Saturday, November 04, 2006

ACS Employee Questioned Over Database Theft

David Migoya writes in The Denver Post:

Police are questioning an Affiliated Computer Services employee in connection with the theft of a computer that contained state-owned databases with the personal information of about 1.4 million people.

Police have not recovered the computer, a desktop model swiped from the Denver offices of ACS, but an employee of the company is a key suspect in the crime, according to a person familiar with the investigation.

No charges have been filed, and police would not release the employee's name. ACS spokesman Kevin Lightfoot referred all questions about the investigation to authorities.

The computer contained information from the state's Family Support Registry and the New Hire Directory, which ACS has maintained for the Department of Human Services since 1999.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Saturday, Nov. 4, 2006, at least 2,828 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,268 died as a result of hostile action, according to the military's numbers.

The AP count is four more than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

Man Accused of Drugging, Raping Online Daters

An AP newswire article, via MSNBC, reports that:

He was an online dater's dream: Tall, clean-cut, with a fashionable address and a taste for upscale bars and restaurants.

He said he was a doctor, an astronaut, a spy — though he was really an on-and-off nursing student. With woman after woman, he would slip something in their drinks and then rape them, police say.

Jeffrey J. Marsalis, 33, of Philadelphia, is facing trial on nine rape counts involving eight women, while a 10th charge is pending in Sun Valley, Idaho. He met most of the victims here through a popular online dating site, authorities said.

More here.

Scientists Protested Website Nuclear Data Two Week Ago

Via Reuters.

Scientists at a U.S. weapons lab complained more than two weeks ago that captured Iraqi documents containing sensitive nuclear information were available on the Web site that the government shut down on Thursday, The New York Times reported on Saturday.

A senior federal official, speaking on condition of anonymity, told the Times that scientists at California's Lawrence Livermore National Laboratory protested some of the weapons papers on the site to the National Nuclear Security Administration, an arm of the Department of Energy, in October. But the objections "never perked up to senior management," the Times quoted the official as saying. "They stayed at the mid-levels."

Managers at the security administration passed the warning to their counterparts at the Office of the Director of National Intelligence, which oversaw the Web site, the Times said, citing the official. And as a result, according to a nuclear weapons expert, the government pulled two nuclear papers from the Web site last month. The dangers of the documents, which were captured during the war, had been recognized at Livermore and in the wider community of government arms experts, he said.

More here.

Friday, November 03, 2006

Computer Scientists Alarmed by Voting System for Troops

Kevin Coughlin writes on NJ.com:

A new electronic system meant to simplify voting for overseas troops may compromise their confidentiality and expose them to identity theft, computer scientists warn.

Citing those concerns, Rep. Rush Holt (D-12th Dist.) yesterday asked Defense Secretary Donald Rumsfeld to establish more secure voting procedures for next week's elections.

More here.

Military Publications: 'Rumsfeld Must Go'

U.S. Secretary of Defense Donald Rumsfeld


Normally, stories like this would not be candidate for the blog.

Having said that, however, I am a former military man myself, and I think this warrants a couple of paragraphs.

Via MSNBC.

Just days after President Bush publicly affirmed Defense Secretary Donald Rumsfeld's job security through the end of his term, a family of publications catering to the military will publish an editorial calling for the defense secretary's removal.

The editorial, released to NBC News on Friday ahead of its Monday publication date, stated, "It is one thing for the majority of Americans to think Rumsfeld has failed. But when the nation's current military leaders start to break publicly with their defense secretary, then it is clear that he is losing control of the institution he ostensibly leads."

The editorial will appear just one day before the midterm election, in which GOP candidates have been losing ground, according to recent polls.

"This is not about the midterm elections," continued the editorial, which will appear in the Army Times, Air Force Times, Navy Times, and Marine Corps Times on Monday. "Regardless of which party wins Nov. 7, the time has come, Mr. President, to face the hard bruising truth: Donald Rumsfeld must go."

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Friday, Nov. 2, 2006, at least 2,828 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,268 died as a result of hostile action, according to the military's numbers.

The AP count is four more than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

Cable Companies Winning Against Telcos In Bundled Services

Antone Gonsalves writes on InformationWeek:

Cable companies are leveraging their infrastructure and customer relationships to hold on to a commanding lead over telecom companies in the battle to sell bundled services of TV, voice communications and broadband, a market researcher said Friday.

Fully 90% of homes that have the so-called triple play of services are cable TV subscribers, Knowledge Networks of Menlo Park, Calif., said.

More here.

Australian Tax Office Breaches Privacy

Lachlan Heywood writes on News.com.au:

The tax records of hundreds of Australians have been illegally accessed by Australian Taxation Office staff over the past two years.

Breaches include spying on clients' records and unauthorised access of data systems.

A total of 917 taxpayers have had their records inappropriately accessed by ATO staff since October 2004 and high-profile celebrities and sports stars may have ben affected.

Earlier this year, multi-millionaire businessman and former producer John Cornell – a close friend and business partner of actor Paul Hogan – accused the tax office of deliberately leaking some of his records to the media.

More here.

DHS Office in Memphis Bugged

Via UPI.

Officials in Memphis, Tenn., are investigating who installed electronic listening devices in ceiling tiles at the local Homeland Security office.

The Memphis Commercial Appeal reported on November 2 that the Shelby County Sheriff's Office has not publicly commented on its investigation.

Shelby County Commissioner David Lillard has referred obliquely to "personal animosities" being involved.

More here.

Starbucks Loses Laptops with Data on 60,000 Employees

An AP newswire article, via USA Today, reports that:

Starbucks said Friday it has lost track of four laptop computers, two of which had private information on about 60,000 current and former U.S. employees and fewer than 80 Canadian workers and contractors.

The data, which include names, addresses and Social Security numbers, is from before December 2003, said Valerie O'Neil, a spokeswoman for the coffee retailer.

The company has not received any reports that anyone's personal information has been compromised.

"We have no reason to believe these laptops are in the hands of someone who wants to misuse them," O'Neil said. "We just want to make every effort to protect our partners."

O'Neil said Starbucks is in the process of notifying those affected, including an estimated 8% of the current workforce.

More here.

Gizmondo Ferrari Case Update: Mistrial in L.A.

The remains of wrecked Ferrari Enzo involved in the February 2006 crash.



Dan Whitcomb writes for Reuters:

A Los Angeles judge declared a mistrial on Friday in the theft and embezzlement trial of a Swedish former videogame executive who made worldwide headlines by destroying a rare $1 million Ferrari in a spectacular Malibu crash.

Los Angeles Superior Court Judge Patricia Schnegg declared a mistrial in the case of 44-year-old Bo Stefan Eriksson after jurors, who had been deliberating for about a day, said they could not agree on verdicts.

More here.

What are Good Security Metrics?

Jason Miller writes on GCN.com:

“No government agency can say with confidence that the Chinese are not inside all their computers.”

That one comment from Alan Paller, the research director of the SANS Institute of Bethesda, Md., sparked the discussion of how well government agencies secure their IT systems and measure the effectiveness of their cybersecurity controls.

“The Chinese doctrine calls for a cyberattack as part of the next war with the U.S.,” Paller said earlier this week at the Executive Leadership Conference sponsored by the American Council for Technology and the Industry Advisory Council. “Every major nation has a substantial cyberespionage initiative. It does matter that they and terrorist organizations are doing this because we are not doing very well in stopping them.”

Paller said that Congress and the administration pay too much attention to how agencies meet certain aspects of the Federal Information Security Management Act. He said the number of systems certified and accredited, awareness training, configuration management and annual testing don’t go far enough to ensure agency IT systems are secure.

More here.

Wikipedia Blaster 'Fix' Points to Malware

John Leyden writes on The Register:

Hackers have hijacked links on a Wikipedia article to trick users into downloading malware.

A piece on the German edition of Wikipedia was re-written to contain false information about a supposedly new version of the infamous Blaster worm, along with a link to a supposed 'fix'. In reality, the link pointed to malware designed to infect Windows PCs.

Hackers then spamvertised a bogus warning about the new Blaster variant to German users alongside links to the fraudulent Wikipedia entry, in a bid to lend credibility to the bogus warning. The article was quickly edited to remove the bogus information and the attack is not thought to have claimed many victims, reports UK anti-virus firm Sophos.

More here.

FTC Settles With Zango Over Adware

Grant Gross writes on ComputerWorld:

Adware distributor Zango Inc. will give up $3 million in "ill-gotten gains" for deceptive downloads that displayed billions of unwanted pop-up ads in a settlement with the Federal Trade Commission (FTC).

The settlement, announced Friday, bars Zango from loading software onto consumers' computers without their consent, the FTC said. The settlement also requires Zango, formerly known as 180solutions Inc., to provide a way for consumers to remove the adware. Also named in the settlement were Zango executives Keith Smith and Daniel Todd, of Bellevue, Washington.

More here.

Optical: Cisco's Odd Man Out?

Craig Matsumoto writes on Light Reading:

Is Cisco Systems Inc. getting out of the optical networking business?

Press reports in northern California say 40 staff in Petaluma were being moved out of optical, many of them being offered other jobs within Cisco. One source says Cisco's Richardson, Texas, facility is also slashing optical jobs and giving several employees new assignments.

And, like last year, there are rumors that Cisco is close to declaring the 15000 series products have reached "end of life." But, as ever, analysts and competitors seriously doubt that's going to happen.

More here.

Quote of the Day: Scott Adams

"Kim Jong-il would win a seat in Congress this year if he ran against an incumbent Republican."

- Scott Adams, discussing the 2006 Weasel Award winners over on The Dilbert Blog.

Thursday, November 02, 2006

Toon: Hack the Vote


Click for larger image.


Police: Identity Theft Ring Disrupted

An AP newswire article, via The Boston Globe, reports that:

Ten hotel workers were arrested Thursday in what police said was an identity theft ring that involved thousands of stolen credit card numbers nationwide.

The four-month investigation netted more than 150 stolen credit cards used by visitors to book rooms in Joliet and Romeoville, both near Chicago, authorities said.

The ring involved workers, managers and at least three owners at two Holiday Inn Express franchises, three Super 8s, a Ramada and a Budget Inn, police said.

Police said they believe their informant, who faces unrelated charges, bought more than 10,000 credit card numbers used by hotel guests in the Joliet area over the past six years.

More here.

U.S. Web Archive Is Said to Reveal a Nuclear Guide

William J. Broad writes in The New York Times:

Last March, the federal government set up a Web site to make public a vast archive of Iraqi documents captured during the war. The Bush administration did so under pressure from Congressional Republicans who had said they hoped to “leverage the Internet” to find new evidence of the prewar dangers posed by Saddam Hussein.

But in recent weeks, the site has posted some documents that weapons experts say are a danger themselves: detailed accounts of Iraq’s secret nuclear research before the 1991 Persian Gulf war. The documents, the experts say, constitute a basic guide to building an atom bomb.

Last night, the government shut down the Web site after The New York Times asked about complaints from weapons experts and arms-control officials. A spokesman for the director of national intelligence said access to the site had been suspended “pending a review to ensure its content is appropriate for public viewing.”

Officials of the International Atomic Energy Agency, fearing that the information could help states like Iran develop nuclear arms, had privately protested last week to the American ambassador to the agency, according to European diplomats who spoke on condition of anonymity because of the issue’s sensitivity. One diplomat said the agency’s technical experts “were shocked” at the public disclosures.

More here.

Quote of the Day: Robert X Cringley

"But we'll move to IPv6, that's for sure, if only to make sure Halliburton has plenty of business."

- Robert X Cringley

Diebold Demands HBO Cancel Film on Voting Machines--Updated

A Bloomberg News article by Michael Janofsky, via The Seattle Post-Intelligencer, reports that:

Diebold Inc. demanded that cable network HBO cancel a documentary that questions the integrity of its voting machines, calling the program inaccurate and unfair.

The program, "Hacking Democracy," is scheduled to debut on Nov. 2, five days before the 2006 U.S. midterm elections. The film claims Diebold voting machines aren't tamper-proof and can be manipulated to change voting results.

More here.

Update: I watched this tonight on HBO, and it was rather chilling. I highly recommend this documentary.

Also notable: "Ohio County Possibly Exposed Election System to Computer Virus".

FBI Cyber Crackdown Leads to 16 Arrests

Jon Swartz writes on USA Today:

In its latest crackdown on cybercrime, the FBI planned to announce Friday the arrests of 16 people in the USA and Poland suspected of participating in a website where stolen personal data were traded and phishing attacks were launched.

Individuals were arrested in Atlanta and Columbus, Ohio. Raids were conducted in New York, Texas, Tennessee, Nebraska, Georgia and Ohio, the FBI said.

Search warrants on three individuals in Romania also were performed this week as part of the ongoing investigation.

The actions against the Cardkeeper forum are the highest-profile since the Richmond, Va., division of the bureau started investigating the phishing attack on a bank in mid-2004. More than 100,000 credit and debit cards from more than 1,000 individuals were compromised.

More here.

Man Posts Sex Offender Photo on MySpace

Ironically, it is immediately unclear to me that if the DOJ had continued to allow Kevin Pulsen's Sex Offender Registry "scraping code" to do what it was designed to do (detect child predators and sex offenders trying to use MySpace), whether or not this kind of issue would have been detected earlier, or not.

An AP newswire article, via The Boston Globe, reports that:

A man who posted his own sex offender registry photo on the social networking site MySpace.com is back behind bars.

Christian Paul Dutton, 47, of Wheeling, was arrested in September for trespassing at an elementary school but later released. He was arrested again Wednesday on charges of failing to register his MySpace account with the State Police.

Dutton, who served more than six years after a 19'84 conviction in Ohio for attempted rape, had registered on the site under the name "Bubba."

He is required to register as a sex offender for life.

More here.

Homeland Security to 'Target' Millions in Data-Mining System

Via EFF Deep Links.

The Department of Homeland Security today published a notice in the Federal Register disclosing the existence of a "new system of records" -- the Automated Targeting System (ATS) -- that assigns "risk assessments" to millions of U.S. citizens who seek "to enter or exit the United States" or whose work involves international trade. The system appears to involve the data-mining of massive amounts of information derived from a wide variety of sources, including Passenger Name Record (PNR) data obtained from commercial air carriers.

The "risk assessments" generated by the system will be retained for "up to forty years," according to DHS, in order to "cover the potential lifespan of individuals associated with terrorism or other criminal activity." But wait -- just because you're currently innocent, that doesn't mean you get a free pass. As the notice goes on to explain:

All risk assessments need to be maintained because the risk assessment for individuals who are deemed low risk will be relevant if their risk profile changes in the future, for example, if terrorist associations are identified.

DHS has exempted all of the data contained in the ATS from the "access" and "correction" requirements of the Privacy Act of 1974, which means that citizens have no right to learn about their own "risk assessments" or to challenge them.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Thursday, Nov. 2, 2006, at least 2,820 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,263 died as a result of hostile action, according to the military's numbers.

The AP count is one more than the Defense Department's tally, last updated Thursday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

FCC Delays AT&T-BellSouth Merger Vote Again

A Reuters newswire article, via CNN/Money, reports that:

The Federal Communications Commission on Thursday delayed a vote on AT&T Inc.'s purchase of BellSouth Corp., the third such postponement, reflecting a bitter clash between Republican and Democratic members of the agency.

FCC commissioners had been scheduled to vote on the deal at their Friday meeting.

Republican FCC Chairman Kevin Martin has been trying to broker a compromise with the two Democratic commissioners, but for three weeks they have been unable to reach a consensus for approving the $82.2 billion transaction.

More here.

U.S. OMB: 'People are Losing Data'

Matthew Weigelt writes on FCW.com:

Between July and Sept. 30, agencies reported 338 separate security incidents involving personally identifiable information to the Office of Management and Budget, Karen Evans, OMB’s administrator for e-government and information technology, said today.

Many of the incidents, however, are not attacks on government information from outsiders, Evans said in a speech at the IT Association of America’s annual Chief Information Security Officer Workshop in Falls Church, Va.

“Primarily, people are losing data,” she said.

More here.

Gapingvoid: Blog 2.0

Via gapingvoid.com. Enjoy!

Ohio County Possibly Exposed Election System to Computer Virus

Via Freedon to Tinker.

The memory cards that will be used to store votes on Election Day in Cuyahoga County, Ohio were stuck into ordinary laptop computers in September, possibly exposing the county’s election system to a virus infection. This serious security lapse was caught on video through the efforts of Cleveland resident Adele Eisner and Cleveland-area filmmaker Jeffrey Kirkby, who has graciously made his raw footage available on the Internet for personal viewing at
http://homepage.mac.com/captainkirkby/Data_Crunch/iMovieTheater87.html

Just one month ago a Princeton evoting study (available at http://itpolicy.princeton.edu/voting) showed that the memory cards used in Diebold touchscreen voting systems could carry computer viruses that would infect voting machines and steal votes on the infected machines.

More here.

UK Ministers to Put Patients' Details on Central Database Despite Objections

John Carvel writes on The Guardian.co.uk:

Health ministers vowed yesterday to press ahead with uploading millions of medical records on to a central NHS database, even if many people objected to their personal details being included. The Department of Health scorned a campaign, described in the Guardian yesterday, to force the government to abandon the scheme on the grounds that it could breach the confidentiality of personal information.

The uploading of patients' files is part of a £12bn scheme to modernise and expand the NHS IT system. The government believes patients will get better care if NHS staff can gain instant access to their medical notes, wherever in England they need to be treated.

More here.

2006 Weasel Awards Results

Here are the Top Weasels in this year's Weasel Awards:

Weaseliest Pundit/Reporter?
Michael Moore

Weaseliest Celebrity?
Tom Cruise

Weaseliest Industry?
Oil

Weaseliest Sports Person?
Barry Bonds

Weaseliest Company?
Halliburton

Weaseliest Organization?
Republican Party

Weaseliest Politician?
George W. Bush

Weaseliest Country?
United States


Read the full results of the 2006 Weasel Awards.

TIAA-CREF in Hot Water (Again)

Renee Boucher Ferguson writes on eWeek:

The IT issues at TIAA-CREF have once again reared their (collectively) ugly head.

Details of increasing problems with Teachers Insurance and Annuity Association-College Retirement Fund, one of the nation's largest private retirement systems, have recently been forwarded to eWEEK from disgruntled customers. Those, added to a number of complaints filed with TIAA-CREF's New York oversight board, point to still-unresolved issues at the company.

More here.

The Boarding Pass Brouhaha

Bruce Schneier writes on Wired News:

Last week Christopher Soghoian created a Fake Boarding Pass Generator website, allowing anyone to create a fake Northwest Airlines boarding pass: any name, airport, date, flight.

This action got him visited by the FBI, who later came back, smashed open his front door, and seized his computers and other belongings. It resulted in calls for his arrest -- the most visible by Rep. Edward Markey (D-Massachusetts) -- who has since recanted. And it's gotten him more publicity than he ever dreamed of.

All for demonstrating a known and obvious vulnerability in airport security involving boarding passes and IDs.

More here.

Another VA Breach Affects 1,600 Veterans in N.Y.

Dan Kaplan writes on SC Magazine Online:

The Department of Veterans Affairs (VA) is again warning veterans their identity may be at risk following the theft of an unencrypted laptop from the agency's New York Harbor Healthcare System.

The breach affects veterans who receive pulmonary care at the hospital, according to an Oct. 20 letter to veterans, released Wednesday by U.S. Rep. Carolyn Maloney, D-N.Y. The computer, stored in a locked room at the time of the theft, contained personal information, including names, Social Security numbers and diagnosis data, the letter said.

About 1,600 veterans were affected by the Sept. 6 theft, VA spokeswoman Jo Shuda told SCMagazine.com. She was unsure if the laptop was encrypted. Duplicate patient listings incorrectly placed the number of affected vetersans at 2,400 earlier in the day, according to VA officials.

More here.

U.S. Air Force to Create Cyberspace Command

Jim Wolf writes for Reuters:

The U.S. Air Force plans to set up what could become a major command aimed at safeguarding U.S. military and civilian cyberspace, Air Force Secretary Michael Wynne said on Thursday.

Wynne, speaking at a military communications and intelligence conference, said U.S. vulnerabilities in cyberspace included financial networks, satellite communications, and radar and navigational jamming.

More here.

UK: Database Pioneer's Privacy Fears

A Reuters newswire article, via Wired News, reports that:

A pioneer of Britain's DNA database said on Wednesday it may have grown so far beyond its original purpose that it now risks undermining civil rights.

Professor Alec Jeffreys told BBC radio that hundreds of thousands of innocent people's DNA was now held on the database, a disproportionate number of them young black men.

The database, set up in 1995, has expanded to 3.6 million profiles, making it the largest in the world.

Everyone who has ever been arrested by the police, even if not charged, is obliged to provide a DNA sample for the database, which also includes victims of crime and others who have volunteered a sample to help a criminal investigation.

More here.

TSA Security Notebook Left In Passenger's Luggage

Via KITV 4 Honolulu.

A Transportation Security Administration employee mistakenly left a notebook with sensitive security information in a checked piece of luggage at Kona International Airport, KITV has learned.

The notebook full of records from an explosive detection machine in Kona ended up in a passenger's duffle bag on Oahu.

TSA is investigating the mishap.

More here.

The Virus That Ate DHS

Kevin Poulsen writes on Wired News:

A Morocco-born computer virus that crashed the Department of Homeland Security's US-VISIT border screening system last year first passed though the backbone network of the Immigrations and Customs Enforcement bureau, according to newly released documents on the incident.

The documents were released by court order, following a yearlong battle by Wired News to obtain the pages under the Freedom of Information Act. They provide the first official acknowledgement that DHS erred by deliberately leaving more than 1,300 sensitive US-VISIT workstations vulnerable to attack, even as it mounted an all-out effort to patch routine desktop computers against the virulent Zotob worm.

More here.

Wednesday, November 01, 2006

Oops: California E-Voting Machine Allows Multiple Votes

This is exactly why I have already sent in my ballot via absentee balloting.

Yikes.

Allen Martin writes on CBS5.com:

Voting machines sold to 21 different counties in California could allow people to vote more than once, state election officials warn in a notice to counties.

The notice went out on Monday, just eight days before the election. It tells election officials to keep a close eye on voting machines sold by Oakland-based Sequoia Voting Systems because a yellow button on the back of each machine can be pushed and potentially allow someone to vote more than once.

Sequoia sold the machines to 21 counties in the state, including Alameda, Santa Clara and Santa Cruz.

The yellow button is only supposed to be pushed if the machine needs to be reset. But, someone could reach or walk behind the machine, push it, and vote again.

More here.

Scientists Say White House Muzzled Them

An AP newswire article by John Heilprin, via CBS News, reports that:

Two federal agencies are investigating whether the Bush administration tried to block government scientists from speaking freely about global warming and censor their research, a senator said Wednesday.

Sen. Frank Lautenberg, D-N.J., said he was informed that the inspectors general for the Commerce Department and NASA had begun "coordinated, sweeping investigations of the Bush administration's censorship and suppression" of federal research into global warming.

More here.

A Pastafarian South Park


Was the Flying Spaghetti Monster making an appearance on South Park tonight?

Yes, and it was magnificent.

Via Church of The Flying Spaghetti Monster and Boing Boing.

Enjoy!

Political Toon: John Kerry's Botched Joke? No Joke...


Click for larger image.


Tech as a Threat to National Security?

Steve Hamm and Dawn Kopecki write on Businessweek.com:

The offshore exodus of software programming over the past half-decade has slashed costs, eliminated tens of thousands of American jobs, and given rise to a huge industry in India. Now a debate has begun about whether the globalization of software is a serious threat to national security.

Until now, the discussion has primarily been situated deep in the corridors of the Pentagon and limited to members of an obscure volunteer advisory board. But in the coming weeks, this could emerge as a hot-button security issue.

More here.

Twin Cities: Nurse's Stolen Laptop Held Patient Data

Jeremy Olsen writes in the St. Paul Pioneer Press:

The theft of an Allina nurse's laptop three weeks ago has not yet resulted in any cases of identity fraud, according to a health system spokesman.

Allina sent written warnings in mid- to late October after learning a laptop was stolen Oct. 8 from a nurse's locked car. The laptop contained personal information for 33,000 people, including Social Security numbers for 17,000 people.

Those affected included people with terminal illnesses receiving home hospice services and women receiving nursing visits both before and after they gave birth.

More here.

Voting Mischief in Baltimore: Poll Assignment Calls Mislead

Melissa Harris writes in The Baltimore Sun:

With Baltimore scrambling to make sure next week's voting goes smoothly, city elections officials expressed concern Wednesday at reports that a rogue caller was contacting poll workers and changing their Election Day assignments -- raising the prospect that some precincts might not have the staffing they need.

State elections chief Linda H. Lamone contacted the FBI Wednesday after Baltimore officials reported that someone called at least 10 poll workers and falsely told them that their precinct assignments had been switched.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Wednesday, Nov. 1, 2006, at least 2,817 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,259 died as a result of hostile action, according to the military's numbers.

The AP count is two more than the Defense Department's tally, last updated Wednesday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

Picture of the Day [2]: Help Us, John Kerry!



Priceless.

(Via Wonkette.)

Bearing Point Could Lose Federal ID Card Contract

Chris Kirkham writes in The Washington Post:

The federal government has decided to reopen the bidding to produce hundreds of thousands of universal government identification cards, stripping the McLean consulting firm BearingPoint Inc. of a potential five-year contract.

It is an unusual move for the General Services Administration, coming just two months into the $104 million contract. BearingPoint will continue to develop ID cards for government employees and contractors through early January, after which the GSA will either ask for more bids or allow agencies to choose from an approved list of vendors.

GSA officials said the decision had nothing to do with BearingPoint's performance but rather that the agency felt there were more companies that could develop the appropriate technology. The cards make use of biometric data such as fingerprints and retinal scans and contain computer chips that can store more personal information. GSA officials say that with more options, they can command lower prices.

More here.

Spam That Delivers a Pink Slip -- And a Keylogger

Cara Garretson writes NetworkWorld:

Last week, a handful of employees at Dekalb Medical Center in Decatur, Ga., received e-mails saying they were being laid off. The subject line read “Urgent – employment issue,” and the sender listed on the message was at dekalb.org, which is the domain the medical center uses. The e-mail contained a link to a Web site that claimed to offer career-counseling information.

And so a few employees, concerned about their employment status and no doubt miffed about being laid off via e-mail, clicked on the link to learn more and unwittingly downloaded a keylogger program that was lurking at the site.

Score another one for spammers.

More here.

Security Company Loses Personal Info Computer -- Again

Via ABC 7 News, Denver.

Coloradans are once again getting letters warning that their personal information has been stolen.

The company, Affiliated Computer Services, has contracts with the city of Denver, the state and the federal government.

For a second time this year, Affiliated Computer Services, or ACS, has failed to protect critical financial information.

"It's every bit of information about me. All of my bank accounts -- everything," said Jeff Nichols. "It makes me feel violated."

In February, 7NEWS Investigators broke the story after millions of credit card numbers stolen from Denver International Airport.

ACS was the contractor. It did not warn card-holders.

More here.

Stolen Laptop Contains ROTC Scholarship Database

Via NBC4.com.

A laptop computer containing 4,600 high school seniors' personal information was stolen from the U.S. Army Cadet Command's headquarters at Fort Monroe, an Army spokesman said.

A database on the computer, which had information about applicants for the Army's four-year ROTC scholarship, included Social Security numbers, birth dates, home addresses, phone numbers, parents' names and mothers' maiden names.

The command has notified the students and their families about the theft, and an investigation is under way.

More here.

U.S. Near the Bottom in Privacy Study

Bob Sullivan writes on The Red Tape Chronicles:

U.S. privacy protections rank among the worst in the democratic world, a London-based privacy organization said Wednesday.

Privacy International ranked 36 nations around the globe, including all European Union nations and other major democracies, and determined that in categories such as enforcement of privacy laws, the U.S. is on par with countries like China, Russia and Malaysia.

Overall, the U.S. was determined to be an "extensive surveillance society,” the second-lowest rating in the study.

The survey identified Malaysia, China and Russia as the world’s lowest-ranked countries in terms of privacy. It ranked Germany and Canada as those that best protect the privacy of their citizens.

More here.

FBI Logs On for Monitoring Service for Arabic Networks

Wilson P. Dizard III writes on GCN.com:

The FBI now has access to an online service that its employees can use to screen TV broadcasts and provide alerts when specified words are used, either on English-language networks or networks broadcasting in Arabic.

Critical Mention Inc. of New York City provides the service, which it is furnishing to multiple users at the bureau under a recently concluded one-year contract with options for renewal.

“CriticalTV alerts users about a relevant clip seconds after a broadcast, and allows users to share the clip instantly within a workgroup via secure video-e-mail or a private video gallery. Users can also order a professional transcript or hard copy online,” according to a company announcement.

The vendor has forged a partnership with IBM Corp. to incorporate an Arabic-to-English, speech-to-text translation feature into the CriticalTV service. The TV monitoring service generates alerts of the use of a specified word or term within two minutes or so of its broadcast via a satellite or terrestrial broadcast network, the company said.

More here.

Australia: Centrelink Search Powers Under Attack

Duh. You think?

Given the recent history of Centrelink staff misusing privacy data, I'd say this was a very, very bad idea.

Lachlan Heywood writes on news.com.au:

Centrelink officers will be given controversial police-like search and seizure powers as part of the Federal Government's crackdown on welfare fraud.

The new powers would allow Centrelink officers to obtain a warrant from a magistrate to enter and search premises.

They will also have authority to confiscate any property deemed of importance to the case.

But the proposed changes, currently being examined by the Senate's Legal and Constitutional Affairs Committee, has welfare groups worried.

Their main fear is that the proposed search and seize powers could be abused.

More here.

Compulinx CEO Arrested, Charged With Identity Theft From His Own Employees

A VARBusiness article by Chris Gonsalves, via InformationWeek, reports that:

Federal law enforcement officials Tuesday arrested the well-known CEO of White Plains, N.Y.-based MSP provider Compulinx on charges of stealing the identities of his employees in order to secure fraudulent loans, lines of credit and credit cards, according to an eight-count indictment unsealed by the U.S. Attorney's office in White Plains.

Terrence D. Chalk, 44, of White Plains was arraigned in federal court in White Plains, along with his nephew, Damon T. Chalk, 35, after an FBI investigation turned up the curious lending and spending habits. The pair are charged with submitting some $1 million worth of credit applications using the names and personal information -- names, addresses and social security numbers -- of some of Compulinx's 50 employees. According to federal prosecutors, the employees' information was used without their knowledge; the Chalks falsely represented to the lending institutions, in writing and in face-to-face meetings, that the employees were actually officers of the company.

Terrence Chalk is also charged with racking up more than $100,000 in unauthorized credit card charges. If convicted, he faces 165 years in prison and $5.5 million in fines, prosecutors say. Damon faces a maximum sentence of 35 years imprisonment and $1.25 million in fines.

No one was answering the phones at Compulinx Wednesday morning, and the company's Web site was not responding.

More here.

Picture of the Day: A Pastafarian Hallowe'en



Via The Church of The Flying Spaghetti Monster.

IGF: ICANN Warns Mistake on Non-English Web Addresses Could 'Permanently Break Internet'

An AP newswire article by Derek Gatopoulos, via USA Today, reports that:

The organization that oversees global Internet functions warned Wednesday that a mistake in a creating more Web addresses using non-Latin letters could "permanently break the Internet."

The Internet Corporation for Assigned Names and Numbers, or ICANN, made the warning at a U.N.-organized conference on the future of the Internet.

A more multilingual Internet is a key issue at the forum, with future Web growth predicted in developing countries where the Latin alphabet is often unfamiliar.

"ICANN expects that these final tests and discussions will reach a resolution by the end of 2007," CEO Paul Twomey said in a statement. "But this is no simple task. If we get this wrong, we could very easily and permanently break the Internet."

More here.

UK: Police Fail to Record e-Crime

Tom Young writes in Computing:

Senior police officers and industry experts have voiced concerns about a lack of systems for recording electronic crime, following the publication of a Whitehall report this week.

The Parliamentary Office of Science and Technology (Post) report on computer crime says fewer than one in four police forces can generate any record of e-crime and that, as a result, a large proportion goes undetected.

The report says this problem is distorting crime figures and hampering prevention.

More here.

UK: Level 3 Floored by Robbery

John Oates writes on The Register:

Level 3, the supposedly secure back bone provider, has lost all services at its Braham Street data centre thanks to a robbery.

The company refused to speak to The Register this morning, but many of its customers have been in touch.

According to Level 3 customers thieves got into the building on Braham Street, E1, and stole core router cards.

An email sent by Level 3 to its customers said only: "There was a security breach in our Braham St gateway early this morning. A number of service affecting cards were removed without authority from live equipment. This has resulted in the loss of IP and voice services to a number of customers at Braham St. We are currently attempting to restore service as quickly as possible. We will issue further updates as information becomes available."

We were told no spokesperson was available or likely to be available.

More here.

IGF: United Nations Internet Forum Tech Poorly Executed


Kieren McCarthy writes on The Register:

The website of the United Nations' Internet Governance Forum has been suspended and replaced with a cartoon dog pulling wires out of a PC.

The site at igf2006.info was taken down with 20 minutes left of the main speaking session after the hosts complained that demand from a collaborative website set up to elicit views from the wider Internet was overwhelming its server. It also brought down the main information site at intgovforum.org which was held on the same server.

The hosts decided to shift the site to a bigger machine but attendees - not to mention the dozens of people interacting in the chatrooms - were surprised when the site not only apruptly disappeared but was also replaced with the cartoon dog.

More here.

FCC Backs Airline's Free Wi-Fi at Logan Airport

Jeremy Pelofsky writes for Reuters:

Continental Airlines won a battle to offer high-speed Internet service in its frequent flier club at Boston Logan International Airport, the U.S. Federal Communications Commission ruled on Wednesday.

The FCC ruled against the Massachusetts Port Authority, or Massport, which ordered airlines in 2005 to unplug their wireless and wireline high-speed Internet services in their lounges and instead use the airport's fee-based system.

"Today's decision ensures that the Wi-Fi bands remain free and open to travelers, who can make productive use of their time while waiting to catch their next flight in an airport," FCC Commissioner Michael Copps said in a statement.

A spokeswoman for MassPort was not immediately available for comment.

More here.

German Court Rules in Favor of Microsoft in Case Against Porn Spammer

Via heise security online.

Microsoft is pleased about the ruling handed down by the Intermediate Court of Appeals in Karlsruhe in the case against a German porn spammer. Microsoft is reporting that the court found the spammer guilty of violating the Microsoft brand and ordered it to hand over data, pay damages, and desist from sending unsolicited advertising e-mails.

The accused, a man residing in Schleswig-Holstein, was charged with conducting a number of spam campaigns over a period of around six months, mostly as advertising for the sex web sites he operates. Microsoft says that the man used forged e-mail addresses from Hotmail, Microsoft's e-mail service and a registered trademark, in some of the spams he sent. Now, he is paying the price. While the man denies being responsible for the advertising e-mails, the court has ruled that he is indeed responsible and has therefore also committed a breach of trademark. Microsoft emphasizes that the court expressly stated that the use of "Hotmail" as a forged a sender address constitutes a violation of trademark.

More here.

Canada: Videotron Lobbying for Internet 'Transmission Tariff'

A Canadian Press article by Alexander Panetta, via The Globe and Mail, reports that:

With video and music downloads gobbling up Internet bandwidth at an ever-expanding pace, cable company Videotron is pushing for content providers like movie studios to share some of the cost to expand broadband pipelines.

Videotron boss Robert Depatie wants the federal government to slap a transmission tariff on providers — like the music and film industry — so they can shoulder part of the burden.

More here.

Denver Computer Theft Puts 1.4 Million People At Risk

Via CBS4Denver.com.

A personal computer has been stolen and more than 1 million people are now at risk of identity theft.

The computer theft was made public last week by a contractor working for the Colorado Department of Human Services but it wasn't immediately revealed how many personal files were stolen.

More here.

Microsoft Among Targets in Online Privacy Complaint

Anne Broache writes on C|Net News:

Technologies used by Microsoft and other online advertising outfits to analyze user behavior threaten privacy and must be curbed, a pair of advocacy groups said Wednesday.

The Washington-based U.S. Public Interest Research Group and the Center for Digital Democracy have asked the Federal Trade Commission to review--and ideally restrict--what they describe as a growing online business model dependent on technologies that "aggressively track us wherever we go, creating data profiles to be used in ever-more sophisticated and personalized 'one-to-one' targeting schemes."

"Consumers entering this new online world are neither informed of nor prepared for these technologies and techniques--including data gathering and mining, audience targeting and tracking--that render users all but defenseless before the sophisticated assault of new-media marketing," the groups charged in a 50-page complaint filed with the FTC.

More here.

Netcraft: November 2006 Web Server Survey

Via Netcraft.

There are now more than 100 million web sites on the Internet, which gained 3.5 million sites last month to continue the dynamic growth seen throughout 2006. In the November 2006 survey we received responses from 101,435,253 sites, up from 97.9 million sites last month.

The 100 million site milestone caps an extraordinary year in which the Internet has already added 27.4 million sites, easily topping the previous full-year growth record of 17 million from 2005. The Internet has doubled in size since May 2004, when the survey hit 50 million.

More here.

Tuesday, October 31, 2006

Local: Explosions Reported At eBay PayPal Building In SJ -- Update

Wow.

This is just right down the street from me... and no, I'm not going down there to first-person report. I've a had few Hallowe'en beers, and several candy bars. :-)

Via CBS5.com.

San Jose firefighters are responding to reports of explosions from within a four-story building in San Jose that has also drawn responses from a bomb squad and a hazardous materials team.

The fire department responded to the building at 2211 North 1st St. at 7:31 p.m. after being contacted by the building's private alarm company that some windows were broken and several explosions may have occurred inside, according to San Jose Fire Department Capt. Jose Guerrero.

The firefighters report no obvious signs of fire, but it appears there is a haze coming from inside of the building and several windows have been blown out, Guerrero said.

Firefighters have ordered the evacuation of the building and members of the bomb squad and the hazardous materials team are going through the structure, according to Guerrero.

More here.

UPDATE: Local news reports that the incident ocurred at the eBay/PayPal operations center, and that no one was hurt, no operations were disrupted, etc.

Yet Another Hospital Hit by Data Theft of Privacy Data

Dean Wong writes in The Ballard (Washington) News Tribune:

Over a thousand recent patients at Swedish Medical Center's Ballard Campus are being advised to check their credit reports after the personal information of three people was stolen from the hospital.

According to Swedish Medical Center, the three patients may have been the victims of identity theft by a former employee who stole their names, birth dates and Social Security numbers from hospital files.

As a precaution, Swedish has told 1,100 in-patients or day-surgery patients who visited the hospital between June 22, 2006 and Sept. 21, 2006, to watch for any unusual or unauthorized credit activity in their names.

More here.

(Props, Flying Hamster.)

Forbes: Better Safe Than Hacked

Image source: MSNBC.com


Maureen Ferrell writes on Forbes.com:

While all computers are susceptible to attack, a database plump with credit card numbers invites the most shenanigans. Indeed, online retailers face threats on all sides--from the hackers who try to steal those numbers to the fraudsters who buy and resell merchandise with "hot" credit cards.

The average rate of fraud online is around 1%. That may sound small, but it's a massive figure relative to the .05% to .07% fraud rate at brick-and-mortar retailers, estimates Avivah Litan, senior analyst for Gartner, a Connecticut-based technology consulting firm.

"When you start out with a mom-and-pop trusting approach, you have to get real hardened real fast," says James Pappas, e-commerce manager for Lafayette, Ind.-based JL Hufford Coffee and Tea Company, which sells everything from coffee beans to several-thousand-dollar espresso machines.

Even if you're ready to play hardball, warding off hackers is expensive. Securing a small business' computer systems--which might involve all sorts of gorpy stuff like firewalls, application Web network scanners, access controls and database encryption--can run into the tens of thousands of dollars, says Litan. Then there are the ongoing costs of maintaining those systems.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, Oct. 31, 2006, at least 2,816 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,258 died as a result of hostile action, according to the military's numbers.

The AP count is two more than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

U.S. Intelligence Unveils Spy Version of Wikipedia

Via Reuters.

The U.S. intelligence community on Tuesday unveiled its own secretive version of Wikipedia, saying the popular online encyclopedia format known for its openness is key to the future of American espionage.

The office of U.S. intelligence czar John Negroponte announced Intellipedia, which allows intelligence analysts and other officials to collaboratively add and edit content on the government's classified Intelink Web much like its more famous namesake on the World Wide Web.

A "top secret" Intellipedia system, currently available to the 16 agencies that make up the U.S. intelligence community, has grown to more than 28,000 pages and 3,600 registered users since its introduction on April 17. Less restrictive versions exist for "secret" and "sensitive but unclassified" material.

The system is also available to the Transportation Security Administration and national laboratories.

More here.

U.S. Military Absentee Ballot is a Major Privacy Risk

Via Defense Tech.

American troops could be putting their most personal information at risk -- just by voting in next week's elections.

Members of the armed forces, stationed overseas, can cast their vote with a Federal Write In Absentee Ballot, or FWAB, if they can't get one from their local election boards. But that federal ballot, "Standard Form 186 (Oct 95)" comes with a major privacy risk, at least in some editions.

The ballot has to be mailed in a special return envelope, in order to be properly processed. On military bases in the Pacific, Special Form 186 requires a service member to include his address, social security number, date of birth, and signature on the outside of that envelope.

More here.

AT&T Nixes Net Neutrality Proposal

Ted Hearn writes on Multichannel News:

A senior AT&T executive rejected a proposal that would require the company to adhere to Internet-nondiscrimination rules in order to gain approval from the Federal Communications Commission to merge with BellSouth.

The Internet-regulation proposal -- advanced by a coalition funded by Google, Yahoo!, eBay and Amazon.com -- would require AT&T to promise not to discriminate “in their carriage and treatment of Internet traffic based on the source, destination or ownership of such traffic.”

The net-neutrality condition would apply to AT&T, but to no other provider of broadband Internet access in the United States.

“The proper place to be debating the pros and cons of net neutrality is in the U.S. Congress or in an industrywide proceeding at the FCC,” AT&T senior executive vice president Jim Cicconi said in a prepared statement.

More here.

DISA Announces Vendors Selected for $3B Bandwidth Buy

Bob Brewin writes on FCW.com:

The Defense Information Systems Agency chose three vendors to connect 1,500 Defense Department installations to the Global Information Grid.

DISA awarded its Defense Information System Network Access Transport Services (DATS) to Arrowhead Global Solutions, AT&T and Qwest. The contract is worth $3 billion over 10 years.

More here.

Canada: Patriot Act Fears Prompt Universities to Patriate Computers

A CBC newswire article, via CBC News, reports that:

Dozens of Canadian university and college libraries are changing how they arrange for their students and faculty to do online research, in part because of a U.S. law intended to detect possible terrorist activity.

The universities subscribe to RefWorks, a popular American research tool that helps academics with research, as well as with completing citations and bibliographies.

However, the U.S. Patriot Act — created in the wake of the Sept. 11, 2001, attacks in New York and Washington — allows government officials to sweep through databases, including RefWorks, as part of routine surveillance.

Conceivably, the searches of a student or faculty member doing work on a sensitive issue could be flagged and then stored in the U.S.

More here.

From Bad to Worse for Vonage

Om Malik:

There seems to be no light at the end of the tunnel for Vonage investors.

The company reported its third quarter 2006 earnings, and things don’t look pretty. Here is a laundry list of bad news:


  1. Net new subscribers were 205,000, down from 256,000 in the second quarter of 2006.
  2. Churn is up, 2.6% versus 2.3% in the second quarter of 2006.
  3. Average revenue per user is down as well - by 1% to $27.40. ARPU in second quarter 2006 was $27.70.
  4. Subscriber acquisition costs are about $254 versus $239 in the second quarter (via UBS Research)

Looks like all that competition from cable companies, is beginning to have its impact.

Link.

Cyber Security Expert Says Nationwide Use of Computerized Voting Poses Risk

Via PhysOrg.com.

Many of the paperless computerized voting systems adopted in wake of the "hanging chad" presidential election controversy in 2000 have the potential to create more problems than they solve, according to an information security expert at Purdue University.

More than 30 percent of the electorate will use new technology to vote on Nov. 7. In addition to the new voting equipment, 49 states have introduced new statewide, computerized databases to determine who is eligible to vote. According to Eugene Spafford, executive director of the Center for Education and Research in Information Assurance and Security (CERIAS), the technology may be problematic, possibly causing a debacle reminiscent of the 2000 election.

"The problem with the 2000 elections that prompted the reforms was only with one type of paper-based ballot in a few jurisdictions," says Spafford. "That's hardly a cause to hurriedly and somewhat recklessly replace all of the equipment nationwide."

Spafford says some vendors may have exaggerated when they told election officials the new direct recording electronic systems were extensively tested and cheaper than alternatives and immune to failure.

More here.

Judge: Russian Hacking Case Can Be Heard in England

Via OUT-LAW.com.

A case claiming that two Russian companies hacked into a London computer system can be heard in English courts, a judge has ruled. The Russian companies involved had argued that English courts had no jurisdiction.

A bitter legal dispute ranging across a number of cases and jurisdictions is raging between three companies, one a state-owned company in Tajikstan, another the Russian firm which is the third biggest aluminium producer in the world and the last a Guernsey-based company.

The Guernsey company, Ansol, and its UK advisors, Ashton, claim that the Russian aluminium firm, Rusal, and the Tajikstan company, TadAZ, stole its business in assisting Tajikstan in producing aluminium.

The three companies are locked in a series of bitter legal battles over the situation and thousands of files and computers have been frozen and seized in the process.

More here.

UK: Technology Commitee Told Not to Regulate ISPs

Dinah Greek writes on ComputerAct!ve:

The internet industry is divided over whether internet service providers (ISPs) should be doing more to protect consumers against criminals online.

The Internet Service Providers Association (ISPA) today told an investigation by the House of Lords Science and Technology Committee into personal internet security, that regulating ISPs is not the answer to online security threats such as viruses, spam and phishing.

It said users’ online personal security can be best protected through continued co-operation between the internet industry, the Government, law enforcement agencies and consumers themselves.

More here.

Chinese Dissident Slams Internet Companies

Martyn Williams writes on InfoWorld:

A respected Chinese dissident has warned that the capitulation of Western Internet companies to China's authorities is a more serious threat to free speech in the country than the Chinese government's filtering of what its citizens can access on the Internet.

Speaking in Tokyo Monday, Wei Jingsheng, singled out Yahoo for its part in revealing information that helped land a journalist in jail in 2004.

More here.