Spamzy

Here’s one security device you can get for cheap — a paper shredder.

Avoid the big mistake this medical office made and don’t throw your personal info away:

Boxes with documents detailing confidential patient information, such as Social Security numbers and personal medical history, were found discarded next to a medical office building, which officials said could be a violation of patient confidentiality laws

read the full article here.

Read more:

Check your account balances carefully to make sure this isn’t happening to you–

According to Ars Technica, there are a wave of fraudsters right now who are taking small amounts out of consumer bank accounts. They do this to test whether the account is good and verify it. First, they take somewhere between 19-29 cents. Then, when they’ve verified the account, they make as many charges as possible before they get noticed:

Beginning on or about November 20, various card holders began complaining online about unauthorized microtransactions that were suddenly showing up on their accounts. The charges fit the model described above, and were labeled as coming from Adele Services. Adele Services appears to be a dummy corporation; the 1-800 number listed as the customer contact point is disconnected and there’s no official website.

The company may not officially exist, but that hasn’t stopped it from continuing to test accounts. It’s impossible to state how many card holders have been pinged in this manner, but the number of online reports is growing steadily. Theories on which company’s security was breached abound, although the mob of sages has collectively ruled out PayPal, given the number of non-PayPal users affected.

Be careful shopping online this holiday season, and don’t ignore little changes in your account, and hopefully you’ll have a safe secure shopping season.

Read more:

An advertising network used by Britain’s Daily Mail site is being used to serve up malware, says The Register.

There’s a strain of the Mario family of worms on DailyMail.co.uk, “offered by an Israeli advertising network used by the Daily Mail,” says the story.

“Code injected into an advertising stream is being used to serve up content for a malware-harbouring website located in Russia (which we won’t name in case people are tempted to visit it),” it says, going on

This site uses vulnerabilities in browser software to download malicious code onto unpatched Windows PCs, a classic drive-by-download attack.

Analysis of the attack is ongoing and it’s not clear what other sites, who also use eyeblaster, the affected ad serving network, might be affected.

The Register says it emailed the Daily Mail’s website techies, which bounced with a no-such-user error message, but followed up with a call and,  “An advertising sales rep confirmed he’d being informed of the attack, because of the potential impact on ads being served via site.””

But, “It’s unclear how far Associated Newspaper technicians have gone in blocking the attack but at least we know they are on the case,” the story adds.

See original here:
Malware reported on DailyMail.co.uk

Bruce Schnier linked to an interesting article a while back, discussing how brain chemistry causes you to trust people when demonstrate that they trust you, especially when they’re relying on you and may be vulnerable…interesting stuff:

THOMAS is a powerful brain circuit that releases the neurochemical oxytocin when we are trusted and induces a desire to reciprocate the trust we have been shown–even with strangers. The key to a con is not that you trust the conman, but that he shows he trusts you. Conmen ply their trade by appearing fragile or needing help, by seeming vulnerable. Because of THOMAS, the human brain makes us feel good when we help others–this is the basis for attachment to family and friends and cooperation with strangers

So my question: if real-life cons can easily scam people by appearing to depend on them, how does this affect the scams we see on the Net? Clearly some online cons rely on this method — the Nigerian bank scam being a prime example. It seems like social engineering scams particularly rely on this method — but not all scams. And of course many other vulnerabilities just seem to rely on people’s habits to just click links willy-nilly online, which is an impersonal event. If the net were a more personal place, we might see many more of those kinds of scams.

View original here:
The Good Get Conned-When Trust is Biological

If you haven’t logged in to your linked in account in a while you’ll be greeted with a quick notice next time:

“We’ve updated! On November 14, 2008, LinkedIn published revised versions of our Privacy Policy and our User Agreement. Using LinkedIn means you consent to these policies, so please take a few minutes to read and understand them.”

However, if you log out and back, the notice will be gone– so if you weren’t looking too closely, you might not even realize you’ve just consented.

Rebecca Herold at Realtime IT Compliance looked into this and found that the FTC doesn’t much like this kind of implicit privacy changes. Instead, companies should be getting explicit consent, also called “Affirmative express consent,” says the FTC:

As the FTC has made clear in its enforcement and outreach efforts, a company must keep any promises that it makes with respect to how it will handle or protect consumer data, even if it decides to change its policies at a later date. Therefore, before a company can use data in a manner materially different from promises the company made when it collected the data, it should obtain affirmative express consent from affected consumers.

This would imply that if LinkedIn is updating its privacy policy with such a minimal notice, it may not have changed in any way “materially different” from before. But if it is different, they might face a bit of trouble.

The rest is here:

When an Arkansas couple visited a local McDonald’s in June, they got more than just their favorite burger. The couple apparently left their cell phone at the store, and even though it was returned, their personal information had already been compromised–and put online along with nude photos:

Staff promised to keep the phone safely until [the couple came to retrieve it].

However, after Philip Sherman retrieved the phone, his wife began receiving threatening calls and messages from strangers. This caused the Shermans’ to become suspicious about what had occurred with the phone.

Soon afterward the Shermans’ found the private photos that Tina Sherman had sent to her husband’s phone published on the Internet along with their names, address, and phone numbers. Pictures of Tina Sherman were altered to contain McDonald’s franchise logos, along with slogans such as, “I’m lovin’ it,” and “Hot as McDonald’s coffee.” The photos were located on several different sites online, but have since been removed.

The Shermans are suing for over 3 million dollars in damages, along with relocation costs.

Read the full article here.

View original post here:

One of the real danger of technology, the reason for so much IT-Insecurity, is that many people don’t understand it well.

Case in point is the jury trial of Julie Amero, a schoolteacher who was charged with felony for allegedly showing porn to her class–when in fact the porn sites were popups caused by malware on the classroom computers that popped up while she was teaching:

a series of incompetent computer experts and overzealous prosecutors tried to claim that the pornography that appeared on the school computer browser was deliberately viewed. In reality the computer was infected with a browser hijack or other form of malware nastiness that launched a flood of porn pop-ups. There was an outpouring of support and some technical folks like Alex Eckleberry, who led an effort to prove that Julie was innocent of the charges

After a long trial, Amero has finally been vindicated. But she has still lost those years of her life spent on the case, her teaching credential, and is being charged a $100 fine. While her trial might be over, her personal troubles aren’t.

Go here to read the rest:
Schoolteacher Julie Amero Released, Felony Charges Dropped

Naturally with the economic turmoil and political transition, some changes are in the works for the way technology is governed on a Federal level:

For one thing, the House Judiciary’s Subcommittee on the Internet, Courts and IP will be losing its control over IP Law, which will be handled at the full House level in the future:

According to a committee aide who spoke with Ars on background, the decision was driven by simple numbers: as interest in IP issues has grown in recent years, so has the SCIIP. Handling them at the full committee level allows all the members to get their fingers in the pie. The swap also recognizes the complexity of legislation affecting IP, and avoids the need to get half the Judiciary Committee caught up with the subcommittee’s discussions.

Instead the Subcommittee will reign over anti-trust issues–some fear that this will be a victory for content holders, while other experts argue the fears are unfounded.

What other changes are in the works, and who will play the largest role in determining the future of technology law? Well, if you have some ideas, you can nominate yourself or other people for Ars Technica’s “People to Watch” list.

Originally posted here:
Political Changes for IP Law and Technology

Several friends of mine used to debate at length “What is art?” — now that digital art, guerilla art, performance art, advertising collateral, and the blending of media have blurred the boundaries of what was once a clear-cut discipline. Art’s not just pure visual painting and sculpture any more that gets hung and revered on the walls of museums–more and more people are looking for art that’s interactive, conceptual, interested in the pop social experience, and blends a range of media. While traditionalists who hang paintings in museums might feel that these new art forms aren’t true art, new digital and interactive creations are still infused in our culture and experience, influencing our aesthetic tastes.

Jeff Clark of Neoformist is one such artist blurring the boundaries between programming, verbal, and visual art. Using a scripted algorithm he generates portraits of famous people and animals using an algorithm that creates words in the colors and patterns needed to create the portrait. Some examples feature a shot of Barack Obama created with the words “Yes We Can” and Albert Einstein with the word “Genius.” Very cool– go take a look.

Credit:
Digital Technology, Threatening Art and Culture One Form at A Time

Happy birthday Belsec!

It looks like the Belgian Security bloggers’ network is just a year old, and in celebration, its bloggers are providing links to free stuff online — check out the following:

60+ freeware programs

Hundreds of eBooks

Fun videos and other stuff

Read the rest here:
Happy Birthday Freebies from the Belgian Security Network