Category Archives: Security

Weak ID Theft Sentence in Canada

August 25, 2008 Davi Ottenheimer Leave a comment

An amazing ststory has emerged in Canada where 35-year-old Timothy Moisan faced 14 years in jail for operating “a massive operation designed to steal people’s identities, con into their bank accounts, and steal their money”:

In the end, there’s no explanation about how the man behind one of the biggest identity theft rings ever in B.C. got off serving only six months plus a day. Critics say sentences like this will only bolster a growing epidemic.

Just the fact that the accused was in possession of “stacks of passports, driver’s licenses, and credit cards” as well as “reams of stolen mail” might suggest a significant penalty. Instead, he pleaded guilty and walked free, while thousands of people spend money and time to recover their stolen identity information.

The judge gave him a year in jail. But because he had spent six months in custody awaiting trial — time which is weighed twice because it’s before trial — he had effectively finished the sentence before it began.

Will Canada soon become a haven for ID theft operations? I wonder if someone could pursue Moisan under PIPEDA by complaining to the Office of the Privacy Commissioner of Canada, and then take him to Federal Court of Canada under section 14. Alternatively, perhaps he could be charged for each identity under Section 264. (1) of the Criminal Code for harassment, since it covers stealing mail and electronic identity theft. Maybe he already was charged and the judge really did not see any harm from ID theft…the kind of harm documented in the criminal code.

History, Poetry, Sailing, Security

Idle as a painted ship

August 25, 2008 Davi Ottenheimer 1 Comment

A little bit of insight from The Rime of the Ancient Mariner, by Samuel Taylor Coleridge:

Day after day, day after day,
We stuck, nor breath nor motion;
As idle as a painted ship
Upon a painted ocean.

Security

RedHat hacked

August 24, 2008 Davi Ottenheimer Leave a comment

RedHat just announced a breach (RHSA-2008:0855-6):

Last week Red Hat detected an intrusion on certain of its computer systems and took immediate action. While the investigation into the intrusion is on-going, our initial focus was to review and test the distribution channel we use with our customers, Red Hat Network (RHN) and its associated
security measures. Based on these efforts, we remain highly confident that our systems and processes prevented the intrusion from compromising RHN or the content distributed via RHN and accordingly believe that customers who keep their systems updated using Red Hat Network are not at risk

SSH was targeted by the attackers:

In connection with the incident, the intruder was able to sign a small number of OpenSSH packages relating only to Red Hat Enterprise Linux 4 (i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64 architecture only). As a precautionary measure, we are releasing an updated version of these packages, and have published a list of the tampered packages and how to detect them at http://www.redhat.com/security/data/openssh-blacklist.html

Check your packages.

Security