Ad: Manage updates with the Download App
  • CNET
  • All Privacy & data protection posts

Privacy & data protection

Lenovo sticking with face recognition tool

Despite detailed demonstrations that the security of its Veriface face recognition technology can be manipulated to gain unlawful access, Lenovo is keeping current notebook models equipped with it.

In an e-mail interview with ZDNet Asia, a Singapore-based Lenovo representative said the company has "no plans to pull affected models." However, the PC maker does plan to continue to upgrade the face recognition technology.

The technology's vulnerability was demonstrated in December by the Bach Khoa Internetwork Security (BKIS) center in Hanoi, Vietnam.

At the Black Hat security conference last month, researchers Nguyen Minh Duc and Bui Quang Minh … Read more

Report: ID fraud malware infecting PCs at increasing rates

More than 10 million Internet users worldwide were hit with identity fraud-related malware last year, according to a new estimate from Panda Security.

The number of computers infected with active programs designed to steal personally identifiable or financial information that can be used for identity fraud, such as banker Trojans for stealing bank account information, rose by 800 percent from the first half of the year to the second half, the study found.

Of the 67 million computers that PandaLabs analyzed in 2008 for the study, 35 percent of those infected had up-to-date antivirus software installed. The number of users … Read more

Verizon's info sharing opt-out mess

Verizon Wireless is being criticized (again) by customers for its policy of requiring them to opt out or have their information shared with other Verizon-owned businesses.

The company began notifying customers in 2007 that they had 45 days to opt out. David Weinberger, a fellow at Harvard's Berkman Center for Internet & Society, received the "small legalistic pamphlet" from Verizon recently and wrote a blog posting on Friday detailing how difficult it was to opt out online, even with customer support help.

"The whole thing sucks," Weinberger concluded.

Verizon posted a note on its public … Read more

Government should lead transition to self-encrypting drives

I've recently written about a new standard published by the Trusted Computing Group (TCG) for self-encrypting drives. With this standard, Fujitsu, Hitachi, Seagate, Toshiba, and Western Digital are shipping or will soon ship self-encrypting hard drives for laptop computers. This in turn should prompt a transition, where users will opt for systems with self-encrypting drives rather than install encryption software utilities.

To me, this conversion is inevitable since hardware-based cryptographic processing tends to lead to superior security and performance while eliminating the muss and fuss around software procurement, installation, and maintenance.

Given these benefits, I believe that the U.… Read more

Australian police may get hacking powers

The government of the Australian state of New South Wales has unveiled plans to give state police the power to hack into computers remotely, with owners potentially remaining in the dark about the searches for up to three years.

The new powers are part of a package introduced into parliament last week by Premier Nathan Rees. Broadly, they aim to give police the right to apply for covert search warrants from the Supreme Court to gather evidence in cases that could involve serious indictable offenses punishable by at least seven years' imprisonment.

Judges issuing the new warrants could authorize owners … Read more

Google Docs suffers privacy glitch

Google discovered a privacy glitch that inappropriately shared access to a small fraction of word-processing and presentation documents stored on the company's online Google Docs service.

"We've identified and fixed a bug which may have caused you to share some of your documents without your knowledge. This inadvertent sharing was limited to people with whom you, or a collaborator with sharing rights, had previously shared a document," the company said in a note, quoted at TechCrunch, that the search giant sent to affected people. "The issue only occurred if you, or a collaborator with sharing … Read more

Lawmaker: Consumers need details in data breach warnings

BERKELEY, Calif.--Six years after California enacted the country's first data breach notification law, many state residents have received letters warning them that their data was exposed by a breach but usually they don't know how or how long, experts said at a privacy conference on Friday.

That would change with the passage of a measure proposed by California State Sen. Joe Simitian, who authored the country's first bill requiring companies to notify customers when a breach has occurred that exposes their data.

Senate Bill 20 would require that notification letters to consumers have a standard set of information such as information about the timing and circumstances of the breach.

It would also require that a state entity be notified at the same time so that law enforcement, lawmakers, and researchers "can spot larger trends and don't have to rely on what they read in the newspaper," Simitian said in a luncheon address at the Security Breach Notification Symposium in Berkeley.

Read more

Can peer-to-peer coexist with network security?

Security experts have long cautioned about the risk posed by the use of peer-to-peer file sharing by individuals working in corporations, warning that the practice creates holes that let malware in and sensitive data out.

Their message may be having an impact in the P2P development community.

A trade group representing peer-to-peer file sharing providers next week will publish a report that finds P2P software companies are modifying their programs in an effort to make it harder for users to inadvertently share sensitive information.

For corporate IT administrators, that shift can't come soon enough. The problem was highlighted by … Read more

Microsoft to release three security updates Tuesday

Microsoft said Thursday it will release three security updates on this coming Patch Tuesday, including one that is rated "critical" and could allow an attacker to take over the computer.

The critical update affects Windows 2000, XP, Vista and Server 2003 and 2008, the company said in an advisory.

The other two updates are rated "important" and could be used for spoofing, in which an attacker is able to masquerade as someone else. One of the patches affects all supported versions of Windows and the second affects Windows 2000, Server 2003, and Server 2008.

Missing from … Read more

Spotify's latest music dirge: We've been hacked

Hackers were able to penetrate Spotify's computer network, potentially exposing the personal information and passwords of some of the music service's users.

In a company blog announcement, Spotify did not get specific about the extent of the breach. Here's part of the post:

Along with passwords, registration information such as your email address, birth date, gender, postal code and billing receipt details were potentially exposed. Credit card numbers are not stored by us and were not at risk. All payment data is handled by a secure 3rd party provider.

If you have an account that was created … Read more