Monday, October 31, 2011

Internet Access - Households and Individuals, 2011

Internet Access - Households and Individuals, 2011:

21 per cent of Internet users did not believe their skills were sufficient to protect their personal data

77 per cent of households had Internet access

Sony’s Weakest Link Hijack | OpenID

Sony’s Weakest Link Hijack | OpenID

Sony announced today that a large number of accounts were hijacked using an attack based on the fact that people reuse passwords across websites. These “weakest link hijackings” are an evolution of the phishing attacks that have become so well known over the last few years.

Cyber Experts Point to Computer Passwords as Weakest Link in Cyber Defences by Contingency Today

Cyber Experts Point to Computer Passwords as Weakest Link in Cyber Defences by Contingency Today

Interesting stuff. From straight password guessing to password reset hacks.

Sunday, October 30, 2011

FTC Gives Final Approval to Settlement with Google over Buzz Rollout

FTC Gives Final Approval to Settlement with Google over Buzz Rollout

The settlement bars the company from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years.

FTC Gives Final Approval to Settlement with Google over Buzz Rollout

FTC Gives Final Approval to Settlement with Google over Buzz Rollout

The settlement bars the company from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years.

Official Google Blog: A fall sweep

Official Google Blog: A fall sweep

In a few weeks we’ll shut down Google Buzz and the Buzz API, and focus instead on Google . While people obviously won't be able to create new posts after that, they will be able to view their existing content on their Google Profile, and download it using Google Takeout.

Google ends buzz privacy row with ftc- The Inquirer

Google ends buzz privacy row with ftc- The Inquirer

Unlike its Google social network, Google's Buzz had a rather blighted entrance to the market, thanks to the fact that it put users in the unfortunate position of having their contact lists exposed.

Google Must Submit to Privacy Audits for 20 Years Under FTC Settlement | Reuters

Google Must Submit to Privacy Audits for 20 Years Under FTC Settlement | Reuters

Google's settlement with the Federal Trade Commission over what the feds called deceptive tactics became official Monday.

Google agrees to FTC settlement (corrected) - MarketWatch

Google agrees to FTC settlement (corrected) - MarketWatch:

The FTC said the agreement represents the first settlement order that mandates a comprehensive Internet privacy program and the first time the agency alleged a violation of the U.S.-EU safe harbor framework, which covers personal data exchanged between the U.S. and European Union.

Saturday, October 29, 2011

BlueSniff: Eve meets Alice and Bluetooth

BlueSniff: Eve meets Alice and Bluetooth

First, we show that the Bluetooth packets have no confidentiality properties. Specifically we demonstrate how data can be unwhitened and the hopping sequence calculated. Prior work has shown how the data can be decrypted if necessary [14]. Second, we show that the undiscoverable mode does not provide access control to master devices, nor protects the secrecy of their MAC address. We are able to determine the complete MAC address of these devices. Finally, all our work was done using GNU Radio and we therefore provide the first open-source Bluetooth sniffer, free from any licensing restrictions.

Bluetooth Security Review, Part 2 | Symantec Connect Community

Bluetooth Security Review, Part 2

... we look at Bluetooth viruses, several unpublished vulnerabilities in Symbian based phones, and then moves on to discuss "Blue tag" tracking, positioning, and privacy issues.

Configure the Diamante for Bluetooth wireless realtime

Configure the Diamante for Bluetooth wireless realtime

The configuration process identifies the computer’s address and generates a Passkey. The Passkey is a security code that allows your writing machine and the computer to communicate securely. You must use this code to establish an active wireless connection between the writing machine and your computer.

Schneier on Security: Bluetooth Sniper Rifle

Schneier on Security: Bluetooth Sniper Rifle

We've all known that you can intercept Bluetooth communications from up to a mile away. What's new is the step-by-step instructions necessary to build an interceptor for yourself for less than $400. Be the first on your block to build one.

Friday, October 28, 2011

7 SEO Friendly Site Features that Developers Often Miss - Search Engine Watch (#SEW)

7 SEO Friendly Site Features that Developers Often Miss - Search Engine Watch (#SEW):

But unfortunately, a lot of developers can have a bit of a blind-spot when it comes to SEO.

FTC Finalizes Settlement of Google Buzz Privacy Issues - Search Engine Watch (#SEW)

FTC Finalizes Settlement of Google Buzz Privacy Issues - Search Engine Watch (#SEW):

The FTC has approved its settlement with Google that addresses improper privacy disclosure during the release of Buzz. The settlement mandates additional privacy procedures, including third-party privacy audits every other year for the next two decades

'Smishing' scammers may hit cellphones – USATODAY.com

In the recent spate of scams in the West, identity thieves sent text messages en masse to random cellphones that read: "Wells Fargo notice: Your card 4868* has been deactivated." The message listed a phone number.

People who dialed the number were asked for account information, Social Security numbers and personal identification numbers, officials said.

'Smishing' scammers may hit cellphones – USATODAY.com

Monday, October 24, 2011

401k Rollover Annuity

401k Rollover Annuity: Guaranteed Principal: Principal is guaranteed with a 401k rollover annuity, while principal is not guaranteed with mutual funds, stocks, or bonds associated with your 401k or IRA investment.

Wednesday, October 19, 2011

"Security Breach" Class Action Dismissed for No Actual Damages - Privacy In Focus - Wiley Rein LLP

"Security Breach" Class Action Dismissed for No Actual Damages - Privacy In Focus - Wiley Rein LLP:

October 2003 | Privacy In Focus

On October 20, a federal judge in Arizona dismissed a class action lawsuit that had been filed against TriWest Healthcare Alliance stemming from a security breach at the TriWest facilities.

Monday, October 17, 2011

Cloud Security - Metaflows Product

Cloud Security

The MetaFlows Security System (MSS) is software that you can install on your cloud server that will monitor traffic flowing in and out of your cloud instances to detect and prevent cloud security incidents. Metaflows customers can manage both on-site and cloud-based assets through a single, unified and secure web browser dashboard.

Austin software developer's future unclear after employees walk out, offices locked by landlord

Austin software developer's future unclear after employees walk out, offices locked by landlord

The future of local software developer Appiction LLC was unclear Wednesday after most of its employees resigned and the company was locked out of its North Austin offices.

The 1974 Privacy Act

"No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains, unless disclosure of the record would be--"

THE PRIVACY ACT OF 1974, 5 U.S.C. 552a -- As Amended

10 Massive Security Breaches -- InformationWeek

They make the news on a regular basis: incidents in which a company or government agency's security is breached, leading to a loss of information, personal records, or other data.

10 Massive Security Breaches -- InformationWeek

Legal Resources | BCP Business Center

Here in the legal resources section of the Business Center, you'll find more in-depth, legal information–like case highlights, reports, workshops, rules and laws the FTC enforces, and compliance documents like staff opinion letters, Commission advisory opinions, policy statements, and industry guides.

Legal Resources | BCP Business Center:

Friday, October 14, 2011

Firesheep addon updated to exploit Google info leak • The Register

Firesheep addon updated to exploit Google info leak • The Register

“We extended Firesheep to implement our information leakage attack,” researchers Vincent Toubiana and Vincent Verdot of the Alcatel-Lucent Bell Labs wrote in a recently released paper (PDF). “As a result, when a Google SID cookie is captured, the account name appears in the Firesheep sidebar. Double clicking on it starts the attack; double clicking again displays the retrieved list of visited links.”

Facebook accused of violating US wiretap law • The Register

Facebook accused of violating US wiretap law • The Register

“Plaintiff did not give consent or otherwise authorize Facebook to intercept, track, collect, and store her wire or electronic communications, including but not limited to her internet browsing history when not logged-in to Facebook.”

Cyber Threats to Expect in Coming Year

Cyber Threats to Expect in Coming Year

The year ahead will feature new and sophisticated means to capture and exploit user data, as well as escalating battles over the control of online information that threaten to compromise content and erode public trust and privacy.

New Survey Data From Experian Reveals People Are Making It Easy For Cybercriminals To Steal Their Identity - Dark Reading

New Survey Data From Experian Reveals People Are Making It Easy For Cybercriminals To Steal Their Identity - Dark Reading

nearly 54 percent of respondents do not use a password to lock their phone and/or tablet.

FTC and Disney Breach

FTC - CyBIR: Cyber and Privacy Breaches – Insurance and Reinsurance

Disney’s Playdom, Inc. subsidiary and its Senior Vice-President Howard Marks have agreed to pay $3 million to settle charges by the FTC that they collected and disclosed personal information of more than 1.2 million children in violation of the Children’s Online Privacy Protection Act (“COPPA”). Between 2006 and 2010,

Thursday, October 13, 2011

Netflix Facebook

Unfortunately, we will not be offering this feature in the U.S. because a 1980’s law creates some confusion over our ability to let U.S. members automatically share the television shows and movies they watch with their friends on Facebook.

http://blog.netflix.com/2011/09/help-us-bring-facebook-sharing-to.html

Herman Cain's '999 plan': long overdue tax reform or job killer? - CSMonitor.com

Herman Cain's '999 plan': long overdue tax reform or job killer? - CSMonitor.com

One of the major implications would be moving the nation away from consumption. That may not be so bad, says Mark Zandi, chief economist at Moody’s Analytics in West Chester, Pa. “The more we save and invest, the stronger our economy would be.” But, he quickly adds, “It’s not exactly what I would do, but I sympathize with the spirit.”

Cybercriminals Use Facebook, Bitcoin to Steal Digital Currency - ABC News

Cybercriminals Use Facebook, Bitcoin to Steal Digital Currency - ABC News

To steal loot this way no credit card is necessary. Cyber thieves attempt to get users to provide a phone number that will allow them to apply a minimal fee to each cell phone bill, perhaps $1 or $10. It’s those little fees connected to sending text messages that can go unnoticed.

(9) Facebook

(9) Facebook: WE DO NOT GUARANTEE THAT FACEBOOK WILL BE SAFE OR SECURE.

Koch Brothers Flout Law Getting Richer With Secret Iran Sales - Bloomberg

Koch Brothers Flout Law Getting Richer With Secret Iran Sales - Bloomberg

Internal company records show that Koch Industries used its foreign subsidiary to sidestep a U.S. trade ban barring American companies from selling materials to Iran. Koch-Glitsch offices in Germany and Italy continued selling to Iran until as recently as 2007, the records show.

Win32/Cycbot: Ready to Ride | ESET ThreatBlog

Win32/Cycbot: Ready to Ride | ESET ThreatBlog:

Win32/Cycbot is a multithreaded application and just a single instance of the bot can handle dozens of tasks, clicking advertisements or poisoning web searches. Here is an example of the bot’s network activity, captured over several minutes.

Wednesday, October 12, 2011

Enterprise Applications in the Cloud: A SaaS Security Perspective -- Enterprise Systems

Enterprise Applications in the Cloud: A SaaS Security Perspective -- Enterprise Systems

Proven backup and recovery services at the SaaS application, infrastructure and the cloud level are necessary to facilitate disaster recovery and mitigate risks against the loss of sensitive data due to failures.

The backup data should be protected, similar to operational data, using strong encryption mechanisms. These checks are essential to reduce the risk of unauthorized access and leakage of sensitive data.

Tuesday, October 11, 2011

Plantronics P251N-U10P Supra Plus Polaris Noise-Canceling (NOW HW251N A10)

Plantronics P251N-U10P Supra Plus Polaris Noise-Canceling (NOW HW251N A10)

Plantronics Supra Plus Polaris HW251N plus A10 connector cable. By clicking "Add to Cart" on this page you will be getting both the headset and the bottom cable to connect to your phone. Nothing additional is needed! Plantronics Supra Plus features a noise canceling microphone and is ideal for use in noisy offices and call centers.

Virus phone scam being run from call centres in India | Technology | The Guardian

Virus phone scam being run from call centres in India | Technology | The Guardian

The scam always starts the same way: the phone rings at someone's home, and the caller – usually with an Indian accent – asks for the householder, quoting their name and address before saying "I'm calling for Microsoft. We've had a report from your internet service provider of serious virus problems from your computer."

I received a Phone Call From Someone claiming I have a Virus - Microsoft Answers

I received a Phone Call From Someone claiming I have a Virus - Microsoft Answers

I have just recieved a phone call form someone claiming to be from Microsoft, who says that I have a virus which is sending information from my computer.

Monday, October 10, 2011

Thousands of Hacked Sites Seriously Poison Google Image Search Results | Unmask Parasites. Blog.

Thousands of Hacked Sites Seriously Poison Google Image Search Results | Unmask Parasites. Blog

The attack uses cloaking to feed keyword-rich pages with hot-linked images to search engine bots and return a malicious JavaScript that redirects to fake AV sites to visitors that come from search engines.

10 FTP Clients Malware Steals Credentials From | Unmask Parasites. Blog.

10 FTP Clients Malware Steals Credentials From | Unmask Parasites. Blog

I always suggest that you don’t store passwords in your FTP programs where they are easily accessible by any program running on your computer (including malware).

Trojan Abuses FTP Access and Infects PHP

WordPress › Support XML parsing error

This trojan sents all your FTP data and passwords to someone who than uses it to change all index.html and index.php files on your server and adds to the end a string like

Microsoft knocks out another botnet as Kelihos is taken offline | Security | silicon.com

Microsoft knocks out another botnet as Kelihos is taken offline | Security | silicon.com:

Microsoft has put a halt to the Kelihos botnet and is accusing a Czech resident of hosting the botnet and using it to deliver spam and steal data, the company said today.

Online fraud declines as tighter web security sees crooks resort to retro methods | Security | silicon.com

Online fraud declines as tighter web security sees crooks resort to retro methods | Security | silicon.com

Initiatives such as chip and PIN are forcing fraudsters to give up on high-tech scams and resort to more traditional methods of committing financial crimes, according to a report by fraud prevention group Financial Fraud Action UK (FFA UK).

Escalating Cyberthreats: Simple Steps to Secure Your SMB - A BrightTALK webcast

Escalating Cyberthreats: Simple Steps to Secure Your SMB - A BrightTALK webcast

Good start to Cybersecurity Awareness Month.

Hackers Scam Friends of Victim | NBC Philadelphia

The message, from Norma Henson, claimed that she had been mugged while on vacation in London and needed $1650 wired to her. Ted decided to call Henson and his suspicion was confirmed.

Henson wasn’t in England but instead at her home in Pine Hill, NJ. It was true however, that she was the victim of a crime, though it took place in cyberspace rather than the streets of London.

Hackers Scam Friends of Victim | NBC Philadelphia

Ubee Interactive | Product Detail | DOCSIS 2.0 Modem

Ubee DOCSIS 2.0 Modem

The Ubee U10C018 Data Cable Modem is the most compact design available in the market today measuring at under 5 inches long.

Sunday, October 9, 2011

Slovakian Intrigues: Michael Genelin’s Jana Matinova Novels � Scene of the Crime

Good reading...

Slovakian Intrigues: Michael Genelin’s Jana Matinova Novels

Genelin is the author of three novels in the crime series featuring police commander Jana Matinova: Siren of the Waters, Dark Dreams, and coming this summer, The Magician’s Accomplice.

Genelin takes the reader into a part of Europe that most are unfamiliar with: Slovakia—yes the Slovakia that was once part of Czechoslovakia.

NYC ID Theft Ring Bust Leads to 111 Arrests - TIME

A sign of the times? When pay stagnates and work is hard to find, folks are more easily tempted...

NYC ID Theft Ring Bust Leads to 111 Arrests - TIME

Bank tellers, restaurant workers and other service employees in New York lifted credit card data from residents and foreign tourists as part of an identity theft ring that stretched to China, Europe and the Middle East and victimized thousands, authorities said Friday.

TriWest pay $10M to settle false claims

TriWest are the same folks who lost a boat loadof personal data on service members and didn't want to pay for identity theft protection.

"TriWest Healthcare Alliance Corp. agreed to pay $10 million to resolve allegations that the Arizona-based contractor filed false inflated claims to the U.S. military's Tricare medical benefit plan between 2004 and 2010, the Justice Department said.

TriWest was accused of failing to pass on negotiated discounts with service providers to the program, which covers millions of military members, retirees and their families.

The settlement resolves a lawsuit filed by four former TriWest employees, Judi Jerdee, Deborah Thornton, Linda Glassgow and Paige Fiorillo, under the qui tam, or whistleblower provisions, of the False Claims Act. Together, the qui tam relators will receive $1.7 million as their share of the government's recovery.

"Ensuring that the programs receive the contractual savings and deductions to which they are entitled is essential to our commitment," Melinda Haag, U.S. attorney for the northern district of California, said."

TriWest pay $10M to settle false claims


FORMULA ONE - F1 News, Formula One Racing, and Pictures of F1

FORMULA ONE - F1 News, Formula One Racing, and Pictures on SPEED:

The Motor Sports Authority, SPEED and associated logos are registered trademarks of Speed Channel Inc

The CURTA Calculator Page

The CURTA Calculator Page

CURTA Literature Listing is a list of all know CURTA literature compiled by Rick Furr and Skip Godfrey. Please send us copies of your literature if it is different so we can include it.

Saturday, October 8, 2011

American Express Extended Warranty - Important Information!

American Express Extended Warranty - Important Information!

If the covered item has an extended warranty of 5 years or less, AmEx will double the duration coverage, up to a maximum of one additional year

Friday, October 7, 2011

Inside Social Games - Tracking Innovation at the Convergence of Games and Social Platforms

Inside Social Games - Tracking Innovation at the Convergence of Games and Social Platforms:

"Depending on how the game performs in the next few weeks, The Sims Social could go into a period of decline or finally unseat Zynga’s CityVille as the largest application on Facebook."

Researcher: Malware, Increasingly Interdependent, Stifles Security Wares | threatpost

Researcher: Malware, Increasingly Interdependent, Stifles Security Wares | threatpost:

"Rather than operating independently, the BlackHole BEP relied heavily on the Zeus malware family to spread - and vice-versa, Sood found. The Zeus malware relies on BlackHole's anti-malware tracking features, whereas Sood observed BlackHole uses the Zeus database of infected hosts to spread, harvesting specific details about the Zeus-infected target and then launching attacks that would trigger infections on that host, Sood said."

Thursday, October 6, 2011

Information Security Policies Made Easy | Information Security Policy

Information Security Policies Made Easy | Information Security Policy

Information Security Policies Made Easy is the "gold standard" information security policy resource based on the 25 year consulting experience of Charles Cresson Wood, CISSP, CISA. The most complete security policy library available, ISPME contains over 1400 pre-written information security policies covering over 200 security topics and organized in ISO 27002 format. Take the work out of creating, writing, and implementing security policies.

Former Countrywide analyst sentenced to prison for selling data of 2.5 million customers - The Washington Post

Former Countrywide analyst sentenced to prison for selling data of 2.5 million customers - The Washington Post:

A former senior analyst for Countrywide Home Loans was sentenced Wednesday to eight months behind bars for downloading and selling the personal information of some 2.5 million customers in a scam that cost the mortgage lender some $30 million.

Check Point software takes aim at botnets

Check Point software takes aim at botnets:

The heart of the new software is ThreatSpect, the anti-bot engine that identifies bots and focuses in three areas - detecting command and control computers via IP address, DNS and URL, detecting communications patterns and detecting and blocking what data it is trying to send,

Dandy Livingstone - Wikipedia, the free encyclopedia

Dandy Livingstone - Wikipedia, the free encyclopedia:

Dandy Livingstone (born Robert Livingstone Thompson, 14 December 1943,[1] Kingston, Jamaica) is a Jamaican reggae musician and producer, best known for his 1972 hit, "Suzanne Beware of the Devil", and for his song, "Rudy, A Message to You", which was later a hit for The Specials. "Suzanne Beware of the Devil", reached number 14 on the UK Singles Chart.[2]

'Tricked' RSA Employee Opened Door that Led to APT Attack

'Tricked' RSA Employee Opened Door that Led to APT Attack:

A well-crafted e-mail with the subject line "2011 Recruitment Plan" tricked an RSA employee to retrieve from a junk-mail folder and open a message containing a virus that led to a sophisticated attack on the company's information systems, a top technologist at the security vendor says in a blog.

Too Much Cybersecurity Awareness

Too Much Cybersecurity Awareness:

"There's too much awareness without anything being done. The problem is that when consumers see time and time again, nothing happens to correct it. They throw up their hands. There's no amount of consumer education to make them smart enough to resist attacks."

Wednesday, October 5, 2011

CSIS: This is how Windows get infected with malware

When a Microsoft Windows machine gets infected by viruses/malware it does so mainly because users forget to update the Java JRE, Adobe Reader/Acrobat and Adobe Flash. This is revealed by a survey conducted by CSIS Security Group A/S.

CSIS: This is how Windows get infected with malware

| NBC San Diego

Can you see this?

| NBC San Diego Consumer Bob

Tuesday, October 4, 2011

RealLegal, LLC - Improving the Business of Law

RealLegal, LLC - Improving the Business of Law

Each RealLegal E-Transcript has guaranteed page and line integrity and comes as a read-only, accurate, encrypted, virus and password-protected transcript. For maximum security and authentication, court reporters can include their official electronic signature with each RealLegal E-Transcript. Law firms also have the ability to create their own E-Transcript from an ASCII using RealLegal E-Transcript Internet™ on a pay-per-use basis.

Stenograph: industry leader in court reporting technology, supplies, and education.

Stenograph: industry leader in court reporting technology, supplies, and education.

Case CATalyst is the industry-leading software for computerized-assisted transcription (CAT) with special editions configured for judicial reporters, captioners, editors, and students.

Monday, October 3, 2011

OnStar reverses course on controversial GPS tracking plans - Computerworld

OnStar reverses course on controversial GPS tracking plans - Computerworld:

GM subsidiary OnStar has reversed course on a planned change to its privacy policies that would have let it collect and share GPS tracking and other data from vehicles -- even after their users stopped subscribing to OnStar service.

Sunday, October 2, 2011

Facebook changes touch privacy nerve – USATODAY.com

Ten consumer and privacy groups have joined Reps. Ed Markey, D-Mass., and Joe Barton, R-Tex., in calling on the Federal Trade Commission to investigate new sharing mechanisms designed to accelerate the collection and dispersal of information about Facebook users' Internet activities.

Facebook changes touch privacy nerve – USATODAY.com

Saturday, October 1, 2011

Poisoned Google image searches becoming a problem

If you are a regular user of Google's search engine you might have noticed that poisoned search results have practically become a common occurrence.

Poisoned Google image searches becoming a problem