Privacy and data protection

Be careful who you give your mobile phone number out to. An attacker with the right toolkits and skill could hijack your phone remotely just by sending SMS messages to it, according to mobile security firm Trust Digital.

In what it calls a "Midnight Raid Attack" because it would be most effective when a victim is asleep, an attacker could send a text message to a phone that would automatically start up a Web browser and direct the phone to a malicious Web site, said Dan Dearing, vice president of marketing at Trust Digital. The Web site could … Read more

More records were breached in 2008 than in the previous four years combined as a result of a few large breaches involving payment cards, according to a report released on Wednesday.

Last year, 295 million records were compromised and there were 90 confirmed breaches, the Verizon Business 2009 Data Breach Investigations Report (PDF) found.

The top five breaches accounted for 93 percent of total records compromised and as a percentage of caseload, 80 percent were payment card breaches while payment card data represented 98 percent of all records compromised last year.

PIN data was increasingly targeted in 2008 in attacks … Read more

Updated 5:20 p.m. PDT with more details and comments from Microsoft executive.

Microsoft will begin offering its first hosted security service under the Forefront brand on Thursday, dubbed Forefront Online Security for Exchange and designed to help keep malware and spam out of e-mail in-boxes.

The hosted service, which will cost $20 per user per year or less based on volume licensing, targets enterprise Exchange customers and includes a Web-based console for setting up policies for virus and spam protection, said Doug Leland, general manager of Microsoft's Identity and Security Business Group.

The releases will follow the … Read more

As we await the 60-day federal cybersecurity review from Melissa Hathaway, acting senior director for cyberspace for the National Security and Homeland Security Councils , there is something else that could be done. It seems to me that the federal government could take another related action to help protect the private information of U.S. citizens while reducing the cost of doing so. In my humble opinion, it is time to create a single federal data breach disclosure law. I believe this action would:

Simplify the maze of current state legislation. As of the end of December, 44 states, the District … Read more

If you worry that the Internet is a scary place full of digital pickpockets and online identity thieves, your fears will be bolstered by the latest Symantec Internet Security Threat Report released Tuesday.

The report finds huge increases in the number of security holes in software and the number of Internet threats, particularly attacks in which browsers are hijacked and forced to download malicious programs as people surf the Web.

Even visiting trusted Web sites isn't always safe. Most Web-based attacks target visitors to legitimate Web sites that have been compromised and that either serve up malicious content to … Read more

Captcha, or Completely Automated Public Turing test to tell Computers and Humans Apart, is a method used by many Web sites to fight against computer-generated input. As computers get smarter, Captchas hves become more of a nuisance because most of them are now tough for us humans to pass.

I recently blogged about a new and more humane way to create a Captcha by using 3D images and the implementation of that method at Yuniti.com. I've just run into a different approach, similar to the Asirra tool revealed by Microsoft in 2007, that seems even easier for humans … Read more

Two things to remember as you prepare to file your taxes: If you get an e-mail from the IRS, it's probably a scam. And don't forget the stamp.

As the April 15 tax filing date nears, online tax-related scams tend to ratchet up, experts say. If you're not careful, you could lose a lot more than just the refund.

"Filing your taxes online is extremely convenient, however if you want to maintain the privacy of your data, you need to ensure that you are connecting to the proper Web site, that the connection is using encryption, … Read more

In just two weeks, the annual RSA Conference takes place in San Francisco. What can we expect as the "hot topics" at this annual security love fest? I'm sure there will be plenty of buzz about securing virtual servers and cloud computing infrastructure, but this topic will likely focus on blue sky vision describing the safeguards we will need in 2012 or so. Rather than this hyperbole, I am looking forward to discussions focused on the marriage of identity and security.

Haven't these two areas been linked forever? Well, yes and no. Security folks think of … Read more

This should come as no surprise to anyone, but people in the U.S. are worried that as the economy worsens, the chances for identity fraud, particularly with regard to credit card data theft, will increase.

Nearly 75 percent of Americans believe that the global financial crisis increases their risk of identity and related fraud, according to the Unisys Security Index due to be released on Monday.

More than two-thirds surveyed said they are extremely or very concerned about other people obtaining and using their credit and debit card data, with 90 percent at least somewhat concerned.

Credit and debit … Read more