You are here: Home / 2011 / Archives for December 2011

Podcast: Cost-Effective E-Discovery in Small Cases | Legal Talk Network

December 15, 2011 By Leave a Comment

The high cost of e-discovery is a major problem for most small firms and solo lawyers.  On Digital Detectives, co-hosts Sharon D. Nelson, Esq., President of Sensei Enterprises, Inc. and John W. Simek, Vice President of Sensei Enterprises, welcome guest, Bruce Olson, the President of ONLAW Trial Technologies, and discuss cost-effective e-discovery for small cases.  Find out what is the single most important step an attorney can take to minimize e-discovery costs, when is the right time to seek outside expert advice and which software tools and cloud based solutions can help contain costs.

Listen Here

via Cost-Effective E-Discovery in Small Cases | Legal Talk Network.

Filed Under: From The News Tagged With: , , , , , , , ,

Forensic security analysis of Google Wallet – viaForensics « viaForensics

December 15, 2011 By Leave a Comment

Summary of Google Wallet security findings

So, in summary, here are the items of note from my high level analysis.  Bear in mind this is nowhere near the level of testing an app like this deserves but since this is done on our own time, it’s all I could manage thus far.  Anyway, here goes:

A fair amount of data is stored in various SQLite databases including credit card balance, limits, expiration date, name on card, transaction dates and locations and more.

The name on the card, the expiration date, last 4 card digits and email account are all recoverable

[Fixed in Version 1.1-R41v8] When transactions are deleted or Google Wallet is reset, the data is still recoverable.

The Google Analytic tracking provides insights into the Google Wallet activity.  While I know Google tracks what I do, it’s a little frustrating to find it scattered everywhere and perhaps in a way that can be intercepted on the wire (non-SSL GET request) or on the phone (logs, databases, etc.)

[Fixed in Version 1.0-R33v6] The application created a recoverable image of my credit card which gave away a little more info than needed (name, expiration date and last 4 digits).  While this is not enough to use a card, it’s likely enough to launch a social engineering attack.

While Google Wallet does a decent job securing your full credit cards numbers (it is not insecurely stored and a PIN is needed to access the cards to authorize payments), the amount of data that Google Wallet stores unencrypted on the device is significant (pretty much everything except the first 12 digits of your credit card). Many consumers would not find it acceptable if people knew their credit card balance or limits. Further, the ability to use this data in a social engineering attack against the consumer directly or a provider is pretty high. For example, if I know your name, when you’ve used your card recently, last 4 digits and expiration date, I’m pretty confident I could use the information to my advantage. When you add data that is generally available online (such as someone’s address), an attacker is well armed for a successful social engineer attack.

And this testing was really only very high level. Far more sophisticated and comprehensive security analysis is needed to determine if other vulnerabilities are present.  In addition, privacy conscious consumers so understand that analyzing nearly everything you use Google Wallet for is basically the price you pay for the service. For a tech standpoint, it’s very exciting to see Google Wallet in production. However, it has consistently been viaForensics’ position that the largest security risk from apps using NFC do not stem from the core NFC technology but instead the apps that use the technology. In this case, the amount of unencrypted data store by Google Wallet surpasses what we believe most consumers find acceptable.

via Forensic security analysis of Google Wallet – viaForensics « viaForensics.

Filed Under: Tech Bytes Tagged With: , , , , , , , ,

A Record: Fraud Recoveries Top $5.6 Billion « USDOJ: Justice Blog

December 15, 2011 By Leave a Comment

Yesterday, Deputy Attorney General James Cole joined Vice President Biden at a Cabinet meeting focused on meeting the President’s commitment to cut waste, combat fraud, and eliminate misspent dollars across the Federal government.

During the meeting, Deputy Attorney General Cole announced that the Department of Justice has recovered more than $5.6 billion in fraud proceeds in 2011 – the largest amount for any single year in the history of the department.  This historic achievement represents an increase of more than 167 percent since 2008, and includes nearly $3.4 billion in civil fraud, as well as $2.2 billion in criminal fraud.

These recoveries stemmed from activities ranging from grant fraud, to mortgage fraud, to procurement fraud, and far beyond.  In fact, nearly $3 billion was recovered in health care fraud alone, due in part to unprecedented levels of cooperation between the Department of Justice and the Department of Health and Human Services.

In particular, the use of Medicare Fraud Strike Forces – specialized teams of agents and prosecutors dedicated to a singular mission – has significantly expanded in recent years, and their impact on our efforts has been dramatic.  In 2008, these Strike Forces allowed the Department to bring cases involving $384 million in fraudulent claims.  This year, they brought cases involving over $1 billion in fraudulent claims – meaning that, for every dollar spent on this effort, the Administration has been able to recover seven dollars.

via A Record: Fraud Recoveries Top $5.6 Billion « USDOJ: Justice Blog.

Filed Under: From The News Tagged With: , , , , , , , , ,

Litigation Watch: English courts maintain (corporate) veil of secrecy | Thomson Reuters

December 15, 2011 By Leave a Comment

(Business Law Currents) The dangers of offshore transactions were highlighted recently in a landmark English law case that demonstrated the reluctance of English courts to “pierce the corporate veil” (the corporate structure) behind international transactions.

By way of background, it is an axiomatic principle of English company law that a company has an identity separate and distinct from its shareholders, who are only liable to the extent they have contributed to the company’s capital (Salomon v Salomon [1897]). Only in incredibly rare circumstances (e.g. obvious fraud) will the English courts “lift the corporate veil” to allow shareholders to be directly liable for the actions of a company.

To this end, VTB Capital plc, the UK arm of the Russian banking group, locked horns recently with Russagroprom LLC (RAP), a Russian diary company, over its liability for its subsidiary companies.

VTB Capital plc claimed that it had been defrauded by RAP into providing it with a US$225 million loan facility to fund the acquisition of six Russian dairy plants and three associated companies from Nutritek.

RAP had subsequently defaulted on the loan and VTB recovered less than US$40 million from the security provided. VTB alleged that it was induced to enter into the facility agreement by fraudulent misrepresentations made by Nutritek that justified a “piercing of the corporate veil” of borrowing companies and hold RAP liable as their ultimate beneficiary.

via Litigation Watch: English courts maintain (corporate) veil of secrecy.

Filed Under: From The News Tagged With: , , , , , , , , ,

Under FCPA, Former Siemens Executives Charged with ‘Stunning’ Bribes of Argentine Officials | National Law Journal

December 15, 2011 By Leave a Comment

The biggest-ever Foreign Corrupt Practices Act case lives on with the announcement Dec. 13 that eight former executives and agents of Siemens AG have been charged with bribing officials in Argentina to get a $1 billion government contract.

The indictment comes three years after the German company paid a record $800 million to settle related FCPA charges brought by the Justice Department and the U.S. Securities and Exchange Commission (the company paid another $800 million to settle charges in Germany).

Among the individual Siemens executives facing civil and criminal charges is Uriel Sharef, a former member of Siemen’s central executive committee. It’s the first time a board member of a global Fortune 50 company has been charged with a FCPA violation, according to DOJ Criminal Division head Lanny Breuer, who described the scheme as “corruption on an absolutely stunning scale.”

According to the DOJ and SEC, the Siemens executives committed to pay $100 million in bribes to win a $1 billion contract to make national identity cards for the government of Argentina. The executives allegedly falsified documents including fake invoices and consulting contracts to hide the $60 million in bribes that the company actually paid out.

via Under FCPA, Former Siemens Executives Charged with ‘Stunning’ Bribes of Argentine Officials.

Filed Under: From The News Tagged With: , , , , , , , , ,

It’s Time To Stop Data Protection Being Cited As An Obstacle To Doing Good | Opinion | The Lawyer

December 15, 2011 By Leave a Comment

A postman can’t deliver mail because it needs to be signed by the recipient: a tiny baby.

·      Most tragically, a utility company can’t contact social services about a vulnerable elderly couple whose gas was cut off, and who later died in their unheated home.

These are just some of the myths associated with the Data Protection Act.  It is about time people stopped wrongly using the Act to blame things and as an excuse.

In 2009, the Deputy Information Commissioner said: “The Data Protection Act does not impose a blanket ban on the release of personal information.  What it does do is require a common sense approach.  It should not be used as an excuse by those reluctant to take a balanced decision.  The Act plays a very important role in protecting all our personal information and gives us all important rights.”  Absolutely right.

continued @  It’s Time To Stop Data Protection Being Cited As An Obstacle To Doing Good | Opinion | The Lawyer.

Filed Under: From The News Tagged With: , , , , , ,

Microsoft Boosts Office 365 Security To Meet European Data Protection Requirements | crn.com

December 15, 2011 By Leave a Comment

Microsoft (NSDQ:MSFT) has improved the security and privacy capabilities of its Office 365 cloud applications, the company said Wednesday, in a move that will help customers comply with stringent European Union data protection regulations and the U.S. Health Insurance Portability and Accountability Act (HIPAA).

Microsoft, like rivals Google, Amazon and others, is racing to bring its cloud software into compliance with government security regulations. Earlier this year Microsoft and Google became embroiled in a dispute over whose cloud software complied with Federal Information Security Management Act (FISMA) requirements.

Meeting such requirements can be critical for winning government contracts, such as the $60 million deal to provide the U.S. Department of the Interior with e-mail and collaboration cloud software that Google (NSDQ:GOOG) and Microsoft spent much of the year fighting over in court.

Microsoft also said it has overhauled its Office 365 Trust Center, a Web site that provides detailed information about Office 365 privacy and security practices, to make it easier to use.

Microsoft said it would sign the European Union’s contractual clauses, which the vendor said would help customers comply with the EU’s stringent Data Protection Directive regulations. The contractual or “model clauses” legitimize the transfer of personal data through international networks to locations outside the European Economic Area (EEA).

via Microsoft Boosts Office 365 Security To Meet European Data Protection Requirements.

Filed Under: Tech Bytes Tagged With: , , , , , , ,

EC resolves antitrust probe into IBM mainframe biz • The Register

December 15, 2011 By Leave a Comment

IBM rivals now have a better chance of competing with the tech giant in the mainframe market, after the European Commission got Big Blue to loosen its grip on the business.

In a legally binding agreement, IBM will make spare parts and technical information “swiftly available”.

It will do this, the EC added, under commercially reasonable and non-discriminatory terms. The move should allow independent mainframe maintainers that operate within the European Union to get their hands on more powerful computer kit.

“I am pleased that we could find a swift solution with IBM to our competition concerns. Timely interventions are crucial in fast moving technology markets,” said competition policy Commissioner veep Joaquín Almunia.

via EC resolves antitrust probe into IBM mainframe biz • The Register.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Microsoft Uses Android Malware Hysteria to Offer Free Windows Phones | PCWorld

December 15, 2011 By Leave a Comment

Microsoft is capitalizing on a recent Android malware scam by giving away free Windows Phones to five Android users with the worst malware horror stories. Ben Rudolph, Microsoft’s Windows Phone evangelist, announced the contest on Twitter using the hashtag #droidrage. Microsoft followed Rudolph’s lead and publicized the contest on its official Twitter feed.

This isn’t the first time Microsoft has used free phones to win people over to its mobile platform. In August, the software giant offered free Windows Phones to webOS developers after Hewlett-Packard announced it was discontinuing its webOS device lineup. HP recently announced it would make webOS an open source project and may release a new webOS tablet in 2013.

RuFraud

Google recently removed 22 malicious apps purporting to be legitimate versions of popular programs such as Cut The Rope and Angry Birds. The apps were packaged with malware that would send fake text messages to premium-rate SMS numbers, costing the user around $5 per SMS.

The so-called RuFraud scam targeted European users and did not affect Android phones in North America. Lookout Security, the firm that first brought the scam to Google’s attention, says it has since discovered another five RuFraud apps in the Android Market, bringing the total app count to 27.

via Microsoft Uses Android Malware Hysteria to Offer Free Windows Phones | PCWorld.

Filed Under: Tech Bytes Tagged With: , , ,

Carrier IQ Defends Itself, Releases 19-page Report | ITProPortal.com

December 14, 2011 By Leave a Comment

In an attempt to put to rest the controversy surrounding its mobile tracker technology, Carrier IQ has published a 19-page report detailing exactly what its software does and how it is used by mobile phone carriers.

In the document [PDF], Carrier IQ admits that its software, called IQ Agent is installed on more than 150 million mobile phones worldwide. The company claimed that it is merely a diagnostic tool used by mobile phone carriers to provide better services to their customers.

Carrier IQ said that it worked alongside security researcher Trevor Eckhart to zero-in on the issues cited on his report. Eckhart had released an explosive report late last month in which he claimed that Carrier IQ’s software was in fact a key logger among many other things.

via Carrier IQ Defends Itself, Releases 19-page Report | ITProPortal.com.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,
« Older Posts
Newer Posts »