« April 2011 | Main | June 2011 »

May 2011

22 May 2011

Best Buy and Air Miles notify Alberta, Canada Privacy Commissioner of Epsilon Data Breach

The Office of Information and Privacy Commissioner for the province of Alberta issued a decision [PDF] on May 16, regarding the Epsilon breach that affected the customer lists of 150 different companies, including Best Buy and Air Miles. Both companies operate in Canada.

The Personal Information Protection Act, which went into force May 01, 2010, compels companies to notify their customers in the event of a breach. Both companies did so.

Best Buy and Air Miles proactively reported to the Commissioner that they had been notified by their service provider, Epsilon (a large US based third party marketing organization) that it had experienced a data breach in which 50 million or more email addresses were compromised and that its customers as well as customers of other organizations serviced by Epsilon had been affected. Best Buy and Air Miles had also proactively notified their affected members of the breach within a few days of learning about it.

Commissioner Work reviewed the incident reports by Best Buy and Air Miles and concluded that although the information at issue (name, email addresses and organization membership (in the Best Buy case) was relatively minor compared to other data breaches which involve the unauthorized access of financial or other sensitive information, the sheer magnitude of the breach and the evidence that the information will likely be used for malicious purposes indicated there was a real risk of significant harm to affected individuals. He noted in his decisions that Best Buy and Air Miles had already notified the affected customers in compliance with section 19.1 of the PIPA Regulation, and therefore did not require the organizations to notify again.

CAUCE congratulates both Best Buy and Air Miles, as well as Information and Privacy Commissioner of Alberta, Frank Work on their actions in this regard.

As always, our advice to consumers remains the same: If you received a notices from any company regarding the Epsilon breach, we suggest you change your email address immediately.

Posted by on 22 May 2011 in Warnings, World | | Comments (0)

| | | |

07 May 2011

Osama bin Laden is Still Alive!

Actually, no, he isn't.

End-users should be extremely careful clicking on any link, from both know and unknow sources (including this one) offering to show you gruesome pictures, proof of him being alive and so on. Spammers have followed their precitable pattern of launching massive campaigns capitalizing on bin Laden's death by email and on social networking sites like Facebook to get you to click through, and potentially infect your computer in the process.

Be careful, don't be fooled.

 

Posted by on 07 May 2011 in Warnings, World | | Comments (0)

| | | |

02 May 2011

33 Years of Spam? No, Not Really.

On May 3rd, 1978, a Digital Equipment Corporation (DEC) marketing representative named Gary Thuerk and a DEC engineer named Carl Gartley sent what many believe to be the first email spam. (The message was dated May 1st, but sent on May 3rd.) It advertised two events in California promoting the new DECsystem-20, the first DEC computer capable of connecting easily to the ARPAnet, predecessor to the internet. The message was addressed (by hand) to every ARPAnet user on the West Coast of the United States that they could find, but ran into an unexpected limit: the mail program would only accept 320 addresses. The rest of the addresses bled into the body of the message, and some recipients forwarded it on.

(Brad Templeton's mostly-outdated Essays on Junk E-mail includes a detailed history of the incident and reactions to it, based in part on a direct conversation with Thuerk himself.)

Scattered around the Internet today (and every May) you'll find various articles heralding the 33rd anniversary of spam, counting the years from Gary's message. They'll remark that spam has been with us a long time, maybe quote a few anti-spam vendor statistics, and say spam isn't going anywhere. But that's just bad research.

The ARPAnet and later the NSFnet were strictly non-commercial, both by contract and by social compact. Anyone who violated that got a stern talking-to, and could lose their access and get fired or expelled. So while there was indeed an occasional misstep, an occasional commercial message, they were very rare.

This changed in the mid-1990s, as the internet first became available to the general public. Commercial use was still hesitant, but increasing rapidly. Some of the early commercial users were entrepreneurs who are now considered geniuses; others were hucksters who are now in jail, or dead.

A common "get rich quick on the internet" scam was to sell books and kits for getting rich quickly on the internet. Often they were simply lists of ISPs by area code, some instructions paraphrased from The Internet for Dummies, and a few templates you could use to create your own web site. But there were also lists of email addresses and email blasting software — the unfortunate and unwelcome beginnings of both the email marketing industry and the ongoing malware epidemic.

Commercial use increased, and we have the internet we do today. Spam increased even faster. But that doesn't mean spam can't be controlled, and reduced. Every month there's another botnet taken down, another major bust by law enforcement — those used to happen maybe once a year, if we were lucky. There has never before in the history of the internet been so much focus on spam, malware, and other so-called "cybercrime" from so many different agencies, mostly (finally!) collaborating with each other. The internet won't return to the old, pre-commercial days, but it will get better.

And while it's true that the first bulk unsolicited commercial email was sent in 1978, there are stories of non-commercial mass messaging going back much further — such as the MIT user who transmitted, in 1971, the words "There is no way to peace. Peace is the way." Perhaps we should consider that the first Tweet?

Posted by on 02 May 2011 in History, Prognostication | | Comments (0) | TrackBack (0)

| | | |

01 May 2011

The world's wealthiest countries the main source of spam?

It would certainly appear so, according to these charts, comparing listings at Spamhaus to GDP. CAUCE thanks furio ercolessi who thought to do the comparison.

update: Rob Szarka rightly points out that these are the largest economies, not the world's richest nations.

Country Live Spam Issues At Spamhaus.org
1 United States 2,370
2 China 898
3 Russian Federation 559
4 United Kingdom 380
5 Japan 258
6 Brazil 254
7 Canada 242
8 France 222
9 Italy 216
10 Germany 214
   
   
Country GDP in Billions of $
 United States  $14,620,000
 China  $5,745,000
 Japan  $5,391,000
 Germany  $3,306,000
 France  $2,555,000
 United Kingdom  $2,259,000
 Italy  $2,037,000
 Brazil  $2,024,000
 Canada  $1,564,000
 Russia  $1,477,000

Posted by on 01 May 2011 in World | | Comments (0) | TrackBack (0)

| | | |

CAUCE North America is financially supported by our organizational and individual members.

REPORT SPAM

Recommended Resources
On Guard Online (United States)

Get Cyber Safe (Canada)

Categories

Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported