Security

Junkyard laptop may harbor U.K. defense secrets

The United Kingdom's Ministry of Defense is facing major embarrassment, and the threat of having lost classified military data, based on a man's claim that he found a large number of sensitive files created by the government on a laptop handed to him at a garbage dump.

A 31-year-old British man claims the device was given to him by a stranger as he searched for spare computer parts in a Hampshire, England junk yard. The information on the computer is reportedly linked to U.K. homeland security, specifically anti-terrorism plans for several military facilities.

MoD officials have yet … Read more

ISP shuts out infected customers

Australia's biggest ISP has a radical cure for infected PCs on its networks: Cut 'em off.

Battered by attacks on its domain name servers, BigPond has taken the unusual step of temporarily disconnecting customers believed to have compromised computers, reports News.com sister site ZDNet Australia. These Trojan-carrying PCs are the source of the fake DNS requests that have overwhelmed BigPond's network, blocking Web site views and holding up e-mail delivery, the ISP believes.

The lockout is a move that few service providers have dared to take, despite its effectiveness. Many companies don't want to run the … Read more

No sequel for "MATRIX" data-mining project

A little-known but powerful government database, which had featured information on millions of Americans, is no more.

The Justice Department created the pilot project, which went by the contrived acronym of MATRIX (Multistate Anti-TeRrorism Information eXchange), and made it available to state and local police starting in 1998. Now the grant has expired.

Data was provided by Seisint, a data-mining firm recently embroiled in a flap over an intrusion into its databases that may have compromised the information of about 310,000 Americans. Seisint is owned by Lexis-Nexis.

While MATRIX officially concluded as a federal pilot project on April 15, … Read more

Polo plugs security hole

Polo Ralph Lauren said on Friday that it has fixed a computer-security problem that may have exposed customers' credit card numbers to data thieves. The company, which learned of the problem last fall, said it has purged credit card information from its store systems that "may have been misappropriated" and is working with the police on an investigation.

At least two banks, HSBC Holdings in London and Citigroup in New York, have notified more than 180,000 cardholders that had shopped at the chain about the potential breach, advising some of them to close their accounts and open … Read more

Two-factor login not totally useless

Security expert Bruce Schneier recently criticized two-factor authentication, which is designed to improve security by pairing passwords with a second test such as a thumbprint or physical token. This week, he took pains to clarify his position with a defense of the technology as useful if not a cure-all.

In the earlier essay, Schneier said two-factor authentication "solves the security problems we had 10 years ago, not the security problems we have today." Phishing and Trojan horses, for example, are attacks that rely on weaknesses beyond the issue of whether a particular computer user is authenticated.

Schneier's … Read more

Credit card debacle centers on Polo sales software

Following Thursday's news that both MasterCard and Visa were informing some customers that a U.S. retailer -- now positively identified as Polo Ralph Lauren -- had experienced a security mishap that may have compromised card holders' data, the issue has been confirmed as a technology-related problem. In a statement phoned in to News.com overnight, Polo said that the credit card data in question was inappropriately stored in its point-of-sales software system.

According to the preppy fashion house, the incident took place in fall 2004, after which the firm began working with law enforcement officials and the credit … Read more

GPS-enabled school uniforms hit Japan

With GPS-enabled school uniforms on the way in Japan, the timeless parental refrain "don't forget your jacket" is about to assume new significance.

According to gizmo hub Engadget, the jackets, in addition to letting parents track their kids, sport a panic button that children can push in an emergency, immediately summoning a security agent to their exact location. The GPS-enabled blazers are made by school uniform maker Ogo-Sangyo, with GPS technology provided by Secom, which previously teamed up on a kids' backpack with built-in GPS.

RFID tags have been used to track kids in Japan before, and … Read more

Credit card data theft could grow in scale

Both MasterCard and Visa have confirmed a security breach at a U.S. based retailer that may have compromised the credit card information of an undetermined number of their customers. While the companies have yet to indicate that there is an information technology-related element to the attack, the incident follows on the footsteps on a number of high profile consumer data losses by LexisNexis, ChoicePoint and others, and is likely to draw comparisons to those events. One source familiar with the incident said the data theft could affect a number of additional banks and credit card companies.

While neither credit … Read more

Senate kicks off hearing into new data leak laws

Congress returned on Wednesday to the topic of what new laws, if any, are necessary to respond to security breaches.

At a Senate Judiciary Committee hearing, representatives of the Federal Trade Commission, FBI, Secret Service, ChoicePoint, LexisNexis, and Acxiom were scheduled to testify.

This week saw a flurry of legislation anounced as a response to a recent string of high-profile data thefts and other mishaps. Sen. Dianne Feinstein, D-Calif., wants to require disclosure of breaches, while another Democrat-backed bill casts a far wider net. (I've placed the text of the second online.)

Look for a federalism theme to bubble … Read more