Data still the golden goose
The number of personal records exposed in data security breaches surpassed 100 million this year.
So says the Privacy Rights Clearinghouse, which has been keeping count ever since a high-profile data leak at information broker ChoicePoint in early 2005. It keeps track of thefts and losses of gear such as laptops, storage tapes and drives, as well as of hacking incidents and insiders who leak data.
The count climbed throughout 2006: Boeing, the Department of Veterans Affairs, Hewlett-Packard, McAfee, the University of California, and many others made headlines as a result of breaches.
Most incidents come to light because of laws requiring public notification of data loss in cases where data is unencrypted. In response, security companies are increasingly pitching encryption products for secure storage--for example, Seagate Technology is building it into its drives. Microsoft is also getting into the game: business versions of Windows Vista have
a full-disk encryption feature called BitLocker.
But encryption technology still lacks usability, a panel of industry experts said at an event celebrating the 30-year anniversary of cryptography.
Meanwhile, banks and credit agencies are hawking credit-monitoring services. In September, researchers named several banks as a consumer's best bet in terms of offering protection against identity theft.
Breaches are only one way people's identities can be compromised. Phishing scams are getting more widespread, and fraudsters are getting trickier in their attempts to con Internet users. People with high incomes attract more phishing e-mails and lose more money to them than other Internet users, according to a November Gartner report.
Scammers are helped by an apparent influx of cross-site-scripting bugs. These Web security flaws could let attackers craft a URL that looks like it points to a trusted site, but serves up content from a third, potentially malicious site. This year, this type of bug was found in many popular Web sites and in Google's search appliances.
Phishing shields are now common. Microsoft has built one into its latest browser, IE 7, and Mozilla offers a similar feature in Firefox 2.
Alternative approaches to combat phishing include a new DNS service, OpenDNS, whose free address-lookup service blocks phishing sites and other threats. Yahoo added an antiphishing feature to its site that displays a custom image on the log-in screen to verify that it is indeed a Yahoo page.
But if confidential data isn't exposed through data breaches or pilfered through a phishing scam, there's still malicious software. Criminals are crafting more-targeted Trojan horse attacks that seek to sneak onto PCs through zero-day flaws, experts have warned. In addition, some malicious software is now designed to let cybercrooks surf into online banks with you to steal your money.
You could also be exposed while on the go. Privacy watchers warn that people carrying passports equipped with radio chips could have the information in the document read from a distance. The solution: keep the passport closed and in a foil bag.
There are some simple things you can do to reduce headaches after a laptop is stolen or misplaced.
Series of missteps led to exposure of data on millions, held up post-theft response, scathing report finds.
Security has become a no-brainer for desktop software, but the same doesn't hold true for the booming world of Web applications.
New passports and ID cards with RFID are surprisingly easy to clone, researchers at Black Hat and Defcon say.
Most office workers can't be made to care about phishing, rootkits or spyware, he says. Other specialists disagree.
Targeted attacks used for industrial espionage have become the nightmare scenario for big companies, researchers say.
Hackers aim to make networks of hijacked computers go unnoticed by merging their communications with common Web traffic.
Government controls held back cryptography in the past, but today usability blocks adoption. Microsoft's Ray Ozzie promises a fix.
Company pitches "DriveTrust" technology as a simpler way to safeguard data stored on laptops and prevent embarrassing breaches.
For more than a year, an intruder has been accessing private information on students and staff, among others, the university says.