Category: News

Consumer advocate Beth Givens ruefully chuckled at the idea that companies that specialize in security and keeping track of important information would commit such gaffes. “It just points out how pervasive these security breaches are,” said Givens, director of the San Diego nonprofit Privacy Rights Clearinghouse.

Deloitte made the CD in order to back up a McAfee database of employee stock holdings, according to the letter. MacDermott said McAfee did not have a policy requiring its auditor to encrypt the data.

http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2006/02/25/BUG2IHEGCC1.DTL&hw=security+breach&sn=001&sc=1000

“Herding kittens is sometimes easier than getting something like this done,” Kimball said.

The tag data routing code stored at the beginning of the active RFID tag, which requires a power source to transmit the data signal, will identify the country of origin.

Kimball said unless someone has access to the host nation’s database that connects the tag number with the manifest.

http://www.securitypipeline.com/news/180207572;jsessionid=SWKNKAMWZQMGSQSNDBCSKHSCJUMEKJVN

In 2006, the problem seems hardly any better, with one newspaper company accidentally wrapping people’s Sunday editions with a list of 202,000 subscribers’ social security numbers and Seattle-based Providence Home Services acknowledging that backup tapes containing 365,000 patient records in the states of Washington and Oregon had been stolen from an employee’s car. Over the last decade, while the Internet has boomed and busted, online identity has remained a binary proposition to most businesses: Users either fully identify themselves to a Web site or hide behind an anonymous handle. Because commerce sites believe anonymity means less security, online businesses have increasingly asked customers to more fully identify themselves, a choice highlighted by many companies difficulty in keeping the data safe.

“Often times the topic of the level of authentication to create these models (of commerce) deteriorates into a presumption that there is an extreme choice to be made between true proof of personal identity and anonymity,” said Art Coviello, CEO of RSA Security. Coviello argued that companies should adopt technology that allows consumers to present trusted credentials for specific attributes, such as the visitor to the Web site is over 18 years old.

During the keynote kicking off the conference, Microsoft’s chief software architect Bill Gates told attendees that the company’s next operating system will support just such a system. “You will have different cards: Cards that just give your location, cards that more secure that give your credit card (information), cards that you would protect very carefully and you would have a PIN for every use of it where you might authorize access your medical information.”

Businesses can gain by having less information stored on their servers. Moreover, putting fewer barriers in the way of the customer will mean more business, said Rob Shenk, vice president of online financial giant E*TRADE Bank during a panel on consumer authentication for the financial industry.

http://www.securityfocus.com/news/11377?ref=rss

This prevents organisations from using equipment from several vendors in creating interoperable networks such as a global network of airports using a single database with iris scan information.

Common applications base authentication on finger prints, iris, face and voice and vein scans.

The panel conceeded finger print scanners are readily available with many notebook makers offering such technology as an option with their business models. However, it was argued that availability of hardware was not enough to guarantee adoption of biometrics.

“But just because you have the hardware, that doesn’t mean that each person who uses it will use it in such a way that you get value for the organisation,” warned Samir Nanavati, a partner with Biometric Group (IBG), an independent consultancy organisation.

The technology is mainly struggling to cross over from government applications to the public sector, they argued, as vendors remain primarily focused on selling to governments.

http://www.vnunet.com/2150496

The carriers are optimistic that they can keep the level of spam on mobile communications networks below the level of fixed Internet. Among other things, they believe that it makes a difference that text messages and MMS cost money. In addition, mobile network operators claim that they can keep much better control of their networks than the public Internet. At the same time, mobile communications companies realize the need to work together across networks to put an end to international spammers. They plan to have anti-spam passages put into contracts signed with commercial senders of mass text messages. But the initiative’s call to have laws that “hamper” the fight against spam repealed seems more problematic. Among other things, the carrier would like to do away with the regulations on data protection, such as the privacy of telecommunications. (Craig Morris) / (jk/c’t)

http://www.heise.de/english/newsticker/news/69684

An E*TRADE Bank executive said that the company had more than $700 million in accounts protected by two-factor authentication and that customers that use a second factor have tripled the money in the accounts compared with a control group that only uses passwords.

Some security and e-commerce companies have touted a future where consumers can sign in once and use that federated authentication throughout the commercial Web.

In the past, Microsoft has tried to turn its Passport online identity system into the backend authentication system for e-commerce providers, but privacy experts worried that the move would give a single company too much power in managing consumer information.

http://www.securityfocus.com/brief/141