* [Please post your job openings here] *

June 21, 2008

Privacy & Security Watch: Diebold Summer Sale Offers Used Voting Machines

This also gets categorized under: "Who wants to steal the election?"

According to this article, Premier Election Solutions, formerly known as Diebold, makers of those easily hackable electronic voting machines, (just do an internet search on "hackable Diebold" if you doubt that statement), is "selling off everything from used touch-screen voting machines ($600/each) to ballot boxes ($1,000/each), voter and poll supervisor smart cards that are used to initiate voting on machines on election day ($2.00/each), and tamper-evident security seals ($0.15/each) that are supposed to protect machines from intruders."

Richard L. Kuper
The Kuper Report
http://TheKuperReport.com

Labels: , , , , , , , , , , , , , ,




* [Please post your job openings here] *

ThisIsMyStore.com

FindJobsPostJobs.com CareerHotList.com
R.L. Kuper, Inc. - Management Consulting

Privacy & Security Watch: TJX Fires Employee for Disclosing Security Problems

As readers of this newletter know, TJX, the parent company of T.J. Maxx, Marshalls, and Home Goods stores, had a serious security breach over a long period of time. (See http://www.TheKuperReport.com/2007/03/stolen-data-from-tjx-tj-maxx-marshalls.html
and subsequent articles on this subject). Well, it seems they still haven't learned from their mistakes. According to this article, a young employee in a Lawrence, KS T.J. Maxx store tried, but failed to convince management that running their server in administrator mode and giving everyone id's with blank passwords was a very bad and insecure thing to do. So he anonymously posted about this lack of security to an online forum. TJX found out it was him and they fired him. No word on whether they address this serious security breach.

Richard L. Kuper
The Kuper Report
http://TheKuperReport.com

Labels: , , , , , , , , , , , , , , ,




* [Please post your job openings here] *

ThisIsMyStore.com

FindJobsPostJobs.com CareerHotList.com
R.L. Kuper, Inc. - Management Consulting

May 16, 2007

Privacy and Security Watch: IBM loses tapes with personal information on current and former employees

It seems even the great IBM can be affected by such problems as losing tapes containing social security numbers and other personal information on employees and retirees, along with records of customer transactions.

According to this article, "An outside vendor was transporting the tapes from one IBM facility to another on Feb. 23 when the tapes fell out of a contractor's vehicle in Westchester County, N.Y., not far from IBM headquarters in Armonk. IBM representatives went to the scene and couldn't find the tapes."

For some reason, only some of the missing tapes were encrypted.

Richard Kuper
The Kuper Report
http://TheKuperReport.com

Labels: , , , , , , , , ,




* [Please post your job openings here] *

ThisIsMyStore.com

FindJobsPostJobs.com CareerHotList.com
R.L. Kuper, Inc. - Management Consulting

May 10, 2007

Privacy and Security Watch: University of Missouri Hacked For Second Time This Year

According to this article, The University of Missouri has been hacked for the second time this year. The hacker gained access to the social security numbers of over 22,000 students and alumni through a Web page that was used "to make queries about the status of trouble reports to the university's computer help desk."

Back in January, there was a similar breach. In that case, "a hacker obtained the Social Security numbers of 1,220 university researchers, as well as personal passwords of as many as 2,500 people who used an online grant application system."

Richard Kuper
The Kuper Report
http://TheKuperReport.com

Labels: , , , , , , , , , ,




* [Please post your job openings here] *

ThisIsMyStore.com

FindJobsPostJobs.com CareerHotList.com
R.L. Kuper, Inc. - Management Consulting

May 05, 2007

Transportation Security Administration, a division of Homeland Security, loses hard drive with personal data on 100,000

According to an Associated Press report, "the Transportation Security Administration has lost a computer hard drive containing Social Security numbers, bank data and payroll information for about 100,000 employees."

The privacy and security of personal information is clearly not being addressed by government agencies, as previously reported in The Kuper Report and in various news reports over the years. This breach by a division of the Homeland Security Department is just the latest reported problem. As the Congress perhaps begins to address this problem in the private sector, it needs to also address this problem in the public sector. However, unless there are severe consequences for breaching the privacy, this problem will not end.

Richard Kuper
The Kuper Report
http://TheKuperReport.com

Labels: , , , , , , , , , , ,




* [Please post your job openings here] *

ThisIsMyStore.com

FindJobsPostJobs.com CareerHotList.com
R.L. Kuper, Inc. - Management Consulting

April 26, 2007

Privacy and Security Watch: Lawmakers decry continued vulnerability of federal computers

Corporate computers are not the only ones being breached. The Federal Government (and state and local governments as well) are also not doing a good enough job of protecting the data from unauthorized access. In the case of the Federal Government, some of our lawmakers are finally waking up to this problem and speaking out about the issues. Read all about it here.

Richard Kuper
The Kuper Report
http://TheKuperReport.com

Labels: , , , , , , , , , ,




* [Please post your job openings here] *

ThisIsMyStore.com

FindJobsPostJobs.com CareerHotList.com
R.L. Kuper, Inc. - Management Consulting

Privacy and Security Watch: Group calls for federal data security breach notification law

With the massive data breach of TJX (see various articles on TheKuperReport.com), several banks are suing TJX Companies Inc. over the data breach that "exposed at least 45.7 million credit and debit card holders to identity fraud." You can read more about that here.

Because of this and the many other breaches at other firms, the Cyber Security Industry Alliance (CSIA) is lobbying Congress to pass a law that will require companies that are breached to notify victims. Read all about it here.

Richard Kuper
The Kuper Report
http://TheKuperReport.com

Labels: , , , , , , , , , ,




* [Please post your job openings here] *

ThisIsMyStore.com

FindJobsPostJobs.com CareerHotList.com
R.L. Kuper, Inc. - Management Consulting

April 03, 2007

Privacy and Security Watch: More Security/Identity Breaches and Issues

According to an article in ComputerWorld, "RadioShack Corp. dumped 'thousands' of customer records behind a store near Corpus Christi, exposing consumers to possible identity theft." The article goes on to say "According to Attorney General Greg Abbott, the Fort Worth-based company violated multiple state statutes, including the Identity Theft Enforcement and Protection Act, a 2005 law that requires businesses to protect and properly dispose of customer personal information."

But in another ComputerWorld article in the same state of Texas, it seems that "Texas Gov. Rick Perry has signed into law a bill that allows the state's county and court clerks to disclose "in the ordinary course of business" Social Security numbers contained in documents held by their offices."

So, at least in Texas, Social Security numbers are no longer considered protected data if they exist in "public records held by clerks in the state" but are protected data if held by anyone else. So if you have public documents containing personal data, such as mortgage records and tax liens in the state of Texas, your private information, already being posted by Texas to the internet and for sale unredacted, is no longer protected.

And now your browser may be used to capture your personal information on your computer and as a hacking tool against others. According to another article in ComputerWorld, javascript code that could be used to turn a Web browser into a hacker's tool is now available on Internet.

Meanwhile, in yet another ComputerWorld article we are told that there is a critical Windows flaw that Microsoft has apparently known about since December 2006 that affects Windows 2000 SP4, XP SP2, Server 2003 (up to SP2), and even Vista (both 32- and 64-bit versions). Microsoft was apparently in no hurry to fix this but the pressure has mounted and they are supposedly rolling out a fix soon. This critical flaw will allow a rogue program to "run malicious code on a victimized PC, infecting it with spyware, stealing identity information or adding it to a botnet of hijacked systems."

To borrow from a tag line in an old TV show (NYPD Blue, if memory serves):
"Be careful out there."

Richard Kuper
The Kuper Report
http://TheKuperReport.com

Labels: , , , , , , , ,




* [Please post your job openings here] *

ThisIsMyStore.com

FindJobsPostJobs.com CareerHotList.com
R.L. Kuper, Inc. - Management Consulting

March 30, 2007

Privacy and Security Watch: Microsoft warns of zero-day Windows attack

Never open email attachment from an unknown source.

Never open an email attachment that you were not expecting from a known
source without first verifying that it was actually sent by that person.

If you use outlook as your email client, you are especially vulnerable to this attack. In this case, even if you have wisely set your email to only accept/read text email, you still are at risk.

If you use Internet Explorer you are especially vulnerable to this attack. Firefox 2.0 is not vulnerable to this attack.

Be sure you are not visiting rogue internet sites.

From the article:

"An attacker could try to exploit the vulnerability by creating a specially crafted Web page," the Microsoft advisory warned. "An attacker could also create a specially crafted e-mail message and send it to an affected system. Upon viewing a Web page, previewing or reading a specially crafted message, or opening a specially crafted e-mail attachment, the attacker could cause the affected system to execute code."

See the full article here.

There is also an unofficial patch, since Microsoft doesn't seem to be hurrying to fix this. You may or may not want to consider this unofficial patch. You can read about it here.

Richard Kuper
The Kuper Report
http://TheKuperReport.com

Labels: , , , , , , , , , ,




* [Please post your job openings here] *

ThisIsMyStore.com

FindJobsPostJobs.com CareerHotList.com
R.L. Kuper, Inc. - Management Consulting

March 22, 2007

Privacy and Security Watch: Stolen Data from TJX (T.J. Maxx, Marshalls and HomeGoods stores) since 2003 Used in $8M Scheme Before Breach Discovery

According to recent reports in eWeek (links below), massive amounts of data, dating back to 2003, were stolen from TJX (T.J. Maxx, Marshalls and HomeGoods stores) over an extended period of time, starting in 2005. The breach, or intrusion as TJX prefers to call it, was not discovered until December 2006.

This is just the latest story in the ongoing issue of data security. Companies need to get their acts together and ensure that they are protecting the personal and private data of their customers. It may be time for the government to step in and create financial incentives for companies to do this. Of course, the Federal government and many state and local governments are guilty of not protecting the personal and private data of its citizens either, so they would also have to fine themselves (not likely). So this problem will continue to be a major problem until the public starts making its voice heard and making this a priority for government and corporations to take more seriously.

Here are the links to the TJX story:

Stolen TJX Data Used in $8M Scheme Before Breach Discovery

TJX: Data Theft Began in 2005; Data Taken from 2003

Richard Kuper
The Kuper Report
http://TheKuperReport.com

Labels: , , , , , , , , , , , , , , ,




* [Please post your job openings here] *

ThisIsMyStore.com

FindJobsPostJobs.com CareerHotList.com
R.L. Kuper, Inc. - Management Consulting
























































































This page is powered by Blogger. Isn't yours?







Who links to me?