2007 a year of Data Breaches

In Wired:

Foley’s group lists more than 79 million records reported compromised in the United States through Dec. 18. That’s a nearly fourfold increase from the nearly 20 million records reported in all of 2006.

Another group, Attrition.org, estimates more than 162 million records compromised through Dec. 21 – both in the U.S. and overseas, unlike the other group’s U.S.-only list. Attrition reported 49 million last year.

“It’s just the nature of business, that moving forward, more companies are going to have more records, so there will be more records compromised each year,” said Attrition’s Brian Martin. “I imagine the total records compromised will steadily climb.”

Neflix anonymous data De-anonymization

Wow! This is a different kind of data breach.

In October last year, Netflix released over 100 million movie ratings made by 500,000 subscribers to their online DVD rental service. The company then offered a prize of $1million to anyone who could better the company’s system of DVD recommendation by 10 per cent or more.

Of course, Netflix assured everybody that the data had been anonymized by removing any personal details.

That turns out to have been a tad optimistic. Arvind Narayanan and Vitaly Shmatikov at the the University of Texas at Austin have just de-anonymized it.

They go on to explain how they did it.

As one of the comments highlights the part they gloss over is that they can only find out who you are if you had an account on Netflix and IMDB.

From Slashdot: Most Scary to Least Scary

FBI datamining for more then just terrorists:
“Computerworld reports that the FBI is using data mining programs to track more than just terrorists. The program’s original focus was to identify potential terrorists, but additional patterns have been developed for identity theft rings, fraudulent housing transactions, Internet pharmacy fraud, automobile insurance fraud, and health-care-related fraud. From the article: ‘In a statement, Sen. Patrick Leahy (D-Vt.), chairman of the Senate Judiciary Committee, said the report [on the data mining] was four months late and raised more questions than it answered. The report “demonstrates just how dramatically the Bush administration has expanded the use of [data mining] technology, often in secret, to collect and sift through Americans’ most sensitive personal information,” he said. At the same time, the report provides an “important and all-too-rare ray of sunshine on the department’s data mining activities,” Leahy said. It would give Congress a way to conduct “meaningful oversight” he said.’”

from the just-forward-your-mail-to-homeland-security dept:
“You probably already knew that the FBI was data mining Americans in the “search” for potential terrorists, but did you know that they’re also supposed to be looking for people in the U.S. engaged in criminal activity that is not really supposed to be the province of the federal government? Now the feds are alleged to be data mining for insurance fraudsters, identity thieves, and questionable online pharmacists. That’s what they’re telling us now. What else could they be looking for that they are not telling us about?”

From the is-that-anything-like-the-lime-in-the-coconut dept:
“The kernel meets The Colonel in a just-published Microsoft patent application for an Advertising Services Architecture, which delivers targeted advertising as ‘part of the OS.’ Microsoft, who once teamed with law enforcement to protect consumers from unwanted advertising, goes on to boast that the invention can ‘take steps to verify ad consumption,’ be used to block ads from competitors, and even sneak a peek at ‘user document files, user e-mail files, user music files, downloaded podcasts, computer settings, [and] computer status messages’ to deliver more tightly targeted ads.”

From the how much can you remember department:

The research reveals that the average citizen has to remember five passwords, five pin numbers, two number plates, three security ID numbers and three bank account numbers just to get through day to day life.

Six out of ten people claimed that they suffer from “information overload,” stating that they need to write these numbers down in order to remember them.

However, more than half of the 3000 people surveyed admitted to using the same password across all accounts, leaving them at risk of potentially severe security breaches.

Professor Ian Robertson, a neuropsychology expert based at Trinity College Dublin who carried out the study, said: “People have more to remember these days, and they are relying on technology for their memory.

“But the less you use of your memory, the poorer it becomes. This may be reflected in the survey findings which show that the over 50s who grew up committing more to memory report better performance in many areas than those under 30 who are heavily reliant on technology to act as their day to day aide memoir.”

Who ownes that copy?:

‘Copyfraud is everywhere. False copyright notices appear on modern reprints of Shakespeare’s plays, Beethoven’s piano scores, greeting card versions of Monet’s Water Lilies, and even the US Constitution. Archives claim blanket copyright in everything in their collections. Vendors of microfilmed versions of historical newspapers assert copyright ownership. These false copyright claims, which are often accompanied by threatened litigation for reproducing a work without the owner’s permission, result in users seeking licenses and paying fees to reproduce works that are free for everyone to use…’”

Second Life – the real picture emerges:

The LA Times is running a story today saying that marketers are pulling out of Second Life, primarily because — surprise, surprise — the ‘more than 8 million residents’ figure on the game’s Web site is grossly inflated. Also, as it turns out, the virtual world’s regular visitors — at most 40,000 of them online at any time — are not only disinterested in in-world marketing, but actively hostile to it, staging attacks on corporate presences such as the Reebok and American Apparel stores.

THIS IS FUN:
RunBot Robot Walks:
“The basic walking steps of Runbot, which has been built by scientists co-operating across Europe, are controlled by reflex information received by peripheral sensors on the joints and feet of the robot, as well as an accelerometer which monitors the pitch of the machine. These sensors pass data on to local neural loops – the equivalent of local circuits – which analyse the information and make adjustments to the gait of the robot in real time.”

THIS IS GODO NEWS:
from the free-at-last dept:
“IBM is making it easier to utilize its patented intellectual property to implement nearly 200 standards in the SOA, Web services, security and other spaces. Under a pledge issued by the company Wednesday, IBM is granting universal and perpetual access to intellectual property that might be necessary to implement standards designed to make software interoperable. IBM will not assert any patent rights to its technologies featured in these standards. The company believes its move in this space is the largest of its kind.”

German Data Retention, NSA doesn’t Trust itself & FBI and “spying student” profiles

From Slashdot:

“Google is threatening to shut down the German version of its Gmail service if the German Bundestag passes it’s new Internet surveillance law. Peter Fleischer, Google’s German privacy representative says the new law would be a severe blow against privacy and would go against Google’s practice of also offering anonymous e-mail accounts. If the law is passed then starting 2008, any connection data concerning the internet, phone calls (With position data when cell phones are used), SMS etc. of any German citizen will be saved for 6 months, anonymizing services like Tor will be made illegal.”

Well if the can’t collaborate maybe they can’t spy on us all that well?
Linked to the Baltimore Sun from Slashdot:

NSA employees also do not trust one another, which has left the agency fragmented and in search of a “unity of purpose,” according to a task force report released to employees late last month.”What we need is fundamental change in the way we manage NSA and what we expect of management and ourselves,” concluded the study, which was led by George “Dennis” Bartko, the NSA’s deputy chief of cryptanalysis. The Sun obtained unclassified portions of the report and eight related documents.

From Presssec:

US university students will not be able to work late at the campus, travel abroad, show interest in their colleagues’ work, have friends outside the United States, engage in independent research, or make extra money without the prior consent of the authorities, according to a set of guidelines given to administrators by the FBI.

linked to from Slashdot:

“FBI is offering to brief faculty, students and staff on what it calls ‘espionage indicators’ aimed at identifying foreign agents. Unexplained affluence, failing to report overseas travel, showing unusual interest in information outside the job scope, keeping unusual work hours, unreported contacts with foreign nationals, unreported contact with foreign government, military, or intelligence officials, attempting to gain new accesses without the need to know, and unexplained absences are all considered potential espionage indicators.”

Sex offender mixup on MySpace and AmeriTrade Spam

Last week there were some interesting identity developments.

summary: Ms. Jessica Davis had her Myspace profile eliminated because it matched a name in a sex offender database. She tried to resolve it with Myspace but they were very unhelpful. She went to the press after learning about a new information sharing agreement between MySpace and states attorney generals. She is planning to go into law and public service and did not want to be in a position for the rest of her life defending her innocence because they put her in some database.

AmeriTrade Spam: “On April 14, 2007, I signed up for an AmeriTrade account using an e-mail address consisting of 16 random alphanumeric characters, which I never gave to anyone else. On May 15, I started receiving pump-and-dump stock spams sent to that e-mail address. I was hardly the first person to discover that this happens. Almost all of the top hits in a Google search for “ameritrade spam” are from people with the same story: they used a unique address for each service that they sign up with, so they could tell if any company ever leaked their address to a spammer, and the address they gave to AmeriTrade started getting stock spam. “