BBC NEWS says Warner is suing an Indian company because the name might be confused with Harry Potter:

Warner Bros feels the name is too similar to that of its world famous young wizard, according to trade paper The Hollywood Reporter.

A spokesman confirmed the lawsuit against Mumbai-based Mirchi Movies.

Call me silly but I believe this is far less similar than a movie called Troll, made in 1986.

Troll had a boy named…Harry Potter:

Interviewer: “It’s bizarre, isn’t it? You have a young boy named Harry Potter who discovers that he has magical powers and uses them to fight a troll.”

Charles Band: “I’ve heard that JK Rowling has acknowledged that maybe she saw this low-budget movie and perhaps it inspired her. Who knows what the story is? Life’s too short for a fight as far as I’m concerned but, having said that, there are certain scenes in that movie, not to mention the name of the main character, and this of course predates the Harry Potter books by many, many years. So there’s that strange connection.”

Strange connection indeed.

This past Sunday a paper in Glasgow accused Best Western of experiencing a website breach and losing 8 million records.

Marketwatch has printed a full response by the Hotel that disputes the claim:

We have found no evidence to support the sensational claims ultimately made by the reporter and newspaper.

Most importantly, whereas the reporter asserted the recent compromise of data for past guests from as far back as 2007, Best Western purges all online reservations promptly upon guest departure.

They point out that they are PCI compliant and were not invited to fact check the article before publication. The breach database still show 8mil.

The story in the paper seems so sensational it reads like a worthless tabloid. Perhaps on the next page they warn us about alien babies that look like Britney Spears?

…late on Thursday night, a previously unknown Indian hacker successfully breached the IT defences of the Best Western Hotel group’s online booking system and sold details of how to access it through an underground network operated by the Russian mafia.

It is a move that has been dubbed the greatest cyber-heist in world history.

[…]

“In the wrong hands, there’s enough data there to spark a major European crime wave.”

Sensational. Apparently someone in India managed to get a Best Western employee to install malware. The malware stole that users password. The password was then posted on an Internet site, where someone else decided to use it to login to the Best Western system and download customer records.

This is about as sophisticated as breaking into the ground floor of a hotel with a hammer.

There are a number of simple controls required by PCI that would have prevented the kid in India from getting to step one, let alone two. Let us hope that Best Western is as compliant as they say they are.

It will be interesting to see how things play out now that Best Western claims 13 guests are affected instead of the 8 million records first reported stolen.

I have seen some people point out that the Hannaford CIO is pointing fingers at Microsoft. That is true, and he does not mince words about it. However, I do not think that detracts from his more important messages. First, he calls for an in-depth strategy and second he calls for end-to-end encryption. Both points are excellent advice, and the latter is why I have been working with the OASIS EKMI TC for several years — an extension of a project to build end-to-end encryption at West Marine back in 2004.

He finds particular fault in one aspect of the current PCI standard: “All debit- and credit-card transactions should be encrypted from end to end. That should be the minimum. It’s astonishing that isn’t the standard of PCI,” which only requires encryption when transmitting over a public network such as IP.

Right, although it requires encryption of the network as opposed to the card numbers themselves. The latter would be a more useful system as it would simplify internal monitoring for malicious traffic.

Homa’s key point is that most retailers handle security backwards: Don’t pour everything into protecting the front door. Assume they’ll get through and have a plan to control them once they’re inside.

[…]

Homa has his own strong security strategy, which seems to be a minority view. It’s futile, he said, to continually pour resources and time into securing the front door and windows of a house that is being relentlessly attacked by well-financed thieves with plenty of time. Instead of spending so much effort trying to keep the bad guys out, assume they’ll get in.

I do not think that is a minority view. That is the standard defense-in-depth approach and a best practice since the beginning of information security, let alone physical security.

The article really does not do Bill Homa any favors as it makes him look like he has gone off the handle about Microsoft. The author also points out that PCI auditors could be a risk too. All around pretty weak analysis, so probably not even worth a read, but I at least recognized that Homa has painted a picture of PCI security that many of us were advocating many years ago.

An amazing ststory has emerged in Canada where 35-year-old Timothy Moisan faced 14 years in jail for operating “a massive operation designed to steal people’s identities, con into their bank accounts, and steal their money”:

In the end, there’s no explanation about how the man behind one of the biggest identity theft rings ever in B.C. got off serving only six months plus a day. Critics say sentences like this will only bolster a growing epidemic.

Just the fact that the accused was in possession of “stacks of passports, driver’s licenses, and credit cards” as well as “reams of stolen mail” might suggest a significant penalty. Instead, he pleaded guilty and walked free, while thousands of people spend money and time to recover their stolen identity information.

The judge gave him a year in jail. But because he had spent six months in custody awaiting trial — time which is weighed twice because it’s before trial — he had effectively finished the sentence before it began.

Will Canada soon become a haven for ID theft operations? I wonder if someone could pursue Moisan under PIPEDA by complaining to the Office of the Privacy Commissioner of Canada, and then take him to Federal Court of Canada under section 14. Alternatively, perhaps he could be charged for each identity under Section 264. (1) of the Criminal Code for harassment, since it covers stealing mail and electronic identity theft. Maybe he already was charged and the judge really did not see any harm from ID theft…the kind of harm documented in the criminal code.