I was just looking through Google’s Webmaster Tools page for taint.org, when I came across the Statistics / Top search queries page:
This is exactly what goog-love.pl produced. hooray!
]]>Since ratification will require changes to the Irish constitution, we get to vote on these intricacies where most EU inhabitants do not. Unfortunately this means it’s not particularly “sexy” — it’s a pretty obtuse and boring set of issues, and deciding which way to vote is not easy, with such snore-worthy stuff at stake.
One of the organisations campaigning for a “no” vote in the referendum is called Libertas. Aileen forwarded on a very interesting article by Chekov Feeney on Indymedia Ireland about them, which is well worth a read if you’re interested in Irish politics and the international reach of US lobbying. Here’s some snippets:
Declan Ganley, president of Libertas, happens to be president of Rivada Networks, a US defence contractor (they supply emergency communications networks to the US intelligence community).
[...]
On Sunday April 20th, Libertas announced that Ulick McEvaddy was “joining the No To Lisbon Campaign” and publicised the event with a photo-opportunity of the two ‘entrepreneurs’ in front of the Libertas Campaign bus. McEvaddy is the first member of the Irish business and political elite to join the Libertas campaign since it emerged under the stewardship of Declan Ganley.
What’s particularly interesting about this is that McEvaddy is the CEO of Omega Air, a US defence contractor (they supply cargo planes and inflight refuelling services to the US military). [...] According to the [ US Air Force's Integrator Magazine ], “industry insiders say [McEvaddy's] company has even approached U.S. intelligence agencies about tanking services for detainee transfers, to reduce dependence on foreign air fields.” In other words, offering to provide inflight refuelling services to rendition flights so that they wouldn’t have to stop over at foreign airports such as Shannon on their way to “interrogate” suspects. A very accommodating offer indeed.
McEvaddy was also the figure who got himself appointed to the board of Knock airport with a view to opening it up to US military flights.
Nice guys, then.
The article goes on, and on, and on, detailing some shady transactions involving these guys and their US military/intelligence connections, the “astroturf” nature of the Libertas organisation, and the odd behaviour of the Libertas campaign in general.
It comes to this conclusion:
]]>This article has examined the reality behing the Libertas campaign, the connections of its two high-profile backers, the implausibility of its message, the peculiar nature of its campaign and some of the underlying strategic differences at play. The conclusion is that the evidence suggests that Libertas is most likely to serve primarily as a vehicle for advancing US strategic interests.
So it’s not just name, date of birth, and address — he notes that they’ve leaked ‘information on the current account I use to pay for the policy.’
Interestingly, he says that his life assurance policy was set up directly with their life assurance department, not via the local branch — which directly contradicts what BoI say on their website:
The laptops contained information relating to some customers who either obtained a quote or took out a Life Assurance policy with Bank of Ireland Life from the following branches: [... list of branches omitted...]
The update from 28 April doesn’t clarify this, either. Hmm.
]]>I was just looking through Google’s Webmaster Tools page for taint.org, when I came across the Statistics / Top search queries page:
This is exactly what goog-love.pl produced. hooray!
]]>Last week, the bank said that medical records, bank account details, names, addresses and dates of birth of 10,000 customers were on the laptops. [...]
Bank of Ireland said an assessment had concluded that the risk of fraud arising from the thefts was ‘very low’, as the data on the laptops did not include bank account passwords, PINs or copies of signatures.
So a fraudster would have medical records, bank account details, names, addresses and dates of birth of 10,000 customers, but the risk of fraud is ‘very low’? Incredible.
Update: make that 30,000 customers.
Update 2: 31,500 customers, and a sample letter.
]]>]]>[Thanks to Mike Hogsett for noting this event, and Brad Templeton for recording it.]
What is allegedly the very first spam message was sent roughly 30 years over the ARPANET.
In seeing this, Mike was amused because he works with some of the people it was addressed to, of whom a few are still at SRI:
NEUMANN@SRI-KA, GARVEY@SRI-KL, MABREY@SRI-KL, WALDINGER@SRI-KLand some of whom are retired:ENGELBART@SRI-KL, NIELSON@SRI-KL, GOLDBERG@SRI-KL(I am always amused when some of these old ARPANET addresses show up in today’s incarnations of spam.)Also somewhat before Mike’s time, Geoff Goodfellow, Eric Kunzelman, Dan Lynch, and many others at SRI were instrumental in the evolution of the ARPANET.
Also included in the enormous enumerated TO: list (historically interesting in itself by not having been suppressed!) are Bill English (who was the catalyst for much of Doug Engelbart’s innovations being transitioned from SRI to PARC), Dave Farber, Irv Jacobs, Bob Metcalfe, Jon Postel (who by then had moved from SRI to ISI), three Sutherlands, and Lauren Weinstein, to name just a few.
Happy Birthday, Spam! Sorry I cannot wish you many happy returns.
my blog - you’re reading it ;)
IrishPulse - a site to aggregate the live updates of scores of Irish Twitter and Jaiku users.
Irish Blogs Top 100 By Technorati Rank - a ‘Top 100′ list of Irish weblogs, based on Technorati’s readership-estimation data.
Nearly-Live Planetary Desktop Backgrounds - desktop-sized high-quality PNG images of near-real-time cloud and satellite data, to create a nifty, nearly-live world map.
the C=64-izer - turn an image into something like what it’d look like on a Commodore 64.
Spicylinks - an automated link-blog summarizer similar to HotLinks, but open source.
Planet Antispam - syndicating a collection of anti-spam blogs.
Enjoy!
]]>According to the Independent, the laptops ‘were being used by staff working for Bank of Ireland’s life assurance division. They contained the information about medical history, life assurance details, bank account details, names and addresses.’
This breach has raised quite a few issues.
First off, I was watching Questions and Answers last night, and was shocked by the naivete of the assembled panel. One panelist, for example, reckoned that common criminals wouldn’t understand the value of this data — so it was probably nothing to worry about!
There was absolutely no concept of how widespread identity theft has become — using stolen identity information to apply for credit cards is part of Petty Theft 101 these days, since filling out forms is a lot easier than breaking and entering, obviously. There was also no appreciation of how little protection Irish consumers have in this regard with current Irish banking T&Cs.
According to previous research, about 2% of accounts compromised in data breaches become victim to identity theft.
Some comments from the bank from those articles:
‘The data was not encrypted, although it is understood there was software security installed on the stolen computers.’
Doubtless, “software security” refers to some kind of useless Maginot Line boondoggle like Norton Internet Security. This would have absolutely no useful effect in this case. The only useful way to protect customer data on a stolen laptop is to use encrypted storage.
‘In the interim the bank has monitored all of these customer accounts and can confirm that there has been no evidence of fraudulent or suspicious activity.’
This is a fallacy. This data provides plenty of information regarding the customer’s identity — information which is useful to receive loans and credit fraudulently, elsewhere. Monitoring the bank’s accounts is of no help in that case. On top of that, identity information like your date of birth, mother’s maiden name, health status, and so on doesn’t expire — that info will still be useful for identity theft, 10 years from now, or as a stepping-stone to further fraud.
As John O’Shea noted on Twitter earlier, there was nothing on their website about it this morning; there is now, however — a broken link on the front page. oops!
Figuring out the puzzle and fixing the URL’s errors gets you to this page, which notes:
The laptops contained information relating to some customers who either obtained a quote or took out a Life Assurance policy with Bank of Ireland Life from the following branches:
- Drogheda
- Dunleer
- Bagnelstown
- Court Place Carlow
- Stephens Green
- Tallaght
- Montrose
Anybody who is not a customer of these branches is not affected by this incident.
As far as I can make out, the bank didn’t issue this breach notification. It appears from the coverage that this information was first announced by Data Protection Commissioner Billy Hawkes to RTE yesterday, leaving the bank apparently scrambling to catch up:
“The thefts of the laptops were only brought to the attention of the appropriate authorities in the bank in the past number of weeks,” Bank of Ireland said in a statement that offered no other explanation for the long delay.
It would have been so much better if BoI had been proactive with breach notification — examples from overseas have illustrated its value. As Adam Shostack has noted repeatedly over the past few years: the rules have changed.
As for repercussions for BoI, it’ll be interesting to see if anything happens. For “live” customer data on up to 10,000 customers to be stored, in unencrypted form, on a laptop is terrible security practice — but as far as I know, there are no laws or regulations requiring anything better in Ireland, unfortunately. :( However:
Consideration will be given as to what further action will be sought from Bank of Ireland to ensure that the obligations contained in the Data Protection Acts in this area are met.
On a broader level, this issue serves to highlight once again the absolute necessity for all organisations in the public and private sector to take their data protection responsibilities seriously. In particular, all organisations should be assessing immediately the necessity for storing personal data on laptops. If a need is found, appropriate security measures such as encryption should be put in place immediately.
Go Billy! ;)
]]>Well, you can add one more thing to that list; its inhabitants also provided some key data in a major health study, from which emerged one great finding — it turns out that if you’re male, sex twice a week reduces the risk of death from heart disease by about half:
Men who said they had sex twice a week had a risk of dying half that of the less passionate participants who said they had sex once a month, Dr. Davey-Smith’s team said.
No other risk factor showed a statistically significant link to the frequency of orgasm.
The authors said that they had tried to adjust the study’s design to account for a factor that might explain the findings — that healthier, fitter men with more healthy life styles engaged in more sex. Even so, they could not explain the differences in risk. Hormonal effects on the body resulting from frequent sex could be among other possible explanations for the findings, Dr. Davey-Smith said.
Here’s the science bit, via the BMJ — a paper entitled ‘Sex and death: are they related? Findings from the Caerphilly cohort study’:
Result: Mortality risk was 50% lower in the group with high orgasmic frequency than in the group with low orgasmic frequency, with evidence of a dose-response relation across the groups. Age adjusted odds ratio for all cause mortality was 2.0 for the group with low frequency of orgasm (95% confidence interval 1.1 to 3.5, test for trend P=0.02). With adjustment for risk factors this became 1.9 (1.0 to 3.4, test for trend P=0.04). Death from coronary heart disease and from other causes showed similar associations with frequency of orgasm, although the gradient was most marked for deaths from coronary heart disease. Analysed in terms of actual frequency of orgasm, the odds ratio for total mortality associated with an increase in 100 orgasms per year was 0.64 (0.44 to 0.95).
Conclusion: Sexual activity seems to have a protective effect on men’s health.
The perfect excuse ;) Thanks, Caerphilly!
]]>Here are the figures for my trip into work:
Given that there are 46 kilocalories in a Jaffa Cake, 136 KCal means that every day, I can eat 3 Jaffa Cakes with impunity. Result! ;)
]]>Elias Torrez came up with a Firefox extension to use the Quick Add feature in one keypress, but in my opinion that’s overkill — I don’t want the overhead of another extension, the upgrade worries, and I don’t want it using up a keyboard shortcut either. I’d prefer to just have this as a Firefox Smart Keyword – and thankfully the trick is in the comments for his blog post, from someone called Bjorn. So here’s the deal:
Name: Google Calendar Quick Add
Location:
http://www.google.com/calendar/event?ctext=+%s+&action=TEMPLATE& pprop=HowCreated%3AQUICKADD Keyword: newcal
Description: add a new event in Google Calendar
enjoy!
]]>