Author: Dave Lewis
May 13, 2008 at 9:14 pm · Filed under Privacy, Search
After numerous attempts by folks to get Google to remove their faces from Street View, Google is now blurring faces. A quick and easy way to obscure people’s identity. Especially helpful if you’re, say, a prominent musician leaving a German brothel.
Nah, that wouldn’t have helped him. Damn you Roxanne.
From CNET:
The technology uses a computer algorithm to scour Google’s image database for faces, then blurs them, said John Hanke, director of Google Earth and Google Maps, in an interview at the Where 2.0 conference here.
Google has begun testing the technology in Manhattan, the company announced on its LatLong blog. Ultimately, though, Hanke expects it to be used more broadly.
Dealing with privacy–both legal requirements and social norms–is hard but necessary, Hanke said.
“It’s a legitimate issue,” he said. He likened the issues some have with Street View to the ones that took place when Google introduced aerial views to Google Maps. It took time for the public, regulators, and Google to get comfortable with the feature, but, “It needs that debate. We see that and try to let it play out.”
So, is this an improvement? What do you think?
Article Link
Author: Dave Lewis
May 13, 2008 at 5:09 pm · Filed under Data Security
Pfizer has been having a rough year with respect to data breaches. It turns out that a laptop containing the info for roughly 13,000 Pfizer employees is now in the wind.
From The Day:
The company said late Friday in an e-mail to affected employees, including many at Pfizer Global Research and Development campuses in Groton and New London, that no Social Security numbers were on the encrypted laptop, but names, home addresses, home telephone numbers, employee identification numbers, positions and salaries were possibly compromised by an unencrypted flash drive.
Other information possibly exposed included the departments employees worked in, the Pfizer sites where employees worked, the names of employees’ managers and descriptions of their jobs.
The flash drive contained two worldwide reports with information from various Pfizer divisions, including animal health, finance, human resources, legal and medical, in addition to the local R&D headquarters, which employs about 5,500 people in Groton and New London.
Pfizer said in its e-mail that the company is not required to notify employees about data breaches involving information unlikely to lead to identity theft, but it brought the situation to light“as a matter of transparency and respect for colleagues.”
You know, we don’t really have to tell you. So, we’re going to be the nice guys and let you know anyway. That way you can feel good about us. Hmm.
The upside being that the laptop was apparently encrypted. But, what of the USB device? Why was it operating al fresco?
Are your USB devices encrypted at the office? Do they need to be? Or better still do you allow them at all by policy?
Article Link
Author: Dave Lewis
May 13, 2008 at 6:40 am · Filed under Education, Hacker, News
Apparently reporters at NBC San Diego have discovered that kid can get hacker tools from the internet. This is another case of kids hacking in to change grades. Sure, this is bad behaviour but, you do have to admire their creativity. I wish I thought of that when I was a kid. Mind you, my parchment and quill didn’t have an internet connection.
From NBC San Diego:
The hacking incident resulted in the changing of grades and acquiring teachers’ tests, according to the release.
The computer breach was discovered when a staff member in a computer at school found a flash drive. An initial investigation revealed that the hacking occurred as a desktop security breach.
Students apparently hacked into the computer using stolen passwords and downloaded hacking tools found on the Internet.
The students will appear before district administrative hearing panels
Article Link
Author: Dave Lewis
May 13, 2008 at 6:28 am · Filed under Crime, Data Security
Ah Chile. Beautiful landscapes. Great wines. And apparently, some jackass that thought it would be fun to publish the personal information for 6 million folks on the web.
From AFP via Yahoo News:
“Its a serious matter and we’re investigating,” Police Cibercrime Brigade chief Jaime Jara told the newspaper.
The data was displayed for several hours before authorities removed it on the technology information website “FayerWayer” and community website “ElAntro.”
The hacker said on the websites he splashed the data “for the whole world to see … (to) show how unprotected personal data is in Chile … nobody bothers protecting that information.”
Uh boy. This is not a good way to demonstrate a security hole. Sure it grabs the headlines but,…
Never mind.
I’m just going to sip my coffee.
Chilean in fact.
Article Link
Author: Dave Lewis
May 12, 2008 at 1:58 pm · Filed under Dumbass, Wireless
Ah the joy of the first panicked post departure phone call. Today is my first day away from the office and my now former day joy called. It turns out that an old wireless router that had been sitting in a box in my office had been pinched soon after I left. That’s fairly typical. Someone exits the company whether on bad or, in my case, good terms, they leave things behind in their office.
Well, the router was one of them.
An old Linksys.
Damn if someone didn’t just pinch it. No. They had to go one step further. Some knothead plugged it in. Suffice as to say the hunt is on. Good luck folks.
Pity the half wit that thought it would be a good idea to plug it in.
Author: Dave Lewis
May 12, 2008 at 5:47 am · Filed under Data Security
The day of data reckoning has arrived for UK businesses.
From Contractor UK:
Organisations that recklessly or deliberately commit breaches under the Data Protection Act can now be fined by Britain’s privacy watchdog.
Under the Criminal Justice and Immigration Act, the Information Commissioner’s Office has the right to financially punish any outfit found in serious breach of the 1998 law.
The tougher sanctions in the act, which won royal assent on Friday, are seen as the first step to repairing the public’s
dwindling confidence in how their data is handled.
They also send the strongest signal yet to organisations that a “cavalier” approach to customers’ data security is “completely unacceptable” and that it must become a priority.
It all fairness it should have always been a priority. But, better late rather than never.
Article Link
Author: Dave Lewis
May 11, 2008 at 9:19 pm · Filed under Spam/Phishing
Uh boy. The spammers are at it again.
From CNET:
A “serious security flaw” in Gmail turns Google’s e-mail service into a spamming machine, according to a recent security report.
INSERT, the Information Security Research Team, has created a proof of concept that exploits the “trust hierarchy” that exists between mail service providers. By exploiting a flaw in the way Google forwards messages, a spammer can send thousands of bulk e-mails through Google’s SMTP service, bypassing Google’s 500-address bulk e-mail limit and identity fraud protections.
The report notes that with the rising volume of spam, e-mail providers have turned to whitelists and blacklists to help root out IP addresses of known spammers. Because, Gmail falls into the trusted whitelist category, messages are allowed “carte blanche” to bypass spam filtering.
So, that’s why I’ve won so many lotteries that I never entered
Article Link
Author: Dave Lewis
May 9, 2008 at 8:59 am · Filed under News
There was a bill tabled on Wednesday in US Congress that aims to hold DHS’s feet to the flames.
From Securityfocus:
Rep. Jim Langevin, D-RI, introduced a bill on Wednesday that aims to hold the U.S. Department of Homeland Security responsible for investigating every cyber attack and for shoring up its network security.
The bill would better define the roles and responsibilities of the agency’s chief information officer, require that the department reduce the number of successful attacks against its networks and mandate that the DHS investigate the state of contractors’ network security before signing a contract with them. The bill comes after more than a year of investigations by the House of Representative’s Committee for Homeland Security into cybersecurity breaches at numerous government agencies. Rep. Langevin heads up the Subcommittee on Emerging Threats, Cybersecurity and Science & Technology, which has held most of the hearings on the issues.
For the full piece read on.
Article Link
Next entries »
Explore
Security Bloggers Network
