Privacy and data protection

Another day, another data breach.

If you bought something at a Best Buy store in West Palm Beach, Fla., late last year, or stayed at a Wyndham hotel in Florida last summer, or use a U.S. government travel Web site you might want to check your credit card statements closely.

Best Buy warned this week that 4,000 customers of a store in West Palm Beach may have had their credit card information stolen when they made their purchases.

The chain terminated the employment of a worker at the store after learning that a skimming device was used to … Read more

A proposed bill in the Nevada State Legislature would make it a crime to do legitimate research on security weaknesses in radio frequency identification, the Electronic Frontier Foundation said on Friday.

The bill, S.B. 125, would make it a Class 3 felony to possess, read, or capture another person's personal identifying information through RFID, subject to up to five years in prison and a $10,000 fine.

The measure is scheduled to be discussed Monday morning in the Nevada Senate Judiciary Committee in Carson City, Nev. The hearing will be Webcast.

The EFF hasn't taken a formal … Read more

Someone asked me recently whether I thought mobile banking was safe or not. I admitted that I don't do it but that doesn't really say much. Then I mumbled something incoherent and vowed to get a real answer.

After talking to a number of mobile and security experts, I've come to the conclusion that far from being less secure, mobile banking may even be more secure than logging on to your bank Web site over your PC. And the consensus is that it's probably less risky than using checks, which can be forged, and credit cards, … Read more

U.S. officials are investigating the disappearance of 67 computers from the Los Alamos nuclear weapons lab in New Mexico, according to a nonprofit group that exposes government misconduct.

Of the missing computers, 13 were lost or stolen in the past year, including 3 taken from a scientist's home last month. A BlackBerry belonging to another worker was lost in a "sensitive foreign country," according to an internal Los Alamos Lab e-mail posted online by the Project On Government Oversight.

The group also posted a letter from the Energy Department's National Nuclear Security Administration rebuking the … Read more

At ESG, we have this concept called ubiquitous encryption. As more and more encryption technologies are baked into products and enter the enterprise, data will likely be encrypted everywhere--on hard drives, networks, database columns, file systems, tape drives, portable media, etc.

Good news for data confidentiality and integrity but all of this encryption means tons of new encryption keys to create, protect, and manage. This situation has scared me for a while. If encryption keys are stolen, they can easily unlock secret data. If encryption keys are lost, critical data can turn into useless 1s and 0s.

Of course, what'… Read more

With Republican Senator Judd Gregg withdrawing his name as the nominee for secretary of the Department of Commerce Thursday, all eyes may turn to Symantec CEO John Thompson as a potential replacement.

Prior to Gregg's appointment, Thompson's name was cited in various publications as a potential nominee, given his strong technology background and his role as CEO of the largest security software company that has a global presence.

The role of the commerce secretary touches on industry and security; technology; intellectual property with the Patent and Trademark Office; and international trade.

Thompson has also held several fundraisers in … Read more

A researcher who found a security hole in the Android mobile platform in October has found another one that he says is serious enough for him to recommend people not use the Android browser until the patch is installed.

Charlie Miller, a principal analyst at consultancy Independent Security Evaluators, said on Thursday that a patch for the vulnerability is available on Google's source code repository, but has not yet been made available for download onto the phones via the T-Mobile service.

Like the previous hole, the new vulnerability could allow an attacker to remotely take control of the browser, … Read more

To my friends on Facebook:

If you get a message from me asking for money because I've been robbed while on vacation somewhere, please don't send cash.

First off, I can't afford any big vacations for the foreseeable future. Secondly, if I encountered some trouble I definitely wouldn't blast a plea for help out to my hundreds of Facebook friends.

A relatively new Facebook scam has been surfacing in which a user's account is hacked and then used to send messages of alarm to get the user's friends to send money.

Hacking into Web … Read more

MobileMe users are being targeted by a phishing scam.

Users of MobileMe, which automatically sends e-mail, contacts, and calendar events to your computer, iPhone, or iPod, have been receiving a new e-mail that looks like it comes from Apple. It warns that attempts to renew the MobileMe subscription have failed because of a problem with charging the credit card and prompts the recipient to log in and update information on a site that looks legitimate but is not, Macworld reported on Wednesday.

A similar phishing scam targeting MobileMe users was discovered in August, according to Macworld.

Tips for MobileMe users … Read more