Archive for February, 2008

The New Media Consortium (NMC) has published the 2008 Horizon Report, the result of a project that annually charts emerging technologies for teaching, learning and creative expression.

The 2008 Horizon Report describes six emerging technologies or practices that will enter into mainstream educational use in the next 1-5 years. Some technologies are well on their way to mainstream adoption.

1. Grassroots Video - to capture, edit and share video clips. The tools range from the cellphone to free easy-to-use editing software to video sharing sites such as YouTube. Application to news, tutorials for teaching, as well as outlets for creativity and digital knowledge
2. Collaboration Webs – small, flexible tools to edit group documents, hold online meetings, share information and more. Many programs are open source, thus giving users tools to tailor their own requirements. Complimentary infrastructures make collaboration seamless.
3. Mobile Broadband - phones with increased capabilities for mobile computing and web access
4. Data Mashups - custom applications that combine data from different sources into a single tool, transforming how we understand and represent information. From data visualization (e.g. tag clouds) to understanding connections. Tools such as Google’s Mashup Editor and Yahoo! Pipes give people easy access to make their own mashup.
5. Collective Intelligence – knowledge that emerges from large groups of people that emerges from data that has been made freely available to all. With the sharing of such “open data”, and tools to mine this unstructured data, new insights can emerge. Knowledge becomes participatory – to consume and to contribute. Examples: Wikipedia, search patterns, community tagging
6. Social Operating Systems – social networking based around people, not around content. “Relationships are the currency of these systems…. [they] will change the way we search for, work with, and understand information by placing people at the center of the network. The first social operating system tools… understand who we know, how we know them, and how deep our relationships actually are. They can lead us to connections we would otherwise have missed.”

The report looks in detail at these six trends, as well as certain obstacles in the Education field towards their adoption and use. Examples are given for each trend and how it is or could be used in the learning environment. Further reading is provided for all trends. It’s a very interesting report at the technologies that will be impacting all our lives, and how those technologies can be used in the education sphere.

Download the 2008 Horizon Report here.

Via campus technology Tags: technology, education, emerging technology, social technology, collective intelligence, learning, web 2.0

The Quebec provincial police have busted an International hacking network responsible for the largest hacking scam in Canadian history.

On Wednesday, police raided several homes and arrested 16 people. The hacking network had been targeting unprotected personal computers around the world. The hackers collaborated online to take control of as many as one million computers around the world that were not protected by anti-virus software or firewalls.

The majority of computers attacked were in Poland and Brazil, but some PCs in Canada and the US were also hacked. Several government computers – which government being unspecified – were also affected.

“That way, they were able to introduce some Trojans or worms in those computers, and that way they were able to take control of the computers from abroad,” [police captain Frederick Gaudreau] said at a Montreal news conference on Wednesday.

The computers were used to set up fake websites that solicited users to provide personal information, as a means for identity theft and fraud. No information about what the data was used for has been provided. However, the hacking network is estimated to have made as much as $45 million from their efforts.

Via CBC Tags: hacking, hack, hacking network, hackers, hacking ring, fraud, computer fraud, spam, trojan, worms, canada, quebec

Educational Security Incidents (ESI) Year in Review for 2007 has published a document outlining the security breaches affecting the education market for the year.

So far in 2008, nearly half of the data breaches have occurred in the educational community, mostly at the college campus level. In recorded breach history, higher education has accounted for just over 25% of all breaches, so the start of 2008 has not been very promising for this market.

In 2007, there were 139 breaches, totaling more than 1.2 million records, affecting 112 institutions – numbers that have gone up by more than 50% since 2006. More security incidents were the result of employee errors in 2007 than in 2006.

Highlights from the ESY Year in Review 2007 Report:

• Information Security incidents were the result of: 
  • Unauthorized Disclosure – 38%
  • Theft – 28%
  • Penetration 22%
    
• Type of Information exposed: 
  • Personally Identifiable Information – 129 incidents & 1,244,851 records
  • Social Security Numbers – 103 incidents & 1,085,708 records

The report gives details on all the educational security incidents in 2007, and breaks that data down in many different ways.

You can download the full report here [PDF]

Via The Dunning Letter, ESI Tags: data breaches, breach, breaches, education, education industry, education field, data security, it security, data loss

ITPro has written an article about the rise of storage security – how the rise in data retention has sparked the need to look at data security in all aspects of the data storage lifecycle.

Data now resides in many places: on the desktop computer, the laptop, the PDA, the email server, the USB drive, and on the phone. Data is constantly moving. So, that data must be protected so that it is not lost, destroyed, or that it does not fall into the wrong hands (data breach).

Encryption, while solving some hard disk security issues, has its own downsides. The cost to manage, the loss of the encryption key, the lag in the system are all issues that must be looked at. It is also only part of the data security picture. Other suggestions include:

• Classify data - confidential information would be more restricted (a task best done with security and business people)
• Don’t force security into existing infrastructure - the deployment should be planned, ideally along with a change in system architecture
• Restrict access - along with classifying information, users should have role-based access to only the information they need to see
• Be aware - use a security awareness program to sort out people and processes and to be alerted if the policy is breached in any way
• Set a clear policy to guide employees – clear detail on how to handle files
• Storage security is not off-the-shelf - there is no single catch all solution, and all technology requires management and enforcement.

The biggest key of this article is that it’s not just technology that will solve the issue – it’s people. It’s training and enforcement and management.

Technology does not remove the need to think about what data to protect, and that means communicating with the business owners around the organisation, and coming to a joint decision about how to proceed. It also means communicating in clear terms with users to ensure they understand why any of this matters.

Tags: data security, data storage, data lifecycle, data breach, security, it security, security policy, technology

A hacked laptop is destroying the career of a pop / film star in China. Edison Chen, a pop star in China, took his laptop in for repairs – but, while it was there, its contents were downloaded without his knowledge. Unfortunately for Edison Chen, the worst was yet to come. Very explicit images of Edison and other pop icons were uploaded to the web.

The photos show Canadian-born Edison Chen in bed with eight of Hong Kong’s 10 top actresses and singers. Thousands of photos of this nature were leaked from the laptop. It has become the biggest celebrity sex scandal in the history of the Chinese internet.

The person responsible for copying and uploading the photos is doing so incrementally. For the past two weeks, a few dozen photos have been uploaded each day. Each day creating more scandal for Edison and other celebrities. Images go up on various servers, through various services, over email, and are passed around on memory devices.

Edison Chen made a statement to the press today about the situation. Chen has said he will be removing himself from the entertainment industry – he has quit his job.

“The lives of many innocent people have been affected by this malicious and criminal conduct. And in this regard, I’m filled with pain, hurt and frustration. I hereby use this opportunity to apologise to anyone who has been affected by this strange, strange ordeal,” he said in a short video statement.

Chen admits to taking the photos himself in private. The laptop or its files were not encrypted. Hong Kong police are arresting people suspected of sharing the images, although none of the suspects have been identified as the original uploader. Protests have erupted in China against the ‘crackdown’ going this far.

Via guardian.co.uk, reuters, shanghaidaily Tags: data, data breach, data leak, hacked, edison chen, china, pop star, scandal, encryption

Who Breached: Lifeblood Mid-South Regional Blood Center
Number Affected: 321,000
Information breached: Personal information including Social Security Numbers
How: 2 laptops lost

Lifeblood Mid-South Regional Blood Center has breached the data of 321,000 blood donors as the result of two laptops lost several months ago.

This week, Lifeblood sent a letter to the affected donors (as seen here), who made or attempted to make a blood donation after 1990, that two laptops containing personal information including some SSNs and Driver’s Licence numbers, have been lost.

The letters were mailed more than three months after staff noticed a missing laptop had not been activated in several weeks. Investigation of this missing laptop in early December uncovered a second laptop to be missing. Senior staff were notified of the laptop loss in early January.

“There were some missed opportunities,” [President and CEO Edward] Scott said of the delay, including a chance to notify donors earlier.

Both laptops were protected by two separate encrypted passwords. Lifeblood presumes the laptops were stolen from locked storage to be pawned for cash. Since the incident, Lifeblood has installed remote data-delete software, have limited access to the locked room, and have removed the last four digits of SSNs from personal files, with plans to eliminate all SSNs from the master files this Spring.

Identity theft protection will be considered on a case-by-case basis as requested. The breach has cost the non-profilt close to $200,000 to date.

In other breach news, a laptop containing 5123 medical records was stolen from the Russells Hall Hospital in Dudley, West Midlands last week. More information can be found here.

Vial Commercial Appeal Tags: lifeblood, lifeblood breach, breach, data breach, laptop, lost laptop, laptop security, data delete, blood donors

The E-Commerce Times is publishing a series on “The Cost of ID Theft”. Part one of the series is titled “Beyond Dollars and Cents” and examines the cost of ID theft to victims and to businesses. In the end, victims are usually affected by trauma and paperwork, but the real damage is done on the business end.

Absolute Software CEO John Livingston is quoted in the article as noting that consumers can expect to recover 54% of money lose due to identity theft (a number declining), and that businesses can expect to pay an average of $197 per customer record lost. With 127 million records lost in 2007, that is over $25 billion in direct business losses.

In part two of the series, entitled “Fixing the System”, notes that the business cost per incident of ID theft as a result of a data breach have increased from $41,717 to $49,254. While the cost to notify consumers of a data breach have declined, the cost of lost business is more significant than direct cash losses. Customer churn as a result of a data breach is an average of 2.67%.

Failing to encrypt stored data is “one of the most egregious errors” being made by organizations, maintained Randy Abrams, director of technical education at security firm ESET. “Consumer information should always be encrypted. If media is lost or stolen in transit, it is not going to be used for identity theft or anything else if it is encrypted. Similarly, consumer information, student information, taxpayer information and the like must be encrypted anywhere it is stored. The only reason a stolen computer or hard drive can compromise personal information of thousands of people is because of gross incompetence.”

The article notes the growing government reaction to identity theft in the form of state and national regulations. The current regulatory environment can result in conflicting state requirements, which can result in higher costs to companies that span several states. A federal data breach law has yet to be passed, although several have been tabled for consideration.

Tags: identity theft, id theft, costs, data breach, data breach notification, law, legislation, privacy legislation, cost of data breach

Absolute Software will be giving a presentation on data breach prevention in healthcare at the 2008 Health Information and Management Systems Society (HIMSS) conference in Orlando, Florida. The conference, held between February 24-28, is one of the largest healthcare IT exhibitions in the world. With more than 850 exhibitors, 200 education sessions, and new product launches, the conference is a hub of knowledge in the industry.

Absolute Software will be partnering with Allina Hospitals & Clinics for “Best Practices for Data Breach Prevention in Healthcare” on February 27 at 4:15 in the HIMSS Product Pavilion (session 8273). Absolute’s VP Healthcare Don Hughes will talk about Allina’s innovative use if Internet-based IT asset management, remote data delete and computer theft recovery technologies. Allina secures its more than 2,700 mobile computers with Computrace and will share best practices in this session.

For more best practices in data breach prevention for the health care industry, visit Absolute Software at booth #6878 at the HIMSS show in Orlando, or download a whitepaper here.

Tags: absolute software, allina, allina hospitals and clinics, absolute, healthcare, health information, himss, himss conference, it, healthcare it, it security, data security

A woman is suing Best Buy for $54 million after her laptop was lost while in for repairs.

Raelyn Campbell brought her damaged computer to Best Buy for repairs on a faulty on/off switch and, after 3 months, the firm admitted to losing the laptop. Campbell has filed a lawsuit with the Superior Court in the amount of $54 million, her valuation for the personal information, lost time and frustration from the laptop loss.

Campbell says her demands escalated in response to stalling from the company. Campbell is claiming to have been misled by information about her laptop’s whereabouts, was concerned when she was not notified about the potential for identity theft, and was ‘insulted’ by the $900 gift card she was offered as compensation.

Raelyn Campbell claims to have thousands of dollars of music and irreplaceable photos on her laptop, contributing to her valuation of its loss. However, I would consider more of that blame to lie with Ms. Campbell for not backing up or otherwise protecting her data.

Ms. Cambell admits to choosing a high lawsuit figure in order to gain media attention. She is not being represented by a lawyer in this case. Offers to settle have been rejected until such time as she feels the loss of the laptop has been explained.

Via red tape chronicles Tags: best buy, lost laptop, identity theft, laptop security, lawsuit

Absolute Software and McAfee have joined forces to collaborate on an interoperable risk management solution. This solution would integrate Absolute’s flagship theft recovery, remote data delete and IT asset management solution Computrace with McAfee ePolicy Orchestrator.

Absolute Software has joined McAfee as a founding member of the McAfee Security Innovation Alliance, a technology partnering program that speeds the development of interoperable security products towards the “triple promise” of threat protection, risk reduction and compliance management.

The Alliance is taking a role in providing leading products to enterprise consumers in an integrated way - simplifying the complexity of the security environment. John Livingston, Chairman and CEO of Absolute Software, says:

“McAfee is taking a real leadership role in providing enterprise customers with integrated security and management capabilities. Integrating our products with the McAfee ePO management console provides customers with both secure and manageable solutions.”

The McAfee ePolicy Orchestrator allows for the ideal layered approach to computer security we’re always writing about. It will allow companies to access a single user interface to centrally-manage all of their security and compliance products from those ‘best of’ partners in the Alliance. Altogether, companies can access solid data breach protection by using Alliance products and the McAfee ePolicy Orchestrator.

You can read more from the news release here and more about the Alliance here.

Tags: mcafee, absolute, absolute software, security, it security, computer security, mcafee security innovation alliance, security products, technology, epolicy orchestrator, business security, enterprise security