Group items tagged

"Every day thousands of people download new applications onto their smart phones without much care for the terms of service they so easily agree to. What most of these people don't know is they may be volunteering information and allowing for companies to gather data without their consent. Recently a company called Pinch Media was charged with being a little too invasive when it comes to gathering information through their iPhone apps. According to one iPhone developer, applications using Pinch Media can retrieve information like your phone's personal ID number and can work in conjunction with other applications like Facebook to determine your gender, birth year and even your exact longitude and latitude. Pinch Media has been accused of gathering information that has nothing to do with its applications. Instead, they have been using this data collection for advertisements and other marketing purposes. Worse, is that this information is often taken without the consent of the user and more often than not does not allow the user the option to stop the information gathering. Pinch Media has fought back by arguing that they are completely within their rights to retrieve the information as long as the user gives consent when they agree to the terms of the application. Regardless of whether or not the information they gathered is being used for good or ill mannered purposes one thing is certain. Smart phone users should pay more attention to the terms of service they agree to. A simple visit to a software developer's web site can be the difference between you using your applications and your applications using you. Take the time out to read the fine print, and if you aren't sure about something - email the company directly with your questions or concerns."

"A new proof-of-concept (PoC) application enables an attacker to remotely activate a BlackBerry microphone and listen in on surrounding sounds and conversations. The application, called PhoneSnoop, was released last week on the blog of security researcher Sheran Gunasekera. To download and install the application, an attacker would need physical access to a BlackBerry device and to know a PIN, if the owner uses one to lock his or her device. After PhoneSnoop is installed on a device, when a call is received from a preconfigured number, the BlackBerry automatically answers the phone, allowing an attacker to listen in, Marc Fossi, senior researcher at Symantec Security Response told SCMagazineUS.com on Thursday. Once the call is connected, the BlackBerry is set to speakerphone, increasing the microphone's sensitivity to pick up sound from far distances. "First and foremost, the most important thing about this is it's a proof of concept, Fossi said. "It's not something you need to worry about right now.""

The D.C. agency that handles college financial aid requests said yesterday that it had accidentally e-mailed personal information from 2,400 student applicants to more than 1,000 of those applicants. The Office of the State Superintendent of Education (OSSE) said it has notified all students of the breach, which occurred when an employee of the agency's Higher Education Financial Services Program inadvertently attached an Excel spreadsheet to an e-mail. The information included student names, e-mail and home addresses, phone and Social Security numbers and dates of birth. The disclosure involved the "DC OneApp," an online application that allows D.C. students to apply for a series of grant programs. They include DCTAG, which provides awards of up to $10,000 toward the difference between in-state and out-of-state tuition at public four-year-colleges in the 50 states. The accidental disclosure went to about 1,250 DCTAG applicants, officials said. OSSE never publicly announced the breach, which occurred Wednesday. It did express regret for the incident in an e-mail sent to students and parents the next day. A parent made the e-mail available to The Washington Post over the weekend.

Burger King's wildly popular Facebook application "Whopper Sacrifice," which rewards you with a free Whopper when you drop 10 friends, has been shut down. Social networking just got healthier. Last week, Burger King announced it was teaming up with social networking powerhouse Facebook for a special promotion: If you removed 10 people from your network of friends, the fast-food company would reward you with a coupon for a free Whopper. The story became an Internet sensation, but it's only now getting meatier. As it turns out, a notification feature on the "Whopper Sacrifice" application that lets your friends know they have been replaced by a shot at a free hamburger violates Facebook's privacy policy. "We encourage creativity from developers and companies using Facebook platform, but we also must ensure that applications follow users' expectations and privacy," the company said in a statement. "After extensive discussions with the developer, we've made some changes to the application's behavior to assure that users' expectations of privacy are maintained. The application remains active on Facebook."

Burger King, through their insanely creative advertising agency Crispin Porter + Bogusky (see their recent Burger King perfume launch), launches a Facebook application that encourages users to remove Facebook friends. Sacrifice ten of them and you got a free Whopper. 233,906 friends were removed by 82,771 people in less than a week. Facebook is overjoyed, right? What a great example to show the Madison Avenue agencies on how a big brand can get real engagement from users. This is the future of advertising. Or it could have been, if Facebook hadn't shut it down, citing privacy issues: We encourage creativity from developers and brands using Facebook Platform, but we also must ensure that applications follow users' expectations of privacy. This application facilitated activity that ran counter to user privacy by notifying people when a user removes a friend. We have reached out to the developer with suggested solutions. In the meantime, we are taking the necessary steps to assure the trust users have established on Facebook is maintained. Did anyone talk to the sales department before pulling the trigger on this? All that happened is the user being dissed got a message telling them, which helps the application spread virally. Without that feature the app is far less powerful. There is no real privacy issue here, just a policy decision by Facebook that people shouldn't be notified when you remove them as a friend. Facebook consistently tell users they can't do things in the name of privacy, despite the fact that those users know full well what they are up to. Unless investor and partner Microsoft makes them do it, of course.

This tip is part of SearchSecurity.com's Data Protection School lesson, E-discovery and security in the enterprise. Visit the E-discovery and security in the enterprise lesson page for additional learning resources. Most information security pros have a handle on the major data types found in their environments, but they also know that there is a whole lot more data lurking around the edges. These unknown data types can include documents used by individuals, or whole applications owned by departments that have quietly become essential to the business. Most of the time, focusing on the squeaky wheels is an acceptable strategy; if there's no "squeak" then there's no need to worry. But when it comes to litigation, and especially managing the electronic discovery process, what you don't know can hurt you. There are four major types of data in use today: paper documents; structured data sets, like databases; semi-structured applications, like email and image stores; and unstructured repositories, like file servers. Comprehending the vast volume of these varied records can be a challenge for everyone involved, which includes information technology, records management, legal staff, and even the data owners themselves. But since almost all business information is stored in digital formats today, electronic storage systems are the most popular target for the discovery motions filed as part of legal proceedings. It is most efficient for a litigator to head straight for your email, spreadsheets and applications, looking for what they term electronically stored information (ESI). Making matters worse for IT administrators, new rules for civil litigation enacted at the end of 2006 (called the Federal Rules of Civil Procedure, or FRCP) have pushed up the timetable of electronic discovery. What was once a delayed and informal process has become much more structured, with lawyers meeting to discuss available ESI, typically just a few weeks after legal action commences. When l

GoogleApps is an upgade to the Los Angeles computer systems security? Doesn't that explain a lot?! Google Inc. this week came swinging at critics who have cited privacy and security concerns in calling on the city of Los Angeles to rethink its plan to implement the Google Apps hosted e-mail and office applications. In an interview yesterday, Matt Glotzbach, director of product management for Google Enterprise, said the angst voiced by consumer groups and others about the Los Angeles project is overstated and based on incomplete information. In fact, he contended that transitioning the applications to Google will strengthen the security of the city's data and better maintain its privacy. "From what I know of the city's operation, this is a security upgrade," Glotzbach said. "Those who may be unfamiliar with cloud computing see this as a security risk simply because it is new and because it is something different," he said. Glotzbach said he believes that at least some of the concerns raised originated from Google's competitors. Meanwhile top managers at the Los Angeles Information Technology Agency (ITA), which oversees technology implementations in the city, yesterday said the city is still committed to implementing Google Apps. The agency insisted that provisions are in place for addressing the security and privacy issues raised by critics. A spokesman for Mayor Antonio Villaraigosa said the city council will sign off on the project only after it is assured that the privacy and security concerns have been properly addressed.

Google Inc. this week came swinging at critics who have cited privacy and security concerns in calling on the city of Los Angeles to rethink its plan to implement the Google Apps hosted e-mail and office applications. In an interview yesterday, Matt Glotzbach, director of product management for Google Enterprise, said the angst voiced by consumer groups and others about the Los Angeles project is overstated and based on incomplete information. In fact, he contended that transitioning the applications to Google will strengthen the security of the city's data and better maintain its privacy. "From what I know of the city's operation, this is a security upgrade," Glotzbach said. "Those who may be unfamiliar with cloud computing see this as a security risk simply because it is new and because it is something different," he said. Glotzbach said he believes that at least some of the concerns raised originated from Google's competitors. Meanwhile top managers at the Los Angeles Information Technology Agency (ITA), which oversees technology implementations in the city, yesterday said the city is still committed to implementing Google Apps. The agency insisted that provisions are in place for addressing the security and privacy issues raised by critics. A spokesman for Mayor Antonio Villaraigosa said the city council will sign off on the project only after it is assured that the privacy and security concerns have been properly addressed.

A consumer reporting agency that failed to properly screen prospective customers and, as a result, sold at least 318 credit reports to identity thieves, has agreed to settle Federal Trade Commission charges that it violated federal law. Under the settlement, the company and its principal must ensure that they provide credit reports only to legitimate businesses for lawful purposes, use a comprehensive information security program, and obtain independent audits every other year for 20 years. The settlement also imposes a $500,000 penalty but suspends payment due to the defendants' inability to pay. According to the FTC, the defendants use sensitive financial data from other consumer reporting agencies to create reports that landlords use to assess potential renters. These reports contain consumers' names, Social Security numbers, birth dates, bank and credit card account numbers, credit histories, and other personal information. The Commission alleges that the company failed to properly screen new customers. The company allegedly requested only publicly-available information from applicants seeking credit reports, and it did not request supporting documentation to establish that an applicant was actually a landlord renting property. As a result, identity thieves posing as property owners were given an account with unlimited online access to credit reports, and the account was used to access at least 318 reports containing sensitive personal information. The FTC charged the defendants with violating the Fair Credit Reporting Act (FCRA) by furnishing credit reports to persons who did not have a permissible purpose to obtain them, and by failing to maintain reasonable procedures to prevent such impermissible disclosures and to verify their customers' identities and how they intended to use the information. The agency also charged them with violating the FTC Act by failing to employ reasonable and appropriate security measures to protect sensitive consumer inform

Online fraud is a $4 billion dollar a year industry. It grows as the unemployment rate increases and the jobless attempt to earn a living through whatever means necessary. Meanwhile, the Internet's footprint on the global economy and culture becomes larger every day. The expansion of fraud and the identification of this risk will create more jobs in the fields of compliance, risk management, and best practices. Who will fill these positions? For many companies looking to take action, the initial move will be to consolidate roles. Individuals in areas such as sales and marketing will absorb fraud identification, reporting, and prevention responsibilities. This will prove to be ineffective for the following reasons: 1. The sales and marketing staffs are not trained to identify fraud and they cannot keep up with the ever-changing tactics. 2. Associates are conflicted when faced with a fraud incident. They are not motivated to report fraud and their compensation structure dissuades them from reporting incidents. 3. Business goals are not aligned appropriately, which naturally moved fraud last on the priority list for the associates assigned the additional responsibilities. 4. While the internal attempt is made, no time is spent on partner due diligence and monitoring. Organizations will benefit in the long term by hiring dedicated staff. This tactic is one component of my company's Best Practice approach to doing business. My dedicated team helped realign business goals and create a culture that now embraces a higher set of standards and expectations. Staffing and training were the largest challenges I have faced in the last year. The positions were new, the skill set was specific, and as a result we received a dichotomous set of resumes. Applicants with online marketing experience had little to no experience with fraud, or they came from companies where more unscrupulous methods were used, and I was not confident those habits would be easily kicked. The app

Cloud services are now vulnerable to malicious use, a security company has suggested, after a techie worked out how Amazon's EC2 service could be used as a BitTorrent file harvester and host. Amazon's Elastic Compute Cloud (EC2) is a web service software developers can use to access computing, compilation and software trialling power on a dynamic basis, without having to install the resources locally. Now a developer, Brett O'Connor, has come up with a step-by-step method for using the same service to host an open source BitTorrent application called TorrentFlux. Getting this up and running on Amazon would require some technical know-how, but would be within the reach of a moderately experienced user, right down to following O'Connor's command line low-down on how to install the public TorrentFlux app straight to Amazon's EC2 rather than a user's local machine. Finding an alternative way of using BitTorrent matters to hardcore file sharers because ISPs and admins alike are increasingly keen to block such bandwidth-eating traffic on home and business links, and O'Connor's EC2 guide was clearly written to that end - using the Amazon service would make such blocking unlikely. "I created a web-based, open-source Bittorrent 'machine' that liberated my network and leveraged Amazon's instead," says O'Connor. He then quips "I can access it from anywhere, uploading Torrent files from wherever, and manage them from my iPhone." However, security company GSS claims the guide shows the scope for possible abuse, using EC2 to host or 'seed' non-legitimate BitTorrent file distribution. "This means, says Hobson, that hackers and other interested parties can simply use a prepaid (and anonymous) debit card to pay the $75 a month fee to Amazon and harvest BitTorrent applications at high speed with little or no chance of detection," said David Hobson of GSS. "The danger here is that companies may find their staff FTPing files from Amazon EC2 - a completely legitimate domain -

Changes relating to different aspects of data management have been highlighted as key trends in the IT industry for 2009 in a report by consultancy Deloitte. The falling price of digital storage has caused an irresponsible approach to file management and IT leaders will need to give an increased focus to these issues, says Deloitte, along with finding ways around the rise in physical storage costs. "There are ways to control the escalation of storage costs, such as de-duplication tools that can free up space by reducing duplicate files," says the report. "Companies can assess the impact of individual applications, especially email - which is estimated to take up 25 per cent of enterprise storage capacity," it says. According to Deloitte's research, businesses will become increasingly aggressive when pursuing disputes related to copyright infringement and digital ownership rights. "If undertaking a swift launch of a product or digital application, companies should ensure that no element could lead to litigation," says the report. Despite pointing out that 2009 will be the break-out year for social networks in the business, Deloitte says that such networks will need to be developed with caution to encourage more productivity and balance control with employees' desire for privacy.

Physician groups press FTC for exemption from Red Flag Rules With a May 1 deadline for compliance looming, the American Medical Association (AMA) has asked the Federal Trade Commission (FTC) to suspend the application of the Red Flag Rules to physicians and publish a new rule so that physicians have an opportunity to provide comments. In a March 9 letter to the FTC, AMA Executive Vice President Michael D. Maves wrote that the AMA "strongly believes that the FTC did not provide physicians with an opportunity to review and comment on this Rule." Controversy. Under the Red Flag Rules, which were finalized in October 2007 under the Fair and Accurate Credit Transactions Act (FACTA), financial institutions and creditors must develop and implement written identity theft prevention programs. FACTA provides a broad definition of "creditor" as "any entity that regularly extends, renews or continues credit." The FTC has interpreted this definition to include health care providers and physicians. The AMA and several other medical trade associations have taken the position that physicians were not intended to be subject to the Red Flag Rules, but the FTC has held firm in its interpretation, in spite of the objections. In a Feb. 4 letter to the AMA, the FTC reiterated its position that "the plain language and purpose of the Rule dictate that health care professionals are covered by the Rule when they regularly defer payment for goods or services." The FTC also has taken the position that application of the Red Flag Rules to physicians will reduce the incidence of medical identity theft and will not impose a heavy burden on health care professionals. Rulemaking process. In addition to its claim that health care providers should not be classified as creditors, the AMA also has argued that the physician community was not informed that it would be subject to the Red Flag Rules.

Be careful what information you give to recruiters!

Insurance company Aetna has contacted 65,000 current and former employees whose Social Security numbers (SSNs) may have been compromised in a Web site data breach. The job application Web site also held names, phone numbers, e-mail and mailing addresses for up to 450,000 applicants, Aetna spokeswoman Cynthia Michener said. SSNs for those people were not stored on the site, which was maintained by an external vendor. The company found out about the breach earlier this month when people began receiving spam messages that appeared to come from Aetna and complained to the company, Michener said. The spam purported to be a response to a job inquiry and requested more personal information. The spam campaign showed the intruders successfully harvested e-mail addresses from the Web site, although Michener said it's not clear if SSNs were also obtained. Nonetheless, Aetna sent letters last week notifying the 65,000 people whose SSNs were on the site of the breach. The company is offering them one year of free credit monitoring, as SSNs are often used by identity thieves. "We wanted to err on the side of caution," Michener said. Aetna hired an IT forensics company to investigate how the Web site had been compromised. "At this point despite a thorough review, they've not been able to pinpoint the precise breach," Michener said. Aetna posted alerts on the job site, its main Web site and its internal intranet about the spam campaign, Michener said.

The Interior Department's inspector general has found widespread mishandling and erratic tracking of special passports issued to department officials traveling overseas, alleging that in numerous instances employees violated federal privacy laws by improperly securing passports and passport application forms. In some cases, officials couldn't account for expired passports of former employees, and could not locate a passport once issued to former Interior secretary Gale Norton. The inspector general's report warned that such mismanagement and lax protection could result in cases of fraud or identity theft impacting current and former employees. "Given the risk of misuse that missing and unsecured passports, visas and passport applications pose, we cannot understate the importance of acting swiftly to address these violations and prevent their recurrence," Acting Inspector General Mary L. Kendall wrote in a memo sent with a copy of the report last week to Interior Secretary Ken Salazar.

Why Google isn't ready to be an Enterprise vendor

At the Google (NSDQ: GOOG) I/O developer conference this week, Google Inc. will host more than 80 technical sessions on all of the Google apps and platforms we've come to know -- Android, Chrome, App Engine, Web Toolkit, AJAX and others. When reviewing the Google I/O Schedule this morning, I was disappointed by what could not be easily found. The conference will run this week, May 28 to 29, in San Francisco, and Google is expecting more than 2,000 attendees. Unfortunately, a long perusal of the schedule shows plenty of tracks with Search, Scale, and Performance in the title -- but only one track with Security. What about Privacy? Well, there's no tracks highlighting data privacy, either. There is a session that covers federated identity management, Practical Standards-based Security and Identity in the Enterprise. And it looks promising, but federated authentication and authorization is more about making sure applications and people can interact securely, not that an application, itself, is inherently secure.

Enterprise role management is key in efficiently managing user access rights and enforcing access policies such as segregation of duties. Roles help companies group coarse- and fine-grained access rights (like access to and functionality within a financial accounts application) into groups, called enterprise roles. These enterprise roles map to job functions and are only allowed access rights that don't violate segregation of duties. For instance, a financial clerk role can't contain fine-grained access rights that allow someone in the role to access the accounts receivable and accounts payable parts of the financial application. The processes and tools necessary for effective role management consist of role mining and design (automatic discovery and management of roles based on existing access rights and entitlements data), role recertification (a process performed typically every six months when a business role custodian certifies what access rights should belong to a role), and access recertification (a process performed typically every 3-6 months to ensure all user access is understood and was granted in an audited way).

A Troy woman learned Tuesday that she will spend 180 days in the Livingston County Jail for stealing the identity of a local woman who was dying. Judge Stanley J. Latreille also sentenced Vershawn Jones, who earlier pleaded guilty to identity theft, to four years of probation. Assistant Prosecutor Pamela Maas said the victim, who was not in court Tuesday, wanted to know how Jones, 38, got his wife's identification. His wife, Maas noted, was dying in a Hospice facility at the time. Jones, who said she operated a mortgage business, said she got it from one of four employees who brought her applications from people seeking mortgages. Those applications included personal information, such as Social Security numbers, she said. When pressed for names, Jones glanced at her attorney and shrugged. "I apologize to the victim and the victim's family," she said. "I've done the best I can running my own business." Maas initially requested that the state be allowed to withdraw from the plea deal that called for her office to recommend Jones serve no more than 90 days in the county jail after noting Jones had twice been sent to jail for failing to show for court hearings. While Jones apologized, Latreille was unmoved, telling the defendant "you're fortunate you're not going to prison."

"Imagine that you are vacationing and get a phone call from your neighbor telling you that your alarm just went off, but there is nothing you can do about it. You don't know what set it off and if it is just a fluke. You find yourself now wide awake, asking yourself why you got the alarm to begin with. For iPhone users, the solution to this kind of situation lies in an application provided by CAVU Mobile Surveillance Solution. This app allows you to view live footage taken from any security camera on your iPhone, transforming it into a portable advanced home security system. With the CAVU Mobile Surveillance Solution, the next time a neighbor calls to tell you that your alarm has gone off again, you can automatically see what is going on inside your house on our phone- no matter where you are. This application also lets you save footage on your phone, which is useful in case you need to show/reference the footage on the go. From your phone you can even control the position of the camera - providing you with multi-camera views. If you're thinking to yourself right now about how you wish you had been nicer to your neighbor, because then he/she would be more likely to actually call you to tell you that there is a good chance you're being robbed- stop. This iPhone app also allows for poor neighbor to neighbor relations. It provides a self sufficient, independent of any neighbor, surveillance system on your phone to tell your that there is suspicious action going on. For a cool $19.99 you can be your own FBI squad team, the C, the, S and the I in CSI Crime Scene Investigation, and most importantly, sure that your home is safe."

The rap on the iPhone and iPod touch is that it's chiefly an entertainment device. (After all the software keyboard is damn irritating.) But the Army doesn't think so. Newsweek reports that the military is very high on the touch, since it's priced at about a third the price of an iPhone. Since it's a app platform, the Army can update soldiers' capabilities with the touch of a button and touch lets soldiers network their intelligence. Next Wave Systems in Indiana, is expected to release iPhone software that would enable a soldier to snap a picture of a street sign and, in a few moments, receive intelligence uploaded by other soldiers (the information would be linked by the words on the street sign). This could include information about local water quality or the name and photograph of a local insurgent sympathizer. The U.S. Marine Corps is funding an application for Apple devices that would allow soldiers to upload photographs of detained suspects, along with written reports, into a biometric database. The software could match faces, making it easier to track suspects after they're released.

Like this http://www.hdfilmsaati.net Film,dvd,download,free download,product... ppc,adword,adsense,amazon,clickbank,osell,bookmark,dofollow,edu,gov,ads,linkwell,traffic,scor,serp,goggle,bing,yahoo.ads,ads network,ads goggle,bing,quality links,link best,ptr,cpa,bpa. www.killdo.de.gg