CNET también está disponible en español.

Ir a español

Don't show this again


This week in data protection

PayMaxx shutters additional parts of its online payroll site, after a Web programmer continued to find holes in the system.

Service provider PayMaxx shuttered additional parts of its online payroll site this week, after a Web programmer continued to find holes in the system.

PayMaxx's further closure of its Web services comes after a Web programmer, Aaron Greenspan, discovered that the company's initial attempt to block malicious access had fixed some flaws but left others unresolved.

While still referring to the data leak as "limited in scope," the online payroll processor closed down its PayView and Instant W2 services, the company said in a statement. The services will remain down until PayMaxx has completed a thorough security analysis and redesigned the site's architecture.

The dispute between PayMaxx and Greenspan, president of Web services start-up Think Computer and a former PayMaxx customer, over the security of the company's Web site continued this week. PayMaxx referred to Greenspan as a "hacker," while the Web programmer maintained that the security problem is far worse than divulged by the payroll company.

Meanwhile, an e-mail security scanning company accidentally deleted thousands of its customers' e-mails. GFI, a Microsoft "gold certified partner," is offering free upgrades to all its customers, after it trashed their e-mails by sending out incorrect update information.

According to GFI, the problem occurred because of a change in BitDefender's technology, one of the products that GFI uses for its e-mail scanning. When the GFI MailSecurity update mechanism tried to install BitDefender updates on customer networks, the service started to delete all e-mails by default. BitDefender and GFI then rolled back the updates.

In a move to assuage consumer fears, online financial firm E*Trade Financial pledged to send key fobs that generate security codes to major traders as added protection for their online accounts. E*Trade users who adopt the thumb-size devices will have to enter a six-digit key generated by the key fob in addition to their user name and password.

Traders who make at least 15 trades a quarter or carry a minimum account balance of $50,000 can apply to be part of the new program and will receive the security device for free. The financial company announced the move in answer to sharp consumer concerns over online security resulting from several high-profile data leaks.