Privacy & data protection

Equifax offers its first I-card

Equifax on Thursday introduced it's first information card or I-card, Equifax Over 18 card. I-cards are envisioned to be the online equivalent of a driver's license, passport, or similar ID. The basic idea is that customers would have an electronic wallet with various information cards that would allow customers to bypass typing in user names and passwords.

In this case, the Equifax card proves--via a trusted third party--that you are over 18 when accessing specially marked Web sites. "With fraud and identity theft on the rise, companies need better, more secure ways to conduct transactions online and … Read more

CA to buy Eurekify

CA announced Thursday plans to acquire Israel-based Eurekify, in a move to expand its identity and access management software portfolio.

IT management software company aims to use Eurekify's analytics engine to reduce the time and effort it takes for customers to shift through employee's duties and responsibilities and to monitor their access management settings.

The combined CA Identity Manager and Eurekify Enterprise Role Manager will aim to help customers clean up existing identity data and build a model that "serves as the foundation to automate the user provisioning process and enhances identity lifecycle management," according to … Read more

Report: Insiders a greater threat to data leaks

IT professionals surveyed worldwide said they think their own employees pose a more serious security threat than outsiders, and often it's because of personal use of corporate assets, according to the third and final report based on a 2008 survey (PDF) commissioned by Cisco Systems and released Wednesday.

Other findings include: One in five Brazilian IT professionals said they think their employees are less diligent around protecting corporate data. And in China and in India, IT professionals are most concerned with data thefts through the use of USB devices including thumb drives and iPods in the workplace.

According to … Read more

National ID cards compulsory for U.K. airport staff

Update at 10:05 a.m. PST: More information on the airports' participation has been added.

A pilot program of the U.K.'s national identity card plan will be compulsory at one of the two participating airports.

Workers will be required to enroll in the program at London city airport, the Home Office said Thursday. The move comes despite repeated assurances from the Home Office that U.K. citizens will not be compelled to have an ID card or enter their biometric details onto the National Identity Register.

Also on Thursday, the government said that retailers, post offices, and … Read more

MySpace plugging photo peephole

MySpace was working to plug a hole on Tuesday that allows anyone to view members' private photos without being friends with them.

The vulnerability, reported to CNET News by Canadian computer technician Byron Ng, was easy to exploit by plugging a member's ID number into a specific MySpace URL. However, someone would have to know which URL to use to be able to see the private photos.

Hours after CNET News notified MySpace of the security hole midday and several hours later a MySpace representative said the company had confirmed the vulnerability, disabled it, and was rolling out a … Read more

British tax site goes dark after data security breach

Security breaches happen all the time. But a recent incident in England is particularly worrisome and illustrates the risks of storing sensitive data on USB thumb drives which can easily slip out of a pocket or briefcase.

The British Department for Work and Pensions shut down a consumer Web site after a flash drive containing confidential passwords and source code was found in the parking lot of a pub two weeks ago, according to the Daily Mail.

The Government Gateway site, which about 12 million citizens use to file tax returns and pay parking tickets, contains addresses, salaries, National Insurance … Read more

ISC East showcases video, surveillance, GPS tech

I spent several hours at ISC East in New York last week to see the latest security hardware and software.

I was disappointed because the conference and expo offered more of the same; nothing really innovative caught my attention, or that of my associates. It seems the industry is focusing on video technology: cameras, DVRs, IP, wireless, remote surveillance, and many flavors of software that all essentially accomplish the same result. There were a few lock manufacturers, alarm distributors, monitoring centers, and access control providers, but I thought the number of exhibitors was relatively slim.

The integration of sophisticated electronics, … Read more

Google changes JotSpot privacy settings after complaint

Google said Friday that it was modifying the privacy settings on its JotSpot online collaboration service after a researcher discovered that user e-mail addresses and names were being exposed to the Web without user consent.

Ben Edelman, Harvard Business School professor and security researcher, posted a blog entry on Thursday showing how JotSpot user names and e-mail addresses were easily accessible on Google search.

After being contacted by CNET News, Google issued a statement disavowing any responsibility by saying that the administrators of the JotSpot groups were responsible for setting the privacy controls. If the information was exposed on the … Read more

1 Trojan + 3 years = 500,000 online financial accounts

RSA FraudAction Research Lab has discovered log-in information for about 300,000 online bank accounts and 250,000 credit and debit card accounts that have been gathered by a cybercrime gang over the past three years using the Sinowal Trojan.

"This may be one of the most pervasive and advanced pieces of crimeware ever created by fraudsters," according to a blog entry posted Friday from RSA, EMC's security unit.

The Sinowal Trojan infects computers without the owner knowing it by surrepticiously planting itself onto the computer while the owner is Web surfing in an attack dubbed a &… Read more