An archive of all the news items between March 2006 and end June 2006 on Compliance and Privacy
To avoid long load times news is archived periodically. If you can't find what you are looking for on this page please refer to our archives. Please use the search engine for ease of retrieval.
Main News page |
Archives: (oldest)
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13
(most recent)
Compliance and Privacy Newletter - 29 June 2006
In this issue:
- An Analysis of New Security Features Within Microsoft Vista and Internet Explorer 7 - an iDefense Webcast
- iDefense Webcast replays
- What is SSL?
- Internal fraud coupled with IT savvy is a killer combination
- News Snippets
Click Here for the Newsletter
SWIFT in Dock re Privacy?
A human rights group has announced that it has lodged complaints with data protection authorities in 32 countries against Society for Worldwide Interbank Financial Telecommunications, or SWIFT (a consortium of financial institutions), claiming that it has violated European and Asian data protection rules by providing the USA with confidential information about international money transfers.
SWIFT is the nerve centre of the global banking industry. It operates a secure electronic messaging service that 7,800 financial institutions use to communicate with their counterparts in more than 200 countries. Each day, the network routes nearly 4.8 trillion euros, among banks, brokerages, stock exchanges and other institutions.
Read the article
VeriSign SSP PKI First Certified Under GSA FIPS 201 Evaluation Program
VeriSign SSP PKI First Certified Under GSA FIPS 201 Evaluation Program . VeriSign announced that its Shared Service Provider (SSP) Public Key Infrastructure (PKI) was the first service to be certified under the General Services Administration (GSA)-managed FIPS 201 Evaluation Program. The FIPS 201 certification enables VeriSign to provide PKI services for Federal agencies needing to comply with Homeland Security Presidential Directive 12 (HSPD-12), or the government smart card initiative.
Read the article
Michael Sutton and Recent Microsoft Patches
Both Computerworld and TopTechNews reported how security firms are warning consumers about the availability of attack code targeting some of the flaws for which Microsoft Corp. released patches Tuesday. "Exploit code had already existed for three of the vulnerabilities prior to Tuesday, as they were already public issues," said Michael Sutton , director of VeriSign iDefense Labs. "Beyond that, we're seeing public exploit code emerge for some of the new vulnerabilities and are hearing rumors of private code existing for others." The availability of such exploits heightens the risk for companies that have not yet been able to patch their systems and are important factors to consider when deciding which systems to patch first, he said.
Ken Dunham on Yahoo's New Worm
Ken Dunham, senior engineer at iDefense, a VeriSign company was quoted in TechNewsWorld , on Yamanner, a new worm targeted at Yahoo!'s Web-based e-mail service. Ken said, "The problem is the end users may not realize their computer is affected. Who would have thought you could get a virus just browsing the Internet? It violates the trust that people have for the basic use of the Internet and causes them to feel they are helpless to stop it."
"This worm has a larger scope that originally was thought. It may impact other Web e-mail services as well," Ken told TechNewsWorld. "This worm required a lot of testing to successfully attack users of Web-based e-mail services. These attacks are getting more sophisticated."
Phillip Hallam-Baker Discusses the Pros and Cons of the Semantic Web
A recent IT Week news article defined the “semantic web” as technologies that will make web pages easier for computer systems to interpret. Phillip Hallam-Baker , principal scientist for VeriSign, said an unintended consequence of semantic web technology would be to expose individuals' details more easily to criminals searching for ways to crack passwords and commit identity fraud. "More and more information is being put online, and all the semantic web is doing is making it easier for people to access that data and use it to their advantage," Hallam-Baker argued. "Professional criminals are looking to exploit that information – obscurity can buy you some time but it's running out." He added that widespread use of the semantic web would probably hasten the end of simple passwords as a means of authentication, to be replaced by stronger, two-factor systems for customers to prove their identity to online merchants and service providers.
Compliance and Privacy Newletter - 15 June 2006
In this issue:
- Why don't you use SSL?
- Bruce Schneier's Security Blog
- Eversheds on Data Security Policies
- VeriSign Security Review - May 2006
- I lost my Laptop!
- Emerging Economic Models for Vulnerability Research - iDefence Webcast
Click Here for the Newsletter
“I lost my Laptop!”
Those are probably the scariest words a CIO can hear. But are they taken seriously?
Read the article
How valuable is your company's data security policy?
Security policies form an essential part of effective data protection compliance. The Data Protection Act requires that appropriate technical and organisational measures are taken against unauthorised or unlawful processing of personal data and against accidental loss or damage.
Therefore, although policies are valuable in many different types of business, they form a fundamental part of those businesses which store and utilise high volumes of sensitive or confidential information. Not only do such policies aid companies in operating within the Data Protection Act but they can also be used to help minimise any repercussions where data security does, for whatever reason, fail.
Click Here for the full article
Compliance and Privacy Newletter - 1 June 2006
In this issue:
- ID Theft: US FTC's Awareness Initiative
- Identity and Privacy Strategies Service Orientation - Courtesy of VeriSign
- Whither Chip and PIN?
- New Security Blog - Richard Steinnon
- 60% Have No Information Security Policy
- Geopolitical Hot spots: An Internet Demographic Analysis - Live WebCast
Click Here for the Newsletter
Charles Schwab Selects VeriSign Identity Protection For Online Clients
VeriSign today (25 May 2006) announced that Charles Schwab has selected VeriSign to provide a full set of online security services for their clients.
Under terms of the agreement, Charles Schwab will deploy both VeriSign Identity Protection (VIP) Fraud Detection and Authentication Services to secure client login and transaction information. Additionally, Charles Schwab plans to become an anchor tenant of the VIP Fraud Intelligence and Shared Authentication Network. The VIP Shared Authentication Network is already supported by PayPal, eBay and Yahoo!
Click Here for the full article
When Asked, What Percentage of Staff Know if They Have an Infosec Policy?
Information Security is basic stuff. It's part of everything we do, or should be. So why were we not surprised when we asked people, knowledgeable people, who visit this site " Do you have an Information Security Policy?" and we were given the results in the article?
Click Here for the full article
Whither Chip and PIN?
It can't just be Shell and its UK filling stations that makes us doubt Chip and PIN, but Shell slamming its Chip and PIN equipment shut last week certainly pours a whole lot of cold water on the technology, brought in with such a fanfare in February 2006.
Before the Chip and PIN Day we had our doubts, but oddly they were not about the technology presenting attack vulnerabilities. Instead we were worried about the things ordinary people worry about:
- What if I forget my PIN?
- Why do I need to remember yet another number?
- Why is this better than a signature?
- How do I stop people looking over my shoulder wherever I use the card? I can do it at an ATM, but at the supermarket, in the newsagent, at the dentist, that is just plain impossible
- What if I lose my card? I now need two separate letters, one with a card and the other with a PIN before I can fill my car with petrol!
Which brings us back to Shell
FTC Launches Nationwide ID Theft Education Campaign
"AvoID Theft: Deter, Detect, Defend"
You can take steps to minimize your risk of becoming a victim of identity theft. That is the message of a nationwide education program launched today by the Federal Trade Commission:"AvoID Theft: Deter, Detect, Defend."
- Deter – Take steps to reduce your risk of ID theft
- Detect – Monitor your personal information
- Defend – Act quickly when you suspect identity theft
The program coincides with issuance of an executive order signed by President Bush, creating an Identity Theft Task Force, chaired by Attorney General Alberto R. Gonzales and co-chaired by FTC Chairman Deborah Platt Majoras. The Task Force will develop a strategic plan to enhance the effectiveness and efficiency of government efforts to deter, prevent, detect, investigate, and prosecute identity theft.
Click Here for the full article
VeriSign to Acquire GeoTrust
Acquisition Complements VeriSign's Direct-Sales SSL Presence With Well Developed Reseller Channel
VeriSign today (17 May 2006) announced it has entered into a definitive agreement to purchase Needham, MA-based GeoTrust, Inc., a leading supplier of SSL and other solutions to secure e-business transactions, for approximately $125 million in cash. The acquisition is subject to regulatory approvals and other conditions and is expected to close in the second half of this year.
Click Here for the full article
Compliance and Privacy Newletter - 18 May2006
In this issue:
- Wi-Fi: Are you broadcasting personal data?
- Metafisher Trojan Activity - an iDefense Webcast
- IDS Evasion Techniques and How to Prevent Them - an iDefense WebCast Replay
- Chip and PIN - Just how safe is it?
- The International Worldwide Web Conference - Dinner Invitation
- ****STOP PRESS**** - Skimmer Spam
Click Here for the Newsletter
Are you broadcasting personal data?
Hundreds of thousands of businesses, large and small, world-wide now use Wi-Fi to connect PCs to their network. Millions of homes have Wi-Fi to connect their PCs to the Internet and, of course, millions more use laptops, with Wi-Fi in public places the length and breadth of virtually every country. From where I'm sitting, writing this right now I have no less than nine wireless networks I could connect to.
So, what's the problem?
Wi-Fi uses an easily interceptible frequency to transmit/receive data to and from a PC - if it didn't it wouldn't work without huge antennae. So anyone could easily intercept whatever you send or receive to or from your PC. Secondly when you connect to a network via Wi-Fi you are then dependent on the security of that network to protect you from anyone trying to access your PC. In your office or at home the chance are you have a Firewall between your PC and the network (a Firewall is a device or software that only allows certain very limited types of data through and in theory prevents someone “hi-jacking” or loading viruses onto your PC or extracting data from it).
Read what the FBI say:
Just How Secure is Chip and PIN
If you knew that the unit you put your Chip and PIN card into could be transmitting your details to a fraudster, how happy would you be to use the card ever again? Just how secure is Chip and PIN? Has this new technology simply played into the hands of the fraudster? And where will that leave Smart Card based ID Card Systems like that proposed for the United Kingdom?
In fact, just how smart is it to enter your PIN nowadays, and just what is waiting to catch you out?
We're not talking about technology that is simple but "old hat", here. While it's well known that cameras can be aimed at ATMs to snoop on our keystrokes and on our card number when we key the data in, these are the crude end of the current advanced technology offerings.
Click Here for the full article
The RFID Debate is set to run on
At present Compliance and Privacy has formed no opinion, but it does have questions:
Some of these have been prompted by the latest announcement from IBM, carried in Computer Weekly on Thursday 4 th May 2006, where IBM has announced a new RFID tag that can be emasculated at checkout.
As the press release says, “A Clipped Tag label allows the consumer to tear it along a perforated edge to remove a portion of the tag's antenna after purchasing an item, which reduces the signal distance the silicon chip can transmit.”
Click Here for the full article
Compliance and Privacy Newletter - 4 May2006
In this issue:
- Eleven Major Presentations from InfoSecurity Europe 2006!
- The Evolution and Current State of DDoS Attacks - WebCast Replay
- IDS Evasion Techniques and How to Prevent Them - an iDefense WebCast
Click Here for the Newsletter
VeriSign was at Infosecurity Europe in London in 2006
Verisign as part of their sponsorship of Compliance and Privacy has let us host their presentations and we are pleased to confirm that you can now download the presentations that they hosted on their stand throughout the three days, here. We have pdfs currently, and hope for PowerPoint presentations too, so bookmark this page:
In addition, you can also access the presentations that VeriSign held in the London Rooms on Tuesday 25th April:
And don't forget to download their keynote presentation at the conference on business strategy:
Compliance and Privacy Newletter - 25 April 2006
In this special issue:
- The European e-Identity Conference
- The Evolution and Current State of DDoS Attacks
- iDefense Vulnerabilities Report Jan 2005-October 2005
- The VeriSign Security Review - April 2006
- Identity Theft Tops 3 Percent
- March Threat Summary
- GAO Reports on Information Security
- IEEE To Propose New Wireless Security Standard
- VeriSign and BITS to Provide Banking Security
- Security Events
Click Here for the Newsletter
Compliance and Privacy Newletter - 18 April 2006
In this Special issue:
- Infosec 2006, Europe's number one dedicated Security Event
- We feature Influential Bloggers
Click Here for the Newsletter
Where should security be applied to prevent Identity theft?
By Mike Davies of VeriSign
What a wonderful place the internet is, only today I registered for free at 10 online sites.
I now have a new email address, will be alerted about the latest holidays, electrical goods or jobs that interest me, am a registered user at a major political party's website, have a brochure from a healthcare provider being posted to me, gained access to a computing magazine's website as well as a national newspaper, and will be attending a talk on aromatherapy.
The information I provided to register varied by site but included name, email and physical address, mothers maiden name, salary, political persuasion, preferred holiday dates (when my house will be empty), gender, date of birth, employer's name, mobile telephone number and job title.
At no point during any of the registrations was the personal data I entered secured. This worries me and it should worry you too.
Click Here for the full article
Compliance and Privacy Newletter - 11 April 2006
In this issue:
- Where should security be applied to prevent Identity theft?
- Webcast Replay - Money Mules: Sophisticated Global Cyber Criminal Operations
- Security of the Google Desktop Toolbar - WebCast
- Improving online consumer confidence through mutual authentication
Click Here for the Newsletter
Improving online consumer confidence through mutual authentication
When the first cars were produced it is a pretty safe bet that they weren't fitted with an alarm, immobiliser or tracking device. Such advances in car security were introduced in response to escalating car crime.
Almost daily online security threats emerge, threats which are eroding already fragile consumer confidence.
Without consumer confidence the cost effective and efficient online channel could well become marginalised.
But this is only one side of the story. The growing fraud losses that online service providers such as banks or merchants suffer could render their business model void.
Click Here for the full article