Ad: Manage updates with the Download App
  • CNET
  • All Privacy and data protection posts

Privacy and data protection

Can peer-to-peer coexist with network security?

Security experts have long cautioned about the risk posed by the use of peer-to-peer file sharing by individuals working in corporations, warning that the practice creates holes that let malware in and sensitive data out.

Their message may be having an impact in the P2P development community.

A trade group representing peer-to-peer file sharing providers next week will publish a report that finds P2P software companies are modifying their programs in an effort to make it harder for users to inadvertently share sensitive information.

For corporate IT administrators, that shift can't come soon enough. The problem was highlighted by … Read more

Microsoft to release three security updates Tuesday

Microsoft said Thursday it will release three security updates on this coming Patch Tuesday, including one that is rated "critical" and could allow an attacker to take over the computer.

The critical update affects Windows 2000, XP, Vista and Server 2003 and 2008, the company said in an advisory.

The other two updates are rated "important" and could be used for spoofing, in which an attacker is able to masquerade as someone else. One of the patches affects all supported versions of Windows and the second affects Windows 2000, Server 2003, and Server 2008.

Missing from … Read more

Spotify's latest music dirge: We've been hacked

Hackers were able to penetrate Spotify's computer network, potentially exposing the personal information and passwords of some of the music service's users.

In a company blog announcement, Spotify did not get specific about the extent of the breach. Here's part of the post:

Along with passwords, registration information such as your email address, birth date, gender, postal code and billing receipt details were potentially exposed. Credit card numbers are not stored by us and were not at risk. All payment data is handled by a secure 3rd party provider.

If you have an account that was created … Read more

Facebook, Google helping feds stop online stimulus scams

WASHINGTON--President Obama's economic stimulus plan has already spurred activity in at least one online industry, though not one the administration was hoping to encourage.

Deceptive Web sites, advertisements, and e-mail campaigns have cropped up across the Web in recent weeks, luring consumers into scams by promising them federal grant money from the stimulus package, the Federal Trade Commission said Wednesday.

The FTC is investigating these scams and is reaching out to the private sector for help. Google on Wednesday morning committed to investigating stimulus-related ads that violate its anti-scam policy, and Facebook has pulled ads for stimulus funds from … Read more

Self-encrypting drive standard gains momentum

I've long been a big proponent of self-encrypting drives as the best way to encrypt data-at-rest on PCs and storage systems.

This belief became a lot more real in January when the Trusted Computing Group published three storage encryption standards for laptops, enterprise storage, and software interoperability. Fujitsu, Hitachi, Seagate, and Toshiba support these standards and are already shipping self-encrypting drives.

In February, IBM joined the fray, further validating the self-encrypting drive standard. IBM announced that its massive DS8000 storage system will now offer self-encrypting drives to protect the confidentiality and integrity of data-at-rest. LSI, another leading storage system … Read more

Gartner: Financial fraud hits 7.5 percent of U.S. adults

About 7.5 percent of U.S. adults lost money as a result of financial fraud last year, mostly due to data breaches, according to a new Gartner study to be released on Tuesday night.

In the survey of nearly 5,000 consumers, 70 percent said they had never been a victim of identity theft fraud. Meanwhile 14 percent said they had had their credit card information used to charge purchases or get money, 7 percent said their debit card was used, 6 percent said a new account had been opened in their name, 5 percent had money transferred out … Read more

Data about Obama's helicopter breached via P2P?

An Internet security company claims that Iran has taken advantage of a computer security breach to obtain engineering and communications information about Marine One, President Barack Obama's helicopter, according to a report by WPXI, NBC's affiliate in Pittsburgh.

Tiversa, headquartered in Cranberry Township, Pa., reportedly discovered a security breach that led to the transfer of military information to an Iranian IP address, according to WPXI. The information is said to include planned engineering upgrades, avionic schematics, and computer network information.

The channel quoted the company's CEO, Bob Boback, who said Tiversa found a file containing the entire … Read more

Facebook halts rogue app, MySpace plugs hole

Just in time for the weekend, social networks Facebook and MySpace were dealing with several new security issues on Friday that could expose personal information and communications from friends.

Facebook said it had removed a new rogue application that was spamming users and exposing their information. Before it was halted, the application sent messages claiming that a friend had reported the recipient for violating Facebook's terms of service and offered a link to click to find out more information.

Users who clicked on the link were providing the app access to their profile and personal information as well as … Read more

Credit card data breached at unnamed payment processor

Another U.S. payment processor has suffered a database breach that exposed credit card and debit card information, according to several credit unions. The name of the payment processor has not been released and it is unclear how many consumers are affected.

Blog site DataBreaches.net has been tracking the reports here and here.

Community Bankers Association said in a statement on its site two weeks ago that Visa announced that an unnamed processor reported a data breach and that the name of the processor was being withheld pending completing of a forensic investigation.

The breach appears to have affected … Read more

'SMiShing' fishes for personal data over cell phone

When we think of phishing attacks, in which scammers try to lure sensitive information out of Internet users, we think of fake official-looking e-mails and Web sites.

But you don't even need to be online to get phished. A phishing attack making the rounds tries to dupe cell phone users into revealing their personal data over the phone. It uses SMS messages, which makes it a "SMiShing" attempt.

It all starts with a spam text message purporting to be from a financial institution. In this case, it's from a source identified as KeyPoint Credit Union, warning … Read more