Michael Gracie

Rhode Island might be the smallest state in the US, but not when it comes to the size of the hack against its governement. A recent break-in resulted in a bunch of stolen credit card numbers.

The interesting part of this story is not that some perpetrated a theft, but the descrepancy over the number of cards purported to have been stolen. A representative for the company that runs the state’s website claims a little over 4,000, and only 8 cardholders were actually affected.

To the Russian hacker who posted the results of his job, bragging rights were retuned to more than 50,000 numbers.

Who to believe is anyone’s guess.

I can’t really add much to Techdirt’s opinion on what is and isn’t spam - it is in fact a matter of perception.

But the underlying problem regarding blacklists does deserve some elaboration. When a blacklist adds a record because of just a few complaints, legitimate mailers to legitimate opt-in customers do get hurt. Unfortunately, the everyday Joe has neither the time, inclination, nor skills to manage a personal blacklist (whether it is implemented directly or by their email service provider). The issue deserves additional attention, I’m just not sure who is the right one for the job.

Telcos have been thinking about “tiering” the internet, and charging premiums for access to the faster pipes. I first thought it was a knucklehead move, but I am re-evaluating my stance.

Now that politicians are catching on to blogging, we are going to have even more “hip-hip-hooray” and “pat-me-on-the-back” floating around - a whole bunch of virtual grandstanding - clogging up the pipes.

I would hope the telcos would put the politicians’ blogs on the non-premium tier, but I am not going to bet on it.

Choicepoint, who lost hundreds of thousands of data records to scammers, and was rewarded for their ineptitude with some big government contracts, has settled with the FTC to the tune of $15 million. $10 million is a fine (that the government body will invariably lose itself), and the rest goes into a “victims fund.”

Of course the actual number of “victims” is yet to be determined - they are still coming out of the woodwork, and unless everyone on the list changes all their credit card numbers, they still will be for a long time.

Robert K. Brown’s blog has a running list of commentors complaining about getting hit with fraudulent charges. The list keeps on growing. Brown thinks the settlement should have been more like $50 million, but Choicepoint likely didn’t have that kind of money to spend after paying all those lobbyists.

Researchers are saying that VoIP applications like Skype could be used for website attacks, and provide a way for malcreants to cover their tracks.

Unfortunately, they don’t actually say how this would all happen, preferring to describe a standard zombie/botnet network, and how criminals use them. And their suggestion to thwart this yet undetailed weakness - publish VoIP network routing specifications and/or switch to open standards. Hmm.

Give the criminals a map? Or are these researchers secretly working for the fine and dandy traditional US telco providers?

Neil Archibald says OS X is full of ancient security flaws, and that the time is nigh for Apple users to get hammered over it.

“The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common UNIX platforms.… If this situation was to change, in my opinion, things could be a lot worse on Mac OS X than they currently are on other operating systems, regarding security vulnerabilities,” said Archibald
Read more »

…compliments of stupidity.

The description of the incident says it all, but I will summarize for your convenience:

An Ameriprise (American Express Financial Advisors, renamed) employee was carrying around 200,000+ brokerage account records, on a laptop, unencrypted. He or she left the laptop in a parked car (likely in plain sight), and someone broke into the car and took it.

Stupid points, made more so in their combination: laptop, unencrypted data, parked car. Its so dumb, I wonder if there is more to this story.

Anyone who knows me, or just regularly reads this blog (which accounts for exactly two people, including myself), has already figured out that I wouldn’t plug a politician unless he was an otherworldly individual. Since those types of politicians are rarer than rubies, you guessed it - Robert Hamilton is anything but ordinary.
Read more »

Harvard and Oxford Universities, Consumer Reports, Google, Lenovo, and Sun are teaming up to fight spyware but publicising spyware/adware laden software and the companies that produce it. They’ve set up shop at StopBadware.org.

I first have to wonder if they know something the rest of us don’t - in order to publish this stuff, don’t you have to first agree on a scope for what constitutes spyware? Or do you just post everything you think might be spyware, then wait for the companies involved to piss and moan, and then sue. Maybe looking to the law is not such a bad idea.

I think it is actually more takes than that, but who’s counting anymore? This time, it’s Notre Dame.