data theft
Latest
Fraud ring uses stolen data to scam unemployment insurance programs
Fraudsters have been using stolen identity data to milk unemployment insurance systems with poor security.
Thunderbolt flaw lets hackers steal your data in 'five minutes'
Attackers can steal data from Thunderbolt-equipped PCs or Linux computers, even if the computer is locked and the data encrypted, according to security researcher Björn Ruytenberg.
The TUAW Daily Update Podcast for April 16, 2014
It's the TUAW Daily Update, your source for Apple news in a convenient audio format. You'll get some the top Apple stories of the day in three to five minutes for a quick review of what's happening in the Apple world. You can listen to today's Apple stories by clicking the player at the top of the page. The Daily Update has been moved to a new podcast host in the past few days. Current listeners should delete the old podcast subscription and subscribe to the new feed in the iTunes Store here.
US Court: Code isn't property, therefore it can't be stolen
New York's Second Circuit Court of Appeals has decided that computer code cannot be stolen after acquitting former Goldman Sachs programmer Sergey Aleynikov. He'd been charged with property theft and economic espionage which carried an eight year prison sentence, but left court a free man after serving just a year of his term. The case hinged upon the definition of both property and economic espionage, and the court found that code, being an intangible, couldn't be property that's capable of being stolen within the definition of the statute -- affirming a state of affairs that's been in place since the British case of Oxford v Moss from 1979. Just as a warning: the Judges advised Congress to amend the relevant legislation in order to prevent thefts of this nature in the future, so we'd hold back on any big data-heists you've got planned.
FCC thinks ISPs should do a better job preventing fraud, theft
Internet fraud and theft are major problems, there seems to be little doubt about that -- according to FCC chairman Julius Genachowski, some 8.4 million credit card numbers are stolen every year. The question, then, is who should be addressing the issue. Genachowski this week called for "smart, practical, voluntary solutions," asking internet service providers to put more effort into helping prevent data theft, hacks and other issues, or risk having "consumers lose trust in the internet," thereby "suppress[ing] broadband adoption and online commerce and communication." The chairman asked ISPs to help avoid hijacking through more efficient traffic routes and to instate DNSSEC to help weed out fraudulent sites.
Sony offering free identity theft coverage for PS3 users
Sony has officially announced specifics of the complimentary identity theft protection program it's extending to customers in the wake of its well-publicized security breach. Corporate communications director Patrick Seybold outlines the details in a new post on the official PlayStation blog. Sony has partnered with Debix, Inc., and gamers will be able to take advantage of the latter company's AllClearID Plus program for 12 months at no cost. Sony will be sending out activation emails over the next few days, and you'll need to redeem your code by June 18th to participate. Seybold notes that this program is only valid for account holders in the United States, and Sony is currently "working to make similar programs available in other countries/territories." The AllClearID Plus program includes cyber monitoring and surveillance designed to detect exposure of personal information, priority access to licensed investigators and ID restoration specialists, and a $1 million insurance policy.
Why Apple's "walled garden" is a good idea
Many developers and users of Apple's iOS devices bemoan the "walled garden" of the App Store approval process, but it appears that the company's measures have prevented mass data theft from iPhones, and iPads. At the Black Hat security conference being held in Las Vegas this week, mobile security firm Lookout announced that an app distributed in Google's Android Market had collected private information from millions of users, then forwarded it to servers in China. Worse than that, the exact number of affected users isn't known, since the Android Market doesn't provide precise data. Estimates are that the app was downloaded anywhere from 1.1 million to 4.6 million times. The app appeared to simply load free custom background wallpapers, but in fact collected a user's browsing history, text messages, the SIM card number, and even voice mail passwords, and then sent the data to a web site in Shenzen, China. This is different from the recent AT&T website leak that could have let a hacker access 144,000 iPad 3G user email addresses, since in this case the data theft actually did happen, was being perpetrated by malicious hackers, involves much more personal information, and affected many more people. So what's the difference between the security methodologies used by Google and Apple? Apple approves iOS apps only after they've gone through a strict (and frustrating to developers) process, while Google's Android Market simply warns the user that an app needs permission to perform certain functions during the installation. iOS apps must be signed by an Apple-created certificate, which means that malicious developers have a harder time distributing malware anonymously. Lookout also noted that iOS remains virus-free, since third-party apps can only be distributed through Apple's heavily-moderated App Store, and the apps run in a sandbox environment where they can't affect the system. Lookout chief executive John Hering said that "he believes both Google and Apple are on top of policing their app stores." It's just those odd cases where apps don't do what they're advertised to do that can cause problems for users. [via AppleInsider]
Lenovo ThinkPads to freeze when texted, deter thieves from getting the goods
We've seen some pretty sophisticated laptop security measures out here in the volatile civilian world, but Lenovo's taking things all top secret with its new Constant Secure Remote Disable feature. Slated to hit select ThinkPads in Q1 2009, the Phoenix Technologies, um, technology enables specially equipped notebooks to become utterly worthless if stolen -- so long as the owner remembers to text in the emergency code, that is. You see, with the Remote Disable function, proper owners can send an SMS to their missing WWAN-enabled machine in order to make it inoperable; the lappie then sends a message back to confirm that it's currently irritating the daylights out of a wannabe data thief. 'Course, said thief can track you down and implement all manners of torture to get you to reactivate it, but we suppose that's the risk you take with that sort of lifestyle. Full release after the break.
Elecom intros skim prevention kit for wallet, cellphone
If you're down with the whole "swipeless" idea, but don't much dig the potential lack of security associated with it, Elecom's coming to the rescue in an attempt to put your paranoia to rest. The Skim Black I lineup of gear consists of a thin, wallet-based card and a not-so-elegant adornment for cellphones (pictured after the jump), both of which eliminate snoopers from jacking your precious information (or identity) by cutting off a reported 99.9-percent of radio waves. To be effective, the skim prevention card must be close to any swipeless cards in your wallet or pocket, while the bulkier SKM-K001 needs to be stuck on the rear of your mobile to effectively destroy the hopes of data thieves (and all stylistic appeal your handset previously had). Both units should be hitting Japan any day, and while the SKM-C001 wallet card will run you ¥1,260 ($11), the cellphone guardian will demand ¥2,310 ($20).[Via AkihabaraNews]
