruled on Monday that Combs must submit to questions about the leak from the Texas Civil Rights Project.

Read more on Courthouse News. Combs has indicated that she will appeal the ruling.

[From the Courthouse News article:

"The court finds that the likely benefits of allowing the depositions to investigate a potential claim outweigh the burden or expense of the procedure,"

Not creating privacy, but perhaps this lawyer sees where companies are overreaching and can be pushed back?

Keen On… Michael Fertik: Why People Will Pay for Privacy (TCTV)

Will people pay for online privacy? Yes, they will – at least according to Michael Fertik, the founder and CEO of Reputation.com, one of the early leaders in the new online privacy ecosystem. Indeed, Fertik believes that privacy is the next big thing in the online economy – a necessary antidote to Reid Hoffman’s Web 3.0 economy of pervasive personal data.

We can learn from failure...

Sean Parker On Why Myspace Lost To Facebook

With reports of social network Myspace about to sell for ~$30 million, the tech world eagerly awaits the HBS study for why the service, which was bought in 2006 by Newscorp for $580 million and was at some point valued at $1.5 billion (a quote in a Business Week article referred to it as “one of the best acquisitions ever”) ultimately failed.

… at minute 20:54 Fallon asks Parker, “Where did Myspace go wrong?”

“The failure to execute product development,” Parker replies. “They weren’t successful in treating and evolving the product enough, it was basically this junk heap of bad design that persisted for many many years. There was a period of time where if they had just copied Facebook rapidly, they would have been Facebook. They were giant, the network effects, the scale effects were enormous.”

Google goes Social? Bummer..

http://www.bespacific.com/mt/archives/027618.html

June 28, 2011

Introducing the Google+ project: Real-life sharing, rethought for the web

Official Google Blog: "Among the most basic of human needs is the need to connect with others. With a smile, a laugh, a whisper or a cheer, we connect with others every single day. Today, the connections between people increasingly happen online. Yet the subtlety and substance of real-world interactions are lost in the rigidness of our online tools. In this basic, human way, online sharing is awkward. Even broken. And we aim to fix it. We’d like to bring the nuance and richness of real-life sharing to software. We want to make Google better by including you, your relationships, and your interests. And so begins the Google+ project..."

Social enterprise giant Jive is releasing a study today, called the Jive Social Business Index, which surveyed 902 US‐based executives at large and mid-sized companies on their views of social in the enterprise.

The study revealed that Social Business is increasingly perceived as a strategic executive imperative in the enterprise, with 78 percent of the executives surveyed admitting that having a social strategy is critical to the future success of their businesses.

You don't own the game. When they “Sell” it you you, you should bring your IP lawyer...

http://www.wired.com/gamelife/2011/06/resident-evil-mercenaries/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Capcom Crushes Retail Value of 3DS Resident Evil With Permanent Saved Game

When you open your brand-new copy of Resident Evil: The Mercenaries 3D on Tuesday, you may find something interesting in the manual.

“Note: Saved data on this software cannot be reset,” you are warned. When you play the game and your progress is saved, there is no way to take it back. That is your game forever.

Let me explain why this is so infuriating if you’re unclear on just how hostile this is to gamers. Once you’ve beaten the game, you can’t erase your progress and start over. If you want to loan the game to a friend, they won’t be able to start their own game from the beginning. You may be able to trade the game into a store or sell it, but I wouldn’t suggest buying it from someone used, since you won’t be able to start from the beginning and unlock all the content yourself.

Vendors dictating IT strategy. “We don't want our nice new software running on that old clunky hardware.” (and since we make that hardware, we'll be happy to sell you some new stuff.)

Oracle Shuts Older Servers Out of Solaris 11

"The Register is reporting that Oracle has decided not to allow Solaris 11 to install on older Sparc hardware, including UltraSparc-I, UltraSparc-II, UltraSparc-IIe, UltraSparc-III, UltraSparc-III+, UltraSparc-IIIi, UltraSparc-IV, and UltraSparc-IV+ processors. The Solaris 11 Express development version released in November did not have this restriction, which suggests that the OS would likely run on these models. Unfortunately, the installer won't. All generations of Sparc T series processors and Sparc Enterprise M machines will be able to install and run Solaris 11, however."

Does this seem to push copyright a bit too far? If I had a drawing of R2D2 would I be in violation?

Paramount Cease and Desist Targets 3D Printer ‘Pirate’

… Blatt makes digital models of the items he sees in movies and sends them off to 3D printing site Shapeways. They recreate the items in a range of materials from plastic to metal and offer them for sale online.

… On June 8th Blatt announced on theRPF.com movie prop fansite that he was recreating the distinctive cube-shaped items from the Stephen Spielberg movie ‘Super 8‘. On June 9th he uploaded the files to Shapeways.

By June 10th, Blatt had received unwelcome contact from Hollywood lawyers and all his posts on theRPF were quickly edited out.

Terminology change: “Frequent Flyers” will henceforth be known as “Frequent Fryers”...

http://www.bespacific.com/mt/archives/027617.html

June 28, 2011

EPIC v. DHS Lawsuit -- FOIA'd Documents Raise New Questions About Body Scanner Radiation Risks

EPIC: "In a FOIA lawsuit against the Department of Homeland Security, EPIC has just obtained documents concerning the radiation risks of TSA's airport body scanner program. The documents include agency emails, radiation studies, memoranda of agreement concerning radiation testing programs, and results of some radiation tests. One document set reveals that even after TSA employees identified cancer clusters possibly linked to radiation exposure, the agency failed to issue employees dosimeters - safety devices that could assess the level of radiation exposure. Another document indicates that the DHS mischaracterized the findings of the National Institute of Standards and Technology, stating that NIST "affirmed the safety" of full body scanners. The documents obtained by EPIC reveal that NIST disputed that characterization and stated that the Institute did not, in fact, test the devices. Also, a Johns Hopkins University study revealed that radiation zones around body scanners could exceed the "General Public Dose Limit." For more information, see EPIC: EPIC v. Department of Homeland Security - Full Body Scanner Radiation Risks and EPIC: EPIC v. DHS (Suspension of Body Scanner Program)."

Free is good.

Five Desktop Tools To Create Excellent Windows Environment

File Repair

File Repair software is a powerful tool to repair your corrupted files. It scans the damaged file and extracts maximum data from it to a new usable file. You can repair word documents, excel spreadsheets, zip, rar, selected video formats, pdf, etc.

Cryogenic FileSplitter

This is a simple application written in C# by which you can split large files into several pieces to transfer them easily over Internet.

USBFlashCopy

USBFlashCopy is a small Windows utility to back up your flash drives and storage cards on the fly. It runs in the background and copies files from inserted media to a safe location on your hard drive. USBFlashCopy copies only newer or updated files, you can optionally keep old versions of the files.

Appnimi ZIP Password Unlocker

Appnimi ZIP Password Unlocker is designed to let you search for passwords of protected ZIP files. This program guarantees the most complicated passwords recovery. Appnimi ZIP Password Unlocker allows to search for the password of the protected ZIP file using Brute Force algorithm. After recovering the password it will extract the files to a destination folder.

Driver Magician Lite

Driver Magician Lite is freeware, it identifies all the hardware in the system, extracts their associated drivers from the hard disk and backs them up to a location of your choice. Then when you format and reinstall/upgrade your operating system, you can restore all the “saved” drivers just as if you had the original driver diskettes in your hands.

Free is good.

2nd Edition of Learn Python the Hard Way Released

"Are you or your kid intrigued by Python, but not quite ready to purchase an in-depth O'Reilly book? Zed A. Shaw's 2nd edition of Learn Python The Hard Way may be a friendlier option. Shaw's path to Python programming is simple: 1. Go through each exercise, 2. Type in each sample exactly, 3. Make it run. If $60 for the hardcover is too much to ask, or $15.99 for paperback, you can spend a measly buck for the PDF/ePub download. Still too steep? OK, there's even a free online HTML edition. After completing the 52 exercises, Shaw's concluding Advice From An Old Programmer says, 'Which programming language you learn and use doesn't matter. Do not get sucked into the religion surrounding programming languages as that will only blind you to their true purpose of being your tool for doing interesting things.'"

Tuesday, June 28, 2011

Are we now reaching Carl Sagan levels of data breach? “BIL-yons and BIL-yons...”

http://www.databreaches.net/?p=19317

Groupon leaks entire Indian user database

June 27, 2011 by admin

Patrick Gray writes:

The entire user database of Groupon’s Indian subsidiary Sosasta.com was accidentally published to the Internet and indexed by Google.

The database includes the e-mail addresses and clear-text passwords of the site’s 300,000 users. [So, not yet BIL-yons... Bob] It was discovered by Australian security consultant Daniel Grzelak as he searched for publicly accessible databases containing e-mail address and password pairs. [Note: No hacking skills required Bob]

Grzelak used Google to search for SQL database files that were web accessible and contained keywords like “password” and “gmail”.

Centennial Man

Saturday, July 02, 2011

Friday, July 01, 2011

Thursday, June 30, 2011

Wednesday, June 29, 2011

Tuesday, June 28, 2011

Search This Blog

Followers

Blog Archive

Links

About Me