Forgot your password?

Close
typodupeerror
Privacy

Social Security Numbers Can Be Guessed 268

Posted by timothy
from the oh-there's-a-scheme-all-right dept.
BotScout writes "The nation's Social Security numbering scheme has left millions of citizens vulnerable to privacy breaches, according to researchers at Carnegie Mellon University, who for the first time have used statistical techniques to predict Social Security numbers solely from an individual's date and location of birth. The researchers used the information they gleaned to predict, in one try, the first five digits of a person's Social Security number 44 percent of the time for 160,000 people born between 1989 and 2003. A Social Security Administration spokesman said the government has long cautioned the private sector against using a social security number as a personal identifier, even as it insists 'there is no fool-proof method for predicting a person's Social Security Number.'" Update: 07/07 00:01 GMT by T : Reader angrytuna links to Wired's coverage of the SSN deduction system, and links to the researchers' FAQ at Carnegie Mellon, which says that the research paper will be presented at BlackHat Las Vegas later this month.
Privacy

Social Security Numbers Can Be Guessed->

Submitted by
BotScout
BotScout writes "The nation's Social Security numbering scheme has left millions of citizens vulnerable to privacy breaches, according to researchers at Carnegie Mellon University, who for the first time have used statistical techniques to predict Social Security numbers solely from an individual's date and location of birth. Researchers at Carnegie Mellon University used the information they gleaned to predict, in one try, the first five digits of a person's Social Security number 44 percent of the time for 160,000 people born between 1989 and 2003. A Social Security Administration spokesman said the government has long cautioned the private sector against using a social security number as a personal identifier, even as it insists "there is no fool proof method for predicting a person's Social Security Number.""
Link to Original Source
Government

Brazilian President Lula da Silva stumps for FOSS->

Submitted by
christian.einfeldt
christian.einfeldt writes "Brazilian President Lula da Silva recently attended the FISL 10 Free Open Source Software conference in Porto Alegre, Brazil, where he reaffirmed Brazil's support for unencumbered document formats and for Free Open Source Software. President da Silva toured the conference hall, packed with media, where he donned at various times a red Fedora hat, a Java ring, and an ODF baseball cap. In his 15 minute address to the general conference, President da Silva stressed that Free Open Source Software helps Brazil maintain control over its IT future, and supports Brazil's goal of widening digital inclusion among disadvantaged Brazilians. Brazil is the world's fifth most populous nation, and the world's fifth larges nation by land mass."
Link to Original Source
Government

Canada's Libraries favor ODF, Net Neutrality->

Submitted by
christian.einfeldt
christian.einfeldt writes "A consortium of Canada's public and university libraries, called the Canadian Library Association/Association canadienne des bibliothèques )(CLA/ACB), has passed a formal resolution in favor of ODF over OOXML, and a second resolution in favor of Internet Neutrality, in a vote of the group's 63rd Annual meeting on May 24, 2008, in Vancouver. The Net Neutrality resolution urges the Canadian government to:

're-examine the Telecommunications Act in order to clearly legislate in favour of a neutral Internet, requiring ISPs to comply with common carriage provisions and conduct business in a manner that is open, transparent, and accountable'
The open format resoltuion states that ODF is more well-suited to allowing libraries to 'fulfill their role of preserving and providing access to information', in contrast to OOXML, which the CLA/ACB find is 'not sufficiently open, interoperable, or vendor-neutral' to assist libraries in their role of disseminating information."
Link to Original Source
Microsoft

The Inside Story on Norway's Yes to OOXML-> 1

Submitted by
Steve Pepper
Steve Pepper writes "The former Chairman of the Norwegian ISO committee, who resigned two weeks ago in protest against his country's vote of Yes to OOXML, tells the inside story of how the decision was reached: how a single bureaucrat from Standards Norway sidelined the overwhelming majority of Norwegian technical experts and changed Norway's vote from No to Yes. The story is so surreal it's hard to believe.

P.S. A topic for "Open standards" would be more appropriate."
Link to Original Source
Microsoft

OOXML protesters outside ISO meeting

Submitted by
howcome
howcome writes "Steve Pepper, the chairman of the committee handling OOXML in Norway called on users all around the world to "Raise a storm of protest!" against OOXML. Steve addressed a crowd of 150 protesters in the streets of Oslo, just outside an ISO meeting. From his speech: "We are not here because we want to discredit the ISO. We are here because we want to defend ISO's integrity ... What we are against is the way in which what has always been an open and democratic organization, where each country has one vote, has been subverted by a large multinational corporation.""
Government

Microsoft's View of Standards as Tools of War->

Submitted by
christian.einfeldt
christian.einfeldt writes "Tech media maven Roy Schestowitz and Pamela Jones of Groklaw have unearthed 1997 documents from the Iowa anti-trust case of 'Comes v. Microsoft,' in which Microsoft Technical Evangelist James Plamondon talks about the importance of stacking seemingly 'neutral' panels to assure that Microsoft platforms are adopted as de facto standards. In a 'Highly Confidential' document entitled 'Evangelism is War', Plamondon justifies his step-by-step strategy for stacking 'neutral' panels as a necessary act of 'war.' He suggests ways to enhance the apparent popularity of Microsoft platforms as standards for the purpose of convincing 'enemies' that adoption of the Microsoft platform as a standard is inevitable, and 'surrender' is the only option. Groklaw's Pamela Jones draws a parallel to the current-day work of Technical Evangelist Rick Jelliffe, who says that he has been hired by Microsoft to act as a 'Devil's Advocate' for the National Board of Australia in Microsoft's upcoming bid to have Microsoft's Office Open XML (OOXML) accepted as a second international electronic document format ISO standard. Recent efforts by Microsoft to change the composition of the ISO national panels have resulted in some controversy and have spawned a new EU probe into potential anti-trust claims based on the way that Microsoft influenced the composition of some of the national boards to vote in the upcoming ISO ballot."
Link to Original Source
Government

Microsoft standing firm on OOXML ISO vote->

Submitted by
christian.einfeldt
christian.einfeldt writes "Microsoft has responded via the industry trade goup ECMA to some of the thousands of criticisms of its submission of Office Open XML (OOXML) as an ISO standard. Open standards advocate Russell Ossendryver takes a look at those responses to see if Microsoft has made significant changes in either the substance of OOXML or the manner in which the OOXML specification will be maintained going forward. Ossendryver concludes that Microsoft's position has not siginficantly changed, but only hardened in place in advance of the Ballot Resolution Meeting which is to occur from February 25 through 29 in Geneva, Switzerland. While no one can say for certain whether Microsoft will succeed in having its OOXML specification win the nod from the international community, Ossendryer thinks that Microsoft's firm stance will actually backfire."
Link to Original Source
Microsoft

EU Investigates Microsoft's OOXML Campaign->

Submitted by
I Don't Believe in Imaginary Property
I Don't Believe in Imaginary Property writes "The EU is investigating Microsoft's OOXML campaign for anti-trust violations. Presumably, they're going to look into the allegations of bribery in Sweden, but there aren't a lot of details other than the EU press release. Groklaw has their own coverage with mention of Microsoft's shenanigans, but the original story requires a Wall Street Journal registration."
Link to Original Source
The Internet

Swedish music industry: make file sharing legal

Submitted by paulraps
paulraps writes "In what seems to be a remarkably progressive move for a music industry organisation, the Swedish Performing Rights Society (STIM) has proposed making file-sharing legal by including the cost of music downloads in packages offered by ISPs. File sharing, according to STIM, "presents a good example of the efficient use of technology" — the challenge is simply to make it possible for music creators to get paid for their work and for the freedom of the internet to be used to maximum effect. Could this be the first sign of a changing attitude in the music industry?"
Security

SPAM: Mozilla Patches Three Critical Firefox Flaws

Submitted by
narramissic
narramissic writes "Mozilla has issued 10 Firefox patches, including three for critical vulnerabilities. These are: 1) A problem in the way the browser handles images on certain Web pages. 2) a vulnerability that can enable a privilege escalation attack or remote code execution. And 3) a memory corruption flaw that 'we presume that with enough effort at least some of these could be exploited to run arbitrary code,' Mozilla said."
Link to Original Source
Businesses

Using Encryption to Reduce Privacy Incidents->

Submitted by
Robert Scott
Robert Scott writes "In May of 2007 Scott & Scott, LLP commissioned the Ponemon Institute to conduct a national survey titled the Business Impact of Data Breach. Out of the 720 companies that responded, 85% reported that they had experienced a data breach and 81% indicated that they suffered a privacy notice triggering event. I was surprised by the high percentage of companies that reported a data breach and alarmed by the number of companies that had notice triggering events. Implementing programs that minimize notice triggering events is easier to accomplish than many companies may realize.

Contrary to popular belief, the single largest cause of data breaches is missing portable devices such as laptops representing 42% in our survey, while criminal acts such as hacking represented only 6%. Accordingly, I have been advising my clients to implement encryption technologies on laptops and PDA's for several years.

Most of the 38 states that currently have data privacy breach notification statutes specifically define the personal information that is subject to the statute by using the term "unencrypted" in the statute. The statutes that do not specifically exempt encrypted data in the definition of personal information have an exception for incidence where there is no reasonable probability of harm. Accordingly, if you have a laptop or PDA that is goes missing and that laptop is equipped with encryption technology you will likely have no data privacy notice obligation under state laws. Amazingly, even after suffering a data breach 46% of the companies in our survey failed to implement encryption technology.

While implementing encryption in our firm, I discovered that encryption can be expensive and disruptive to business operations. In our firm, we have experienced costs exceeding $100.00 for licensing, labor costs related to installation, and performance and reliability impacts on laptops post installation. For these reasons, I was intrigued to learn that that the major hardware manufacturers Dell, Lenovo, and HP were working with the hard-drive manufacturers such as Seagate to develop hard-drives equipped with encryption technology "out of the box." I am now advising my clients to change their standard laptop build to include these hard-drives. The quote for my new laptop from Dell includes the following description: Hard Drive: 80GB Hard Drive 8MM, 5400RPM Latitude D430 (341-5730).

As time goes by, these drives will get faster and the gap between non-encrypted drive performance and encrypted drive performance will either go down or become less important. In the meantime, if you are concerned about data privacy, purchasing your new laptops with encrypted hard drives is one of the smartest things you can do.

A copy of Scott & Scott's State Data Breach Notification chart is available here:
http://www.scottandscottllp.com/resources/state_data_breach_notification_law.pdf"
Link to Original Source

Questions are never indiscreet, answers sometimes are. -- Oscar Wilde