| |
|
Tuesday, August 22, 2006
|
|
Any business traveler who has logged on to a wireless network at the airport, printed a document at a hotel business center or checked e-mail messages at a public terminal has probably wondered, at least fleetingly, "Is this safe?"
[...]
"The first step companies need to do is to educate people about how
valuable the data is and also how small the circles are in which they
travel," he said, noting how loudly many people discuss business on
cellphones, without a thought for who may be nearby. Or what may
be in the air. Robert Vamosi, a senior editor with the online
technology publisher CNET, said wireless networks at airports -- or for
that matter, hotels or cafes -- are not as secure as most people think.
"Someone may have some software on their computer that allows them to
look at all the wireless transactions going on around them and capture
packets that are floating between the laptop and the wireless access
point," he said. These software programs are called packet
sniffers and many can be downloaded free online. They are typically set
up to capture passwords, credit card numbers and bank account
information -- which is why Mr. Vamosi says shopping on the Web is not
a great way to kill time during a flight delay. "Where I'd draw
the line is putting in your bank account information or credit card
number," he said, adding that checking e-mail messages probably is not
that risky, but if you want to be cautious, change your password once
you are on a secure connection again. [...] Last fall, InfoWorld magazine published an article about a security
researcher who managed to collect more than 100 passwords, per stay, at
hotels with lax security (about half the hotels she tested). [...] Using a public computer can also mean courting trouble, because data
viewed while surfing the Web, printing a document or opening an e-mail
attachment is generally stored on the computer -- meaning it could be
accessible to the next person who sits down. (To remove traces of your
work, delete any documents you have viewed, clear the browser cache and
the history file and empty the trash before you walk away.)
"You also run the risk that somebody has loaded a program on there that
can capture your log-ins and passwords," Mr. Louderback said, recalling
an incident a few years ago when a Queens resident was caught
installing this type of "key logger" software on computers at several
Kinko's locations in New York.
1:01:34 PM 
|
|
Foreign visas and information on U.S. aircraft protection are vulnerable to unauthorized access because of shortcomings in the Homeland Security Department's use of technology, according to a report released yesterday by the department's inspector general.
The report says the security issues involve the use of radio frequency identification chips (RFID) and databases at three Homeland Security agencies.
"These security-related concerns, if not addressed, increase the potential for unauthorized access to DHS resources and data," the report said. "We identified vulnerabilities on databases that could be exploited to gain unauthorized or undetected access to sensitive data."
The report was only able to focus on Customs and Border Protection (CBP), Transportation Security Administration (TSA), and the U.S. Visitor and Immigrant Status Indicator Technology program (US-VISIT) because the department lacks "an accurate inventory of systems using RFID technology."
RFID chips use wireless technology to store data that can be retrieved to confirm the identity of a person or location of an object through a tiny radio transmitter.
"The flexibility and portability of RFID technology and devices, as well as the information that resides on the tags, increases the need for security and privacy controls," the report said.
The report found security concerns in password management, user access permission and a lack of auditing in the systems that CBP uses to track foreign visitors upon entry at the two U.S. land borders. The Free and Secure Trade (FAST) program on the Mexican border and the Global Enrollment System on the Canadian border collect information that is fed into the US-VISIT program, which contains personal and biometric information on 17.5 million foreign visitors who have passed through nearly 200 air, land and sea ports.
Homeland officials agreed with the inspector general's findings and say additional security measures will be taken and guidelines developed to secure databases. The chips are still in the testing stage at the TSA to identify airline pilots, track their weapons, cargo and passenger bags.
12:35:48 PM
|
|
The National Highway Traffic Safety Administration has passed a regulation requiring car makers to inform customers when their car has been equipped with an Event Data Recorder, the agency said Monday.
EDRs, similar to "black boxes" used in commercial airliners, record data about what a car is doing in the moments just before and after a crash. They do not record the voices of occupants but they do record things like speed, steering wheel movement, how hard the brakes are being pressed and the actual movement of the car itself.
About 64 percent of model year 2005 cars were equipped with EDRs, according to NHTSA. Some manufacturers already include information about the EDR in the owners manual, but not all, said Rae Tyson, a spokesman for NHTSA.
"If you have a new vehicle, chances are it's got one," he said.
Data from the recorders is used by law enforcement and attorneys to recreate events directly leading up to an accident. Data is also used by car companies to research how cars and drivers perform in actual crashes.
Some privacy advocates have expressed concern that the data, which can be used as evidence in court cases, is being collected without the knowledge of vehicle owners and drivers.
The devices are virtually impossible to disable because their functioning is so tightly integrated with vehicle safety systems such as airbags and anti-lock brakes.
Several states have already passed laws that restrict how the data can be used.
Car companies must comply with the new regulation beginning in the 2011 model year. Information about the EDR, if one is installed, will have to be included in the vehicle's owner's manual.
12:28:01 PM
|
|
smooth wombat writes "As a follow-up to this long ago posting, the National Highway Traffic Safety Administration has passed a resolution requiring car manufacturers to inform buyers
if their cars are equipped with Event Data Recorders (EDRs). The new
regulation also standardizes what information is to be collected. Car
manufacturers must comply with the new regulation beginning in the 2011
model year."
12:21:07 PM
|
|
reporter writes "The New York Times has published a report providing further details about the release of private AOL search queries
to the public. According to the report: 'Dr. Jensen, who said he had
worked closely with Mr. Chowdhury on projects for AOL's search team,
also said he had been told that the posting of the data had been
approved by all appropriate executives at AOL, including Ms. [Maureen]
Govern.' The report also identifies the other two people whom AOL
management fired: they are Abdur Chowdhury and his immediate
supervisor. Chowdhury is the employee who did the actual public
distribution of the private search queries. He, apparently, has
retained a lawyer."
11:53:29 AM
|
|
Imagine how your customers, who value their personal information and privacy, would feel if they realized their data were being sold to the highest bidder and that your company does not have a foolproof data privacy and protection plan. Imagine the negative "word of mouth" that could instantly spread in a blog about your company.
11:42:57 AM
|
|
A group of smart-card and smart-chip vendors is launching a campaign
to talk up the security and privacy features of their products, even as
researchers raise questions about their use in passports. Smart-card makers Gemalto NV and Oberthur Card Systems, as
well as chip makers Infineon Technologies AG, Philips Semiconductors
and Texas Instruments Inc., on Wednesday launched the Secure ID
Coalition to promote the use of secure smart card standards as a way to
protect privacy.
The group, debuting at the National Conference of State Legislators
this week, was formed because the message about the security features
of contactless smart cards is "not getting through very clearly," said
Tres Wiley, director of e-documents for Texas Instruments.
Earlier this month, at the Black Hat conference in Las Vegas, German
security researcher Lukas Grunwald demonstrated a way to copy
information from his passport's RFID (radio frequency identification)
chip to another smart card. And as the U.S. Department of State geared
up this month to start issuing passports with smart cards included,
Bruce Schneier, chief technology officer of Counterpane Internet
Security Inc., predicted that the new passports could eventually be
hacked and allow for surreptitious tracking.
11:28:04 AM
|
|
OTTAWA, Aug. 14 /CNW Telbec/ - The Privacy Commissioner of Canada,
Jennifer Stoddart, has officially launched an investigation of the Society for
Worldwide Interbank Financial Telecommunication (SWIFT), a European-based
financial cooperative that supplies messaging services and interface software
to a large number of financial institutions in more than 200 countries,
including Canada, to determine whether personal information relating to
Canadians' financial transactions is being improperly disclosed by SWIFT to
foreign authorities. The Commissioner has notified SWIFT of her intention to
launch an investigation into the matter.
"The risks resulting from personal information flowing across borders is
something that we have been expressing concerns about for some time. The SWIFT
situation concerns privacy commissioners world wide and is something we need
to examine in more detail," said Ms. Stoddart. "Although there are times when
we are unable to lawfully investigate a complaint about something taking place
outside Canada with Canadians' personal information, we have determined that
we are, in fact, in a position to investigate this important matter."
11:14:29 AM
|
|
The Bush Power-Grab Scorecard. Thursday's ruling against the NSA's warrantless electronic surveillance of Americans is a blow to the administration's claim that the law doesn't apply in time of war. But other cases have afforded the president more latitude, and some are still winding through the courts. By Kim Zetter. [Wired News: Security Blanket]
11:10:19 AM
|
|
AOL antivirus software slammed by consumer advocates. Consumer advocates have AOL on the grill for the second time in a week, this time questioning the data-gathering abilities of the company's Active Virus Shield antivirus software, released last week. The EULA allows AOL broad information-collection rights and prohibits users from using ad-blocking software. [Computerworld Privacy News]
11:07:40 AM
|
|
|
© Copyright 2006 Paul Hardwick.
Last update: 9/2/06; 4:26:29 AM.
|
|
|
