| |
|
Friday, March 16, 2007
|
|
Careful What You Search For..... LIVE WEBCAST
(Source: Oracle) Security is the greatest single issue for IT groups today. IT must balance how to enable people to find the information they need to do their work, and at the same time protect the information they should not access. See how Oracle Secure Enterprise Search enables two organizations to deliver secure, low-cost, and easy-to-deploy search solutions that eliminate information overload, and are as easy to use as popular Internet search engines. [Computerworld Privacy News]
3:43:39 PM 
|
|
Although the use of the Internet to buy and sell online has
introduced a slew of security concerns within the payment services
industry, Visa USA president and CEO John Philip Coghlan insists that
technology is the solution to combating fraud -- not the cause of it.
Coghlan also pointed out during Visa's security summit in Washington,
D.C., Thursday that data breaches are neither random nor inevitable if
proper security measures are taken.
The TJX data breach
"was a stark reminder to all of us that such events can have vast reach
and consequences," Coghlan said. Such breaches create mistrust and can
undermine efforts make to build a good brand image. But, he made clear,
"the majority of compromises come from storage of prohibited data and using vulnerable systems to process data."
TJX, the parent company of retailers T.J. Maxx, Marshalls, HomeGoods,
and others, made headlines in February when it revealed an attack on
its systems had resulted in the theft of customer information.
Just as the headlines were threatening to die down, TJX announced a few
weeks later that intrusions into its system actually began as early as
July 2005, rather than beginning in May 2006 as the company had
originally reported.
While the exact nature of the TJX data breach has not yet been
revealed, in general, financial information is stolen in a number of
ways, including the physical theft of a wallet, checkbook, or credit
card; theft of information from one's home from friends, relatives, or
in-home employees; phishing messages that trick people into divulging information to fraudsters; hacks, viruses, and spyware on a PC or ATM machine; and a corrupt business employee with access to your records.
But data theft is not random. Instead, it's perpetrated against
businesses with the weakest security and the most valuable information,
Coughlin said Thursday, adding, "More than 80% of all dollars lost come
from 20% of fraudulent transactions."
3:39:19 PM
|
|
Very revealing speech last
week by John Coughlan, Visa USA's CEO, who insists that the technology
is available to prevent cardholder data falling into the wrong hands.
In
a speech at Visa's security summit in Washington late last week,
Coughlan said that cardholder data breaches are neither random nor
inevitable if proper security measures are taken.
The TJX (TJ Maxx) data hack, he said, "was a stark reminder to all of us that such events can have vast reach and consequences."
According
to Coughlan, such hacks can create mistrust and undermine efforts to
build a positive brand image. But, he said, the majority of system
compromises result from the storage of prohibited data and using
vulnerable systems to process data.
3:36:34 PM
|
|
Internet censorship is spreading rapidly, being practised by about two
dozen countries and applied to a far wider range of online information
and applications, according to research by a transatlantic group of
academics.
The warning comes a week after a Turkish court ordered the blocking
of YouTube to silence offensive comments about Mustafa Kemal Ataturk,
the founder of modern Turkey, marking the most visible attack yet on a
website that has been widely adopted around the world. A recent
six-month investigation into whether 40 countries use censorship shows
the practice is spreading, with new countries learning from experienced
practitioners such as China and benefiting from technological
improvements. OpenNet Initiative, a project by Harvard Law School
and the universities of Toronto, Cambridge and Oxford, repeatedly tried
to call up specific websites from 1,000 international news and other
sites in the countries concerned, and a selection of local-language
sites.
The research found a trend towards censorship or, as John
Palfrey, executive director of Harvard Law School's Berkman Center for
Internet and Society, said, "a big trend in the reverse direction",
with many countries recently starting to adopt forms of online
censorship. Ronald Deibert, associate professor of political
science at the University of Toronto, said 10 countries had become
"pervasive blockers", regularly preventing their citizens seeing a
range of online material. These included China, Iran, Saudi Arabia,
Tunisia, Burma and Uzbekistan. New censorship techniques include
the periodic barring of complete applications, such as China's block on
Wikipedia or Pakistan's ban on Google's blogging service, and the use
of more advanced technologies such as "keyword filtering", which is
used to track down material by identifying sensitive words. Methods
such as these are being copied as countries new to censorship learn
from those with more experience. "There's a growing awareness of best
practice - or rather, worst practice," Mr Deibert said.
3:14:16 PM
|
|
Web Censorship on the Increase.
mid-devonian writes "Close on the heels of the temporary blocking of YouTube by a Turkish judge, a group of academics has published research showing that Web censorship is on the increase
worldwide. As many as two dozen countries are blocking content using a
variety of techniques. Distressingly, the most censor-heavy countries
(which includes China, Iran, Saudi Arabia, Tunisia, Burma and
Uzbekistan) seem to be passing on their technologically sophisticated
techniques to other areas of the world. 'New censorship techniques
include the periodic barring of complete applications, such as China's
block on Wikipedia or Pakistan's ban on Google's blogging service, and
the use of more advanced technologies such as 'keyword filtering',
which is used to track down material by identifying sensitive words.'" [Slashdot: Your Rights Online]
3:10:15 PM
|
|
PATRIOT Act Apologist Site Didn't Get the Memo. Last week, the Department of Justice Inspector General's office released a damning report documenting the FBI abusing its powers under the PATRIOT Act and violating the law to collect Americans' telephone, Internet, financial, credit, and other personal records about Americans without judicial approval.
It appears that not everyone at the DOJ got the memo. The DOJ's Life and Liberty website, a site dedicated to defending the honor of the PATRIOT Act during the re-authorization process last spring, still reads as if nothing has changed. Particularly in the light of the newly revealed truth, many of the quotes now seem (at best) naive.
Under the headline of "Examining the Facts", the DOJ asserts that PATRIOT has "four-year track record with no verified civil liberties abuses." The site quotes an op-ed by former House Judiciary Committee Chairman James Sensenbrenner:
Zero. That's the number of substantiated USA PATRIOT Act civil liberties violations. Extensive congressional oversight found no violations. Six reports by the Justice Department's independent Inspector General, who is required to solicit and investigate any allegations of abuse, found no violations.
Wow, that sure sounds good. Unfortunately, the new report reveals that is is simply not true: the inspector general identifies dozens of instances in which extra-judicial demands for personal information -- known as National Security Letters -- may have violated laws and agency regulations.
In the Archive section, the site includes quotes from an op-ed by Senator Pat Roberts responding to critics like ourselves:
I regret to say it, but the rhetoric of those opposed to permanently authorizing the act has no substance and borders on paranoia. Opponents have criticized the act for years but can cite only hypothetical abuses. Facts are stubborn things. The actual record is quite clear - there have been no substantiated allegations of abuse of Patriot Act authorities, period.
Critics could only point to hypothetical abuses because the fox was guarding the hen house. Senator Roberts also opined that:
Through aggressive congressional oversight, we know the FBI uses Patriot Act authorities within the law.
It's now clearer than ever that the oversight was not aggressive enough, with the report documenting that the FBI decieved Congress about its use of the letters. The report is likely only the tip of the iceberg. Immediate and thorough oversight hearings are necessary to uncover the truth and hold the Administration accountable.
Tell Congress to defend your privacy now. [EFF: Deep Links]
2:45:28 PM
|
|
RIAA to Universities: Help Us Threaten Your Students. Not content with wasting universities' resources via their usual tactics--i.e., flooding them with machine-generated complaints about file sharing--the major record labels are now demanding that universities help them shake down students.
The RIAA has asked universities and colleges to forward "pre-lawsuit" letters to alleged filesharers that promise a "discounted" settlement price if the student agrees to pay up immediately. Forwarding the letters saves the RIAA the trouble and expense of filing a lawsuit to obtain students' contact information--a savings that may be redirected to more lawsuits.
To add insult to injury, the letters advise students to contact the RIAA if they have any questions. It's safe to say that the RIAA is unlikely to give students the full picture. For example, will the RIAA tell students that parents are generally not liable for infringements committed by their kids, or that the record labels sometimes sue the wrong people? Probably not.
We think students should seek out less biased sources of information--and their institutions should assist in that process. Toward that end, we've put together a short FAQ to help students learn more about their options; we hope colleges and universities that forward the RIAA's threat letter will take the additional step of directing students to this FAQ as well as other neutral information sources.
Of course, the RIAA should not be putting universities in this perverse position in the first place. If you'd like to help academic institutions get back to their real mission--educating students, not helping to threaten them--Take action now to help stop the lawsuit campaign. [EFF: Deep Links]
2:43:13 PM
|
|
|
© Copyright 2007 Paul Hardwick.
Last update: 3/18/07; 9:39:13 PM.
|
|
|
