Monday, March 27, 2006

40,000 BP workers exposed in Ernst & Young laptop loss | The Register Like sands through the hourglass, these are The Days of Ernst & Young laptop loss. Yes, friends, The Register can confirm that BP has been added to the list of Ernst & Young customers whose personal data has been exposed after a laptop theft. BP joins Sun Microsystems, Cisco and IBM in this not so exclusive club. Ernst & Young has sent out a letter to all 38,000 BP employees in the US, telling them that a laptop theft had exposed their names and social security numbers. To keep the BP staff's mind at ease, Ernst & Young said that the file name containing their info did not indicate what type of information was on the laptop, and the laptop was password protected. Phew! Ernst & Young confirmed that this is the very same laptop that held data on the Sun, Cisco and IBM workers. All of these data losses were revealed by us in a set of exclusive stories. Ernst & Young also recently lost four more laptops in Miami, although it has not said which customers were affected in those incidents. Oddly, the Ernst & Young saga has gone untouched by other media outlets. That's somewhat surprising given the vigor with which security reporters chased down our initial confirmation yesterday that a Fidelity Investments laptop loss had exposed the personal information of 200,000 HP employees. 11:12:40 AM  PermaLink   / trackback []

Trojan intercepts bank tokens | The Register A newly discovered Trojan is intercepting the TAN codes used as security tokens by customers of two major German banks, Postbank and Deutsche Bank, according to anti-virus experts. Until now, TAN codes were pretty safe, in particular against phishing attacks, as these tokens are sent either through (snail) mail or by SMS. Phishing scammers would not only have to know a customer's login details and password to enter an online bank account, but also the token to enable transactions. For this reason, many European banks have adopted the system for online banking. 11:06:10 AM  PermaLink   / trackback []

Claria Leaves Adware Business. Claria Leaves Adware Business. Alex Stern writes "In an attempt to clean up its tarnished name, Claria has hired Deutsche Bank to help them sell off the software tools that were previously supported by their adware. Claria says they are unwilling to sell the software for the GAIN ad network, or the data they have collected from their users. Claria is also holding on to their eWallet software that manages passwords. On July 1, Claria will shutdown the GAIN network and inform their users they can either uninstall their software or pay for it. Claria's new business model is 'a new platform designed to provide consumers with a personalized Internet experience.'" [Slashdot] 10:38:05 AM  PermaLink   / trackback []

Misconfigured Webserver, Threats to Call FBI. Misconfigured Webserver, Threats to Call FBI.  the_harlequin writes "The Register is reporting that a city manager threatened to call the FBI over a misconfigured webserver. From the article: "The heartland turned vicious this week when an Oklahoma town threatened to call in the FBI because its web site was hacked by Linux maker CentOS. Problem is CentOS didn't hack Tuttle's web site at all. The city's hosting provider had simply botched a web server." Here's the link to the posts (with the full email correspondence) on the CentOS site" [Slashdot] 10:22:08 AM  PermaLink   / trackback []

E-Commerce News: Security : Data Security Bill Sparks Privacy, Technological Concerns In the wake of a string of high profile data breaches reported by banks, retailers and credit card companies, a U.S. House panel on Thursday approved a bill drafted to protect consumers from identity theft and credit card fraud. The House Financial Services Committee cleared the Financial Data Protect Act of 2005, which spells out requirements for companies to investigate breaches and notify law enforcement and consumers. The law seeks to ease compliance for the financial industry by setting a national standard for data security that overrides state notification and credit freeze laws. Democrats are criticizing the bill, claiming it erodes essential protections that allow consumers to prevent identity thieves from opening credit accounts in their names and require companies to inform consumers when their personal data have become compromised. Meanwhile, privacy lawyers and information security companies are beginning to weigh in on the potential ramifications of this pending legislation. "It is ironic that after a year in which over 55 million Americans' identities were put at risk through preventable data breaches, the House Financial Services Committee would repeal state laws that have protected consumers from identity theft," said Susanna Montezemolo, policy analyst with Consumers Union, nonprofit publisher of Consumer Reports magazine. 10:14:45 AM  PermaLink   / trackback []

Google's Wi-Fi Privacy Ploy (The Nation) Consumers and public officials should have no illusions that what is being touted as a public benefit is also designed to spur the growth of a mobile marketing ecosystem, an emerging field of electronic commerce that is expected to generate huge revenues for Google, Microsoft, AT&T and many others. Soon, wherever we wander, a ubiquitous online environment will follow us with ads and information dovetailed to our interests and our geographic location. Unless municipal leaders object, citizens and visitors will be subjected to intensive data-mining of their web searches, e-mail messages and other online activities are tracked, profiled and targeted. The inevitable consequences are an erosion of online privacy, potential new threats of surveillance by law enforcement agencies and private parties, and the growing commercialization of culture. [...] Not everyone is enthused by the Google/Earthlink model. San Francisco was advised by a trio of privacy advocates to develop policies that would respect personal privacy. In letters to the city, the ACLU of Northern California, the Electronic Frontier Foundation and the Electronic Privacy Information Center (EPIC) urged the adoption of a "gold standard" for data privacy, insuring that its Wi-Fi system would "accommodate the individual's right to communicate anonymously and pseudonymously." The groups also suggested that the city require any Wi-Fi company to allow users to "opt in" to any data-collection scheme. [Full disclosure: I rent office space in Washington, DC, from EPIC]. 10:09:46 AM  PermaLink   / trackback []

DMCA Rulemaking Hearings Underway. DMCA Rulemaking Hearings Underway. On Thursday, the Copyright Office held the first in a series of hearings on its triennial DMCA Anti-Circumvention Rulemaking in Palo Alto, CA. Every three years, the Copyright Office solicits proposals to exempt specified classes of works from the DMCA[base ']s prohibition against circumvention of technological measures that control access to copyrighted works. Seventy-four such proposals were submitted in the current proceeding, two of which were discussed at yesterday[base ']s hearing. [...] The rulemaking hearings will continue next week in Washington, D.C. with discussions of proposed exemptions for compilations of Internet locations blocked by filtering software, ebooks that prevent the use of read-aloud functions, CDs protected by technological measures that create root-kit-like security vulnerabilities, computer programs protected by obsolete dongles, audiovisual works protected by technological measures that prevent their educational use, and audiovisual works in the public domain. [EFF: Deep Links] 9:58:43 AM  PermaLink   / trackback []