datatheft
Latest
State Department email breach leaks employees' personal data
The latest government data breach affected State Department employee emails. On September 7th, workers were notified that their personally identifiable information was obtained by an unnamed actor, according to a recent report from Politico. It apparently impacted "less than one percent" of employees and direct victims of the breach were alerted at the time. Apparently, this didn't affect classified information, so at least there's that.
Data thieves want to track what you type at hotel business centers
You may not want to use your hotel's business center to check email on your next big trip. The Secret Service has warned the hospitality business that thieves are installing keyloggers on hotel PCs to steal guests' data. In a recent Dallas area bust, authorities caught multiple people swiping account logins, banking info and other personal details from travelers typing away at compromised business center systems. The culprits didn't even have to exploit security holes to get in -- the key-tracking software required "little technical skill."
How to avoid heartburn, er, Heartbleed
Don't change your password. It's strange advice to hear when the so-called Heartbleed bug is leaving databases all over the web open and exposed, but it's applicable. Yes, security has been compromised for many of your favorite websites and services (including Google, Flickr and Steam, at least initially) but protecting yourself isn't quite as easy as changing your password. Unlike past exploits, Heartbleed isn't a database leak or a list of plaintext logins; it's a flaw in one of the web's most prevalent security protocols -- and until its fixed, updating your login information won't do a darn thing to protect you. What, then, can you do to protect yourself? Wait, watch and verify.
Internet security key flaw exposes a whole load of private data
Most internet security holes, even the bigger ones, tend to be fairly limited in scope -- there are only so many people using the wrong software or visiting the wrong sites. Unfortunately, that's not true of the newly revealed Heartbleed Bug. The flaw, which affects some older versions of common internet encryption software, lets attackers grab both a site's secure content and the encryption keys that protect that content. As such, a successful intruder could both obtain your private information from a given site and impersonate that site until its operators catch on. Since the vulnerable code is both popular and has been in the wild for as long as two years, there's a real possibility that some of your online data is at risk.
US Court: Code isn't property, therefore it can't be stolen
New York's Second Circuit Court of Appeals has decided that computer code cannot be stolen after acquitting former Goldman Sachs programmer Sergey Aleynikov. He'd been charged with property theft and economic espionage which carried an eight year prison sentence, but left court a free man after serving just a year of his term. The case hinged upon the definition of both property and economic espionage, and the court found that code, being an intangible, couldn't be property that's capable of being stolen within the definition of the statute -- affirming a state of affairs that's been in place since the British case of Oxford v Moss from 1979. Just as a warning: the Judges advised Congress to amend the relevant legislation in order to prevent thefts of this nature in the future, so we'd hold back on any big data-heists you've got planned.
FCC thinks ISPs should do a better job preventing fraud, theft
Internet fraud and theft are major problems, there seems to be little doubt about that -- according to FCC chairman Julius Genachowski, some 8.4 million credit card numbers are stolen every year. The question, then, is who should be addressing the issue. Genachowski this week called for "smart, practical, voluntary solutions," asking internet service providers to put more effort into helping prevent data theft, hacks and other issues, or risk having "consumers lose trust in the internet," thereby "suppress[ing] broadband adoption and online commerce and communication." The chairman asked ISPs to help avoid hijacking through more efficient traffic routes and to instate DNSSEC to help weed out fraudulent sites.
Why Apple's "walled garden" is a good idea
Many developers and users of Apple's iOS devices bemoan the "walled garden" of the App Store approval process, but it appears that the company's measures have prevented mass data theft from iPhones, and iPads. At the Black Hat security conference being held in Las Vegas this week, mobile security firm Lookout announced that an app distributed in Google's Android Market had collected private information from millions of users, then forwarded it to servers in China. Worse than that, the exact number of affected users isn't known, since the Android Market doesn't provide precise data. Estimates are that the app was downloaded anywhere from 1.1 million to 4.6 million times. The app appeared to simply load free custom background wallpapers, but in fact collected a user's browsing history, text messages, the SIM card number, and even voice mail passwords, and then sent the data to a web site in Shenzen, China. This is different from the recent AT&T website leak that could have let a hacker access 144,000 iPad 3G user email addresses, since in this case the data theft actually did happen, was being perpetrated by malicious hackers, involves much more personal information, and affected many more people. So what's the difference between the security methodologies used by Google and Apple? Apple approves iOS apps only after they've gone through a strict (and frustrating to developers) process, while Google's Android Market simply warns the user that an app needs permission to perform certain functions during the installation. iOS apps must be signed by an Apple-created certificate, which means that malicious developers have a harder time distributing malware anonymously. Lookout also noted that iOS remains virus-free, since third-party apps can only be distributed through Apple's heavily-moderated App Store, and the apps run in a sandbox environment where they can't affect the system. Lookout chief executive John Hering said that "he believes both Google and Apple are on top of policing their app stores." It's just those odd cases where apps don't do what they're advertised to do that can cause problems for users. [via AppleInsider]
Lenovo ThinkPads to freeze when texted, deter thieves from getting the goods
We've seen some pretty sophisticated laptop security measures out here in the volatile civilian world, but Lenovo's taking things all top secret with its new Constant Secure Remote Disable feature. Slated to hit select ThinkPads in Q1 2009, the Phoenix Technologies, um, technology enables specially equipped notebooks to become utterly worthless if stolen -- so long as the owner remembers to text in the emergency code, that is. You see, with the Remote Disable function, proper owners can send an SMS to their missing WWAN-enabled machine in order to make it inoperable; the lappie then sends a message back to confirm that it's currently irritating the daylights out of a wannabe data thief. 'Course, said thief can track you down and implement all manners of torture to get you to reactivate it, but we suppose that's the risk you take with that sort of lifestyle. Full release after the break.
Elecom intros skim prevention kit for wallet, cellphone
If you're down with the whole "swipeless" idea, but don't much dig the potential lack of security associated with it, Elecom's coming to the rescue in an attempt to put your paranoia to rest. The Skim Black I lineup of gear consists of a thin, wallet-based card and a not-so-elegant adornment for cellphones (pictured after the jump), both of which eliminate snoopers from jacking your precious information (or identity) by cutting off a reported 99.9-percent of radio waves. To be effective, the skim prevention card must be close to any swipeless cards in your wallet or pocket, while the bulkier SKM-K001 needs to be stuck on the rear of your mobile to effectively destroy the hopes of data thieves (and all stylistic appeal your handset previously had). Both units should be hitting Japan any day, and while the SKM-C001 wallet card will run you ¥1,260 ($11), the cellphone guardian will demand ¥2,310 ($20).[Via AkihabaraNews]
