Docstoc

Typo in Address in Notice to Quit in California

Document Sample
Typo in Address in Notice to Quit in California Powered By Docstoc
					                                        Privacy & Security News Brief
                                                November 17 – November 23, 2007
                                                         Vol. 1, No. 7

                                                           TABLE OF CONTENTS
BIOMETRICS ..............................................................................................................................................................4
   Can biometrics secure the public's data? _______________________________________________________ 4
   Cash, Credit or Fingerprints Please ___________________________________________________________ 4
   Souder Says Biometrics the Solution, but Others Curse the Cure ____________________________________ 4
DATA BREACH ...........................................................................................................................................................4
   Laptops Stolen From Doctor's Office __________________________________________________________ 4
   Personal Information Found In McKinney Dumpster _____________________________________________ 4
   Deja vu all over again at Veterans Administration ________________________________________________ 5
   Montana State University reports three data breaches in single day___________________________________ 5
   11 laptop PCs stolen from Brussels embassy ____________________________________________________ 5
   Security breach affects UConn Foundation donors _______________________________________________ 5
   Students' personal data stolen ________________________________________________________________ 6
   CDs containing state workers' information missing in Nevada ______________________________________ 6
   Laptop theft concerns customers _____________________________________________________________ 6
   Laptop with personal data missing ____________________________________________________________ 6
E-COMMERCE ............................................................................................................................................................7
   Regulating e-commerce ____________________________________________________________________ 7
EDITORIALS & OPINION .........................................................................................................................................7
   Be your own personal privacy czar ____________________________________________________________ 7
   Privacy and security: There‘s always a tradeoff (Commentary: Although security can help ensure privacy, the
   two are not the same thing) __________________________________________________________________ 7
   Protecting our privacy from federal bureaucrats__________________________________________________ 7
   The Picture Of Conformity __________________________________________________________________ 8
EDUCATION................................................................................................................................................................8
EMPLOYEE .................................................................................................................................................................8
   Boeing bosses spy on workers _______________________________________________________________ 8
FINANCIAL .................................................................................................................................................................8
GOVERNMENT – U.S. FEDERAL ............................................................................................................................8
   MySpace, Facebook ad plans violate privacy, groups tell FTC ______________________________________ 8
GOVERNMENT – U.S. STATES ................................................................................................................................8
HEALTH & MEDICAL ...............................................................................................................................................9
   AMA Recommends Routine HIV Testing While Protecting Patient Autonomy, Privacy __________________ 9
   Threats to Your Genetic Privacy _____________________________________________________________ 9
   Whose records? Does medical privacy law hinder privacy? ________________________________________ 9
   Federal patient privacy rule makes it harder to conduct medical research ______________________________ 9
IDENTITY THEFT ......................................................................................................................................................9
       Used hard drives are ID theft paradise _________________________________________________________ 9
       Don't Let Identity Thieves Enjoy a Holiday Shopping Spree on You ________________________________ 10
       ID Thief Admits Using Botnets to Steal Data __________________________________________________ 10
       ID theft can be a dead issue ________________________________________________________________ 10
INTERNATIONAL..................................................................................................................................................... 10
   AFRICA.................................................................................................................................................................. 10
   ASIA/PACIFIC ...................................................................................................................................................... 10
     Flaws in Asia's Maturing IT Security Approach _________________________________________________ 10
   EUROPE ................................................................................................................................................................ 11
    AUSTRIA ______________________________________________________________________________ 11
    Austrian privacy laws 'used to gag media' _____________________________________________________ 11
    GREECE_______________________________________________________________________________ 11
    Head of Greek privacy watchdog resigns over police use of cameras to monitor protests _________________ 11
    UNITED KINGDOM _____________________________________________________________________ 11
    Government policies threaten data privacy, warns information commissioner _________________________ 11
    Doctors may be prosecuted if their laptops are stolen ____________________________________________ 11
    Public concern grows over data protection _____________________________________________________ 12
   MIDDLE EAST ..................................................................................................................................................... 12
   NORTH AMERICA .............................................................................................................................................. 12
    CANADA ______________________________________________________________________________ 12
    Opinion: Survey Finds One In Five Execs Say Their Companies Don't Use Anti-Virus Software __________ 12
    School boards lack privacy protection ________________________________________________________ 12
   SOUTH AMERICA ............................................................................................................................................... 12
LEGISLATION – FEDERAL .................................................................................................................................... 13
   Privacy concerns plague Senate health IT legislation _____________________________________________ 13
   House passes Restore Act with no telecom immunity provision ____________________________________ 13
   Under bill, companies could face privacy suits _________________________________________________ 13
LEGISLATION – STATE .......................................................................................................................................... 13
   NEW HAMPSHIRE ______________________________________________________________________ 13
   Judge questions privacy argument of voter info law _____________________________________________ 13
LITIGATION & ENFORCEMENT ACTIONS ........................................................................................................ 14
    Vets Can Sue VA Over Stolen Laptop ________________________________________________________ 14
    Visa Gave TJX Until 2009 to Get PCI Compliant _______________________________________________ 14
MOBILE/WI-FI .......................................................................................................................................................... 14
   Expect a rocky road for mobile data security, experts say _________________________________________ 14
   Many Retailers Open to Wireless Attacks _____________________________________________________ 15
ODDS & ENDS .......................................................................................................................................................... 15
   The Picture Of Conformity: In a Watched Society, More Security Comes With Tempered Actions _________ 15
   NYPIRG warns of travelers‘ shopping privacy concerns __________________________________________ 15
   Web Site Features Could Affect Trust in Candidates _____________________________________________ 15
ONLINE ...................................................................................................................................................................... 16
   McAfee Sees Cybercriminals Targeting Web 2.0, Windows Vista, and Online Games __________________ 16
   Facebook Encounters Difficulty Deleting Account ______________________________________________ 16
   The Facebook betrayal - users revolt over advertising sell-out _____________________________________ 16
   Thousands of Unprotected Databases Litter the Internet __________________________________________ 16
RFID ........................................................................................................................................................................... 17
   Enhanced driver's licence approval sparks privacy caution ________________________________________ 17
   Public Trust of RFID _____________________________________________________________________ 17



                                                                                                                                                                                 2
SECURITY.................................................................................................................................................................. 17
   DNS Servers in Harm's Way _______________________________________________________________ 17
   Thumb twiddling Mozilla promises fix for privacy-biting bug _____________________________________ 17
   Password Security Do's and Don'ts Outlined by Security and Privacy Company _______________________ 18
   Corporate data control policies are failing _____________________________________________________ 18
   Looming Online Security Threats in 2008 _____________________________________________________ 18
   'LoJack' For Backup Tapes? ________________________________________________________________ 18
SEMINARS ................................................................................................................................................................. 19
PAPERS ...................................................................................................................................................................... 19
   Cyber Security Threat Assessment ___________________________________________________________ 19
   Security Experts Report on Hazards of New Surveillance Architecture ______________________________ 20




                                                                                                                                                                              3
                           ARTICLE SUMMARIES AND LINKS
BIOMETRICS
Can biometrics secure the public's data?
Ten years ago, it would have been unthinkable to have a society where bank cards had been replaced by iris
identification, where passports were a thing of the past and school dinners were paid for using vein recognition. It
would have seemed very Blade Runner or 1984. Well, that future has most definitely arrived with the burgeoning
popularity of biometrics. And - surprisingly for IT take-up - the public sector seems to be the first in line.
http://management.silicon.com/itdirector/0,39024673,39169254,00.htm
(Silicon.com – 11/23/07)

Cash, Credit or Fingerprints Please
A growing number of customers in Germany are paying for their bills by fingerprint these days. With the touch of a
digit to a light-sensitive pad, customers pay for their items, provided they have an account in the store's system that
can be debited. Piggly Wiggly, the U.S. grocery chain, launched its biometric program in early 2005. It was one of
the retail industry's largest commitments to biometrics and it has been closely watched from the start. Initially, the
pilot project worked extremely well. But there was resistance. Security experts worried that hackers could steal
fingerprint data, unleashing a new version of identity theft. And privacy experts decried the Orwellian aspect of the
technology.
http://www.abcnews.go.com/Technology/story?id=3902517&page=1
(ABC News – 11/22/07)

Souder Says Biometrics the Solution, but Others Curse the Cure
Rep. Mark Souder has become a crusader for biometrics ID cards, but admits the political environment is not yet
ripe for making them a part of Americans‘ everyday life. IDs encrypted with images of their holders‘ fingerprints
and irises would not only be the best tool to identify terrorists, says the Indiana Republican, but would go a long way
toward helping people avoid the inconveniences associated with many homeland security initiatives. But despite
worries about homeland security, even the strongest supporters of biometrics acknowledge that concerns about
privacy and long-standing visceral objections to anything that could be considered a ―national ID card‖ are likely to
block progress on the issue.
http://www.cqpolitics.com/wmspage.cfm?parm1=5&docID=hsnews-000002632196
(CQ Politics – 11/21/07)



DATA BREACH
Laptops Stolen From Doctor's Office
Someone stole two laptop computers from a doctor's office in Murfreesboro. However, the doctor's office says
patients should not worry. A representative of Family Practice Partners in Murfreesboro said patient information
was not stored on those computers. That representative said all the information entered into the computers was sent
to another server and not saved on the laptops. They also said anyone looking for the information would have to go
through several password barriers.
http://www.newschannel5.com/Global/story.asp?S=7384004
(News Channel 5 – 11/19/07)

Personal Information Found In McKinney Dumpster
A North Texas business reacted quickly today after learning someone in its office had inadvertently thrown files
with personal information in a McKinney trash dumpster. They contained Social Security Numbers, bank
statements, real estate contracts and moreState law requires companies to properly dispose of their documents. If
they don't, they could face up to $50,000 in fines. CVS Pharmacy, Radio Shack, E-Z Pawn, and Lifetime Fitness are
just some of the companies that have gotten in trouble under the two-year-old law.
http://cbs11tv.com/local/mckinney.dumpster.texas.2.571626.html
(CBS 11 TV – 11/19/07)



                                                                                                                          4
Deja vu all over again at Veterans Administration
In what's become a fairly familiar routine for them of late, the U.S. Department of Veterans Affairs is investigating a
potential data breach -- the theft of three computers containing personal data on potentially 12,000 individuals. Two
desktop PCs and one laptop containing that data were stolen from a VA medical facility in Indianapolis -- ironically
enough, on Veterans Day. The records belong to patients who were treated at the hospital and include Social
Security numbers and other personally identifiable information. "It appears from this most recent breach that there
are still some in the VA, even some responsible for the security of such data, who don't realize the importance of the
security of the names and data of our veterans," U.S. Rep. Steve Buyer (R-Ind.) said in a prepared statement.
According to Buyer, the VA notified his office of the breach on Thursday and is working to ascertain the names and
data of the people who might have been affected by the theft.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9047482
(Computer World – 11/16/07)
Also see:
      3 VA laptops with thousands of patient records stolen
           http://www.indystar.com/apps/pbcs.dll/article?AID=/20071115/LOCAL/711150543
           (Indianapolis State – 11/15/07)

Montana State University reports three data breaches in single day
On Nov. 2, the university sent out letters to 216 students informing them about the potential exposure of their Social
Security numbers and other personal data after a removable storage device containing the data was stolen. That
same day, an outside security analyst informed the university's data security staff that he had discovered an Excel
spreadsheet containing the names and Social Security numbers of 42 people on the university's Web site. When
investigating the Excel spreadsheet issue, the university's security staffers discovered another Excel spreadsheet was
similarly exposed and contained the names and Social Security numbers of 14 individuals.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9047084
(ComputerWorld – 11/15/07)

11 laptop PCs stolen from Brussels embassy
Eleven laptop computers were stolen from the Japanese Embassy in central Brussels earlier this month, leading to
fears that personal information on about 12,700 Japanese living in Belgium may have been exposed, the embassy
said Wednesday. The robbery is believed to have taken place early Nov. 3. Security guards alerted by an alarm
found the lock broken on the seventh-floor entrance to the embassy in an office building. Some of the stolen
computers held electronic data on matters such as the expats' residence certification, overseas voting registration and
passport information, according to the embassy. The residence certification contains details such as a person's
name, birthdate, permanent address in Japan, occupation, family information and passport number.
http://www.yomiuri.co.jp/dy/world/20071115TDY02303.htm
(Daily Yomuri Online – 11/15/07)

Security breach affects UConn Foundation donors
Information about 10 online donors to the University of Connecticut Foundation - including their names, addresses,
and the last four digits and expiration dates of their credit cards - was accessed through a vendor's security breach
between Oct. 23 and Nov. 1. About 89,000 other people had only their e-mail addresses accessed without
authorization, UConn Foundation spokesman John Sponauer said. The foundation was one of 92 clients of the
vendor, Convio, affected by the breach, Sponauer said.
http://www.zwire.com/site/news.cfm?newsid=19018393&BRD=985&PAG=461&dept_id=161556&rfi=6
(Journal Inquirer – 11/13/07)




                                                                                                                        5
Students' personal data stolen
Parents of 560 students in Edmonton Catholic schools are shocked after a memory stick containing their personal
information was stolen earlier this month. The names, addresses and phone numbers of the students were stored on a
memory stick, a pocket-sized device used to store computer data that acted as a backup copy for R.L. Smith
Transportation Inc. An employee took the memory stick home every night in her purse. Company president Gordon
Mayes said they found out about the loss of the memory stick after the employee had quit and called in to ask for her
last cheque. When asked about the return of the memory stick, she explained her car had been stolen, along with her
purse, Mayes said.
http://www.canada.com/edmontonjournal/news/cityplus/story.html?id=6b127142-f6f6-4c76-94bc-
8a066d05fb1c&k=94289
(Edmonton Journal – 11/13/07)

CDs containing state workers' information missing in Nevada
Hundreds of CDs containing payroll information about state employees, including Social Security numbers, have
either been lost or stolen over the last three years, state Personnel Director Todd Rich said. Rich said his department
sent a total of more than 13,000 CDs to 80 agencies for review every two-week pay period over the last three years.
He said as many as 470 are still missing. "We haven't had any notification from anybody that, `Hey, my identity has
been stolen,'" Rich told the Nevada Appeal. He said it would be up to Attorney General Catherine Cortez Masto
whether to issue a breach notification. If so, he said, it would be done by agencies with missing discs. The system
has been tightened to prevent unauthorized people from getting employee information, Rich added.
http://www.lasvegassun.com/sunbin/stories/nevada/2007/nov/11/111110005.html
(Las Vegas Sun – 11/11/07)

Laptop theft concerns customers
Chico-based Butte Community Bank notified an undisclosed number of customers this week that a laptop computer
probably containing their names, addresses, Social Security numbers and account numbers was stolen in mid-
October. Bank officials refused to say how many customer were mailed the notice, which was dated Oct. 24. They
said the laptop was stolen from a bank employee who carries it from branch to branch, but declined to say exactly
where it went missing. Customers throughout Butte County appeared to get the notice. Some employees of the
Enterprise-Record, the Paradise Post business account and a woman living in Stirling City are on the list. Butte
currently operates 10 branches in Chico, Paradise, Magalia, Oroville and Gridley. The notice tells customers the
computer database is protected by a password, which should keep the information from being accessed.
http://www.orovillemr.com/news/ci_7410591
(Oroville (CA) Mercury – Register – 11/08/07)

Laptop with personal data missing
Cabarrus County officials notified more than 28,000 people this week that their personal data, including Social
Security numbers, are on a missing laptop computer owned by Cabarrus County Emergency Medical Services. The
computer had accidentally been left on an ambulance's back bumper at 10 p.m. Oct. 28, while the vehicle was
parked at Carolinas Medical Center-NorthEast in Concord. County officials said it is possible, but unlikely, that the
information in the laptop could be breached. The county is offering a $500 reward for the safe return of the lost
laptop, a silver Panasonic Toughbook 18 tablet PC version. It is encased with a hard black alloy. The laptop
contained names, addresses, phone numbers and Social Security numbers of about 28,000 people who had been
cared for by the county EMS over the past four years. It also contained medical information on about 58 people who
received treatment from EMS Oct. 13-28.
http://www.charlotte.com/local/story/353337.html
(Charlotte Observer – 11/08/07)




                                                                                                                      6
E-COMMERCE
Regulating e-commerce
There is a debate over whether governmental noninterference is applicable to e-commerce and international trade
that is conducted over the Internet. Should e-commerce be regulated by governments or should it be allowed to be
―self-regulated‖ by the forces of the free market? Economies work more efficiently when they are free from
governmental interference. In this regard, a classical economist Adam Smith claimed that an individual pursuing his
self-interest by engaging in commerce is ―led by an invisible hand to promote an end which was no part of his
intention.‖ This ―invisible hand‖ is said to guide individuals to achieve greater collective wealth. Smith felt that the
idea of the ―invisible hand‖ applies to the realm of international commerce as well as to domestic commerce.
http://biz.thestar.com.my/news/story.asp?file=/2007/11/19/business/19336753&sec=business
(The Star – 11/19/07)



EDITORIALS & OPINION
Be your own personal privacy czar
Like most journalists I know I'm very sloppy about keeping my online communications secure. I rarely encrypt e-
mail messages, leaving them to be read by anyone in the electronic chain between me and the intended recipient.
And I use public chat services like MSN Messenger and iChat, even though they send messages as plain text across
the network. Partly this is because the tools needed to make communications secure can be cumbersome and
complicated, even for someone with a technical background. But partly it is because I have not often been involved
in researching stories that are going to bring me to the attention of those with the capabilities needed to tap even
insecure online communications. But you never know.
http://news.bbc.co.uk/1/hi/technology/7101637.stm
(BBC News – 11/19/07)

Privacy and security: There’s always a tradeoff (Commentary: Although security can help
ensure privacy, the two are not the same thing)
Hugo Teufel III, chief privacy officer of the Homeland Security Department, said recently at a roundtable discussion
on cyber security for the Congressional High Tech Caucus that there was no need to balance privacy and security.
The two go hand in hand, he said. What a disturbing thing for a chief privacy officer to say. Although it is true that
security can help ensure privacy, the two are not the same thing. Security often entails gathering sensitive
information about individuals, and these collections raise plenty of concerns about privacy, no matter how well-
intentioned.
http://www.gcn.com/online/vol1_no1/45454-1.html
(Government Computer News – 11/19/07)

Protecting our privacy from federal bureaucrats
Privacy has always been important to Texans - from government officials' snooping to citizens choosing to be
anonymous. Privacy is a fundamental right in our state's common law and in our state constitution. That means the
government cannot trump or invade our privacy without a compelling state interest to do so - not just any reason, but
a compelling reason - and the government has no other alternative available to get the information it claims to need.
That is why both the Fourth Amendment to the U.S. Constitution and the Texas Constitution require probable cause
and a warrant from a court, except in an emergency, to intrude upon our privacy. Since frontier times, Texans have
cherished and insisted on their privacy and their anonymity. For Texans, not only was this part of rugged
individualism and innate distrust of government, but it was part of their desire to start over in their lives and live the
way they wanted.
http://media.www.dailytexanonline.com/media/storage/paper410/news/2007/11/16/Opinion/Protecting.Our.Privacy.
From.Federal.Bureaucrats-3107109.shtml
(Daily Texan Online – 11/16/07)




                                                                                                                        7
The Picture Of Conformity
It's been apparent for years that we're being watched and monitored as we traverse airports and train stations, as we
drive, train, fly, surf the Web, e-mail, talk on the phone, get the morning coffee, visit the doctor, go to the bank, go
to work, shop for groceries, shop for shoes, buy a TV, walk down the street. Cameras, electronic card readers and
transponders are ubiquitous. And in that parallel virtual universe, data miners are busily and constantly culling our
cyber selves. Is anywhere safe from the watchers, the trackers? Is it impossible to just be let alone?
http://www.washingtonpost.com/wp-dyn/content/article/2007/11/15/AR2007111502482.html
(Washington Post – 11/16/07)



EDUCATION

EMPLOYEE
Boeing bosses spy on workers
Within its bowels, The Boeing Co. holds volumes of proprietary information deemed so valuable that the company
has entire teams dedicated to making sure that private information stays private. One such team, dubbed "enterprise"
investigators, has permission to read the private e-mails of employees, follow them and collect video footage or
photos of them. Investigators can also secretly watch employee computer screens in real time and reproduce every
keystroke a worker makes, the Seattle P-I has learned. For years, Boeing workers have held suspicions about being
surveilled, according to a long history of P-I contact with sources, but at least three people familiar with
investigation tactics have recently confirmed them. One company source said some employees have raised internal
inquiries about whether their rights were violated. Sometimes, instead of going to court over a grievance on an
investigation, Boeing and the employee reach a financial settlement. The settlement almost always requires people
involved to sign non-disclosure agreements, the source said.
http://seattlepi.nwsource.com/business/339881_boeingsurveillance16.html
(Seattle PI – 11/16/07)



FINANCIAL

GOVERNMENT – U.S. FEDERAL
MySpace, Facebook ad plans violate privacy, groups tell FTC
Two consumer advocacy groups have asked the Federal Trade Commission to investigate whether new advertising
initiatives announced last week by social networking sites MySpace and Facebook adequately protect consumer
privacy. In a Nov. 12 letter to FTC Chairman Deborah Platt Majoras, the Center for Digital Democracy and the U.S.
Public Interest Research Group claimed that the "ambitious new targeted advertising schemes" launched by
MySpace.com and Facebook Inc. "make clear the advertising industry's intentions to move full-speed ahead without
regard to ensuring consumers are protected." Jeffrey Chester, founder and executive director of the Center for
Digital Democracy, said that by launching the advertising plans, MySpace and Facebook are "thumbing their noses
at the FTC and consumer privacy rights" by allowing marketers to customize advertisements based on data provided
by users in their profiles on the social networking sites
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9046738&source=NLT_S
EC&nlid=38
(Computer World – 11/13/07)



GOVERNMENT – U.S. STATES



                                                                                                                           8
HEALTH & MEDICAL
AMA Recommends Routine HIV Testing While Protecting Patient Autonomy, Privacy
The American Medical Association recently updated its HIV testing policy to include guidelines supporting routine
HIV testing, while continuing to advocate for the protection of patient privacy and autonomy, the AP/Google.com
reports (AP/Google.com, 5/14). "Understanding and treatment of HIV has grown substantially over the past few
decades," Ardis Hoven, an AMA board member, said, adding, "new policy calls on physicians to routinely test
consenting adult patients for HIV and reflects the reality that if HIV is detected early patients can lead full and
productive lives" (AMA release, 11/13).
http://www.kaisernetwork.org/daily_reports/rep_index.cfm?DR_ID=48905
(Kaiser Network – 11/16/07)

Threats to Your Genetic Privacy
In a season of political divisiveness, the overwhelming majority of Americans agree on one thing: Your genes are
your own business and should not be tapped by employers or health insurers deciding whether you or your family
are fit for their company. Yet the long-awaited GINA, the Genetic Information Nondiscrimination Act, languishes in
lawmaker limbo. The bill, with near-unanimous support of both House and Senate and a president solidly behind it,
has been prevented from sailing through by one senator, physician Tom Coburn of Oklahoma, also known as "Dr.
No," who makes serious sport of placing on hold bills he thinks need fixing.
http://health.usnews.com/articles/health/2007/11/16/threats-to-your-genetic-privacy.html
(US News & World Report – 11/16/07)

Whose records? Does medical privacy law hinder privacy?
A Journal Times editor went to the dentist, and when she picked her medical records folder off a reception desk to
look at it, the office manager publicly and loudly rebuked her. Perhaps the manager was incensed over a violation of
procedure, or was venting anger from something else, but the editor was confused about her rights to look at her
own health records. More than 10 years after it was passed, the Health Insurance Portability and Accountability Act
(referred to by everyone as HIPAA), is still causing confusion in part because people who have to apply it don‘t
necessarily understand it. Beyond the application of rules lies the broader issue of whether people have lost privacy.
http://www.journaltimes.com/articles/2007/11/14/life/doc473a2f9ec1c96741856824.txt
(Journal Times Online – 11/14/07)

Federal patient privacy rule makes it harder to conduct medical research
A federal patient privacy rule is being blamed for stagnating medical research, making it tougher than ever to recruit
patients and use their health records. That's what a national survey suggests. Two-thirds of the more than 1,500
epidemiologists surveyed say the Health Insurance Portability and Accountability Act, known as HIPAA, has made
their research more difficult. The doctor who led the survey says one in nine researchers surveyed say they had
abandoned a research idea because they thought it wouldn't be approved because of HIPAA. Another doctor says
medical professionals are waiting to see if HIPAA becomes more clear in reassuring hospital staff that they're not
going to jail if they work with researchers.
http://www.ktvz.com/Global/story.asp?S=7355518
(KTVZ TV – 11/13/07)



IDENTITY THEFT
Used hard drives are ID theft paradise
Irish people may have improved their record on recycling electronic waste, but it seems security concerns have
fallen by the wayside. According to a study, personal information including credit card numbers, customer data and
client files is being left on hard drives that are being sold into the second-hand market. The drives examined by Rits
were sourced openly on the internet and online auctions. The survey looked at the information remaining on the
disks, unveiling some alarming results. Data found on the drives included client files from insurance brokers and
mobile phone firms, and electrical design data for academic institutions and civic offices.
http://www.enn.ie/article/10123430.html
(ENN – 11/14/07)



                                                                                                                      9
Don't Let Identity Thieves Enjoy a Holiday Shopping Spree on You
The Identity Theft Resource Center(R) gets more calls about lost and stolen wallets between November and January
than any other time of the year. The time between Thanksgiving and Christmas is the biggest shopping season of the
year. As we enter the holiday season, we would like to remind everyone to be aware and take the following
precautions against identity theft. After all, tis' the season to enjoy, not be stressed as an identity theft victim.
Identity theft is not just something you read about in the paper. About 15 million people fall victim to this crime
every year. Because of the distractions of the holidays and crowded shopping environments, conditions are ripe for
identity thieves and pickpockets to take advantage of the situation.
http://www.earthtimes.org/articles/show/news_press_release,221703.shtml
(Earth Times – 11/12/07)

ID Thief Admits Using Botnets to Steal Data
In the first U.S. prosecution of its kind, a well-known member of the "botnet underground" was charged Friday with
using botnets to steal the identities of victims across the country by extracting information from their personal
computers and wiretapping their communications. John Schiefer, 26, of Los Angeles, has agreed to plead guilty to
four felony counts: accessing protected computers to conduct fraud, disclosing illegally intercepted electronic
communications, wire fraud, and bank fraud. Schiefer faces a maximum sentence of 60 years in federal prison and a
fine of $1.75 million. The criminal information and plea agreement filed Friday in U.S. District Court in Los
Angeles outlines a series of schemes in which Schiefer and several associates developed malicious computer code
and distributed that code to vulnerable computers. Schiefer and the others used the illicitly installed code to
assemble armies of up to 250,000 infected computers, which they used to engage in a variety of identity theft
schemes. Schiefer also used the compromised computers to defraud a Dutch advertising company.
http://www.darkreading.com/document.asp?doc_id=138856
(Dark Reading – 11/12/07)

ID theft can be a dead issue
Apparently it's not that hard for a dead person to open a bank account. About 400,000 bank accounts were opened
last year in the names of dead people, James D. McCartney told an audience last week at Germanna Community
College's Fredericksburg-area campus. The people opening the accounts had stolen the identities of the deceased by
buying their Social Security numbers and credit records. It's part of a growing problem of identity theft. More than
90 million American identities have been reported lost or stolen in the past 18 months, said McCartney, an identity
theft expert and author who works for Bearing Point Management and Technology Consultants.
http://fredericksburg.com/News/FLS/2007/112007/11112007/331416
(Fredericksburg Free Lance Star – 11/11/07)



INTERNATIONAL
AFRICA


ASIA/PACIFIC
Flaws in Asia's Maturing IT Security Approach
In the latest Global State of Information Security 2007 (GSIS), employees past and present have taken over the top
spot from hackers as the most likely source of an information security event. Representing a 10 per cent increase
since 2005, 47 per cent of Asian respondents believe that their employees are now the most likely source of security
risk. They now have more fear of the ‗enemy within‘ than of exterior attackers.
http://cio-asia.com/ShowPage.aspx?pagetype=2&articleid=6906&pubid=5&issueid=126
(CIO-Asia – 11/18/07)




                                                                                                                   10
EUROPE
AUSTRIA
Austrian privacy laws 'used to gag media'
Austrian childcare officials have been accused of using privacy laws in an attempt to stop newspapers and TV
stations from exposing their failure to protect children. Officials in the Linz-Urfahr region are demanding substantial
damages from all the media organisations that reported on the case of a mentally disturbed lawyer who kept her
three daughters locked up for seven years. Austrian state broadcaster ORF was fined €22,000 for teletext and online
reports about the case. Gert Edlinger, the managing director of newspaper Österreich, which also faces legal action,
said the case was an "unbelieveable scandal".
http://www.guardian.co.uk/media/2007/nov/16/pressandpublishing.television?gusrc=rss&feed=media
(UK Guardian – 11/16/07)

GREECE
Head of Greek privacy watchdog resigns over police use of cameras to monitor protests
The head of Greece's privacy watchdog resigned Monday over the government's use of traffic cameras to monitor
demonstrations, raising the stakes in a heated dispute over civil liberties. Dimitris Gourgourakis said police "directly
breached" his powerful Data Protection Authority's regulations by using closed-circuit cameras for surveillance at a
central Athens protest Saturday, despite a ban. "I believe this constitutes a blow to the authority's independence,"
said Gourgourakis, a former senior judge. The authority's deputy head and another two members also stepped down
in protest. Opposition parties accused the conservative government of trying to weaken the authority. The
resignations follow a long-running dispute between the government and the authority over police use of surveillance
cameras installed in 2004 for the Athens Olympic Games, which has sparked a broad debate on privacy rights in
Greece.
http://www.iht.com/articles/ap/2007/11/19/europe/EU-GEN-Greece-Cameras-Resignation.php
(International Herald Tribune – 11/19/07)

UNITED KINGDOM
Government policies threaten data privacy, warns information commissioner
Information commissioner Richard Thomas has listed a string of government policies that he feels threaten data
protection rights. The data protection watchdog provided the list to the House of Lords constitution committee as
part of its inquiry into the impact of surveillance and data collection. He highlighted policies including the national
identity database that will underpin the controversial ID cards scheme – ―an area of particular concern‖ – the e-
borders passenger checking policy, the full electronic health records being rolled out as part of the NHS‘s £12.4bn
computer overhaul. Thomas also warned over plans to share road-charging data with police and sections of the
Serious Crimes Act that authorised public sector agencies to access information held on private company databases.
The information commissioner said he questioned why ―so much transactional data is going to be collected‖ on the
national identity database, which would hold a record of every occasion an individual swiped their ID card through a
reader.
http://www.computerworlduk.com/management/government-law/legislation/news/index.cfm?newsid=6271
(Computer World UK – 11/19/07)

Doctors may be prosecuted if their laptops are stolen
Doctors who have laptops containing patients‘ records stolen from their cars could end up in court. Richard Thomas,
the Information Commissioner, said a ―blatant breach of fundamental observation‖ should attract criminal penalties.
He told the Lords‘ Constitution Committee that this was a new criminal offence being sought to enforce compliance
with data protection laws. The offence would be for knowingly or recklessly flouting data protection principles.
Offenders could be fined up to £5,000 in a magistrates‘ court or unlimited sums in the Crown Court.
http://business.timesonline.co.uk/tol/business/law/article2873186.ece
(Times Online – 11/15/07)




                                                                                                                      11
Public concern grows over data protection
The public are increasingly aware of data protection issues, according to research from the Information
Commissioner‘s Office (ICO). People now consider protecting their personal information as the second most
socially important issue above the NHS, national security and environmental issues. Information Commissioner
Richard Thomas said the results of the research were encouraging. "While the majority of organisations process
personal information appropriately, this research highlights the need for all organisations, large and small, to process
customers‘ information securely," he said. The nationwide survey also found that 90 per cent of individuals know
that they have a right to see information that an organisation holds about them, compared with 74 per cent three
years ago.
http://www.computing.co.uk/computing/news/2203452/public-concern-grows-protection
(Computing – 11/14/07)


MIDDLE EAST


NORTH AMERICA
CANADA
Opinion: Survey Finds One In Five Execs Say Their Companies Don't Use Anti-Virus
Software
Just 37 percent of Canadian executives who participated in a survey said they are confident that data in their
companies is protected against attacks, according to this column in The London Free Press. The survey also found
that one in five executives reported that their companies don't use anti-virus software, and 25 percent operate
without a firewall, according to Ledger Marketing, which conducted the survey for Fusepoint Managed Services.
Columnist David Canton said that he is surprised that "more attention is not being placed on security and privacy
and the boardroom or executive level, especially in light of highly publicized incidents such as the TJX Cos. security
breach." Canton said that companies should elevate data security to the top of the executive or board agenda because
"doing nothing, or ignoring the issue, is not an option."
http://lfpress.ca/newsstand/Business/Columnists/Canton_David/2007/11/19/4667152-sun.html
(London Free Press – 11/16/07)

School boards lack privacy protection
Parents should be concerned about the privacy of their children's personal educational records, experts say,
following news that a memory stick containing the names, addresses and phone numbers of more than 500 Alberta
students was stolen this month. At most schools across the country, everything from attendance records to grades to
psychological assessments is now kept in electronic files. And while individual boards of education are regulated by
provincial privacy guidelines, teachers, administrators, school psychologists and guidance counsellors often
transport the information on memory sticks, which are easily lost or stolen. "It really is very efficient, but if backup
copies are going home without password protection, that's a real concern," said Lori Nagy, spokeswoman for the
Edmonton Catholic School District.
http://www.theglobeandmail.com/servlet/story/RTGAM.20071114.wlmemory14/BNStory/Technology/home
(Globe and Mail – 11/14/07)




SOUTH AMERICA




                                                                                                                      12
LEGISLATION – FEDERAL
Privacy concerns plague Senate health IT legislation
The Senate's eagerness to mandate incentives for modernizing healthcare through information technology has
prompted concerns about enacting a law without adequate privacy protections. Psychiatrist Deborah Peel, founder of
the Patient Privacy Rights Foundation, has alerted her coalition of nearly 40 organizations, including the American
Academy of Family Physicians and the American Medical Association, to call the sponsors of a pending bill, S.
1693, about adding a privacy amendment proposed by Patrick Leahy, D-Vt. She said the bill relies too heavily on
privacy standards promulgated under a flawed 1996 law, the Health Insurance Portability and Accountability Act, in
covering non-medical entities like data aggregators.
http://www.govexec.com/dailyfed/1107/111607tdpm1.htm
(Government Executive – 11/16/07)

House passes Restore Act with no telecom immunity provision
The House of Representatives has passed the Restore Act, which facilitates broad surveillance of foreign terror
groups while restoring the Foreign Intelligence Surveillance Act Court's oversight of communications between
foreign and domestic surveillance targets. The Restore Act controversially does not include a provision granting
telecom companies retroactive legal immunity for their involvement in the NSA wiretap program. The major
telecom companies that cooperated with the NSA are accused by privacy advocates of violating federal laws that
restrict disclosure of phone records. The companies face costly and embarrassing litigation as several cases wind
their way through the courts. The telecoms have been lobbying heavily for retroactive immunity grants that would
excuse them of any wrongdoing.
http://arstechnica.com/news.ars/post/20071116-house-passes-restore-act-with-no-telecom-immunity-provision.html
(Ars Technica – 11/16/07)
Also see:
      No immunity for telecoms
          http://www.registerguard.com/csp/cms/sites/dt.cms.support.viewStory.cls?cid=24248&sid=1&fid=1
          (Register Guard – 11/19/07)
      Carriers Try To Avoid The Warrantless Eavesdropping Spotlight
          http://www.informationweek.com/security/showArticle.jhtml?articleID=203103309
          (Information Week – 11/1/7/07)

Under bill, companies could face privacy suits
Congress appeared headed toward a confrontation with President Bush on Thursday over House and Senate plans to
require that telecommunication firms that aided the administration's warrantless surveillance program be subject to
lawsuits from American customers. The House of Representatives approved Thursday night a Democrat-sponsored
foreign surveillance bill that would block retroactive immunity from lawsuits for telecoms that facilitated
wiretapping or shared customer information with the federal government from the Sept. 11 attacks until this past
January. The bill passed 227-189. Bush has promised to veto any measure that does not include such immunity.
http://www.usatoday.com/news/washington/2007-11-15-fisa_N.htm
(USA Today – 11/16/07)



LEGISLATION – STATE
NEW HAMPSHIRE
Judge questions privacy argument of voter info law
The New Hampshire Democratic Party has agreed to stop selling voter information data while a judge considers
whether a law allowing political parties to do so is unconstitutional. The Libertarian Party is challenging the law,
passed earlier this year, which only allows major parties to purchase previously unavailable voter information from
the state. Under the law, only parties which received more than 4% of the vote qualify, meaning only Democrats and
Republicans. The state Republican Party has said it is not selling the voter list. The state Democratic Party has sold
updated lists, containing voter history and birth years, to several presidential candidates at $65,000 each.
http://www.wcax.com/Global/story.asp?S=7370893&nav=menu183_7_2_1
(AP – 11/16/07)



                                                                                                                   13
Also see:
     Judge doubts basis of voter data law
         http://www.concordmonitor.com/apps/pbcs.dll/article?AID=/20071116/FRONTPAGE/711160303
         (Concord Monitor – 11/16/07)



LITIGATION & ENFORCEMENT ACTIONS
Vets Can Sue VA Over Stolen Laptop
A federal judge questioned the Veterans Affairs Department's computer security and ruled Friday that lawsuits can
go forward over the theft of computer equipment containing data on 26.5 million veterans. U.S. District Judge James
Robertson dismissed several aspects of the case but said the three lawsuits sufficiently made the claim that the
agency failed to safeguard personal information, as required by the Privacy Act. "The government's own evidence
raises serious questions about the VA's computer safeguards," Robertson wrote, citing government reports that
faulted the agency's computer security years before the theft. A laptop and hard drive were stolen last year during a
burglary at the home of a Veterans Affairs employee. The equipment contained the names, Social Security numbers
and birth dates of veterans discharged since 1975. It was the worst-ever breach of government data.
http://ap.google.com/article/ALeqM5gqGfy6HNMsTyAGUesRe43dQCGsDgD8SV20PO2
(AP – 11/17/07)

Visa Gave TJX Until 2009 to Get PCI Compliant
Credit card company Visa knew in late 2005 of the extensive security problems at TJX, but decided to give the
retailer permission to remain non-compliant through Dec. 31, 2008, according to documents filed in federal court on
Nov. 8. The Dec. 29, 2005, letter from Joseph Majka, a fraud control vice president for Visa, was written months
after cyber-thieves had already secretly infiltrated TJX's systems, starting the work that would ultimately become the
worst data breach in credit card history. Majka wrote the letter to Diana Greenshaw, an official with TJX's credit
card processor, Fifth Third Bank. "Visa will suspend fines until Dec. 31, 2008, provided your merchant continues to
diligently pursue remediation efforts. This suspension hinges upon Visa's receipt of an update by June 30, 2006,
confirming completion of stated milestones."
http://www.eweek.com/article2/0,1895,2215022,00.asp
(eWeelk – 11/10/07)



MOBILE/WI-FI
Expect a rocky road for mobile data security, experts say
You‘re in for a nasty surprise if you think mobile broadband devices will be free of the security problems that long
have plagued PCs, said a panel of security experts at the Mobile Internet World conference. The panel, which
discussed how companies could protect their data in the era of iPhones and open source Android platforms,
generally agreed that most handsets that provide high-speed Internet access are vulnerable to the same kinds of
security problems that PCs experienced before the advent of firewalls, VPNs and other security systems. The reason
that many of these devices lack stringent security measures, they said, is that companies don‘t want to invest heavily
in security protocols for mobile devices that they aren‘t certain will be profitable.
http://www.networkworld.com/news/2007/111507-mobile-data-security-problems.html?fsrc=rss-security
(NetworkWorld – 11/15/07)




                                                                                                                   14
Many Retailers Open to Wireless Attacks
"Today's retailer faces a greater threat from data breaches than from simple theft," says Amit Sinha, CTO
AirDefense. During the study, company staffers used wireless antennas to test the wireless "perimeters" of some
3,000 stores in major malls across the globe. The company discovered some 2,500 laptops, hand-helds, and barcode
scanners and approximately 5,000 access points -- and about 85 percent of them would have been relatively easy to
hack, Sinha says. "Twenty-five percent of them were completely open -- they weren't secured at all," Sinha reports.
"Another 25 percent were protected only by [Wired Equivalent Protection]," a security technology that has been
widely proven to be vulnerable. Twelve percent of the wireless LANs tested were configured with the name of the
store as the Service Set Identifier (SSID), "which is like giving the thief a map to your store," Sinha says. Many
other wireless devices were still configured with out-of-the-box default passwords, most of which can be found in
widely-published lists on the Web.
http://www.darkreading.com/document.asp?doc_id=139291&WT.svl=news1_2
(Dark Reading – 11/15/07)



ODDS & ENDS
The Picture Of Conformity: In a Watched Society, More Security Comes With Tempered
Actions
This Washington Post article looks at the cultural and individual impacts of constant surveillance. Experts say that
surveillance strips people of their public anonymity and forces conformity at the expense of individual creativity and
expression. Author Jeffrey Rosen tells the Post that it is important for individuals to have a "sphere of immunity
from surveillance to be yourself and do things that people in a free society take for granted." He added that the loss
of autonomy is one of the "amorphous costs of having a world where there's no immunity from surveillance." The
constant evolution of technology makes it difficult to immediately notice the impacts. Paul Saffo, a technology
futurist, says that "it's a little bit like locked doors," adding that today "nobody has any concept of what it's like to
have a house without a locked door or a security system." The story also looks at surveys that indicate mixed
reactions to government surveillance post-Sept. 11
http://www.washingtonpost.com/wp-dyn/content/article/2007/11/15/AR2007111502482.html
(Washington Post – 11/16/07)

NYPIRG warns of travelers’ shopping privacy concerns
As we enter the holiday travel season, the New York Public Interest Research Group has updated their consumer
Web site, www.CyberStreetSmart.org, with a new report to help travelers shop around for better privacy policies
and protect their identities. ―You have to share a lot of personal information to book a flight or a hotel online,‖
said Amanda Hanley a SUNY New Paltz student with NYPIRG. ―If that information isn‘t treated carefully, you
could be at risk for ID theft.‖ Since 63 percent of Internet users plan trips on the Web and ID theft is the most
commonly reported Internet crime, NYPIRG contends that street-smart consumers should know how businesses
plan to use, share and safeguard their information.
http://www.midhudsonnews.com/News/online_shop_priv-16Nov07.html
(Mid-Hudson News – 11/16/07)

Web Site Features Could Affect Trust in Candidates
If voters judge presidential candidates on Web site privacy and other features, some campaigns may want to revisit
their site design. A new report measuring the prominence of privacy policies and other criteria found campaign sites
for Hillary Clinton, John Edwards, Rudy Giuliani, Barack Obama, Mitt Romney and Fred Thompson each failed at
least one test, while Clinton's site was the only one to fail all three tests applied. When Forrester Research evaluated
the candidates' Web sites last month to measure how prominently privacy policies were presented when users took
critical actions, all six sites flunked. Specifically, the research firm looked at whether privacy policies were
displayed in context when users were asked for personal data, particularly when registering for e-mail alerts or
making a donation.
http://www.clickz.com/3627618
(ClickZ – 11/16/07)




                                                                                                                      15
ONLINE
McAfee Sees Cybercriminals Targeting Web 2.0, Windows Vista, and Online Games
Threats to Web 2.0 sites, Windows Vista, and online games are expected to increase in 2008, along with attacks on
IM, virtualization, and VoIP software, according to security firm McAfee.
http://www.informationweek.com/news/showArticle.jhtml?articleID=203100959
(InformationWeek – 11/15/07)

Facebook Encounters Difficulty Deleting Account
Channel 4 aired a story based on a UK user's discovery that he was unable to remove his Facebook account.
Facebook allows users to deactivate their accounts, but according to this report, the information stays indefinitely on
the company's servers. The deactivation approach allows users to easily rejoin, according to this report. Facebook
told the television station that it complies with the country's Data Protection Act. The Information Commissioner's
Office told Channel 4 that it plans to investigate the viewer's complaint, and added in a statement that Web sites
should "ensure that personal information is not retained for longer than necessary especially when the informant
relates to a person who no longer uses the site."
http://www.channel4.com/news/articles/science_technology/facebook%20data%20protection%20row/1060467
(Channel [UK] 4 – 11/17/07)
Also see:
      Facebook May Face U.K. Privacy Probe
          http://blog.wired.com/business/2007/11/facebook-faces.html
          (Wired.com – 11/19/07)

The Facebook betrayal - users revolt over advertising sell-out
It used to be a great way to swap student party drinking stories. Office workers embraced it as a chance for a quick
escape from the daily drudgery – until their bosses banned it. And 50-something parents marvelled at a virtual
window on what their children were up to. That is the appeal of Facebook, which in little more than a year has
exploded from an elite student-only club into a global social networking phenomenon with more than 54 million
users. But with Facebook's latest attempt to turn those users into dollars, the site that was started in 2004 as a way
for one Harvard student, Mark Zuckerberg, to stay in touch with his classmates has grown up faster than a child who
has just found out the truth about Father Christmas. Like that kid on Christmas Eve, the innocence of Facebook's
users, including almost 11 million in the UK, has been shattered by the site's decision to fall into the clutches of the
corporate world.
http://news.independent.co.uk/sci_tech/article3172153.ece
(The Independent – 11/18/07)

Thousands of Unprotected Databases Litter the Internet
After checking 1,160,000 random IP addresses, a security firm found nearly half a million database servers on the
Internet not protected by firewalls—most of them were running Microsoft SQL Server, but a healthy portion of them
were Oracle databases. Next Generation Security Software released on Nov. 12 a report saying the company found
368,000 Microsoft SQL Server databases and around 124,000 Oracle database servers, all directly accessible on the
Internet. Between the two vendors, there were 492,000 unprotected database servers out on the Internet without
firewalls.
http://www.eweek.com/article2/0,1759,2217123,00.asp
(eWeek – 11/14/07)




                                                                                                                     16
RFID
Enhanced driver's licence approval sparks privacy caution
Recent news from the U.S. Department of Homeland Security (DHS) about allowing enhanced driver's licences to
be used as alternative to passports for U.S. - Canada border crossing, renewed talks around the privacy issues
surrounding the use of radio frequency identification (RFID) technology. RFID enables the wireless transmission of
data over short distances, through the use of an RFID tag that transmits data, and a reader that receives the data from
the tag. This technology is being eyed by Canadian provincial governments as a means to implement high-tech and
highly secured driver's licences.
http://www.intergovworld.com/article/567312d80a010408008b33e86bd7c189/pg1.htm
(InterGovWorld – 11/19/07)

Public Trust of RFID
In October, California Governor Arnold Schwarzenegger signed a law banning the forced implantation of radio-
frequency identification (RFID) tags in humans by an employer. RFID tags are basically a microchip attached to an
antenna which transmits information with radio waves. A scanner picks up these radio signals and sends the
information to a computer system, thus identifying the item the chip is attached to. RFIDs are used today to track
inventory, in library books, passports, automatic toll bridge systems and even credit cards. According to the study
"RFID Reports: 'Public Policy: Understanding Public Opinion,'" by Auto-ID Labs, University of Cambridge, U.K.,
the main concern of people "is that they do not have a choice as to when or where the technology is used or as to
how it will impact them." They are also concerned that the technology will be abused, creating a negative affect on
their privacy. State Senator Joe Simitian -- sponsor of a California bill banning forced RFID implantation in humans
-- admits that RFID is not necessarily a bad thing. "RFID technology is not in and of itself the issue. RFID is a
minor miracle, with all sorts of good uses," said Simitian. "But we cannot and should not condone forced 'tagging' of
humans. It's the ultimate invasion of privacy."
http://www.govtech.com/gt/185756?topic=117676
(Government Technology – 11/14/07)



SECURITY
DNS Servers in Harm's Way
"There are many organizations who are still in the dark about managing their external DNS," says David Ulevitch,
CEO of OpenDNS. "Just as people run firewalls and anti-spam systems, it's important for them to manage the DNS
coming into, and leaving, their network. "Many organizations today manage their internal DNS, but leave their
Internet-facing DNS wide open to abuse their network and act as a vector for malicious activity," he says.
http://www.darkreading.com/document.asp?doc_id=139525&f_src=darkreading_informationweek
(Dark Reading – 11/19/07)

Thumb twiddling Mozilla promises fix for privacy-biting bug
Mozilla's head of security has promised a patch for a dangerous vulnerability that's been lurking in the popular
Firefox browser for more than eight months. The new urgency in fixing the jar: protocol handler comes after
bloggers in recent weeks demonstrated how the vulnerability could wreak real-world havoc, including allowing
attackers to steal a victim's Gmail contacts. Short for Java Archive, the jar: protocol is used to compress Java classes
and other types of files into a single file. Problem is, the protocol will open any zip-formatted file without first
validating the MIME type of the archived contents. Malicious content is then run in the context of a trusted site. "An
attacker can use this to evade filtering on sites that allow users to upload content and use this [to] initiate a cross site
scripting attack," Window Snyder, Mozilla's security chief, wrote in this post on the Mozilla Security blog. "This
may allow the attacker to access information stored on the trusted site without the victim's knowledge."
http://www.channelregister.co.uk/2007/11/19/upcoming_firefox_patch/
(Channel Register – 11/19/07)




                                                                                                                         17
Password Security Do's and Don'ts Outlined by Security and Privacy Company
Online hackers don't need high-tech tools to guess the passwords of many online account holders today. Once they
have access to a computer, stored files and family photos can give hackers all the clues they need. With some time,
guess work and the use of trial and error, it doesn't take some hackers long to virtually take over an online account
holder's financial life. One of the problems with passwords is that users forget them. Hackers know that many online
account holders use simple, easy to remember people, places or things for their passwords. In a Nov. 15 press
release, Adaptive Marketing's security and privacy membership program, Privacy Matters, urges all consumers to
create and maintain safe passwords for their online accounts. Taking some time to review the company's do's and
don'ts of password security may be time well-spent.
http://www.associatedcontent.com/article/449909/password_security_dos_and_donts_outlined.html
(Associated Content – 11/16/07)

Corporate data control policies are failing
More than a fifth of employees stores corporate files on memory sticks, despite the risk to security, new research has
found. A survey of 300 employees across the UK and Ireland found that nearly half – 49% - stored work material
―in multiple locations‖, with 21% holding it on portable USB memory sticks. Another 14% of employees said they
stored corporate material on a laptop hard drive, with 9% admitting that they kept work-related material on non-
work owned personal devices, the research by Dynamic Market for enterprise content management company, Tower
Software found. Lost and stolen laptops have been at the heart of a string of recent corporate data security breaches.
Last month, HM Revenue and Customs became the latest high profile organisation to lose customer data after the
theft of a laptop from an employee‘s car.
http://www.computerworlduk.com/management/security/data-control/news/index.cfm?newsid=6177
(Computer World – 11/14/07)

Looming Online Security Threats in 2008
It's nearly enough to make you long for the days of typo-ridden e-mails pretending to come from your bank. As
Internet users display more of their personal information on social networking Web sites, and office workers upload
more sensitive data to online software programs, computer hackers are employing increasingly sophisticated
methods to pry that information loose. In many cases, they're devising small attacks that can fly under the radar of
traditional security software, while exploiting the trust users place in popular business and consumer Web sites. In
September, the names and contact information for tens of thousands of customers of Automatic Data Processing
(ADP) and SunTrust Banks (STI) were stolen from Salesforce.com (CRM), which provides online customer
management software for those two companies. The incident occurred after a hacker tricked a Salesforce employee
into disclosing a password.
http://www.businessweek.com/technology/content/nov2007/tc2007119_234494.htm?chan=technology_technology+
index+page_top+stories
(Business Week – 11/12/07)

'LoJack' For Backup Tapes?
A new spin on tape storage management could be near with Fujifilm testing technology to help its large corporate
customers use GPS to keep track of their backup tapes -- whether they're in storage or in transit. The imaging and
media giant is beta testing a tape-sized device that can help companies pinpoint their backup tapes to within meters.
"The genesis of this product was we were watching the news reports just like everybody else in this industry," Rich
Gadomski, vice president of marketing for Fujifilm, told InternetNews.com. "So we wondered why there wouldn't
be a tracking device to help keep track of these assets. And that's what we eventually developed, and are testing right
now in the Tape Tracker."
http://www.internetnews.com/ent-news/article.php/3710516
(Internet News – 11/12/07)




                                                                                                                    18
SEMINARS
Internet Identity Workshop.
December 3-5, 2007
Mountain View, CA
http://www.windley.com/events/iiw2007b/register.shtml

Seattle Technology Law Conference
December 13-14, 2007
Seattle, WA.
http://www.lawseminars.com/seminars/07COMWA.php

US Department of Homeland Security Privacy Office Public Workshop: CCTV
Developing Privacy Best Practices.
December 17-18, 2007
Arlington, VA
privacyworkshop@dhs.gov

ACI's 7th National Symposium on Privacy & Security of Consumer and Employee Information
January 23-24, 2008
Philadelphia, PA.
http://www.americanconference.com/privacy

Computer Professionals for Social Responsibility: Technology in Wartime Conference
January 26, 2008
Stanford University
http://cpsr.org/news/compiler/2007/Compiler200707#twc

IAPP Privacy Summit
March 26-28, 2008
Washington, D.C.
http://www.privacysummit.org/

Future of the Internet Economy - OECD Ministerial Meeting
June 17-18, 2008
Seoul, Korea
http://www.oecd.org/document/19/0,2340,en_2649_37441_38051667_1_1_1_37441,00.html

Conference on Ethics, Technology and Identity.
The Hague.
June 18-20, 2008.
http://www.ethicsandtechnology.eu/ETI

               _____________________________________________________________________

PAPERS
Cyber Security Threat Assessment
About This Compilation: Congressional staff have indicated to Internet Caucus Advisory Committee staff that
succinct Internet policy position papers from a variety of perspectives would be helpful in their Congressional work.
Based on that suggestion, the ICAC has requested of all its 200 member organizations one pager issue briefs on the
topic of Assessing the Nature of our Cyber Security Vulnerabilities The position papers herein reflect only the
perspective of the organization that submitted it. The ICAC hopes that the scope of submissions reflects a balanced
and diverse perspective on this issue. This one pager compilation serves to augment the Internet Caucus Advisory
Committee event providing a Cyber Security Threat Assessment.



                                                                                                                   19
http://www.netcaucus.org/events/2007/threatassessment/one-pagers/

Security Experts Report on Hazards of New Surveillance Architecture
This summer's Protect America Act (PAA) temporarily authorized warrantless surveillance of communications that
Americans have with individuals abroad. The use of this authority will require the deployment of new interception
technologies. These new technologies raise several significant security risks. The report identified the three most
serious security risks. The experts pointed to the danger that the system could be exploited by unauthorized users.
Another risk is the misuse by a trusted insider. The third major risk is misuse by the US government.
http://www.crypto.com/papers/paa-comsec-draft.pdf




                                                                                                                  20

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:53
posted:11/14/2010
language:English
pages:20
Description: Typo in Address in Notice to Quit in California document sample