Sunday, March 12, 2006

Idea Lab: Can Network Theory Thwart Terrorists? Idea Lab: Can Network Theory Thwart Terrorists?  Spy agencies are using the increasingly popular science of networks to detect terrorist activities. Will it connect the dangerous dots? By PATRICK RADDEN KEEFE. [NYT > Magazine] 11:52:41 PM  PermaLink   / trackback []

TechWeb | PIN Scandal "Worst Hack Ever;" Citibank Only The Start The unfolding debit card scam that rocked Citibank this week is far from over, an analyst said Thursday as she called this first-time-ever mass theft of PINs "the worst consumer scam to date." Wednesday, Citibank confirmed that an ongoing fraud had forced it to reissue debit cards and block PIN-based transactions for users in Canada, Russia, and the U.K. But Citibank is only the tip of the iceberg, said Avivah Litan, a Gartner research vice president. The scam -- and scandal -- has hit national banks like Bank of America, Wells Fargo, and Washington Mutual, as well as smaller banks, including ones in Oregon, Ohio, and Pennsylvania, all of which have re-issued debit cards in recent weeks. "This is the worst hack ever," Litan maintained. "It's significant because not only is it a really wide-spread breach, but it affects debit cards, which everyone thought were immune to these kinds of things." Unlike credit cards, debit cards offer an additional level of security: the password-like Personal Identification Number, or PIN. "That's the irony, the PIN was supposed to make debit cards secure," Litan said. "Up until this breach, everyone thought ATMS and PINs could never be compromised." Litan's sources in the financial industry have told her that thieves hacked into a as-yet-unknown system, and made off with data stored on debit cards' magnetic stripes, the associated "PIN blocks," or encrypted PIN data, and the key for that encrypted data. 10:41:31 PM  PermaLink   / trackback []

Citibank PIN Scandal 'Worst Hack Ever'. PIN Scandal 'Worst Hack Ever'. QuietLagoon writes "The evolving Citibank PIN scandal is getting worse with each passing day. Gregg Keizer of TechWeb News writes: 'The unfolding debit card scam that rocked Citibank this week is far from over, an analyst said Thursday as she called this first-time-ever mass theft of PINs 'the worst consumer scam to date.' ... The problem...is that retailers improperly store PIN numbers after they've been entered, rather than erase them at the PIN-entering pad. Worse, the keys to decrypt the PIN blocks are often stored on the same network as the PINs themselves, making a single successful hack a potential goldmine for criminals: they get the PIN data and the key to read it.'"[Slashdot: Your Rights Online] 10:37:55 PM  PermaLink   / trackback []

Analysis: States steadily restricting info States have steadily limited the public's access to government information since the Sept. 11, 2001, terrorist attacks, a new Associated Press analysis of laws in all 50 states has found. Legislatures have passed more than 1,000 laws changing access to information, approving more than twice as many measures that restrict information as laws that open government books. Some things your government doesn't have to tell you about: - The safety plan at your child's school, if you live in Iowa. - Medication errors at your grandparent's nursing home in North Carolina. - Disciplinary actions against Indiana state employees. The horror of the attacks spurred a wholesale re-examination of information that could put the country in danger, and the state actions roughly mirror those on the federal level. Federal agencies responded by shutting down Web sites, pulling telephone directories and rethinking everything from dam blueprints to historical records. 10:34:30 PM  PermaLink   / trackback []

States Pass Thousands of Info Restriction Laws. States Pass Thousands of Info Restriction Laws. nebaz writes "The AP has published an article analyzing over 1000 laws passed by state legislatures since 9/11, and discovered a disturbing trend. More and more information is being made unavailable to the public. Some of this information may seem reasonable, dealing with national security and all, but there are other things, such as safety plans at schools, medication errors at nursing homes, and disciplinary actions against state employees, that are becoming restricted." From the article: "In statehouse battles, the issue has pitted advocates of government openness - including journalists and civil liberties groups - against lawmakers and others who worry that public information could be misused, whether it's by terrorists or by computer hackers hoping to use your credit cards. Security concerns typically won out."  [Slashdot: Your Rights Online] 10:31:29 PM  PermaLink   / trackback []

Chicago Tribune | Internet blows CIA cover It's easy to track America's covert operatives. All you need to know is how to navigate the Internet. [...] When the Tribune searched a commercial online data service, the result was a virtual directory of more than 2,600 CIA employees, 50 internal agency telephone numbers and the locations of some two dozen secret CIA facilities around the United States. Only recently has the CIA recognized that in the Internet age its traditional system of providing cover for clandestine employees working overseas is fraught with holes, a discovery that is said to have "horrified" CIA Director Porter Goss. 10:28:45 PM  PermaLink   / trackback []

Internet Searches Reveal CIA's Secrets. Internet Searches Reveal CIA's Secrets. GabrielF writes "In another blow to the reputation of the agency that just can't seem to get anything right, the Chicago Tribune used web searches and various commercial online databases to uncover a treasure trove of information about the CIA. The Tribune found the identities of over 2600 CIA employees (including an undisclosed number of covert operatives) as well as the locations of over two dozen CIA facilities across the U.S., internal telephone numbers, and information on 17 aircraft." [Slashdot: Your Rights Online] 10:15:27 PM  PermaLink   / trackback []

EFF Pushes Consumers to Claim Rootkit Compensation. EFF Pushes Consumers to Claim Rootkit Compensation.  An anonymous reader writes "'It's time for music fans who bought Sony BMG CDs loaded with harmful XCP or MediaMax copy protection to claim their settlement benefits', says the EFF's Derek Slater in an awareness campaign that is urging those inflicted with one of Sony BMG's rootkit infected CDs to collect what is due to them. The compensation is a DRM-free version of the original CD, $7.50, and album downloads from iTunes, Sony Connect, and others."  [Slashdot: Your Rights Online] 10:12:33 PM  PermaLink   / trackback []

Investor's Business Daily: Many products fight ID theft, but none fully prevent it SAN FRANCISCO (MarketWatch) -- A slew of products are now available to consumers fearful of identity theft, but none can promise complete immunity from the myriad forms of the crime, ranging from a stolen credit card to new accounts created in your name. While none are guaranteed to prevent the crime, they can reduce your risk, alert you quickly should you become a victim and help you deal with the after-effects -- if you're willing to pay from $60 to $150 or more a year. About 9 million U.S. adults were identity-fraud victims last year, according to Javelin Strategy & Research, a consulting firm in Pleasanton, Calif. 10:04:35 PM  PermaLink   / trackback []

AP PolkOnline.com - Courts, legislators grapple with Internet access to court records MIAMI -- In the digital age, virtually any court document can become instantaneously available around the world with the click of a computer mouse. And that means sensitive, private information such as Social Security and bank account numbers stored in those files can, too. The Florida Supreme Court and the state Legislature are grappling with how to provide public Internet access to court records while addressing both privacy concerns and the state's constitutional guarantee that most government documents be open to the public. The high court, which imposed a moratorium on Internet access two years ago, is holding hearings on a commission's recommendations that critics say would reduce availability of records. And state lawmakers are being asked by court clerks to allow people who file court papers to decide what should be kept out of the public eye. It's not just the news media, litigants and lawyers who could be affected by the outcome of these debates. Data companies around the globe are eager to mine into any available documents to obtain personal information, as are identity thieves and even government agencies, said Chris Hoofnagle of the Electronic Privacy Information Center or EPIC, a Washington-based public interest research group. "Court records are becoming fodder for dossiers on Americans," Hoofnagle said. But advocates of open records say adequate protections already exist for judges to seal personal or sensitive information in court records -- safeguards that shouldn't change simply because the Internet makes the documents more readily accessible. 10:01:10 PM  PermaLink   / trackback []

heraldsun.com: Cooper talks about public records, open meetings laws RALEIGH, N.C. -- Attorney General Roy Cooper is among the speakers at Monday's conference, "Are We Safer in the Dark?", sponsored by the North Carolina Open Government Coalition in Raleigh. The event will examine trends in public access to government records and meetings in North Carolina and nationwide. In advance of the conference and Sunshine Week, Cooper spoke with Associated Press state government reporter Gary Robertson about the state of public records and open meetings laws in North Carolina. 9:58:32 PM  PermaLink   / trackback []

Pawlenty, Hatch focus on data privacy Tension is growing between the public's right to access government data and concerns about privacy, as Republican Gov. Tim Pawlenty and DFL Attorney General Mike Hatch, who is running for governor, both come out supporting restricting access to public information to prevent identity theft. Neither Pawlenty nor Hatch has offered examples of fraud resulting from a release of information under the Minnesota Data Practices Act. But they said technological advances make such threats more real. "With a push of a button, your personal information can be made available to literally millions of people,'' Pawlenty said. The governor wants to reverse the fundamental principle that government data on individuals are presumed public unless designated private by the Legislature. "We need to start with the obligation of government to protect all citizens, and that all personal information that government has about individuals is private,'' he said. 9:55:54 PM  PermaLink   / trackback []

SiLive.com: NewsFlash - Company settles case of pilfered personal data ALBANY, N.Y. (AP) âo[per thou] A company accused of using unauthorized personal data"mined" by other firms from more than 6 millionpeople nationwide has agreed to reform its practices under a$1.1 million settlement, state officials confirmed. New York Attorney General Eliot Spitzer claims Datran Mediaof New York City, a leading e-mail marketer, used e-mailaddresses and other personal data it obtained from severalcompanies, according to the settlement scheduled to beannounced Monday. The Internet "customeracquisition" companies proclaimed on their Web sitesthat they wouldn't lend or sell the informationprovided. Consumers were often enticed to reveal theirnames, addresses and financial data in exchange for freeiPods and DVD movies. Sptizer accused Datran of knowing of the companies'pledges, but spamming those consumers with unsolicitede-mails anyway, advertising discount drugs, diet pills andother products. Spitzer's staff said they believe it isthe largest deliberate breach of Internet privacy discoveredby U.S. authorities. 9:53:27 PM  PermaLink   / trackback []

RSA's Identity Manager now SAML 2.0 compliant. RSA's Identity Manager now SAML 2.0 compliant. RSA Security is readying a new version of its Federated Identity Manager software that will support the latest specification of the Security Assertion Markup Language (SAML 2.0) and should help cut down the number of individual user log-ins. [Identity mangement news] 9:47:15 PM  PermaLink   / trackback []