130 million sure sounds like a lot, but keep in mind how many individual transactions companies like 7-eleven have in a single day. Besides wondering why the company security was so weak, I'm more interested in why these companies had so many credit card numbers on file in the first place. Once my transaction is complete, they shouldn't possess the data anymore.

Here is an excellent short essay on how to fix airport security and restore a bit of our dignity and rights at the airports:

Fixing Airport Security

Also be aware that the TSA is making significant strides backwards when it comes to whole body imaging. Where they used to be looking at technology that wasn't as privacy invasive, they've now started making a major push for what some are calling a digital strip search. The most important issue here is that the scanners are being planned as a replacement for metal detectors which means you'd have no choice but to bare all for the TSA.

Bring on the tinfoil underwear…

This is so wrong, I barely know what to say. I sure hope this trend doesn't start to catch on, because a lot of people would give up the information when they're pressured instead of doing the right thing and refusing.

"Please list any and all, current personal or business websites, web pages or memberships on any Internet-based chat rooms, social clubs or forums, to include, but not limited to: Facebook, Google, Yahoo, YouTube.com, MySpace, etc." the form reads. But Bozeman isn't simply interested in finding out where to look for potentially embarrassing personal details; the city wants full disclosure, since the form demands username and password information for each.

This is way worse than all those sickening social networking sites asking for your e-mail address password.

Update

Here is the contact information for the relevant people in the city if you want to ask them why they thought this would be a good idea.

And just in case someone were to change the form, here's a copy of the original found on their website:

This is for real... they actually expect you to give up your account details!

It's so very obvious that health record systems should not be accessible online and any such system should have rock-solid security or not be put together at all… obvious to everyone except Virginia that is. What is it with that state? First the public records online and now health records? Are they TRYING to destroy the lives of everyone that lives there?

Duh.

The 18-month survey found that most banks automatically enroll consumers in overdraft programs — some don't allow them to opt out — and then cover overdrawn transactions for a per-item fee of up to $38.

The part many people don't know about is that banks purposefully post all charges to accounts in reverse size-order so that you get over-drawn as quickly as possible and then every small charge left leads to an overdraft fee. Only THEN will they post any deposits meaning that in some cases, people will get overdrafts even if they deposited enough money that day to prevent it.

(H/T to The Consumerist for the link)

A while back, I blogged about how I was suddenly kicked without warning or reason from Yahoo Answers service even though I was a level 5 member with over 25% best answers. I thought that was a terrible way to treat your users and it seems I was far, far from being the only one.

Then comes this story which I felt deserved some attention. If you plan to involve Yahoo in any part of your business, you might want to think twice:

A few weeks ago, I got an email from Yahoo (which I used for hosting my business email, website, and blog). They told me I was violating their TOS (Terms of Service) but gave me no specifics whatsoever. After a bit of research, I found that my blog had been “hacked?? by someone who inserted hundreds of links back to their “drug related?? site among other things. Within 24 hours of receiving the email from Yahoo, I “cleaned up?? the “hacked?? blog – this took me about 3 hours of work to do. Then 24 hours later, without any warning, Yahoo DEACTIVATED my account. I lost all my business email, my website, my blog, my Yahoo groups that I was managing, etc. etc.

When I contacted Yahoo customer service, they said there was nothing they could do and that I would have to “email?? the Yahoo Abuse team. (An interesting process, especially since they had just TERMINATED my EMAIL account!) Despite my efforts to contact Yahoo Corporate, Yahoo Abuse Department, etc. – I was NEVER able to reach ANYONE at Yahoo that was willing to even talk to me. All communication was via email.

The net result – Yahoo said they would not reactivate my account, and would not give me back any of my data files. They said I had violated their Terms of Service (TOS) and even though someone else “hacked?? my blog, it was MY RESPONSIBILITY. And even though I immediately “cleaned?? the hacked blog, they claimed there was still something wrong with the blog – but would not tell me ANY DETAILS as to specifically what was still wrong.

Also note that Yahoo provides its customers access to a version of WordPress for doing “blogs?? – but the version they provide is very outdated, and the version they provide has significant security holes in it!!

If I had been hosting my other business website on Yahoo I would have immediately been “out of business?? and it would have cost me literally tens of thousands of dollars.

From a legal perspective, I see a possible violation by Yahoo of the Federal Trade Commission Act prohibiting unfair acts in trade and commerce in that Section 15 [Termination] of the Terms of Use is unfair to impute that unexpected technical or security issues or problems that I did not cause is a “Cause?? for termination. In addition, there may also be a violation of the Yahoo Privacy Policy under its section on Confidentiality and Security. There could even be a possibility of a Sarbanes Oxley securities issue.

My questions to Yahoo which still has never been answered:
1. How did I violate the TOS?
2. What section did I violate?

If Yahoo fails to return valuable data to me, then I believe I can find sufficient legal bases to convince Yahoo to release the data to me – but at what cost? I can’t really afford to go up against their big corporate legal team!

I hope someone (hopefully you?) can publish my story to at least warn other small business owners to NEVER use Yahoo hosting services for their business. The risk is way too high!

What appalls me the most is that I have been a loyal small business customer of Yahoo for over FIVE YEARS! And this is how they treat a “good customer??? Seems like they’ve chosen to punish their good customers for the acts of unscrupulous hackers!

Is this the way Jerry Yang (Yahoo co-founder) is choosing to treat his customers? Perhaps he has more problems than just what the AllThingsDigital blog posted a few days ago:
“There are very real questions about whether Yang has the right talent and temperament for the job at hand … After all, the stock is in the basement, after Yahoo (YHOO) lost a lucrative bird in the hand in the form of a $31 per share offer from Microsoft (MSFT). Next, a weak economic environment is forcing it to cut deeply into the muscle of its many businesses, with slashing out 20 percent or more of costs, a worrisome trend if Yahoo hopes to grow when we all eventually emerge from the downturn. And, of course, more key executive departures, weak employee morale and an overall inability to clearly articulate the changes Yang has been trying to make at the company, such as its laudable open platform efforts.??

Maybe we should add “atrocious customer service?? to the list of Jerry’s problems/issues?

The kicker here is that they are essentially holding HIM responsible for THEIR poor security.

But will anything be done this time? That's the question.

Y.R. Tap - The reject Cryptokid

But that's not what I'm posting about.

I ran across this interesting comic about the unpopular little-know cryptokid, Y.R. Tap, the NSA domestic spying fly. The fly shows the Cryptokids what can happen when civil liberties are violated.

Here's an article about the White House's struggle with keeping required records:

http://arstechnica.com/news.ars/post/20080824-white-house-memo-no-white-house-email-recovery-this-year.html

Here's a take that I'm ashamed to admit I hadn't considered: Members of Congress may be protecting Bush because of votes they made previously that might seem to have supported his illegal activities. While it might not end in prosecution, it could end their lucrative Congressional careers.

So, of course key Congressional Democrats who were made aware of these illegal torture and surveillance programs are going to protect the Bush administration and other lawbreakers. If you were Jay Rockfeller or Nancy Pelosi, would you want there to be investigations and prosecutions for torture programs that, to one degree or another, you knew about? If you were Jane Harman, wouldn't you be extremely eager to put a stop to judicial proceedings that were likely to result in a finding that surveillance programs that you knew about, approved of, and helped to conceal were illegal and unconstitutional?

(H/T to Digg.com for the link)

In Senate debate, Patrick Leahy (D-VT) argued strongly against telecom immunity, because it would make it almost impossible to ever find out what really happened and "the American people ought to know who in the White House said, 'Go break the law.'"

Sen. Russ Feingold (D-WI) noted that, "We're considering granting immunity when roughly 70 members of the Senate still have not been briefed on the president's wiretapping program. The vast majority of this body still does not even know what we're being asked to grant immunity for."

These were the protests that smarter senators made before the vote. They were ignored. The "FISA update" including immunity was passed yesterday.

"I sit on the intelligence and Judiciary committees, and I am one of the few members of this body who has been fully briefed on the warrantless wiretapping program," said Sen. Russell Feingold (D-Wis.), another prominent opponent. "I can promise that if more information is declassified about the program in the future, as is likely to happen . . . members of this body will regret that we passed this legislation."

Breaking news, Congress is full of quarter-witted imbeciles and corrupt sychophants. Wait… we knew that already. What is new is that now we have a roster of the members of the House who either have no clue about what's going on or have gone to the dark side (cue Darth Vader-like breathing).

Yesterday the House passed a FISA amendment act which includes a provision shielding telecommunications companies from any liability. In the coverage of the situation by Ars Technica, they were able to quote Nacy Pelosi as being an idiot:

The most extended apologia came from House Speaker Nancy Pelosi (D-CA), who urged that the compromise be judged by comparison with the Senate bill, which she characterized as the only realistic alternative (So we can't ask for a good law, only a less bad one? That's a great standard to live to). She outlined several ways in which the current legislation is preferable to the Senate's version. First, the compromise bill reasserts that FISA is the "exclusive means" for conducting electronic surveillance, which would require the president to ignore such language twice in order to launch an extralegal surveillance program, rather than only once, as under traditional FISA rules (So if the President breaks the law, now it would violate two laws instead of just one. The next time someone breaks a law, I wonder if it will result in jail time if it only breaks the law "once"). Second, it preserves prior judicial review of surveillance authorizations, except in "very, very rare" circumstances, such as when the attorney general asserts that waiting for a judge would entail delay (I think that recent history has shown how much we can trust to the "rarity" of the Attorney General approving anything a president might ask. Has she even been awake in the last decade?). Third, it contains specific provisions barring the use of authorizations targeting parties abroad as a pretext for targeting U.S. persons, presumably to be enforced by a board of psychics. Finally, it provides for an internal investigation of the extent of past surveillance, which Congress will act upon with the same legendary zeal for civil liberties it has displayed over the past seven years (Brilliantly summarized. Ars has some great writers.).

So in one day, the House voted to expand powers of the Judicial branch that they didn't need and shield their conspirators from liability against justice.

Don't get me wrong, if I got a letter from the Attorney General of the United states that required my company to do something and my lawyers said to do it, I would have and maybe that's what happened to the telcos. But if there is no accountability for the Attorney General, the President, and the involved Agencies, then the whole things tastes like Congress cooked us up some chili made of poo.

TJX, the company that is known for having the largest data breach in history (so far), has not implemented better security and might have gotten worse. The employee that blew the whistle on them has been caught and fired for it.

TJX now has a firm that scours the internet to find bad things posted about them, which is how they found the message and fired him for it. Too bad they don't appear to have hired anyone to beef up operational security or to convince people to use strong passwords.

Hey! That probably means they'll find THIS page. Sweet.

If that's the case, then here's my message to them: Stop storing all that personal data about us against our will and you won't have to pay for more security. You can't lose what you don't have, duh!

National Security Letters (NSLs) have been a huge issue since the FBI and has abused them terribly since gaining the power. The worst part is that they include a gag order that prevents you from complaining about it or seeking help.

Well at least one individual has challenged an NSL and won.

The EFF has an excellent article about how to avoid being searched at the border. Specifically, how to protect your laptop data that courts recently ruled could be searched without warrant.

In case you didn't already know, state offices posting "public" records online for anyone in the world to see is a huge and persistent problem.

(H/T to Slashdot for the link)

I got this e-mail from a member of congress who I must have contacted at some point because I'm on his mailing list. Anyway, I think the point that he makes is valid. By the own words of the director of the FBI, if the CIA were torturing prisoners, the FBI would have a responsibility to investigate, but they didn't. Congressman Wexler pressured him to answer why and he evaded it.

Here's the email:

Could we get a little accountability over here?! Please?

The FBI, which is proving to to be the worst thing to happen to America since dubya, is pushing for laws that will require your Internet Service Providers to record all that you do and make it available for police review.

"Records retention by ISPs would be tremendously helpful in giving us a historic basis to make a case on a number of child pornographers who use the Internet to push their pornography" or lure children, Mueller said.

Yes it would. But it would also allow them to many other things that might not be so justified. If we've learned anything, its that the FBI can't be trusted with unchecked snooping powers.

(H/T to Slashdot for the link)

The U.S. government will soon begin collecting DNA samples from all citizens arrested in connection with any federal crime and from many immigrants detained by federal authorities, adding genetic identifiers from more than 1 million individuals a year to the swiftly growing federal law enforcement DNA database.

If you are found innocent, you can't be treated like a criminal. Duh.

What is happening at the FBI that they can violate our privacy and rights over and over and over?

(H/T to Privacy.org for the link)

The FBI has been doing a lot of illegal and immoral things recently haven't they?

Counterterrorism officials in FBI headquarters slowed an investigation into a possible conspirator in the 2005 London bombings by forcing a field agent to return documents acquired from a U.S. university. Why? Because the agent received the documents through a lawful subpoena, while headquarters wanted him to demand the records under the USA Patriot Act, using a power the FBI did not have, but desperately wanted.

And when they got the power, they horribly abused it. Nice huh?

(H/T to Slashdot for the link)