Security Fix
Main
Security
MalwareMSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 |Mon, 6 Oct 08
Report: Data Breaches Expose About 30M Records in '08
http://voices.washingtonpost.com/securityfix/2008/10/516_data_breaches_in_2
008_expo.html?nav=rss_blog
U.S. corporations, governments and universities reported a record 516 consumer data breaches in the first nine months of this year, incidents prompted chiefly by hackers and employee theft, according to a report released today by a nonprofit group that works to prevent fraud. The Identity Theft Resource Center, of San Diego, found that this year's data breach tally has easily eclipsed 2007's 446 incidents. At an average of 57 caches of consumer data reported lost or stolen each month, U.S. organizations are on track to divulge at least 680 breaches by the end of 2008. About 80 percent of the breaches involved digital records, while the remainder stemmed from the loss, theft or exposure of paper-based records. A description of each incident is available in the Identity Theft Resource Center 's 2008 Breach List (PDF). Some 30 million records on consumers have been exposed so far this year. But experts
Sat, 4 Oct 08
New State Laws Target Data Encryption, RFID Tracking
http://voices.washingtonpost.com/securityfix/2008/10/new_state_laws_target_
data_enc.html?nav=rss_blog
The states have been busy of late enacting laws that address a broad spectrum of security protections, from outlawing radio frequency identification (RFID) tag tracking to requiring organizations to encrypt sensitive data whether it is stored on a computer or sent over the Internet. California Gov. Arnold Schwarzenegger this week approved a bill that would make it illegal to secretly scan the data encoded on unsecured RFID chips for the purposes of tracking, identity theft or counterfeiting the devices. RFID tags are tiny chips that are now commonly embedded into many retail products, student IDs, drivers' licenses, passports and medical ID cards. Most RFID tags are "passive," in that they have no internal power supply and are designed to be read from a few inches away, but researchers have shown that even passive tags can be read from more than 30 feet with special equipment. However, for the second year
Fri, 3 Oct 08
House.gov Still Plagued by E-mail Deluge
http://voices.washingtonpost.com/securityfix/2008/10/housegov_still_plagued
_by_e-ma.html?nav=rss_blog
A glut of e-mail from constituents and special interest groups continued to pose problems for the Web sites for members of the U.S. House of Representatives on Thursday, as millions of Americans attempt to voice their opinions on the financial bailout package the day before an expected vote on the measure. Jeff Ventura, a spokesperson for the House's chief administrative officer, called the volume of e-mail flowing through member Web sites "staggering and unprecedented." He said more than two-dozen interest groups sending large batches of e-mail have contributed to the problem. "Advocacy groups are collecting e-mails and then shoving them into a system that was really designed for manual input, not for people to send us wholesale batches of thousands of e-mails at a time," Ventura said. Still, he said, e-mails from individual users still far outnumber those submitted in bulk. The timing of the Wall Street rescue package also
Fri, 3 Oct 08
October is Cyber Security (Un)Awareness Month
http://voices.washingtonpost.com/securityfix/2008/10/october_is_cyber_secur
ity_unaw.html?nav=rss_blog
October is Cyber Security Awareness Month, and it seems many people are in need of some serious awareness-raising on this front. A recent survey indicates that while more than 80 percent of computer users thought they had firewall software installed, follow-up inspections found that only half of those users actually had the software installed or running on their PCs. The data comes from a poll of 3,000 Americans conducted by Zogby International, with security vendor Symantec conducting follow-up manual computer scans on computers belonging to 400 of those surveyed. While the study suggests that Americans seem to be well aware of whether they have up-to-date anti-spyware and anti-virus software installed, only 52 percent had anti-spam filters set up, even though 75 percent thought they did, Symantec found. Fifty-one percent of those surveyed said they had been targeted by a phishing attack, a scam that uses spoofed e-mail to lure recipients
Thu, 2 Oct 08
New Federal Law Targets ID Theft, Cybercrime
http://voices.washingtonpost.com/securityfix/2008/10/new_federal_law_target
s_id_the.html?nav=rss_blog
President Bush last week signed into law a bill that seeks to make it easier for prosecutors to go after cybercrooks, while ensuring that identity theft victims are compensated for their time and trouble when convicted identity thieves are forced to cough up ill-gotten gains. The Identity Theft Enforcement and Restitution Act of 2008 lowers the bar prosecutors need to clear before bringing hacking and other cybercrime charges against an individual. Under current federal cybercrime laws, prosecutors must show that the illegal activity caused at least $5,000 in damages before they can bring charges for unauthorized access to a computer. The new law eliminates that requirement. The law makes it a felony, during any one-year period, to damage 10 or more protected computers used by or for the federal government or a financial institution, and directs the U.S. Sentencing Commission to review its guidelines and consider increasing the penalties for
Wed, 1 Oct 08
Software Lets Users Manipulate Passport Data
http://voices.washingtonpost.com/securityfix/2008/09/tool_lets_users_change
_their_p.html?nav=rss_blog
A security researcher has published a software tool that makes it easy to copy and modify identification data encoded onto the computer chips embedded in passports issued by the United States and dozens of other countries. Jeroen van Beek, a security researcher at the University of Amsterdam, discussed his work at the Black Hat security conference in Las Vegas last month, but only this week released the tool that allows anyone to manipulate data on the passport chips. The attack is targeted at electronic passports or "e-passports." According to the U.S. State Department, the United States stopped issuing passports without the chips in August 2007. Close to four dozen other countries also issue e-passports, which are designed around an open international standard. The information on the chips - name, date of birth, passport number, photo, etc. - is designed to be readable by a wireless interface known as radio frequency