Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Lost tapes at Nemours affects 1.6M patients
http://www.cmio.net/index.php?option=com_articles&article=29961&publication=102&view=portals
Three unencrypted computer backup tapes containing patient billing and employee payroll data have been reported missing from a Nemours facility in Wilmington, Del., according to the health system.
The information on the tapes dates principally between 1994 and 2004 and relates to approximately 1.6 million patients and their guarantors, vendors and employees at Nemours facilities in Delaware, Pennsylvania, New Jersey and Florida. The missing back-up tapes contained information such as name, address, date of birth, Social Security number, insurance information, medical treatment information and bank account information.
According to Nemours, the tapes were stored in a locked cabinet following a computer systems conversion completed in 2004. The tapes and locked cabinet were reported missing on Sept. 8, and are believed to have been removed on or about Aug.10 during a facility remodeling project.
“There is no indication that the tapes were stolen or that any of the information on them has been accessed or misused,” the organization said in a statement. “Independent security experts retained by Nemours determined that highly specialized equipment and specific technical knowledge would be necessary to access the information stored on the backup tapes. There are no medical records on the tapes.”
President, CEO David J. Bailey asserted that this is an isolated incident unrelated to patient care and safety.
Nemours is notifying individuals who may have been affected and offering them one year of free credit monitoring and identity theft protection as well as call center support. Nemours also stated it is taking immediate steps to strengthen its data security practices including moving towards encrypting all computer backup tapes and moving non-essential computer backup tapes to a secure, offsite storage facility.
Defense Dept. hit with $4.9B lawsuit over data breach
http://computerworld.co.nz/news.nsf/security/defense-dept-hit-with-49b-lawsuit-over-data-breach
Department of Defense has been hit with a $4.9 billion lawsuit over a data breach involving TRICARE, a healthcare system for active and retired military personnel and their families.
By Jaikumar Vijayan | Framingham | Saturday, 15 October, 2011
The U.S. Department of Defense has been hit with a $4.9 billion lawsuit over a recently disclosed data breach involving TRICARE , a healthcare system for active and retired military personnel and their families.
The lawsuit, filed in federal court in Washington D.C. this week by four people whose data was allegedly compromised, seeks $1000 in damages for each of the 4.9 million individuals affected by the breach.
The suit charges TRICARE, the Department and Defense Secretary Leon Panetta with failing to adequately protect private data and of "intentional, willful and reckless disregard" for patient privacy rights.
TRICARE did not respond immediately to a request for comment.
In the complaint, the four plaintiffs faulted TRICARE for failing to properly encrypt the private data in its possession and for taking too long to notify victims of the breach.
The four plaintiffs are Virginia Gaffney, a Hampton, Va.-based individual who described herself in court papers as the spouse of a decorated war veteran; her two children; and Adrienne Taylor, a Glendale, Az. Based Air Force veteran.
TRICARE in September disclosed that sensitive data including Social Security Numbers, names, addresses, phone numbers and personal health data belonging to about 4.9 million active and retired U.S. military personnel may have been compromised after unencrypted backup tapes containing the data went missing.
The information on the tapes was from an electronic healthcare application used to capture patient data. The backup tapes were stolen from the car of an employee at Science Applications International Corp. (SAIC), a TRICARE contractor. The breach affects all those who received care at the military's San Antonio area military treatment facilities between 1992 and Sept. 7. 2011.
Lawsuits such as this one have become increasingly common in the immediate aftermath of a major data breach.
Earlier this month, for instance, Stanford Hospital and Clinics was hit with a $20 million proposed class action lawsuit for a data breach involving a third-party contractor. And major breaches such as the ones at Heartland Payment Systems, TJX and Hannaford Bros. have all prompted their share of consumer lawsuits charging the companies with negligence, breach of contract and other charges.
In many cases, courts however have tended to dismiss lawsuits in data breach cases. Several courts have held that consumers cannot claim compensatory or punitive damages in data breach cases unless they can demonstrate that they have suffered actual monetary damage as the result of a breach.
The notion that someone might become the victim of ID theft in future because of a data breach cannot be used as a basis for claims, courts have held.
One exception was in the Heartland case, where the company agreed to pay $4 million to settle claims stemming from several class-action lawsuits.
.
Army to field tablets to manage medical records on battlefield
By NICOLE BLAKE JOHNSON | Last Updated:August 12, 2011
http://www.federaltimes.com/article/20110812/IT03/108120303/
Army medics could soon be accessing an injured soldier's medical data using tablet computers.
Currently, medics use bulky Motorola hand-held devices to document administered care, injuries and illnesses to soldiers in combat zones, ranging from battlefield wounds to a stomach virus. But this technology, fielded four years ago, can only support a limited version of the military's electronic outpatient medical record. And medics complain that the device's keypad is a sand magnet.
Mobile technologies like the iPad, iPhone and Android smartphones can run a more robust version of outpatient and inpatient medical records, with features that alert users to potentially harmful impacts of certain drug interactions and a list of patient allergies. Although medics usually do not administer prescription drugs, these additional capabilities would give them greater insight into a soldier's medical history.
"It's enabling the soldier to have the benefits of all the modern technology that we've got," said Lt. Col. William Geesey, who oversees the integration, training and distribution of the Army's health IT hardware and software program, called the Medical Communications for Combat Casualty Care (MC4) system.
Geesey has already tested some military electronic medical record applications on the iPad, iPod Touch, iPhone and Android smartphones. The 2010 tests were not conducted in theater, but demonstrated that the applications can run on mobile devices. Geesey and a small team of government workers spent about three months configuring the applications to run on the Apple and Android operating systems.
Mike Jones, chief of emerging technologies within the Army's chief information officer's office, said he expects some tablets will be approved for Army use by December. Jones said the Army is also reviewing how it will manage mobile devices and provide patch updates and the ability to remotely swipe information from lost or stolen devices.Smaller devices have less computing power, and the Motorola handheld devices used today weren't designed to browse the Internet, Geesey said. DoD also hasn't signed off on soldiers using wireless capabilities on the Motorola handheld for fear that an enemy could hack into the network and eavesdrop.
Once medics document a soldier's injuries, the data is stored on the hand-held device until it can be electronically transferred onto a laptop and into the patient's permanent record. There, it can be viewed by DoD and VA physicians.
Army Sgt. 1st Class Matthew Sims, who assists medics in gathering and storing health data with the Army's health IT system, says technological developments have done much to improve how health records are managed and used, both on the battlefield and off.
"Prior to digital documentation in 2003, during deployments all the medical records were paper and most of those paper documents never actually made it to the patient's medical records," Sims said.
As a staff sergeant in Iraq, Sims battled through several injuries — including a punctured left lung, a fractured skull and broken vertebrae. Doctors could easily track his medical history electronically as opposed to hunting for paper records, Sims said.
The challenge for today's medics, he said, is recording data with aging hand-held devices. They also have a laptop, but that is too bulky for the battlefield. Between his combat gear and medical aid bag, Sims' load is between 80 and 100 pounds.
Being able to use tablets in the battlefield to manage medical records offers many advantages, say Sims and other experts, such as:
• The screen is larger and medics can zoom in using the tap-and-stretch feature versus a stylus.
• Users can access basic laboratory, radiology and pharmacy applications on the battlefield.
• The likelihood of entering incorrect patient information decreases because users can scan a patient's Common Access Card to input demographic data rather than entering the information.
"Having it on the tablet or [a more modern] hand-held device would definitely benefit," Sims said.
Cyber recruits key part of NSA hiring blitz
August 15, 2011 - 6:58am
Dickie George, technical director of the Information Assurance Directorate, NSA
http://www.federalnewsradio.com/?nid=15&sid=2497197
The National Security Agency is on a hiring blitz. The cryptologic intelligence agency — home to the government's chief codemakers and breakers — announced its intention to hire as many as 3,000 people over the next two years, many of them cybersecurity experts.
In fact, NSA recruiters even took a trip to Las Vegas in the last few weeks to look for potential hires at DefCon, a high-profile hacker conference there.
Dickie George, the technical director of the Information Assurance Directorate at NSA, told the Federal Drive the agency is partnering with academia and industry to find the "best and brightest" in cybersecurity.
"We really need people who can solve hard problems," George said. "And network security is one of the hardest problems around."
However, the shortage of cyber pros doesn't only affect government, but also industry, he added.
"We need to develop the talent in this country to protect us from what's going on," he said. "And there's a lot going on." By joining forces with universities, he said, NSA and other government agencies hope to show a cyber career with the government can be an attractive option.
"There are great careers in this field," he said. "We want them to think about not being rocket scientists, but being cyber warriors, because that's what the country needs right now."
And the agency is looking in some unconventional places.
NSA raised some eyebrows when it was reported that the agency had visited the hacker convention, DefCon, in search of new cyber personnel.
"The community there is very vibrant; it's got a lot of talent," George explained. "Most of the people out there are doing the right things: They're trying to make products better, they're trying to improve the security of the Internet. And we need to work with those people ... We need to make sure they understand that we are the good guys."
But with many areas of the Defense Department preparing for flatter budgets and civilian hiring freezes already in the offing, NSA's robust hiring may be hard to account for.
But George characterized the current environment as a "cyber cold war," and said he's been given no indication to slow hiring.
"The importance of this mission and the importance to the nation of cybersecurity - it can't be understated," he said.
Today, the big value is intellectual property. "It's in the ideas," he added, in contrast to a bygone age where the value of industry was in large-scale manufacturing plants and material.
"This country is constantly being threatened by our adversaries," he said, which includes nation-states, terrorists and organized crime. "They're coming into this country and siphoning off our intellectual property. And that makes us really vulnerable."
This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.
2 Charged With Hacking Into AT&T, Stealing 120,000 iPad Users' Info
http://www.nbcnewyork.com/news/local-beat/2-Charged-With-Hacking-Into-ATT-Stealing-120000-iPad-Users-Info-114136814.html
Mayor Bloomberg's info reportedly among those stolen in June security breach
Federal prosecutors in New Jersey are announcing the arrests of two men accused of stealing e-mail addresses and other information from more than 100,000 Apple iPad users, including Mayor Michael Bloomberg and a slew of other dignataries, according to previous reports.
Daniel Spitler of San Francisco and Andrew Auernheimer of Fayetteville, Ark., each face one count of conspiracy to access a computer without authorization and one count of fraud in connection with personal information related to the hack of AT&T's servers.
Spitler is scheduled to appear in federal court in Newark on Tuesday afternoon. Auernheimer is to appear before a federal judge in Fayetteville, Ark.
AT&T Inc. in June acknowledged a security weak spot that exposed the e-mail addresses of apparently more than 100,000 iPad users.
U.S. says iPad users' data stolen, sets criminal charges
http://www.reuters.com/article/idUSTRE70H3BH20110118?feedType=RSS&feedName=topNews
- U.S. investigators plan to announce criminal charges concerning the alleged theft of email addresses and other personal information belonging to about 120,000 users of Apple Inc's iPad tablet computer.
Prosecutors said the charges arise from an alleged hacking of AT&T Inc's servers, which affected iPad users who accessed the Internet through AT&T's 3G network.
Paul Fishman, the U.S. attorney for the District of New Jersey, and the FBI plan to hold a press conference Tuesday afternoon to discuss the charges.
New report: Data Breach Notifications in Europe
http://www.enisa.europa.eu/media/press-releases/new-report-data-breach-notifications-in-europe
Jan 14, 2011
http://enisa.europa.eu
- The EU’s ‘cyber security’ Agency ENISA, (the European Network and Information Security Agency) has today issued a report on Data Breach Notifications. The EU data breach notification (DBN) requirement for the electronic communications sector in the ePrivacy Directive (2002/58/EC) is vital to increase in the long term the level of data security in Europe. The Agency has reviewed the current situation and identified the key concerns of both the telecom operators and the Data Protection Authorities (DPA)s in its new report.
Recent high profile incidents of personal data loss in Europe have prompted wide discussion about the level of security applied to personal information shared, processed, stored and transmitted electronically.The Executive Director of the Agency, Prof. Udo Helmbrecht, commented:
“Gaining and maintaining the trust of citizens of that their data is secure and protected is an important factor in the future development and take-up of innovative technologies and online services across Europe.”
The introduction of an EU DBN requirement for the electronic communication sector in ePrivacy Directive (2002/58/EC) is important to increase data security in Europe and to reassure citizens that their data is protected by e-communications operators. The Agency has taken stock of the current situation by interviewing the national DPAs and a representative sample of companies. The telecommunications sector recognises that DBN have an important role for data protection and privacy. Yet, operators are seeking clarifications at both EU and local level as to comply with DBN requirements. The expectations of DPAs and operators in most cases overlap, but there are some discrepancies.
Key concerns raised by telecom operators and DPAs include:
– Risk Prioritisation – The seriousness of a breach should determine the
level of response. Breaches should be categorised according to risk
levels to avoid ‘notification fatigue’.
– Communication Channels – Operators need assurances that notification
requirements will not impact their brands in a negative way.
– Resources – some regulatory authorities are already occupied with other
priorities
– Enforcement – DPAs indicated that sanctioning authority enables them to
better enforce regulations.
– Undue Delay in reporting-Regulators wants short deadlines for reporting
breaches. Service providers, however want to focus their resources on
solving the problem.
– Content of Notifications – Operators want to make sure the notification
content does not impact negatively on customer relations. Regulators
want all the necessary information.
In 2011 the Agency will develop guidelines for the technical
implementation measures and the procedures, as in Art. 4 of Directive
2002/58/EC (
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:EN:HTML
) and analyse the possibility for extending the general obligation of DBN to
other sectors, e.g. the financial sector, health care, and small businesses.
This will be discussed at a workshop (
http://www.enisa.europa.eu/act/it/data-breach-notification) that ENISA
organises in Brussels on 24 January, 2011.
Social Media Policies a 2011 Priority
http://www.healthcareinfosecurity.com/articles.php?art_id=3258&pg=1
Lisa Gallagher of HIMSS Sizes Up Top Security Trends
January 12, 2011 - Howard Anderson, Managing Editor,
Devising strategies for ensuring social media are not used in ways that violate patient privacy is one of the top trends for 2011, says Lisa Gallagher, senior director of privacy and security at the Healthcare Information and Management Systems Society.
HIMSS is preparing a whitepaper offering advice on how to craft a social media policy that helps ensure no sensitive patient information winds up on social networks, Gallagher says. The report will be available early in 2011.
Developing strategies for deploying mobile devices safely;
Making widespread use of encryption and secure e-mail;
Addressing emerging privacy and security issues related to participating in health information exchanges.
Gallagher also calls on hospitals, clinics and other healthcare organizations to:
Increase their spending on information security.
Set clear security policies and then educate staff members on how to carry them out.
Conduct timely risk assessments and then implement appropriate security controls.
HIMSS has more than 30,000 members who work in healthcare IT and management systems. With more than 25 years of consulting experience in security engineering, hardware design and software development, Gallagher specializes in the practical application of security techniques and standards, as well as privacy and security policy.
ANDERSON: What would you say are the top five trends in healthcare information privacy and security for 2011?
GALLAGHER: In thinking about this, I broke it into two areas. The first is what do we get the most questions on, or what are some of the most challenging issues in the technical area of security? I identified three trends from our recent security survey as well as what we get questions about.
The first is mobile device security. So many organizations have employees that either have or want to use mobile devices in their job -- laptops, smart phones, etc. Organizations need to understand how they can deploy these safely both through policies and procedures as well as technical controls to help them keep the information safe.
Then that leads us to another area, which is data encryption. A lot of organizations ask us about the requirements in this area: Do we really need to encrypt the data that we store and transmit? Do we need to spend the money on technical encryption technology, etc? Then following that is e-mail encryption. There is a lot of discussion as to whether they should be encrypting all their e-mail. So those are some of the top areas that are more technical in nature.
Plus, there are a few emerging areas that we are talking a lot about. The first is privacy and security issues for the exchange environment. What happens when an organization participates in a health information exchange? What are their obligations and responsibilities with regard to data sharing? What about the recommendations on patient consent that were recently provided by the Privacy and Security Tiger Team advising regulators, and what does that mean to an organization that is about to start sharing information in an exchange environment? Those are things that we talk quite a bit about and our volunteer workers can get questions on.
Social Media Policies
Then the final emerging area is social media in healthcare. This is becoming a high priority topic. Organizations may want to have a social media presence, so they wonder how do they implement that and how do they control it. How do they ensure that no sensitive information is published and nothing is done that would damage the reputation of their organization? At the same time, they also have employees who make decisions every day about their own participation in social media. So how does an organization manage that and make sure that no information that is sensitive gets out and no damage to the reputation of the organization is done?
Interestingly, we find that most healthcare organizations don't have a policy on social media. So at HIMSS, we have a volunteer work group that is working on a white paper on this topic to give organizations advice on how to assess their risk and what mitigation strategies for those risks might be applicable. This is an example how HIMSS, with our volunteers, responds to the needs of members on key issues or topics of interest in privacy and security.
ANDERSON: Do you have any idea when that white paper will become available?
GALLAGHER: ...That paper is already in draft and I'm guessing that it will be out in the next couple of months.
Security Spending, Risk Assessments
ANDERSON: So what advice would you give to healthcare CIOs and chief information security officers as they set their security spending priorities for next year and beyond? What investments and strategies are most important for protecting sensitive patient information, especially in light of the major breaches reported so far?
GALLAGHER:
we already know that the amount spent on security is relatively low. Approximately half of our respondents reported that their organizations spend 3 percent or less of their IT budget on security. We have seen some improvement year over year, and we hope to see that going forward. But, of course, resources are tight, and spending needs to be focused on key priority areas for the organization.
For security, I think we really need to focus in two primary areas. The first is supporting the employee in understanding their role in security. From the list of major breaches, we see that the majority resulted from the loss or theft of portable devices. So we know that it is important that we set clear, achievable policies in these areas, and we also educate and train the employees on the security practices that will help each of them and the organization itself meet security goals.
Now for the organization itself, I think the biggest bang for the buck activity is to conduct a security risk assessment. This is a fundamental security activity. It's the basis for HIPAA compliance, and we even recently saw it as the single security requirement listed for stage one of the HITECH Act EHR incentive program. ... Once an organization does a risk assessment and understands its risk areas, it can evaluate its current security controls, its policies and procedures, etc. Then performing periodic assessments, and making changes to controls where needed, is the best way for an organization to meet all of its security goals as well as its compliance requirements. So that is something definitely worth spending some resources on.
Is The Government About To Compete With Facebook?
http://www.allfacebook.com/is-the-government-about-to-compete-with-facebook-2011-01
One of the key value propositions of Facebook Connect is the ability to avoid having to remember numerous passwords to log on to different sites. However, the Obama administration appears to be interested in accomplishing the same thing.
In a statement at a Stanford event this weekend, U.S. Commerce Secretary Gary Locke stated, “We are not talking about a government controlled system. What we are talking about is enhancing online security and privacy and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities.”
Apparently the administration has become convinced that a privately managed identity service is not sufficient for protecting consumers. Unfortunately details on the new initiative are lacking; however, given the administration’s close contact with industry insiders, I wouldn’t be surprised to see a government-backed OpenID-like identity provider.
According to a story published in CBS News, “There’s no chance that ‘a centralized database will emerge,’ and ‘we need the private sector to lead the implementation of this,’ [Locke] said.” That statement is at least a little bit refreshing. From the sound of things, this centralized identity solution is more secure than Facebook Connect, which currently doesn’t provide access to any form of personal financial data.For the time being there’s no way to determine what the administration has planned; however, there’s no doubt that Facebook will be watching any centralized identity service proposed by the administration extremely closely.
Trusted Identity Plans Require Proper Balance in Private, Public Partnerships
http://www.eweek.com/c/a/Security/Trusted-Identity-Plans-Require-Proper-Balance-in-Private-Public-Partnerships-179605/
By: Brian Prince
2011-01-07
The Obama administration wants the tech industry to take the lead in creating a trusted online identity ecosystem.
Talk of private and public partnerships for Internet security are a common refrain, and the calls were heard yet again Jan. 7 when federal officials announced plans for a new office within the U.S. Department of Commerce to coordinate federal efforts to support the creation of a trusted online identity ecosystem.
Taking the concept of trusted identities from discussion to reality, many say, requires striking the proper balance between the private and public sectors, and the government wants the tech industry to take the lead.
"The president's goal is to foster an identity ecosystem where Internet users can use strong, interoperable credentials from public and private sector providers to authenticate themselves online for a whole host of transactions," U.S. Commerce Secretary Gary Locke told an audience of people at a forum at the Stanford Institute for Economic Policy Research at Stanford University.
"The solutions allowing us to actually achieve that goal are very likely to emanate from your firms, and the players and the organizations here in Silicon Valley," he added.
James Dempsey, vice president for public policy at the Center for Democracy and Technology, agreed the Obama administration's National Strategy for Trusted Identities in Cyberspace (NSTIC) initiative needs to be led by the private sector.
"The problem here on some level is the government needs an identity ecosystem or identity infrastructure ... but the government cannot create that identity infrastructure because if it tried to, it wouldn't be trusted," he said at the forum.
The ecosystem should be voluntary, diverse—meaning there should be more than one identity provider—and based on the concept of levels of assurance ranging from anonymous to the highly verified for transactions that require that, Dempsey said. It should also be just one part of the security puzzle, which also needs to include baseline legislation on consumer privacy, he added.
Away from the forum, Forrester Research analyst Chenxi Wang said the need to address security issues on the Web should not drive the initiative in a direction that compromises privacy or liberty.
"I think if the government tries to initiate a national identity directory effort, it will fail miserably because people will not trust it. … This system will have to be based on open competition," she said. "I can see Google being one of the suppliers of this national identity. I can even see Salesforce playing a role.
"This will also have to be standards-based so private directories can hook into the national repository if they wish," she added. "The government will have a regulator role to play here—they can set restrictions on how the identity information can be used, and also act as a facilitator for international identity negotiations."
Ultimately, she said, if the infrastructure behind the initiative is built, it will emerge as a virtual infrastructure with open standards-based implementation that is hosted by various parties and monitored by industry watchdog groups.
But while some feel the tech industry should take the lead, Gartner analyst Avivah Litan offered a contrary opinion.
"The federal government is the most natural issuer of identities in a federated identity scheme," she told eWEEK. "After all, they already issue our [Social Security numbers]. It's too bad they haven't figured out how to issue electronic identity credentials.
"In the meantime, what can we expect? Facebook is already a major identity provider, and many e-commerce sites already rely on those Facebook identities," Litan continued. "Granted, these are for seemingly low-risk transactions, so that a bank or government agency disbursing benefits would never be able to rely on it as an example for high-risk transactions. But over time, I think we can expect Facebook, Google and mobile commerce companies like Bling Nation to eventually figure out a business model where they can back user identities and their high-level transactions as long as they can make money at it—and as long as they get significant user adoption."
Items Stolen John Conyers' Government-Registered Cadillac
Vehicle driven by Congressman's 20-year-old son
Updated: Tuesday, 30 Nov 2010, 9:13 AM EST
Published : Tuesday, 30 Nov 2010, 7:09 AM EST
http://www.myfoxdetroit.com/dpp/news/local/items-stolen-john-conyers-government-registered-cadillac-20101130-mr
By myFOXDetroit.com Staff
DETROIT (WJBK) - The son of Rep. John Conyers, D-Mich., says items were stolen out of the government vehicle he was driving last Wednesday in downtown Detroit, FOX 2's Simon Shaykhet reports.
John Conyers III, 20, told police two Apple MacBooks, valued at $1,100 apiece, and more than $27,000 worth of concert tickets to the Fillmore were stolen out of a burgundy 2010 Cadillac Escalade registered to the 14th Congressional District.
The police report says the vehilce was parked at Brush Street and Congress around 11:30 p.m. on Nov. 24. When Conyers returned around 12:30 a.m., he noticed scratches on the side door and items scattered throughout the interior.
Shaykhet says the incident brings into question why the son of a congressman was driving a registered government vehicle.
"I don't know of a single person in congress in the 16 years I was there who had to put vehicle titles in the name of the government," former U.S. Rep. Joe Knollenberg tells FOX 2.
According to the U.S. General Services Administration Web site , if an employee allows an unauthorized person to use a government vehicle, that employee could be suspended or fired.
"I would tell you that they better use this (vehicle) just for the purpose of what they had been required to do," said Knollenberg. "Not to get into the hands of a relative or a friend or whatever."
Currently, there is no word on why John Conyers III was driving the vehicle. A spokesperson for the congressman's office tells FOX 2 she will get back to us on the allegations.
FOX 2 is also working to get details on what the concert tickets were for and if the stolen laptops had any sensitive government information.Conyers has been a member of the U.S. House since 1965.
His wife, Monica, is serving a 37-month federal prison sentence for corruption after pleading guilty last year to a bribery scheme involving her vote on the Detroit City Council in favor of a sludge-hauling contract.
Petrobras Raises $70 Billion in World's Largest Share Sale
http://finance.yahoo.com/news/Petrobras-Raises-70-Billion-bloomberg-3739385377.html?x=0&sec=topStories&pos=6&asset=&ccode=
On Friday September 24, 2010, 8:09 am EDT
Petroleo Brasileiro SA, the state- controlled oil company, raised 120.4 billion reais ($70 billion) from the Brazilian government and other investors in the world’s largest share sale as it seeks cash to develop offshore fields.
Petrobras, based in Rio de Janeiro, sold 2.4 billion common shares for 29.65 reais each and priced 1.87 billion preferred stock at 26.30 reais apiece, according to a regulatory filing from the company yesterday. That represents a discount of about 2 percent below yesterday’s closing price.
The company is tapping demand for emerging-market assets to fund development of oil deposits such as Tupi, the largest discovery in the Americas in three decades, and to preserve its investment grade credit rating. As part of the share sale, Petrobras issued about $42.5 billion of stock to Brazil’s government in exchange for the rights to develop 5 billion barrels of oil reserves.
“There have been significant inflows into the emerging market universe, and people have to put money to work,” said David Semple, a money manager at New York-based Van Eck Associates, which oversees $25 billion. Petrobras “is one of the more interesting out of a fairly dull bunch of state-directed hydrocarbon companies around the globe.”
Petrobras’s preferred shares rose 82 centavos, or 3.2 percent, to 26.80 reais in Sao Paulo trading yesterday, while the common stock climbed 1.9 percent to close at 30.25 reais.
‘Strong Demand’
“It’s positive that they managed to get such strong demand and the price was above market expectations,” said Mirela Rappaport, who helps manage about $100 million at Investport in Sao Paulo, including Petrobras shares. “In the long run, what will be important for Petrobras is if oil prices go up and for how long and at what cost it will take to develop oil reserves.”
Before the offering, Brazil’s government owned a 32 percent stake in Petrobras and controlled the company through 55.6 percent of voting shares. The sale will probably lead to an increase in the government’s stake, the company said in a Sept. 3 prospectus.
Petrobras slumped 27 percent this year, the second-worst performing major oil stock after BP Plc, on concern the sale would cut earnings and boost state interference. The sale may signal President Luiz Inacio Lula de Silva is paving the way for greater control over the Brazilian economy before the likely election of his chosen successor Dilma Rousseff next month.
Lula is tightening the state’s grip on the domestic oil industry after Tupi was discovered in 2007, the largest find in the Western Hemisphere since Mexico’s Cantarell in 1976. He says Brazil is relying on the country’s oil wealth to help raise the nation’s 192 million people out of poverty.
‘Less Comfortable’
“I’d be in the camp that is less comfortable with having the government more involved,” Madelynn Matlock, who helps oversee about $13 billion at Huntington Asset Advisors in Cincinnati, said in a telephone interview before the offering price was announced. “Not that I think they’d do anything wrong, but it becomes more of a public-utility structure than an entrepreneurial company situation.”
The public share offering will help raise funds for a $224 billion investment plan that includes projects to develop offshore fields including Tupi, which may hold 8 billion barrels of oil. Chief Executive Officer Jose Sergio Gabrielli plans to double output to 5.38 million barrels a day by 2020, from 2.7 million barrels in 2010.
Chinese Sale
The Petrobras sale amounted to about 18 percent of the value of all equity offerings completed in 2010 and exceeded by three times the record initial public offering of $22.1 billion by Agricultural Bank of China in July, according to Bloomberg data.
About $379 billion has been raised by companies selling shares this year, the same pace as a year ago, data compiled by Bloomberg show. A total of 167 equity offerings valued at $29.5 billion have been postponed or withdrawn around the world this year, the most since at least 1998, the data show.
Data Security in Flash Devices
July 21, 2010
Sorry if posted...
http://www.glgroup.com/News/Data-Security-in-Flash-Devices-49611.html
Summary
USB drives, SSDs and other flash-based storage devices are used for storing personal and other sensitive data. Eliminating data on flash devices is required to help protect sensitive data. Traditional secure erase on flash creates endurance issues, crypto-erase is preferred. By the use of enhanced secure erase (or crypto-erase) SSDs should be able to be qualified as FIPS 140 complaint, making them available for many military and government applications.
Analysis
Getting rid of sensitive data is an ongoing issue with digital storage devices. Hard disk drives have long been primary storage repositories and technologies have been developed to remove access to data on these drives. There are commands in the SATA interface that can cause a disk drive to erase all of the data on the drive (or drive partition). This erasure is performed by overwriting the prior recorded information. The commands used are “security erase” commands. NIST document 800-88 defines ATA drive secure erase as a method to “purge” data, which provides adequate protection for all but the most sensitive information. Secure erase on a large storage device like today’s 2+ TB HDDs can take a long time since each recorded region must be overwritten.
In the last few years an alternative to overwriting data in hard disk drives, as well as other storage devices, has been developed by the Trusted Computing Group. In this method data is encrypted within a storage device where the encryption key resides in a non-user accessible location. Storage commands, such as SATA commands, can be used to control access to this encrypted data and generally the data can only be accessed by use of a password that allows use of the encryption key to decrypt the data so the user can access and use it. Encrypted mobile HDD for laptops are made by several companies and many expect that encryption will eventually be incorporated into most HDDs.
In an encrypted hard disk drive a special command enabled in the SATA specifications, called “enhanced secure erase” can be invoked that causes the hard disk drive to erase (write over) the key to the encrypted data. After the key is overwritten the data cannot be accessed unless the encryption is broken. With a high enough level of encryption, 256 bit encryption is common today, the encrypted data cannot be decrypted and read by any computer now in existence. Thus although the encrypted data remains on the storage device, it cannot be read.
Compared to conventional secure erase, enhanced secure erase is very quick, only requiring microseconds, and provides good protection of user data. This cryptographic secure erasure is recognized in the latest version of the US government’s FIPS 140, rev. 3 document, which covers security requirements for cryptographic modules.
With the increasing use of flash memory devices such as USB drives and Solid State Drives (SSDs) for primary storage of data, methods are needed to effectively erase and protect sensitive data. Traditional data overwrite techniques will lead to significant endurance and product life issues in flash memory devices since each erase in a flash memory cells shortens the remaining number of times the cell can be erased and reused. For this reason enhanced secure erase using key erasure is the preferred method.
The Trusted Computing Group is working with flash memory companies to incorporate enhanced secure erase in SSDs using onboard encryption. SSDs that can support enhanced secure erase should be able to be certified as FIPS 140 compliant. This is very important to get these products approved for military and other governmental applications.
Competition heats up in cloud computing field
2010-08-05 16:28
...“To promote the use of cloud computing, Korea will need to prepare laws and policies to cope with service interruption so that it could be responded to at the government level,” according to a report released in April by the National IT Industry Promotion Agency.
The report also proposed that requirement for data protection and privacy protection should be fully presented even when the physical location of the data changes and that a new law needs to be established to enhance the security and reliability of data.
http://www.koreaherald.com/business/Detail.jsp?newsMLId=20100805000836
dude_danny
Apple's Worst Security Breach: 114,000 iPad Owners Exposed
http://gawker.com/5559346/
Apple has suffered another embarrassment. A security breach has exposed iPad owners including dozens of CEOs, military officials, and top politicians. They—and every other buyer of the wireless-enabled tablet—could be vulnerable to spam marketing and malicious hacking.
The breach, which comes just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel's information was compromised.
It doesn't stop there. According to the data we were given by the web security group that exploited vulnerabilities on the AT&T network, we believe 114,000 user accounts have been compromised, although it's possible that confidential information about every iPad 3G owner in the U.S. has been exposed. We contacted Apple for comment but have yet to hear back. We also reached out to AT&T for comment. A call to Rahm Emanuel's office at the White House has not be returned.
The specific information exposed in the breach included subscribers' email addresses, coupled with an associated ID used to authenticate the subscriber on AT&T's network, known as the ICC-ID. ICC-ID stands for integrated circuit card identifier and is used to identify the SIM cards that associate a mobile device with a particular subscriber.
AT&T closed the security hole in recent days, but the victims have been unaware, until now. For a device that has been shipping for barely two months, and in its cellular configuration for barely one, the compromise is a rattling development. The slip up appears to be AT&T's fault at the moment, and it will complicate the company's already fraught relationship with Apple.
Although the security vulnerability was confined to AT&T servers, Apple bears responsibility for ensuring the privacy of its users, who must provide the company with their email addresses to activate their iPads. This is particularly the case given that U.S. iPad 3G customers have no choice in mobile carriers — AT&T has an exclusive lock, at least for now. Given the lock-in and the tight coupling of the iPad with AT&T's cellular data network, Apple has a pronounced responsibility to patrol the network vendors it chooses to align and share customer data with.
But it will also likely unnerve customers thinking of buying iPads that connect to AT&T's cellular network.
It will also do so at a pivotal moment, with the iPad 3G early in its sales cycle. Brisk sales for the original wi-fi iPad had promised to turn the 3G model into a similar profit machine. But further questions about AT&T, already widely ridiculed for its bad service, are going to make people think twice about spending up to $830 and $25 per month on the iPad 3G.
Breach details: Who did it, and how
The subscriber data was obtained by a group calling itself Goatse Security. Though the group is steeped in off-the-wall, 4chan-style internet culture—its name is a reference to a famous gross-out Web picture—it has previously highlighted real security vulnerabilities in the Firefox and Safari Web browsers, and attracted media attention for finding what it said were flaws in Amazon's community ratings system.
Goatse Security obtained its data through a script on AT&T's website, accessible to anyone on the internet. When provided with an ICC-ID as part of an HTTP request, the script would return the associated email address, in what was apparently intended to be an AJAX-style response within a Web application. The security researchers were able to guess a large swath of ICC IDs by looking at known iPad 3G ICC IDs, some of which are shown in pictures posted by gadget enthusiasts to Flickr and other internet sites, and which can also be obtained through friendly associates who own iPads and are willing to share their information, available within the iPad "Settings" application.
To make AT&T's servers respond, the security group merely had to send an iPad-style "User agent" header in their Web request. Such headers identify users' browser types to websites.
The group wrote a PHP script to automate the harvesting of data. Since a member of the group tells us the script was shared with third-parties prior to AT&T closing the security hole, it's not known exactly whose hands the exploit fell into and what those people did with the names they obtained. A member tells us it's likely many accounts beyond the 114,000 have been compromised.
Goatse Security notified AT&T of the breach and the security hole was closed.
We were able to establish the authenticity of Goatse Security's data through two people who were listed among the 114,000 names. We sent these people the ICC ID contained in the document—and associated with the person's iPad 3G account—and asked them to verify in an iPad control panel that this was the correct ICC ID. It was.
Victims: Some big names
Then we began poring through the 114,067 entries and were stunned at the names we found. The iPad 3G, released less than two months ago, has clearly been snapped up by an elite array of early adopters.
Within the military, we saw several devices registered to the domain of DARPA, the advanced research division of the Department of Defense, along with the major service branches. To wit: One affected individual was William Eldredge, who "commands the largest operational B-1 [strategic bomber] group in the U.S. Air Force."
In the media and entertainment industries, affected accounts belonged to top executives at the New York Times Company, Dow Jones, Condé Nast, Viacom, Time Warner, News Corporation, HBO and Hearst.
Within the tech industry, accounts were compromised at Google, Amazon, Microsoft and AOL, among others. In finance, accounts belonged to companies from Goldman Sachs to JP Morgan to Citigroup to Morgan Stanley, along with dozens of venture capital and private equity firms.
In government, affected accounts included a GMail user who appears to be Rahm Emanuel and staffers in the Senate, House of Representatives, Department of Justice, NASA, Department of Homeland Security, FAA, FCC, and National Institute of Health, among others. Dozens of employees of the federal court system also appeared on the list.
Ramifications
There are no doubt other high-profile subscribers caught up in the security lapse, along with ordinary users who now have reason to worry that AT&T might expose more of their iPad data to hackers.
At the very least, AT&T exposed a very large and valuable cache of email addresses, VIP and otherwise. This is going to hurt the telecommunications company's already poor image with iPhone and iPad customers, and complicate its very profitable relationship with Apple. Exacerbating the situation is that AT&T has not yet notified customers of the breach, judging from the subscribers we and the security group contacted, despite being itself notified at least two days ago. It's unclear if AT&T has notified Apple of the breach.
Then there's the question of whether any damage can be done using the ICC IDs. The Goatse Security member who contacted us was concerned that recent holes discovered in the GSM cell phone standard mean that it might be possible to spoof a device on the network or even intercept traffic using the ICC ID. Two other security experts we contacted were less confident in that assessment. Mobile security consultant and Nokia veteran Emmanuel Gadaix told us that while there have been "vulnerabilities in GSM crypto discovered over the years, none of them involve the ICC ID... as far as I know, there are no vulnerability or exploit methods involving the ICC ID."
Another expert, white hat GSM hacker and University of Virginia computer science PhD Karsten Nohl, told us that while text-message and voice security in mobile phones is weak "data connections are typically well encrypted... the disclosure of the ICC-ID has no direct security consequences."
But that didn't mean he thinks AT&T is off the hook:
O.T. Symantec Close to Buying VeriSign Unit
, New York Times Says
By Nick Baker and Andrea Tan - May 18, 2010
http://preview.bloomberg.com/news/2010-05-19/symantec-nears-1-3-billion-deal-to-buy-verisign-s-security-unit-nyt-says.html
Symantec Corp. may be close to a $1.3 billion deal for VeriSign Inc.’s authentication services unit, the New York Times reported, citing people briefed on the matter.
An agreement over the business, which provides security technology for online payments, could be reached this week, the newspaper said.
VeriSign Chief Financial Officer Brian Robins canceled a presentation at a JPMorgan Chase & Co. conference yesterday because of a scheduling conflict, according to company spokesman Brad Williams. Dave Reddy, a spokesman for Symantec, declined to comment. He works for outside PR firm Weber Shandwick.
The pullout fueled speculation that VeriSign, the biggest operator of computers that direct Internet traffic, may be involved in merger or acquisition talks, said Jamie Lissette, founder of the Hammerstone Group, a Westport, Connecticut-based operator of online discussion forums for investors.
VeriSign has been selling businesses that don’t fit with its Internet operations. In its main divisions, the company manages the Internet’s dot-com and dot-net addresses and sells online certificates confirming that surfers landed on legitimate websites. Its iDefense unit also helps large companies protect themselves from cyber attacks.
Docs' file sharing risky business for patient data
March 05, 2010 | Molly Merrill, Associate Editor
http://www.healthcareitnews.com/news/docs-file-sharing-risky-business-patient-data
Doctors who use file sharing software could be putting their patients' medical information at risk, says a recent study.
The study, which was published in the Journal of the American Medical Informatics Association, is the first of its kind to empirically estimate the extent to which personal health information is disclosed through file-sharing applications, said Khaled El Emam, Canada research chair in electronic health information, and the study's lead author.
Researchers used popular file sharing software such as Limewire, BitTorrent and Kazaa to gain access to documents they downloaded from a representative sample of IP addresses. They were able to access the personal and identifying health and financial information of individuals in Canada and the United States.
"The flexibility of these file sharing tools is often the same reason that they are not completely intuitive and can thus lead to errors as to which files or folders are setup for sharing. Without additional protection on the health records, like encryption or elevated access controls, it is entirely possible that a mis-configured file sharing tool could gain full access to the records," said Robert Grapes, chief technologist of the Cloakware team in Irdeto.
El Emam said he and his colleagues found evidence of outsiders actively searching for files that contain private health and financial data. "There is no obvious innocent reason why anyone would be looking for this kind of information," he said.
Researchers advised not using file-sharing tools if they want to protect their sensitive information.
Although this is a simple answer, says Grapes, the reality is that most doctors are using their computers for more than just accessing patient records.
"Email, scheduling, bill payment, medical research, conference bookings and much more are normal activities for these computers, so it makes sense that some, not all, doctors will also install and use file sharing systems," he said.
But trying to use the file sharing software's own privacy safeguards requires considerable information technology expertise, said El Emam.
"Doctors must become familiar with their software applications, file-sharing in this case, and be in a confident position to defend any audit challenges as to the protection of medical health record information," agreed Grapes.
"File and folder encryption are reasonably simple approaches to bolster the protection of these records, but these security methods come with their own management and use challenges that also must be well understood," he said.
Only a small proportion of the IP addresses the researchers examined contained personal health information, but since tens of millions of people use peer-to-peer file sharing applications in North America, that percentage translates into tens of thousands of computers, they said.
Here is a sample of the private health information research team was able to find by entering simple search terms in file-sharing software:
-An authorization for medical care document that listed an individual's Ontario Health Insurance card number, birth date, phone number and details of other insurance plans;
-A teenage girl's medical authorization that included family name, phone numbers, date of birth, social security number and medical history, including current medications;
-Several documents created by individuals listing all their bank details, including account and PIN numbers, passwords and credit card numbers.
CHEO Research Institute's ethic board approved the research for this study. CHEO Research Institute coordinates the research activities of the Children's Hospital of Eastern Ontario.
Click here to read the full JAMIA article.
Weby...Definitely a possibilty...Stars lining up for Wave.
Best, dude_danny
Cybersecurity bill to give president new emergency powers
By Tony Romm - 02/26/10 02:30 PM ET
http://thehill.com/blogs/hillicon-valley/technology/83961-forthcoming-cybersecurity-bill-to-give-president-new-powers-in-cyberattack-emergencies
The president would have the power to safeguard essential federal and private Web resources under draft Senate cybersecurity legislation.
According to an aide familiar with the proposal, the bill includes a mandate for federal agencies to prepare emergency response plans in the event of a massive, nationwide cyberattack.
The president would then have the ability to initiate those network contingency plans to ensure key federal or private services did not go offline during a cyberattack of unprecedented scope, the aide said.
Ultimately, the legislation is chiefly the brainchild of Sens. Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine), the chairman and ranking member of the Senate Commerce Committee, respectively. Both lawmakers have long clamored for a federal cybersecurity bill, charging that current measures — including the legislation passed by the House last year — are too piecemeal to protect the country's Web infrastructure.
Their renewed focus arrives on the heels of two, high-profile cyberattacks last month: A strike on Google, believed to have originated in China, and a separate, more disjointed attack that affected thousands of businesses worldwide.
Rockefeller and Snowe's forthcoming bill would establish a host of heretofore absent cybersecurity prevention and response measures, an aide close to the process said. The bill will "significantly [raise] the profile of cybersecurity within the federal government," while incentivizing private companies to do the same, according to the aide.
Additionally, it will "promote public awareness" of Internet security issues, while outlining key protections of Americans' civil liberties on the Web, the aide continued.
Privacy groups are nonetheless likely to take some umbrage at Rockefeller and Snowe's latest effort, an early draft of which leaked late last year.
When early reports predicted the cybersecurity measure would allow the president to "declare a cybersecurity emergency," online privacy groups said they felt that would endow the White House with overly ambiguous and far-reaching powers to regulate the Internet.
The bill will still contain most of those powers, and a "vast majority" of its other components "remain unchanged," an aide with knowledge of the legislation told The Hill. But both the aide and a handful of tech insiders who support the bill have nonetheless tried to dampen skeptics' concerns, reminding them the president already has vast — albeit lesser-known — powers to regulate the Internet during emergencies.
It is unclear when Rockefeller and Snowe will finish their legislation. And the ongoing debate over healthcare reform, financial regulatory reform, jobs bills and education fixes could postpone action on the floor for many months.
Both lawmakers heavily emphasized the need for such a bill during a Senate Commerce Committee cybersecurity hearing on Wednesday.
"Too much is at stake for us to pretend that today’s outdated cybersecurity policies are up to the task of protecting our nation and economic infrastructure," Rockefeller said. "We have to do better and that means it will take a level of coordination and sophistication to outmatch our adversaries and minimize this enormous threat."
http://thehill.com/blogs/hillicon-valley/technology/75965-white-house-blames-inefficient-government-on-outdated-technologies
White House budget director blames old computers for ineffective government
By Ian Swanson - 01/14/10 02:56 PM ET
A big reason why the government is inefficient and ineffective is because Washington has outdated technology, with federal workers having better computers at home than in the office.
This startling admission came Thursday from Peter Orszag, who manages the federal bureaucracy for President Barack Obama.
The public is getting a bad return on its tax dollars because government workers are operating with outdated technologies, Orszag said in a statement that kicked off a summit between Obama and dozens of corporate CEOs...
More on Peter Orszag
A group from Task Force on American Innovation wrote him a message
in November 2009. I think he got the message.
November 5, 2009
The Honorable Peter Orszag
Director, Office of Management and Budget
252 Eisenhower Executive Office Building
Washington, DC 20503
Dear Director Orszag:
As development of the FY 2011 budget moves forward, the Task Force on American Innovation,
a coalition of companies, universities and scientific societies that advocates for increased federal
investment for research in the physical sciences and engineering, would like to thank the
President for his focus on science and innovation in the FY 2010 budget and the American
Recovery and Reinvestment Act (ARRA). We also want to express our strong and continued
support for increased and sustained federal investment in programs that promote basic scientific
and engineering research and science education for FY 2011.
We are especially grateful for President Obama’s ongoing commitment to double the research
budgets of key agencies that emphasize the physical sciences and engineering, which he
emphasized in his September 21st speech at Hudson Valley Community College.
For more than half a century, the United States has been the clear leader in developing new
technologies, products and entire industries that provide high-value jobs for Americans, enabling
us to maintain our economic, technological and national defense leadership. Basic research
conducted in the U.S. has led to dramatic enhancements to quality of life through breakthrough
medical technologies, the creation of new industries in telecommunications, and has strengthened
our nation’s security by making possible advanced technologies for our national defense.
These achievements have all been based on the flow of new discoveries-- an extraordinary
number of them emanating from basic research funded by the federal government. Advancing
the state of knowledge in such important areas as physics, chemistry, materials science,
mathematics, computer sciences, engineering and life sciences requires a commitment by the
federal government to invest in scientific research and education. This commitment, coupled
with an entrepreneurial business climate, lays the groundwork for innovation by businesses.
We understand fully that the current fiscal climate will constrain the FY 2011 budget. But in
setting priorities, we urge you to continue to give high priority to the areas of federal investment
that are most likely to provide the greatest long-term return to the American people, namely
investments that strengthen our scientific and technological capabilities.
The science and technology-related agencies and programs of particular concern to the Task
Force include the National Science Foundation, National Institute of Standards and Technology,the Department of Energy’s Office of Science, the National Aeronautics and Space
Administration, and the Department of Defense.
In summary, predictable, sustainable long-term research provides the basis for the nation’s
economic growth, high standard of living, and security. Therefore, we urge you to continue to
make the doubling of investments in key federal research agencies a high priority in the
President’s FY 2011 budget request and beyond. Thank you for considering our views, and we
look forward to working with you as the development of the budget progresses.
Sincerely,
Paul S. Otellini
President and CEO
Intel Corporation
Henry Yang
Chancellor
University of California, Santa Barbara
Chair, Association of American Universities
Bruce Brown
Chief Technology Officer
The Procter & Gamble Company
Jeffrey Wadsworth
President and CEO
Battelle
Lee T. Todd, Jr.
President
University of Kentucky
Chair, Association of Public and Land-grant
Universities
Thomas Lane
President
American Chemical Society
Task Force
O.T. Hackers steal electronic data from top climate research center
Scientists' e-mails deriding skeptics of warming become public
By Juliet Eilperin
Washington Post Staff Writer
Saturday, November 21, 2009
http://www.washingtonpost.com/wp-dyn/content/article/2009/11/20/AR2009112004093_pf.html
Hackers broke into the electronic files of one of the world's foremost climate research centers this week and posted an array of e-mails in which prominent scientists engaged in a blunt discussion of global warming research and disparaged climate-change skeptics.
The skeptics have seized upon e-mails stolen from the Climatic Research Unit of the University of East Anglia in Britain as evidence that scientific data have been rigged to make it appear as if humans are causing global warming. The researchers, however, say the e-mails have been taken out of context and merely reflect an honest exchange of ideas.
University officials confirmed the data breach, which involves more than 1,000 e-mails and 3,000 documents, but said they could not say how many of the stolen items were authentic.
"We are aware that information from a server in one area of the university has been made available on public websites," the statement says. "We are extremely concerned that personal information about individuals may have been compromised. Because of the volume of this information we cannot currently confirm what proportion of this material is genuine."
Michael E. Mann, who directs the Earth System Science Center at Pennsylvania State University, said in a telephone interview from Paris that skeptics are "taking these words totally out of context to make something trivial appear nefarious."
In one e-mail from 1999, the center's director, Phil Jones, alludes to one of Mann's articles in the journal Nature and writes, "I've just completed Mike's Nature trick of adding in the real temps to each series for the last 20 years (i.e., from 1981 onwards) and from 1961 for Keith's to hide the decline."
Mann said the "trick" Jones referred to was placing a chart of proxy temperature records, which ended in 1980, next to a line showing the temperature record collected by instruments from that time onward. "It's hardly anything you would call a trick," Mann said, adding that both charts were differentiated and clearly marked.
But Myron Ebell, director of energy and global warming policy for the Competitive Enterprise Institute, said this and other exchanges show researchers have colluded to establish the scientific consensus that humans are causing climate change.
"It is clear that some of the 'world's leading climate scientists,' as they are always described, are more dedicated to promoting the alarmist political agenda than in scientific research," said Ebell, whose group is funded in part by energy companies. "Some of the e-mails that I have read are blatant displays of personal pettiness, unethical conniving, and twisting the science to support their political position."
In one e-mail, Ben Santer, a scientist at Lawrence Livermore National Laboratory, offered to beat up skeptic Pat Michaels, a senior fellow at the libertarian Cato Institute, out of sympathy for Jones.
Neither Jones nor Santer could be reached for comment.
O.T. NSA To Build $1.5 Billion Cybersecurity Data Center
The massive complex, comprising up to 1.5 million square feet of building space, will provide intelligence and warnings related to cybersecurity threats across government.
By J. Nicholas Hoover
InformationWeek
October 29, 2009 01:07 PM
http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=221100260
The National Security Agency, whose job it is to protect national security systems, will soon break ground on a data center in Utah that's budgeted to cost $1.5 billion.
The NSA is building the facility to provide intelligence and warnings related to cybersecurity threats, cybersecurity support to defense and civilian agency networks, and technical assistance to the Department of Homeland Security, according to a transcript of remarks by Glenn Gaffney, deputy director of national intelligence for collection, who is responsible for oversight of cyber intelligence activities in the Office of the Director of National Intelligence.
"Our country must continue to advance its national security efforts and that includes improvements in cybersecurity," Sen. Robert Bennett, R-Utah, said in a statement. "As we rely more and more on our communications networks for business, government and everyday use, we must be vigilant and provide agencies with the necessary resources to protect our country from a cyber attack."
The data center will be built at Camp Williams, a National Guard training center 26 miles south of Salt Lake City, which was chosen for its access to cheap power, communications infrastructure, and availability of space, Gaffney said. The complex will comprise up to 1.5 million square feet of building space on 120 to 200 acres, according to the NBC affiliate in Salt Lake City.
According to a budget document for the project, the 30-megawatt data center will be cooled by chilled water and capable of Tier 3, or near carrier-grade, reliability. The design calls for the highest LEED (Leadership in Energy and Environmental Design) standard within available resources.
The U.S. Army Corps of engineers will host a conference in Salt Lake City to provide further detail the data center building and acquisition plans. The project will require between 5,000 and 10,000 workers during construction, and the data center will eventually employ between 100 and 200 workers.
As part of its mission, NSA monitors communications "signals" for intelligence related to national security and defense. Gaffney gave assurances that the work going on at the data center will protect civil liberties. "We will accomplish this in full compliance with the U.S. Constitution and federal law and while observing strict guidelines that protect the privacy and civil liberties of the American people," Gaffney said.
On Nov. 30, the Department of Homeland Security will formally open a new cybersecurity operations center, the National Cybersecurity and Communications Integration Center, in Arlington, Va. The facility will house the National Cyber Security Center, which coordinates cybersecurity operations across government, the National Coordinating Center for Telecommunications, which operates the government's telecommunications network, and the United States Computer Emergency Readiness Team, which works with industry and government to protect networks and alert them of malicious activity.
Hotmail Accounts Breached by Suspected Phishing Attack
Tony Bradley, PC World | Monday, October 05, 2009 3:08 PM PDT
http://www.pcworld.com/businesscenter/article/173134/hotmail_accounts_breached_by_suspected_phishing_attack.html
More than 10,000 compromised Hotmail accounts were posted online this morning by attackers to demonstrate their success in capturing the sensitive information. The credentials displayed, including the username and password combination necessary to access the account, included accounts starting with letters ‘A' and ‘B' in alphabetical order.
There were approximately 5,500 accounts displayed for each letter. Assuming the attackers have a similar number of accounts for each letter of the alphabet, it suggests a total number of compromised accounts somewhere around 143,000.
It was initially thought that the information may have been leaked or stolen directly from the Microsoft network where Hotmail is hosted. However, based on the mathematical inferences above, the total number of accounts stolen only represents about 3.5 percent of the over 400 million registered Hotmail accounts.
According to Computerworld, a Microsoft spokeswoman stated "We determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts" in an e-mail response.
Assuming that is true, the next most logical choice on the Occam's Razor flowchart of data breach troubleshooting suggests that the information was gathered via a phishing attack. If so, it would be one of the largest such phishing attacks in terms of the total number of accounts compromised.
Here are 5 simple steps you can follow to avoid becoming a victim of a phishing attack:
1. Be Skeptical: It is better to err on the side of caution. If you are not 100% positive that a message is legitimate, assume it is not. You should never supply your username, password, account number or any other personal or confidential information via email and you should not reply directly to emails you feel may be suspicious.
2. Contact Directly: Even better than being skeptical is to simply never reply to emails or click on links related to your account information. Pick up the phone and call them up, or at least shut down the questionable email and initiate your own separate email communication to the company in question at its listed customer service account information.
3. Analyze Statements: Make sure you scrutinize your bank statements and account information to identify any suspicious activity or questionable transactions. If you find any problems contact the company or financial institution in question immediately to notify them.
4. Use Current Web Browser: The latest generation web browsers, such as Internet Explorer 8 and Firefox 3.5 come with built in phishing protection. The browser is able to identify many potentially malicious sites and warn you in advance.
5. Report Attacks: If you think you may be the target of a phishing attack you should report the suspicious activity. Report suspicious emails to your ISP and also report suspected phishing attacks to the Federal Trade Commission (FTC) at www.ftc.gov".
Visa Releases Global Data Encryption Best Practices
On Monday October 5, 2009, 1:00 pm EDT
http://finance.yahoo.com/news/Visa-Releases-Global-Data-prnews-1191229057.html?x=0&.v=1
Visa Inc. (NYSE: V - News) today announced global industry best practices for data field encryption, also known as end-to-end encryption. The best practices are designed to further the payment industry's efforts to develop a common, open standard while providing guidance to encryption vendors and early adopters. Data field encryption protects card information from the swipe to the acquirer processor with no need for the merchant to process or transmit card data in the "clear."
"While no single technology will completely solve for fraud, data field encryption can be an effective security layer to render cardholder data useless to criminals in the event of a merchant data breach," said Eduardo Perez, global head of data security, Visa Inc. "Using encryption as one component of a comprehensive data security program can enhance a merchant's security by eliminating any clear text data either in storage or in flight," he added.
In addition to issuing encryption best practices, Visa has led efforts to develop a much needed industry data field encryption standard as chair of the ANSI X9F6 standards working group. Establishing industry wide standards are essential for ensuring that emerging encryption solutions are open, consistent and enable merchant choice. X9 is the ANSI accredited committee for financial services that is focused on "standardization for facilitating banking operations." Membership includes financial institutions, vendors, insurance companies, associations, retailers and regulators.
"Given the interest expressed by merchants and processors, guidance from the card brands is a critical determinant in figuring out how to move ahead with encrypting data in transit, especially absent a global standard," said Avivah Litan, Vice President and Distinguished Analyst, Gartner Inc. "Companies should also be aware that if data is decrypted anywhere in their system, they are still at risk for a data breach."
Visa's best practices are designed to help organizations:
Limit cleartext availability of cardholder data and sensitive authentication data to the point of encryption and the point of decryption.
Use robust key management solutions consistent with international and/or regional standards.
Use key-lengths and cryptographic algorithms consistent with international and/or regional standards.
Protect devices used to perform cryptographic operations against physical/logical compromises.
Use an alternate account or transaction identifier for business processes that requires the primary account number to be utilized after authorization, such as processing of recurring payments, customer loyalty programs or fraud management.
It's important to note that sensitive authentication data such as full contents of the magnetic strip, CVV2, PIN/PIN block should not be used for any purpose other than payment authorization and may not be stored after authorization, even if encrypted.
While data field encryption applies after the card is swiped and throughout the merchant's environment, encryption solutions between acquirer processors and Visa would further reduce the value of card data to criminals. Visa accepts encrypted transaction data from acquirers, third-party processors and merchants directly connected to VisaNet. Visa has offered an authorization and settlement encryption solution since early 2008, and the service is available to direct connect clients.
"Investing in data field encryption is valuable, but should be understood as a complement rather than a replacement for PCI DSS compliance, which remains the best protection against a data compromise," Perez concluded.
About Visa Inc.: Visa Inc. operates the world's largest retail electronic payments network providing processing services and payment product platforms. This includes consumer credit, debit, prepaid and commercial payments, which are offered under the Visa, Visa Electron, Interlink and PLUS brands. Visa enjoys unsurpassed acceptance around the world, and Visa/PLUS is one of the world's largest global ATM networks, offering cash access in local currency in more than 200 countries and territories. For more information, visit www.corporate.visa.com.
Trick or Tweet? Twitter launches crackdown after millions are duped by fake accounts
By Daniel Boffeyhttp://www.dailymail.co.uk/news/article-1214734/Trick-Tweet-Twitter-launches-crackdown-millions-duped-fake-accounts.html
Last updated at 10:46 PM on 19th September 2009
The social networking site Twitter is clamping down on fake celebrity accounts after being sued in America.
Thousands of famous names have fallen victim to impostors, including Britney Spears, Foreign Secretary David Miliband, the Dalai Lama and even the Queen.
This summer, Mr Miliband was forced to deny quotes widely attributed to him after the death of Michael Jackson. The comments had been written on a seemingly plausible Twitter account under his name.
Enlarge
Twitter has decided to act after Tony La Russa, the coach of an obscure American baseball team, launched a legal action over a fake account. He claimed that postings in which he appeared to make light of the death of two of his players had been ‘hurtful’.
Twitter, which has six million users who can send instant blogs on their activities to anyone who chooses to follow them, denies it has any legal case to answer.
But it is now testing a new system to ensure that users can identify genuine celebrity accounts. In future, a tick alongside a name will guarantee it is genuine.
Until recently, Twitter has had a liberal attitude towards celebrity impostors as long as it was clear that the postings were not genuine.
One blogger claimed to be jailed record producer Phil Spector, writing from his prison cell. Among the fake Spector’s comments were: ‘People ask me for my opinion of American Idol. It’s a total insult to music. Not my thing.’
A phoney account under the name of film star Christopher Walken and bearing his picture is still regularly read by more than 90,000 people.
And in March this year, actor Ewan McGregor’s spokesman claimed the star was considering legal action to remove a fake Twitter account that had attracted 20,000 followers.
The Mail on Sunday’s own Piers Morgan has also been targeted by an impostor who has accumulated a following of 17,650. One of the more recent postings has the Britain’s Got Talent judge saying: ‘Well done everyone for backing Susan [Boyle], such a talented lady.’
Jonathan Ross recently unmasked an impostor claiming to be comedian Jack Dee. The BBC presenter phoned Dee to check if the postings were really his.
A fake account in the name of Girls Aloud singer and X Factor judge Cheryl Cole was so convincing that Radio 1 DJ Chris Moyles was duped into becoming one of her more than 31,000 followers.
Star Trek star William Shatner told an interviewer who asked him about his hugely popular Twitter account: ‘I don’t even know what Twitter is.’ But 116,000 people still follow the fake William Shatner.
A fake Twitter account for George W. Bush has 1,100 followers, and recently had the former President saying of the Queen’s birthday: ‘Queenie Lizzie’s birthday party today. She’s lookin’ good for 110 years old, or however old she is.’
One of several fake Gordon Ramsays regularly swears at his 6,700 followers. In June, as the Fat Duck restaurant in Bray, Berkshire, suffered from an outbreak of food poisoning, the fake Ramsay wrote about the owner: ‘Feel sorry for Heston [Blumenthal]. F****** bad luck.’
The number of fake accounts has led to British website Valebrity offering its own verification service. Its founder, Steven Livingstone, said many fake accounts were set up to carry out direct marketing.
He said: ‘People are making a lot of money out of it. Nobody knows who’s who on these sites.’
Typically, social networking sites remove fake accounts if there are complaints or fraud is suspected.
But Twitter is unable to track impostors because no proof of identity is ever requested from its users.
A Twitter spokesman said: ‘We’re working to establish authenticity, starting with well-known accounts that have had problems with impersonation or identity confusion.’
Radisson computers accessed without permission
Radisson Hotels says computer systems at certain hotels were accessed without authorization
http://finance.yahoo.com/news/Radisson-computers-accessed-apf-920333986.html?x=0&sec=topStories&pos=2&asset=&ccode=
On Wednesday August 19, 2009, 11:01 am EDT
MINNEAPOLIS (AP) -- Radisson Hotels & Resorts said Wednesday its computer systems have been accessed without authorization, affecting an unknown number of people.
Radisson said in a statement it has informed customers of the situation and that guest information may have been accessed, including credit card numbers. Social security numbers were not included.
Radisson did not specify how many hotels or customers were affected but advised that all guests review their account statements and report unauthorized purchases to the bank that issued the credit card, as well as law enforcement authorities.
David Chamberlin, a spokesman for Radisson, said the company is unable to provide accurate estimates of the number of potentially exposed records at this time because the investigation is still ongoing. Chamberlin said the company will provide updates as more information becomes available.
The computers were accessed between last November and May.
"Working with law enforcement and forensic investigators, we are conducting a thorough review of the potentially affected computer systems and have implemented additional security measures designed to prevent a recurrence of such an attack and to protect guest privacy," said Fredrik Korallus, executive vice president and chief operating officer.
Radisson, which operates more than 400 hotels in 68 countries, is based in Minneapolis.
Competition for Wave??? NTRU merges operations with Security Innovation, a leading software security firm
http://www.ntru.com/about/si-ntru.htm
Opinions please, TIA
dudedanny
7-25-09
Merged organizations will deliver more comprehensive security solutions up and down the computing stack
NTRU Cryptosystems Inc., a leading provider of embedded security software solutions, announced today that it has merged assets with Security Innovation. This merger is a strong complement to NTRU's existing security solutions and will offer a more complete data protection and transmission solution for organizations that build complex systems and seek total platform security.
“Secure Development protects against known design and implementation mistakes but the key is knowing that you are building on a trusted, secure foundation” said Ed Adams, CEO of Security Innovation. “By binding data to firmware or hardware platforms and using fast, accurate, robust encryption, you are establishing multiple layers of integrity and protecting the data when it's most vulnerable – when software is accessing it. A secure hardware and software platform helps mitigate session hijacking, data siphoning, and other damaging attacks against software applications and computing systems.”
In an age where technology is driven by customer demands, vendors are force to make trade-offs between hardening their application and making it feature-rich. The joint NTRU-Security Innovation solution makes it easier to incorporate functionality in a trusted computing environment by securing the software-hardware stack from the chip through to the user interface. This reduces the overall risk by making it harder to penetrate the system and even when penetrated, the impact is minimal because the data itself is of no value without the hardware to which it is bound.
"People are looking for better ways to identify who and what to trust online, and increased platform security is one of many components to a trusted end-to-end user experience. Because software typically operates in an environment defined by hardware, it is critical to root trust in hardware, write software applications to securely interact with a wide range of hardware devices, and bind data to those devices to prevent tampering." said Scott Charney, corporate vice president of Microsoft's Trustworthy Computing Group.
“We're excited at our new ability to deliver full spectrum application and data security solutions to our customers", said Jeff Hoffstein, co-founder of NTRU.“ NTRU and Security Innovation both have a deep commitment to providing practical and effective solutions to software development and Enterprise IT organizations, giving them assurance that their software systems can be built both securely and cost-effectively.”
NTRU’s software provides standard interfaces that enable applications to obtain hardware protected secure storage, multi-factor authentication and cryptographic services across a broad range of platforms. Middleware binds data to specific hardware so in the event data is compromised, it can't be read elsewhere. Security Innovation and NTRU will merge operations and be headquartered in Wilmington, Mass. where Ed Adams will remain CEO of the merged entities.
About NTRU
NTRU Cryptosystems, Inc. is a leading security software and services provider to the embedded security market. Since 1996, NTRU has provided security software products and consulting services to major corporations in the design and integration of strong security solutions for their products in a wide range of markets. NTRU's core competencies extend from development and evaluation of standards based security architectures and protocols, cryptosystem design and implementation of security solutions based on the NTRU algorithm suite and other major algorithms. NTRU has proven experience in the trusted computing marketplace, and is a trusted partner and a market leader in the development of comprehensive, flexible, and cost effective Platform Security solutions for Application Vendors, OEM's and enterprises. NTRU is headquartered in Acton, Mass. For more information, please visit http://www.ntru.com.
About Security Innovation
Security Innovation is a leading independent provider of secure software lifecycle management solutions to Fortune 500 companies. Global technology vendors and enterprise IT organizations such as Microsoft, IBM, FedEx, ING, Coca-Cola and GE rely on our security services, tools and training to identify and mitigate the security risks in their software. The company is headquartered in Wilmington, Mass., with offices in Seattle, Wash. and Beijing, China. For more information about Security Innovation, please visit www.securityinnovation.com or call +1.978.694.1008 x21
O.T. IBM Records Manager Receives Department of Defense Certification
Monday May 18, 10:30 am ET
http://biz.yahoo.com/prnews/090518/ny18141.html?.v=1&.pf=real-estate
ARMONK, N.Y., May 18 /PRNewswire-FirstCall/ -- IBM (NYSE: IBM - News) today announced that IBM Records Manager v8.5 received U.S. Department of Defense (DoD) 5015.02-STD v3 April 2007 certification. Certification is required for all records management solutions implemented by the DoD, other federal agencies and by many commercial organizations including the National Archives and Records Administration (NARA). To earn certification, IBM Records Manager demonstrated that it can meet a multitude of mandatory requirements in both classified and unclassified environments.
IBM's Records Management offerings help organizations enforce centralized policy management for file plans, retention schedules, legal preservation holds, and auditing and are designed to help users streamline business processes and automate manual user and administrator activities throughout the record lifecycle.
"In today's environment, records management is crucial for ensuring information compliance with regulatory and legal mandates and controlling the escalating costs of legal discovery," said Craig Rhinehart, director, Compliance and Discovery, IBM Enterprise Content Management. "Our records management offerings help to deliver our clients a compelling return on investment while reducing risks and costs associated with managing electronic and physical records."
IBM Records Management Offerings
IBM FileNet Records Manager v4.5:
With Record Federation Services, clients can have a single records management application to manage their information in the content repositories.
Records Federation Services enables legacy systems and business applications to be strategically leveraged and to interoperate within a mixed content management environment.
Supports multiple IBM repositories including Content Manager v8 and Content Manager OnDemand as well as support for third-party repositories.
Helps avoid migration costs and the resulting disruption to business operations by managing content in place, helping to lower administration and storage expenditures.
Aids in the reduction of audit, discovery, and litigation costs by enabling more consistent retention policies across multiple content silos.
Provides ZeroClick capabilities to automate the records declaration and classification process and internal processes to support other phases of the records life-cycle.
IBM FileNet Records Manager v4.5 received the U.S. Department of Defense's (DoD) Standard for Records Management (DoD 5015.2-STD v3 April 2007) certification in 2008.
IBM Records Manager v8.5:
A records management engine and infrastructure tool used to records-enable business applications.
Provides a single, consistent platform for policy-based records management with extensive capabilities for both electronic and physical information assets.
Can be used with multiple IBM offerings including: IBM Content Manager Enterprise Edition, IBM Document Manager, and IBM Content Collector. IBM Records Manager V8.5 can also be integrated with IBM Content Manager for z/OS and other applications.
US military prepares for 'cyber command': official
Apr 22 12:47 PM US/Eastern
http://www.breitbart.com/article.php?id=CNG.9867c5035cd3c8b80d71014626f10fc8.c71&show_article=1
The US administration is planning to create a new military command to counter cyber attacks on the country's sensitive computer networks, a US defense official said on Wednesday.
The move would be part of a planned overhaul of cyber security policies now being weighed by the White House, the official, who spoke on condition of anonymity, told AFP.
The "cyber command" would likely fall under the US Strategic Command, which already leads efforts within the military to safeguard computer networks from hackers and cyber attacks, the official said, confirming media reports.
Plans to reorganize the US government's approach to information technology security come amid a growing threat of cyber spying and attacks, including a breach reportedly of the US electricity grid and of the F-35 fighter jet program.
The cyber security command would likely be led by a three-star military officer, though at one point officials weighed creating a higher level combatant command under a four-star officer, the official said.
"It was considered," he said.
Naming a top-ranking officer for cyber-security efforts will also mean added resources and funds to take on the mission.
"Creating a structure means more resources," the official said.
The results of a 60-day review of cyber security by the White House is due to be released soon, amid speculation President Barack Obama will name a cyber "czar" to oversee IT security.
No single agency is charged with ensuring IT security and lawmakers have called for creating a powerful national cyber security advisor reporting directly to the president.
A Pentagon spokesman said Wednesday it was "premature" to talk about what steps were planned for cyber security.
"There are certainly people looking at various ideas with respect to how we might be better organized to address this," spokesman Bryan Whitman told reporters.
The role of other government agencies in future cyber security efforts remained unclear, particularly the secretive National Security Agency (NSA).
A top US cyber security official in the Department of Homeland Security (DHS) quit last month, complaining in a resignation letter that government efforts were flawed and dominated by the NSA.
Rod Beckstrom, former director of the National Cyber Security Center, had charged that his office had been effectively sidelined by the NSA and warned of the dangers posed by putting the surveillance agency in charge of cyber security.
But the director of the NSA, Lieutenant General Keith Alexander, reportedly said on Tuesday said his agency did not have ambitions to take charge of the government's IT security.
"We do not want to run cyber security for the US government," Alexander was quoted as saying by US media at a conference in San Francisco.
dude_danny
Nice Find! Foam
dude_danny
SecurE the Data of Your Mobile Workforce
Dell™ solutions take the
complexity out of mobile security
http://www.wave.com/collateral/470682_ClientSecurityBrochure_FINAL_2%2017.pdf
Sorry if Posted
dude_danny
67 computers missing from nuclear weapons lab
Feb 12, 1:31 AM (ET)
By JOAN LOWY
WASHINGTON (AP) - The Los Alamos nuclear weapons laboratory in New Mexico is missing 67 computers, including 13 that were lost or stolen in the past year. Officials say no classified information has been lost.
The watchdog group Project on Government Oversight on Wednesday released a memo dated Feb. 3 from the Energy Department's National Nuclear Security Administration outlining the loss of the computers.
Kevin Roark, a spokesman for Los Alamos, on Wednesday confirmed the computers were missing and said the lab was initiating a monthlong inventory to account for every computer. He said the computers were a cybersecurity issue because they may contain personal information like names and addresses, but they did not contain any classified information.
Thirteen of the missing computers were lost or stolen in the past 12 months, including three computers that were taken from a scientist's home in Santa Fe, N.M., on Jan. 16, and a BlackBerry belonging to another employee was lost "in a sensitive foreign country," according to the memo and an e-mail from a senior lab manager.
The e-mail was also released by the watchdog group.
The theft of the three computers in January triggered the inventory and a review of the lab's policies regarding home use of government computers, Roark said.
Only one of the three computers stolen from the employee's home was authorized for home use, which raised concerns "as to whether we were fully complying with our own policies for offsite computer usage," he said.
Roark said computers with classified information are "kept completely separate from unclassified computing."
"None of these systems constitute a breach of a classified system," he said.
The e-mail from Los Alamos senior manager Stephen Blair to lab co-workers said the missing computers and Blackberry were "garnering a great deal of attention with senior management as well as (nuclear security administration) representatives."
The security administration memo said the "magnitude of exposure and risk to the laboratory is at best unclear as little data on these losses has been collected or pursued given their treatment as property management issues."
The lab, located in Los Alamos, N.M., employs about 10,000 people.
Project on Government Oversight: http://pogo.org
dude_danny
Hi Ootommy,
Thanks for the note. Yeah, been busy... Great to see the momentum building for Wave. Appreciate your DD.
BR
dude_danny
FAA says Hackers broke into agency computers
http://news.yahoo.com/s/ap/20090210/ap_on_go_ot/faa_computers
Joan Lowy, Associated Press Writer – Tue Feb 10, 12:22 am ET
WASHINGTON – Hackers broke into the Federal Aviation Administration's computer system last week, accessing the names and Social Security numbers of 45,000 employees and retirees.
The agency said in a statement Monday that two of the 48 files on the breached computer server contained personal information about employees and retires who were on the FAA's rolls as of the first week of February 2006.
The server that was accessed was not connected to the operation of the air traffic control system and there is no indication those systems have been compromised, the statement said.
"The FAA is moving quickly to prevent any similar incidents and has identified immediate steps as well as longer-term measures to further protect personal information," the statement said. The agency said it is providing a toll-free number for employees "who believe they may be affected by the breach."
Tom Waters, president of American Federation of State, County and Municipal Employees Local 3290, said FAA officials told unions representing agency employees at a briefing Monday that the second breached file with personal information contained encrypted medical information.
"These government systems should be the best in the world and apparently they are able to be compromised," said Waters, an FAA contracts attorney. "Our information technology systems people need to take a long hard look at themselves and their capabilities. This is malpractice in their world."
The FAA statement said the data theft has been reported to "law enforcement authorities," who are investigating.
All affected employees will receive letters notifying them of the breach, the statement said.
Waters said FAA officials told union leaders the incident was the first of its kind at the agency. But he said his union complained about three or four years ago about an incident in which employees received anti-union mail that used names and addresses that appeared to be generated from FAA computer files.
He said the union complained to the FAA and the Transportation Department's inspector general but no action was taken.
dude_danny
Chinese hack into White House network
By Demetri Sevastopulo in Washington
http://www.ft.com/cms/s/0/2931c542-ac35-11dd-bf71-000077b07658.html
Published: November 6 2008 19:13 | Last updated: November 7 2008 00:24
Chinese hackers have penetrated the White House computer network on multiple occasions, and obtained e-mails between government officials, a senior US official told the Financial Times.
On each occasion, the cyber attackers accessed the White House computer system for brief periods, allowing them enough time to steal information before US computer experts patched the system.
”We are getting very targeted Chinese attacks so it stretches credulity that these are not directed by government-related organisations,” said the official.
The official said the Chinese cyber attacks had the hallmarks of the “grain of sands” approach taken by Chinese intelligence, which involves obtaining and pouring through lots of - often low-level - information to find a few nuggets.
Some US defence companies have privately warned about attacks on their systems, which they believe are attempts to learn about future weapons systems.
The National Cyber Investigative Joint Task Force, a new unit established in 2007 to tackle cyber security, detected the attacks on the White House. But the official stressed that the hackers had only accessed the unclassified computer network, not the more secure classified network.
”For a short period of time, they successfully breach a wall, and then you rebuild the wall ... it is not as if they have continued access,” said the official. ”It is constant cat and mouse.”
Dana Perino, White House press secretary, declined to comment. The Chinese embassy also did not comment, but in the past China has called similar allegations reflective of “Cold-War thinking”.
The US has increased efforts to tackle cyber security, particularly since Chinese hackers believed to be associated with the Peoples’ Liberation Army last year perpetrated a major attack on the Pentagon.
US military computer experts battled for weeks against a sustained attack that eventually overcame the Pentagon’s defences. The cyber attackers managed to obtain information and emails traffic from the unclassified computer system that supports Robert Gates, the defence secretary. Pentagon IT technicians were forced to take the network down for days to conduct repairs.
Concerns about Chinese hacking last year prompted President George W. Bush to tell reporters ahead of a meeting with President Hu Jintao of China that he might raise the issue with countries of concern.
Over the past year, the US government has tightened restrictions on officials using BlackBerrys and computers overseas, particularly in Russia and China, and sometimes bars them from removing the equipment from US government aircraft in the country.
In another incident, US government cyber investigators have determined that an attack this summer on the Obama and McCain campaign computer networks also originated in China. Details of the intrusion were first reported by Newsweek.
The Secret Service warned the Obama and McCain campaigns their networks had been comprised. The hackers successfully downloaded large quantities of information, which security agencies believed was an attempt to learn more about the contenders’ policy positions.
According to the Newsweek report, the Obama campaign speculated that China or Russia were behind the attacks. A second US official said cyber analysts had concluded that the attacks originated in China, but stressed that they were not able to determine who was responsible.
”There is no doubt that foreign governments are actively targeting cyber space not only for sensitive information but to influence our most sensitive processes such as the US presidential election,” said Sami Saydjari, head of the Cyber Defence Agency, a private company that advises government on hacking.
“This underscores the need for President-elect Obama to take leadership in the cyber space race that is well underway.”
While the US has raised concerns about cyber attacks, many governments believe the US is also engaged in electronic spying. Bob Woodward, the veteran Washington Post reporter, this year revealed that the US had been spying on the Iraqi government.
To contact the reporter, please email Demetri.Sevastopulo@ft.com
O.T. Microchip, ON bid $2.3B for Atmel
http://sanjose.bizjournals.com/sanjose/stories/2008/09/29/daily74.html?ana=yfcpc
Microchip Technology, ON Semiconductor team up on proposed Atmel buyout
Microcontroller and analog semiconductor maker Microchip Technology Inc. and and silicon company ON Semiconductor Corp.said Thursday they offered $5 a share in cash for Atmel Corp., valuing the proposed deal at $2.3 billion.
The proposal, being led by Microchip (NASDAQ:MCHP) represents a 52.4 percent premium to Atmel's closing price Wednesday of $3.28.
The acquisition of San Jose-based Atmel (NASDAQ:ATML), which focuses on semiconductor integrated circuits, would help the two Arizona-based companies expand.
In part, the deal could be financed through the sale of some Atmel businesses to ON Semiconductor, which is based in Phoenix and is expected to acquire the assets related to nonvolatile memory and RF and automotive businesses immediately before the sale closing.
Microchip said it plans to dispose of Atmel's ASIC business, possibly by selling to a third party.
A letter to Atmel CEO Steven Laub from the companies said the offer "is full and fair and would deliver to your stockholders CY2008 EBIT and CY2008 P/E multiples of 19x and 28x, respectively, based on Wall Street estimates."
Excluded would be about $60 million in restructuring charges and about $25 million in stock based compensation.
In September Atmel agreed to sell its wafer fabrication operation in Heilbronn, Germany. Laub said at the time the deal was "another positive step forward in our efforts to rationalize manufacturing capacity and increase shareholder value."
Atmel expects to record charges of approximately $5 million to $10 million associated with impairment and a loss on the sale of assets, to be incurred over the third and fourth quarters of 2008. As a result of this transaction, approximately 300 Atmel employees directly associated with fab operations and other support functions will become a part of TSH.
Nice find JKIRK57! I found this part interesting...
Around 20:43 into the podcast, Michael Sprague states this about the future of TvTonic. "...As we work to bring more content, more networks...we have a number in the works...
most things we are working on now are not going to be a single event, but will stretch into time,(cough, cough)...
Thanks,
dude_danny
Bank of NY Mellon data breach now affects 12.5 mln
Thu Aug 28, 2008 4:46pm EDT
http://www.reuters.com/article/rbssFinancialServicesAndRealEstateNews/idUSN2834717120080828?feedType=RSS&feedName=rbssFinancialServicesAndRealEstateNews&rpc=22&sp=true
NEW YORK (Reuters) - Bank of New York Mellon Corp said on Thursday that a security breach involving the loss of personal information is much larger than previously reported, affecting about 12.5 million people, up from 4.5 million.
The case is the largest new reported U.S. data breach in 2008, as measured by the number of exposed records, according to the Identity Theft Resource Center.
Connecticut Gov. Jodi Rell, who announced a probe of the breach in May, in a statement said she is still pursuing a possible "substantial" fine, restitution and other remedies against Bank of New York Mellon.
Kevin Heine, a spokesman for the New York-based company, said the number of affected individuals had risen by 8 million from the 4.5 million reported earlier. Rell estimated the total number of customers that could be affected at 10 million.
According to Connecticut officials, the case stemmed from the bank's February 27 loss of six to 10 unencrypted tapes, while it was transferring back-up tapes that contained names, addresses, birth dates and Social Security numbers.
"The vast dimensions of this data breach affect not only hundreds of thousands of individuals and businesses in Connecticut, but millions across our nation," Rell said in a statement. She said the number of affected individuals grew following subpoenas that she ordered in May.
Bank of New York Mellon is the world's largest custodial bank and one of the 10 largest asset managers. It said it is notifying affected individuals, but that there remains no indication that personal data has been accessed or misused.
Brian Rogan, the bank's chief risk officer, said the bank is reviewing its security policies and procedures, and will offer affected individuals comprehensive fraud protection, including free credit monitoring.
Earlier this month, U.S. authorities charged 11 people from five countries with stealing tens of millions of credit and debit card numbers from several retailers including TJX Cos, in one of the largest identity theft schemes ever.
Bank of New York Mellon has a website, (http://www.bnymellon.com/tapequery), for customers seeking further information.
Nice find OknPv! I think the FAA needs to buy these new Latitudes...LOL
http://www.cnn.com/2008/TRAVEL/08/26/faa.computer.failure/index.html
FAA computer problems cause flight delays Story Highlights
FAA facility south of Atlanta, Georgia, having problems processing data
All flight-plan information must be processed by facility in Salt Lake City, Utah
Unknown number of flights delayed by glitch
ATLANTA, Georgia (CNN) -- Airports across the United States were experiencing flight delays Tuesday afternoon after a communications breakdown at a Federal Aviation Administration facility, the administration said.
Flights at Atlanta's Hartsfield-Jackson International Airport were delayed Tuesday afternoon.
The facility south of Atlanta was having problems processing data, requiring that all flight-plan information be processed through a facility in Salt Lake City, Utah -- overloading that facility.
The two facilities process all flight plans for commercial and general aviation flights in the United States, said FAA spokeswoman Kathleen Bergen.
The administration said there are no radar outages and said they have not lost contact with any planes. The roughly 5,000 flights that were in the air when the breakdown happened were not affected -- just those that were waiting to take off.
"This is really not a safety issue, this is an aggravation issue," said CNN aviation expert Miles O'Brien. iReporter stuck in Philadelphia
Don't Miss
FAA: Real-time flight delays
iReport.com: Are you stuck at the airport?
Travel + Leisure: How to minimize risk of a flight delay
The problem appeared similar to a June 8, 2007, computer glitch that caused severe flight delays and some cancellations along the East Coast. iReport.com: Are you stuck at the airport?
iReporter Stephanie McCauley sat on the tarmac for more than an hour at Baltimore/Washington International Airport Tuesday on a flight bound for Albany, New York.
"It happens. It's just weird because you're sitting and you don't know if it's going to be 20 minutes or 2 hours," McCauley said.
The possibility of the delays clearing up quickly didn't look good.
Cheryl Stewart, spokeswoman for Baltimore/Washington International Airport, said as of about 3:40 p.m. some flights were being allowed to take off, but the FAA was no longer accepting new flight plans.
On the FAA's Web site, delays were being reported at all 40 airports located on the administration's flight information map.
The worst delays were in the Northeast, Bergen said. Chicago's Midway and O'Hare airports were reporting delays of up to 90 minutes.
The Web site, which normally lists the length of expected flight delays, was no longer listing that information Tuesday afternoon.
The total number of flights affected was unknown, although it was believed to be in the hundreds.
Mark Biello, a CNN photographer sitting on a delayed flight at Hartsfield-Jackson International Airport in Atlanta on Tuesday afternoon, said flights there were being cleared for takeoff one at a time.
"They're releasing the planes, but on a one-by-one basis, so it's really backed the whole system up -- at least in the Atlanta area," Biello said
dude_danny
Data on 130,000 criminals lost
Confidential information on almost 130,000 prisoners and dangerous criminals has been lost by the Home Office, sparking yet another Government data crisis.
http://www.telegraph.co.uk/news/newstopics/politics/2601056/Data-on-130000-criminals-lost.html
By Robert Winnett and Jon Swaine
Last Updated: 7:11PM BST 22 Aug 2008
The loss of the details, which were stored on an unencypted computer memory stick, has raised fears that the taxpayer may now face a multi-million pound compensation bill from criminals whose safety may have been compromised and police informants who could be at risk of reprisals.
The home addresses of some of Britain's most prolific and serious offenders - including those who have committed violent and sexual crimes - are understood to be among the missing data.
A full investigation is now underway to find the memory stick – containing information on all 84,000 prisoners in England and Wales, including some release dates, plus details of 43,000 most serious and persistent offenders – which was descibed as a 'toxic liability' by David Smith, the Deputy Information Commissioner.
The Conservatives have said taxpayers will be "absolutely outraged" and demanded that Jacqui Smith, the Home Secretary, make a statement on the incident. Dominic Grieve, the shadow Home Secretary, said he was "absolutely horrified" by the breach and the "government incompetence" that he said caused it. The Liberal Democrat leader Nick Clegg said: "Charlie Chaplin could do a better job of running the Home Office than this Labour Government."
Mr Grieve said: "The Home Office is entrusted with a great deal of highly confidential material and it seems to be entirely incapable of keeping it secure. And the consequences are very serious. They're serious because it may lead to the identity of the people involved being revealed.
"One of the possible consequences is that criminals will bring legal actions against the government and the taxpayer will then have to pay damages to people, who appear to be pretty undeserving, because of the government's incompetence."
The breach is the latest blow to Miss Smith in her efforts to reform the Home Office, which was described as "not fit for purpose" by her predecessor, John Reid. Miss Smith is said to be furious.
The new scandal follows the loss of 25m child benefit records last year and details of millions of learner drivers and army recruits earlier this year. Whitehall departments were ordered to tighten procedures in the wake of the previous crises and the latest loss has stunned insiders.
A Home Office spokesman said that the memory stick had been lost by PA Consulting, a private company they employed to track and analyse serious and prolific offenders in the "JTrack" programme. The Home Office sent the personal details on the criminals to the company on a secure encrypted email, which was then transferred in an unencrypted form on to the memory stick, which was then lost.
The spokesman said the Home Office was first told by PA Consulting on Monday that the data might be missing, and that this was confirmed on Tuesday. The transfer of any further data to PA Consulting has been suspended pending an investigation.
Home Office officials are now in discussions with the Information Commissioner about what steps it may need to take to protect those whose privacy has been jeopardised. The Deputy Commissioner said last night that "searching questions must be answered" before it decides what further action to take.
The stick contains information such as home addresses on 33,000 individuals who have committed at least six offences in the past year. There is also data on about 10,000 people regarded as "prolific and other priority offenders" by the Government. Details of all 84,000 prisoners in England and Wales including expected release dates and dates of home detention curfews - are also on the stick, as well as information about drug treatment programmes.
Keith Vaz, a Labour MP and Chairman of the Home Affairs Select Committee, said the implications of the loss of prisoners' data were "very, very serious indeed".
"If you hand out memory sticks almost like confetti to companies that are meant to do research for you, then you need to be absolutely certain that when you give such information away, the company concerned have put into practice procedures that are just as robust as the procedures that I hope the Government has followed since the loss of the child benefit data," Mr Vaz said.
The Deputy Commissioner said: "It is deeply worrying that after a number of major data losses more personal information has been reported lost. It is vital that sensitive information, such as prisoner records, is held securely at all times.
"The Home Office has informed us that an internal report will be carried out into the data security arrangements between the Home Office and its contractor, PA Consulting. We expect the Home Office to provide us at the Information Commissioner's Office with a copy of the report and its findings. We will then decide what further action may be appropriate. Searching questions must be answered about what safeguards were in place to protect this information.
A spokesman for PA Consulting, which has also helped to develop the national ID card scheme, refused to comment.
dude_danny