Risk Factor iconRisk Factor

Data Stolen Again: This Time Grocer Hannaford Hit

credit-card.gif

Hannaford Brothers supermarket chain disclosed that it had a breach of its computer system beginning last December that exposed 4.2 million credit and debit card numbers, as well as led to at least 1,800 fraud cases, the Boston Globe reported today. The breach affected stores in five states - Maine, Massachusetts, New Hampshire, New York and Maine - and 270 of its stores. The breach wasn't suspected until February and continued until March of this year.

Unlike the TJX breach, Hannaford appeared to meet all the industry standards involving how customer data is supposed to be protected.

It hasn't been disclosed how customer information was compromised, but in a more detailed story at ComputerWorld, the speculation is that it was stolen in transit between Hannaford stores and the financial institutions that process the stores' credit/debit card transactions.

I don't know if this qualifies as the first million plus data breach in the US for 2008 since the breach began last year - if it counts, I guess we can ring the bell.

Also, Gregory Kopiloff was sentenced at the U.S. District Court in Seattle, Washington yesterday to four years in federal prison for using file-sharing software to steal at least 83 identities. It is the first federal case against those using file-sharing software for identity theft.

NPfIT: Some Good News

Ear-examiner.gif

The UK's National Health Service (NHS) national electronic health record (EHR) program NPfIT (National Programme for IT) has spent £1.5 billion less than expected as of April 2007, ComputerWeekly reports. Part of the reason for the lower spend is that delays caused fewer EHR systems rolled out to UK hospitals, however.

It should be noted that while the UK government spent less, it doesn't mean that the money wasn't spent by someone. Since NPfIT vendors only get paid after delivery and acceptance, much of that £1.5 billion was likely spent, but by vendors. When the NPfIT finally gets rolled out, the total cost of it will be very hard to determine, since there will be an official government cost, and then there will be the large costs incurred by the vendors that they had to eat (which is why some vendors like Accenture bailed out of the program). Anyone looking at the NPfIT as a cost model for a national EHR system needs to be very careful in doing the sums.

The NHS also said that what has been delivered under NPfIT has saved an additional £208 million from the digitalization of x-rays and the decommissioning of legacy IT systems.

Dutch Tax Office Erases 730,000 Tax Returns

Windmill.gif The Dutch tax office admitted that 730,000 digital tax returns submitted by early filers to the tax office for some reason erased by their computer system and need to be resent.

Tax office officials assume that those who have had their records lost have their returns on their computer and will be able to easily resend them. They have until 1 April to do so.

According to Radio Netherlands, earlier in February, "another problem with the tax office computers meant that clients were unable to identify themselves properly. For a whole week, nobody was able to submit a tax declaration electronically."

Last June, tax office software that did not function correctly forced over 400,000 companies to resubmit payroll information.

The continuing problems at the Dutch tax office has forced the Finance Minister Jan Kees de Jager into reorganizing the office, but admits it will take years to fix.

Please Don't Open That Email - It's Classified

Mildenhall.gif

A small Suffolk County, England town has had to close its website because it was receiving thousands of classified US Air Force emails. According to a story in the London Telegraph, "Documents including sensitive information about presidential flight paths, military strategy and passwords flooded Gary Sinnott's inbox after he set up www.mildenhall.com to promote his home town."

Royal Air Force Base Mildenhall is home to several US Air Force units including the 100th Air Refueling Wing, 352nd Special Operations Group, 95th Reconnaissance Squadron, 488th Intelligence Squadron among others.

Makes you wonder why you need to hack into US defense networks when you can just set up a domain name that is close in name to a US military installation.

Patch and Pray Friday for Dextre the Space Robot

Dextre.gif

The Canadian Space Agency's Dextre (Special Purpose Dexterous Manipulator) robot apparently needs a software patch to fix a timing problem that is preventing Dextre from fully powering up.

According to CSA's website, "Dextre is an essential tool for maintaining and servicing the space station. With its dual-arm design providing added flexibility, Dextre will remove and replace smaller components on the Stationâ''s exterior, where precise handling is required. It will be equipped with lights, video equipment, a tool platform and four tool holders."

"Dextre is a complex robot designed to perform intricate maintenance and servicing tasks on the outside of the ISS. Dextre will carry out delicate work that, so far, could only be accomplished by astronauts during spacewalk activities. In other words, Dextre will provide an alternative to astronauts, considerably reducing the amount of time that they have to venture out of the ISS to perform demanding spacewalks and providing more time for them to perform science on the ISS."

Engineers are "confident" that the patch will fix the problem (I noticed they didn't say software programmers were confident, though).

I wonder if the engineers are as confident as I am during every Microsoft Patch and Pray Tuesday?

Update: At the end of the day, it wasn't a software problem as first thought. The patch was uploaded, but nothing happen. Engineers next thought it was a faulty cable. This was by-passed, and power was restored. You can read more about it here at ComputerWorld.

Is There or Is There Not an IT Labor Shortage?

Atlas.gif

Over at Baseline magazine, there is a lengthy article that is drawing a lot of heated discussion on whether there is a shortage of IT workers in the US or not. The article says that claims of an IT shortage are nothing more than a well-publicized myth. In fact, there may even be a slight surplus.

Furthermore, the article points out, if there was a true shortage, IT worker wages would be going up, which they haven't.

The article quotes different folks like Dr. Ron Hira, professor of public policy at the Rochester Institute of Technology, a fellow at the Economic Policy Institute and co-author of the book Outsourcing America (bits on-line here), who believe that the claims of an IT shortage is to further certain high tech business interests: "the motive is to get the Feds to loosen immigration restrictions for cheap foreign labor, to increase supply of workers in order to reduce labor costs and to justify offshore outsourcing efforts."

You can check out Hira's views expressed before Congress when he was representing the IEEE-USA on the issue of outsourcing high-tech jobs here.

My previous IT job related posts and discussions can be found here, here, here and here.

Grab the Bug Juice: Robot Swarms Approaching

Robot-Swarm.gif

Today's London Telegraph has a story on the new European Union funded open-source, open-hardware Symbrion project that aims to create, according to the website, "super-large-scale swarms of robots, which can dock with each other and symbiotically share energy and computational resources within a single artificial-life-form."

"When it is advantageous to do so, these swarm robots can dynamically aggregate into one or many symbiotic organisms and collectively interact with the physical world via a variety of sensors and actuators."

The project, which involves researchers from a "swarm" of ten universities, hopes to develop applications that support search and rescue missions, space exploration and medicine.

Prof. Alan Winfield from the University of the West of England, Bristol, is quoted in the Telegraph story as saying:

"A swarm could be released into a collapsed building following an earthquake. They could form themselves into teams searching for survivors or to lift rubble off stranded people. Some robots might form a chain allowing rescue workers to communicate with survivors while others assemble themselves into a â''medicine bot' to give first aid. The robots have functionality on their own, but they can also combine together or adapt and change as the situation requires. The individual robots won't change physically, but they will adapt and evolve their functionally."

Shades of transformers!

The project is set to complete in 2013.

Speaking of transformers, check out this Toshiba-Softbank model 815T PB transformer cell phone.

Maybe the Symbrion folks and they can get together and create a cell phone swarm for who knows what - any suggestions out there?

36% of Scientists at NASA are Indian

There was a small item over at NASA Watch that references a Times of India story that states that "12% [of the] scientists and 38% [of the] doctors in the US are Indians, and in NASA, 36% or almost 4 out of 10 scientists are Indians."

The story goes on to say, "If that's not proof enough of Indian scientific and corporate prowess, digest this: 34% employees at Microsoft, 28% at IBM, 17% at Intel and 13% at Xerox are Indians."

These statistics were presented by Indian government minister D Purandeshwari, Minister of State for Human Resource Development on Monday to the Rajya Sabha or Parliament of India.

No stats on the percentage that are in the information technology & systems business, but according to Bill Gates, probably not enough. Gates warned Congress today that the U.S. needs to raise the cap on H-1B visas for skilled foreign nationals.

If not, Gates said, then "U.S. companies simply will not have the talent they need to innovate and compete," and all those foreign students receiving their education at U.S. universities will have to leave, to the detriment of US high tech companies.

Losing Your Heart May Have a Whole New Meaning

Surgery.gif

In a disturbing article in today's Boston Globe, it appears that there are large security gaps in "implanted devices that help regulate heartbeats and use wireless technology."

Dr. William H. Maisel, director of the Medical Device Safety Institute at Beth Israel Deaconess Medical Center, who led a research project into medical device security risks, says in the story:

"With some technical expertise, we were able to retrieve information from the device in an unauthorized fashion. We were able to send commands to the device in an unauthorized fashion and could reprogram settings and even tell the device to deliver a high-voltage shock."

Maisel goes on to say that patients with pacemakers and cardiac defibrillators that have wireless capability shouldn't be concerned because of the high level of technical skill needed to conduct such an attack.

Maisel suggests that device manufacturers and maybe regulators may need to consider adding an audible tone or a vibration that "could let a patient know whenever someone is communicating with an implanted heart device."

While the risk may be remote, I can see all sorts of new television murder mystery plots developing. A person wanting to bump off their spouse or relative who has a pacemaker hires some mysterious hacker to do the job, or a group of young people, fed up with seeing their Social Security and Medicare taxes going up or worried that there won't be any left for them as they grow older deciding to knock off seniors en mass by driving by nursing homes and fooling with implanted medical devices. Tech savvy lawyer, doctor, private investigator, neighbor sets out to solve the case, blah, blah, blah.

TV plots aside, I do wonder, though, how soon we'll see hackers in the near future offering software to destabilize medical devices for the right price.

Microsoft's Vista $2,100 e-mail machine

The Sunday New York Times has an interesting story on the continuing saga of the lawsuit against Microsoft by two plaintiffs contending, according to the Times, that "Microsoftâ''s 'Windows Vista Capable' stickers were misleading when affixed to machines that turned out to be incapable of running the versions of Vista that offered the features Microsoft was marketing as distinctive Vista benefits." The complaint can be found here.

A judge last month granted class-action lawsuit status to the suit, which is scheduled to go to trial in October.

Microsoft, of course, says that this complaint is hokum, as its response explains here.

Unfortunately, 158 pages of internal Microsoft emails by employees like Michael Nash, a Microsoft vice president who oversees Windows product management, tends to undercut Microsoft's insistence that there was nothing misleading with Vista. Nash wrote that he "personally got burned" by buying a laptop that was labeled as Windows Vista Capable: "I now have a $2,100 e-mail machine."

The emails make for amusing, but not surprising, reading for anyone who has been in the software business for more than a month. They tell a story of tough design trade-offs, "hold your nose" compromises, broken promises, schedule pressure, vaporware marketing, and so on. In other words, business as usual in any large IT development shop, commercial or government.

In fact, the emails are something every high school or university student should read to understand what it is like out there in the IS&T world. Software development is like sausage making - you don't want to look too closely at what is used as filler or goes on during the process.

Advertisement

Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Contributor
Willie D. Jones
 
Advertisement
Load More