Saturday, May 28, 2005
Bank Of America Fights Phishing With New Authentication
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
By Gregg Keizer, TechWeb News
Bank of America, plagued by phishers targeting its 13.2 million online banking customers, on Thursday debuted a new two-factor, two-way authentication scheme in an attempt to deflect identity theft and reduce fraud.
Dubbed SiteKey, the free service allows customers to pick an image, write a brief phrase, and select three challenge questions. The information is then passed back and forth between the customer and Bank of America to confirm each other's identity. SiteKey will debut in Tennessee, said the Charlotte, N.C.-based bank, and roll out nationwide by the end of the year.
By Gregg Keizer, TechWeb News
Bank of America, plagued by phishers targeting its 13.2 million online banking customers, on Thursday debuted a new two-factor, two-way authentication scheme in an attempt to deflect identity theft and reduce fraud.
Dubbed SiteKey, the free service allows customers to pick an image, write a brief phrase, and select three challenge questions. The information is then passed back and forth between the customer and Bank of America to confirm each other's identity. SiteKey will debut in Tennessee, said the Charlotte, N.C.-based bank, and roll out nationwide by the end of the year.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Friday, May 27, 2005
Broadband Over Power Lines Makes Debut
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
Until now, if consumers wanted broadband access, they were faced with two choices --- cable or DSL modems.
As the news this week shows, all that is about to change. Motorola announced a wireless broadband-over-powerline solution designed to allow the utility industry to provide high-speed access to customer homes. The solution should be a significant competitor to existing ones: Motorola cites a study that claims as many as 13 million U.S. households remain unable to receive broadband services from traditional cable modem or DSL providers, and says that its solution can bring the power of broadband to cities and municipalities underserved by current broadband providers.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Thursday, May 26, 2005
Fed Shuts Down STAR WARS Pirate Sites
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
A group of federal law enforcement agencies has shut down a file-sharing network that was distributing "STAR WARS Episode III: Revenge of the Sith." The Elite Torrents network, which uses hard-to-trace BitTorrent peer-to-peer technology to distribute files to users, had been offering the STAR WARS movie for free since the day it hit theatres. Authorities say the movie was downloaded over 10,000 times in the first 24 hours. But fear not, STAR WARS fans: "Sith" still broke box office records in its first weekend of availability and is on track to become one of the biggest movie blockbusters of all time. I guess it helps when the movie gets great reviews and is eagerly awaited by a geeky group of fanboys that make the nerds in the computer industry look cool by comparison.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Tuesday, May 24, 2005
Windows XP: Brooklyn Edition
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
Dear Consumas:
It has come ta our attention dat a coupola copies of the WINDOWS
XP/BROOKLYN EDITION may have accidentally bin shipped outsida Broooklyn.
If ya got one a dese, you may need some help understandin' da commands.
Da Brooklyn edition may be recognized by da unique openin' screen. It
reads:
"WINDAS XP," wit a background picture of Grand Army Plaza. When you start
da program, instead of da usual "harpy, stringy" music, you hear da teme
from da Godfadda. It is also shipped wit a Sopranos screen sava.
Please also note:
Recycle Bin is labeled "Staten Island."
My Computer is called "My Friggin' Computa."
The Inbox is referred to as "Da Trunk."
Deleted Items are referred to as "Wacked," "Erased," or "Rubbed Out."
Dial up Networking is called "Da Bar."
Control Panel is known as the "Da Bosses."
Performin' an "illegal operation" is known as "enhancin' the family
business" and will actually maximize da program instead of shuttin' it
down.
Hard Drive is referred to as "Da BQE Rush Hour." (For you rednecks the BQE
is the Brooklyn-Queens Expressway, New York City's idea of a highway. With
all the potholes it's more like a minefield.)
Instead of an error message a "You ain't gonna friggin' believe dis!" pops
up.
CHANGES IN TERMINOLOGY IN DA BROOKLYN EDITION:
OK...........Sure ting
Cancel......Fugetaboutit
Reset........Start Ova
Yes..........Yeah
No............Nah
Find..........Put a contract out on
Browse.....Get a looksee
Back.........U toin
Help..........(Ain't available-yous don't need no stinkin' help)
Stop..........Knock it off
Start..........Move it!
Settings.....Here's d' Rules
Also note dat any voice recognition software run on da BROOKLYN EDITION
platform don't recognize da letter "R."
Some programs and udder accessories dat are exclusive to WINDAS XP:
Typa................A word processin' program
Printa...............Printer
Calculata..........Calculator
Solitare.............Seven Card Stud
We regret any inconvenience it may have caused if you received a copy of
da BOOKLYN EDITION. You may return it to Microsoft for a replacement
version.
Yous got a problem wit dat?
BILL ("4 eyes") GATES
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Hackers Holding Computer Files 'Hostage'
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
WASHINGTON - The latest threat to computer users doesn't destroy data or steal passwords — it locks up a person's electronic documents, effectively holding them hostage, and demands $200 over the Internet to get them back.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Common Sense Moves Could Protect Privacy
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
By ELLEN SIMON, AP Technology Writer
NEW YORK - Stealing
Social Security numbers and other sensitive data isn't always a cloak-and-dagger, ultra-sophisticated operation: It's often a low-tech job made easier by carelessness and flimsy safeguards.
Plenty of inexpensive measures can protect data from the large-scale theft that big banks, data merchants and other companies have recently disclosed.
But "security and privacy, for a lot of large organizations, are an afterthought, not a priority," said Evan Hendricks, who publishes the newsletter "Privacy Times."
Consider the latest headache for some large banks:
Wachovia Corp., and Bank of America Corp. say they have notified more than 100,000 customers that their accounts and personal information may be at risk after former bank employees allegedly sold account numbers and balances to a man who then sold them to data collection agencies. Nine people have been arrested in New Jersey in the case.
Or consider MCI Inc.'s privacy problem:
An MCI laptop containing the names and Social Security numbers of 16,500 current and former MCI Inc. employees was stolen last month from the car of an MCI financial analyst in Colorado. The car was parked in the analyst's home garage. The computer was password-protected; the company would not comment on whether the data was encrypted.
Encryption, which is relatively inexpensive, would make all those records all but impossible to access.
After a previous embarrassment, Bank of America Corp. is testing different encryption methods. It lost backup tapes in December containing the Social Security numbers and account information for 1.2 million federal workers, including senators and 900,000 Defense Department employees.
Time Warner Inc. could have avoided a black eye had it encrypted backup tapes containing the names and Social Security numbers of 600,000 current and former employees that were lost by Iron Mountain Inc. The storage service company had been transporting the tapes by van.
After disclosing its loss, Time Warner said it would begin encrypting its employee data. (Iron Mountain, in a press release encouraging encryption, said it performs more than five million pickups and deliveries annually and has lost backup tapes only four times this year).
Such losses go to the heart of information technology security, whose importance is magnified as more data is concentrated in ever smaller packages.
That the backup tapes in the Bank of America case were shipped as commercial air cargo shows the bank didn't understand their worth, said Jim Harper, director of information policy studies at the Cato Institute think tank.
"That's like shipping stock certificates in an envelope," he said. "Personal data is cash money. If you leave it sitting out on a sidewalk, you're making a mistake."
Companies should also clean up their data before sending it to an outside party, said Jim Stickley, chief technology officer at TraceSecurity Inc., a Louisiana security company. Credit unions in San Diego sent their customer databases, including Social Security numbers, to a marketing firm. When the marketing firm was robbed, the numbers were stolen, he said.
Investments in security measures must be weighed against the potential payoff for an attacker, said Dan Geer, chief scientist at Verdasys Inc., a computer security company based in Waltham, Mass.
After a costly data theft by an insider that cost it millions, data broker Acxiom Corp. added a chief security officer, reconfigured its electronic files, added more encryption and increased both internal and customer audits, said Jennifer Barrett, the company's privacy leader.
The insider, contract employee Daniel J. Baas, was sentenced to 45 months in prison in March for stealing encrypted password files. Acxiom said the theft cost it $5.8 million, including employees' time and travel expenses, security audits and encryption software.
Greater scrutiny of clients could have spared ChoicePoint Inc. considerable grief, analysts say.
After ChoicePoint said in February that thieves using stolen identities had created 50 dummy businesses that pulled data including names, addresses and Social Security numbers on as many as 145,000 people, its stock dropped precipitously from $48 a share the day before the announcement to the current price of about $39.
A simple Google search on some of those company names came up empty but ChoicePoint "never had a system in place for really checking them," Hendricks said.
The company should have verified its clients' identities by visiting their offices and looking at their books, said Avivah Litan, vice president for payments and fraud research at Gartner Inc.
ChoicePoint says it has hired a retired Secret Service agent to help revamp its verification process. The data broker has also said it would limit access to Social Security numbers, dates of birth and drivers' license numbers to government agencies and publicly traded companies and would "re-credential" its remaining customers.
Hendricks says tighter screening and monitoring of employees and contractors would help, too, as would training employees to treat data as if they were their own and making them sign contracts promising to do so.
For inside jobs, like those at Bank of America, Wachovia and Acxiom, a well-monitored audit trail, which Hendricks recommends, would also come in handy.
Companies need to take shredding more seriously, too, said Stickley, of TraceSecurity, and limit access to sensitive information.
"An auto dealer shouldn't let any salesman pull a credit report any time they want," Hendricks said. "They should have a small number of people authorized to view very sensitive data."
One simple measure many companies can start with is collecting less information, said Stickley.
When Stickley signed his son up for karate recently, he was asked for his Social Security number, home address and drivers' license number.
"There's no reason for that," he said. "The security at the karate shop is not like a bank."
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Common Sense Moves Could Protect Privacy
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
By ELLEN SIMON, AP Technology Writer
NEW YORK - Stealing
Social Security numbers and other sensitive data isn't always a cloak-and-dagger, ultra-sophisticated operation: It's often a low-tech job made easier by carelessness and flimsy safeguards.
Plenty of inexpensive measures can protect data from the large-scale theft that big banks, data merchants and other companies have recently disclosed.
But "security and privacy, for a lot of large organizations, are an afterthought, not a priority," said Evan Hendricks, who publishes the newsletter "Privacy Times."
Consider the latest headache for some large banks:
Wachovia Corp., and Bank of America Corp. say they have notified more than 100,000 customers that their accounts and personal information may be at risk after former bank employees allegedly sold account numbers and balances to a man who then sold them to data collection agencies. Nine people have been arrested in New Jersey in the case.
Or consider MCI Inc.'s privacy problem:
An MCI laptop containing the names and Social Security numbers of 16,500 current and former MCI Inc. employees was stolen last month from the car of an MCI financial analyst in Colorado. The car was parked in the analyst's home garage. The computer was password-protected; the company would not comment on whether the data was encrypted.
Encryption, which is relatively inexpensive, would make all those records all but impossible to access.
After a previous embarrassment, Bank of America Corp. is testing different encryption methods. It lost backup tapes in December containing the Social Security numbers and account information for 1.2 million federal workers, including senators and 900,000 Defense Department employees.
Time Warner Inc. could have avoided a black eye had it encrypted backup tapes containing the names and Social Security numbers of 600,000 current and former employees that were lost by Iron Mountain Inc. The storage service company had been transporting the tapes by van.
After disclosing its loss, Time Warner said it would begin encrypting its employee data. (Iron Mountain, in a press release encouraging encryption, said it performs more than five million pickups and deliveries annually and has lost backup tapes only four times this year).
Such losses go to the heart of information technology security, whose importance is magnified as more data is concentrated in ever smaller packages.
That the backup tapes in the Bank of America case were shipped as commercial air cargo shows the bank didn't understand their worth, said Jim Harper, director of information policy studies at the Cato Institute think tank.
"That's like shipping stock certificates in an envelope," he said. "Personal data is cash money. If you leave it sitting out on a sidewalk, you're making a mistake."
Companies should also clean up their data before sending it to an outside party, said Jim Stickley, chief technology officer at TraceSecurity Inc., a Louisiana security company. Credit unions in San Diego sent their customer databases, including Social Security numbers, to a marketing firm. When the marketing firm was robbed, the numbers were stolen, he said.
Investments in security measures must be weighed against the potential payoff for an attacker, said Dan Geer, chief scientist at Verdasys Inc., a computer security company based in Waltham, Mass.
After a costly data theft by an insider that cost it millions, data broker Acxiom Corp. added a chief security officer, reconfigured its electronic files, added more encryption and increased both internal and customer audits, said Jennifer Barrett, the company's privacy leader.
The insider, contract employee Daniel J. Baas, was sentenced to 45 months in prison in March for stealing encrypted password files. Acxiom said the theft cost it $5.8 million, including employees' time and travel expenses, security audits and encryption software.
Greater scrutiny of clients could have spared ChoicePoint Inc. considerable grief, analysts say.
After ChoicePoint said in February that thieves using stolen identities had created 50 dummy businesses that pulled data including names, addresses and Social Security numbers on as many as 145,000 people, its stock dropped precipitously from $48 a share the day before the announcement to the current price of about $39.
A simple Google search on some of those company names came up empty but ChoicePoint "never had a system in place for really checking them," Hendricks said.
The company should have verified its clients' identities by visiting their offices and looking at their books, said Avivah Litan, vice president for payments and fraud research at Gartner Inc.
ChoicePoint says it has hired a retired Secret Service agent to help revamp its verification process. The data broker has also said it would limit access to Social Security numbers, dates of birth and drivers' license numbers to government agencies and publicly traded companies and would "re-credential" its remaining customers.
Hendricks says tighter screening and monitoring of employees and contractors would help, too, as would training employees to treat data as if they were their own and making them sign contracts promising to do so.
For inside jobs, like those at Bank of America, Wachovia and Acxiom, a well-monitored audit trail, which Hendricks recommends, would also come in handy.
Companies need to take shredding more seriously, too, said Stickley, of TraceSecurity, and limit access to sensitive information.
"An auto dealer shouldn't let any salesman pull a credit report any time they want," Hendricks said. "They should have a small number of people authorized to view very sensitive data."
One simple measure many companies can start with is collecting less information, said Stickley.
When Stickley signed his son up for karate recently, he was asked for his Social Security number, home address and drivers' license number.
"There's no reason for that," he said. "The security at the karate shop is not like a bank."
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Common Sense Moves Could Protect Privacy
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
By ELLEN SIMON, AP Technology Writer
NEW YORK - Stealing
Social Security numbers and other sensitive data isn't always a cloak-and-dagger, ultra-sophisticated operation: It's often a low-tech job made easier by carelessness and flimsy safeguards.
Plenty of inexpensive measures can protect data from the large-scale theft that big banks, data merchants and other companies have recently disclosed.
But "security and privacy, for a lot of large organizations, are an afterthought, not a priority," said Evan Hendricks, who publishes the newsletter "Privacy Times."
Consider the latest headache for some large banks:
Wachovia Corp., and Bank of America Corp. say they have notified more than 100,000 customers that their accounts and personal information may be at risk after former bank employees allegedly sold account numbers and balances to a man who then sold them to data collection agencies. Nine people have been arrested in New Jersey in the case.
Or consider MCI Inc.'s privacy problem:
An MCI laptop containing the names and Social Security numbers of 16,500 current and former MCI Inc. employees was stolen last month from the car of an MCI financial analyst in Colorado. The car was parked in the analyst's home garage. The computer was password-protected; the company would not comment on whether the data was encrypted.
Encryption, which is relatively inexpensive, would make all those records all but impossible to access.
After a previous embarrassment, Bank of America Corp. is testing different encryption methods. It lost backup tapes in December containing the Social Security numbers and account information for 1.2 million federal workers, including senators and 900,000 Defense Department employees.
Time Warner Inc. could have avoided a black eye had it encrypted backup tapes containing the names and Social Security numbers of 600,000 current and former employees that were lost by Iron Mountain Inc. The storage service company had been transporting the tapes by van.
After disclosing its loss, Time Warner said it would begin encrypting its employee data. (Iron Mountain, in a press release encouraging encryption, said it performs more than five million pickups and deliveries annually and has lost backup tapes only four times this year).
Such losses go to the heart of information technology security, whose importance is magnified as more data is concentrated in ever smaller packages.
That the backup tapes in the Bank of America case were shipped as commercial air cargo shows the bank didn't understand their worth, said Jim Harper, director of information policy studies at the Cato Institute think tank.
"That's like shipping stock certificates in an envelope," he said. "Personal data is cash money. If you leave it sitting out on a sidewalk, you're making a mistake."
Companies should also clean up their data before sending it to an outside party, said Jim Stickley, chief technology officer at TraceSecurity Inc., a Louisiana security company. Credit unions in San Diego sent their customer databases, including Social Security numbers, to a marketing firm. When the marketing firm was robbed, the numbers were stolen, he said.
Investments in security measures must be weighed against the potential payoff for an attacker, said Dan Geer, chief scientist at Verdasys Inc., a computer security company based in Waltham, Mass.
After a costly data theft by an insider that cost it millions, data broker Acxiom Corp. added a chief security officer, reconfigured its electronic files, added more encryption and increased both internal and customer audits, said Jennifer Barrett, the company's privacy leader.
The insider, contract employee Daniel J. Baas, was sentenced to 45 months in prison in March for stealing encrypted password files. Acxiom said the theft cost it $5.8 million, including employees' time and travel expenses, security audits and encryption software.
Greater scrutiny of clients could have spared ChoicePoint Inc. considerable grief, analysts say.
After ChoicePoint said in February that thieves using stolen identities had created 50 dummy businesses that pulled data including names, addresses and Social Security numbers on as many as 145,000 people, its stock dropped precipitously from $48 a share the day before the announcement to the current price of about $39.
A simple Google search on some of those company names came up empty but ChoicePoint "never had a system in place for really checking them," Hendricks said.
The company should have verified its clients' identities by visiting their offices and looking at their books, said Avivah Litan, vice president for payments and fraud research at Gartner Inc.
ChoicePoint says it has hired a retired Secret Service agent to help revamp its verification process. The data broker has also said it would limit access to Social Security numbers, dates of birth and drivers' license numbers to government agencies and publicly traded companies and would "re-credential" its remaining customers.
Hendricks says tighter screening and monitoring of employees and contractors would help, too, as would training employees to treat data as if they were their own and making them sign contracts promising to do so.
For inside jobs, like those at Bank of America, Wachovia and Acxiom, a well-monitored audit trail, which Hendricks recommends, would also come in handy.
Companies need to take shredding more seriously, too, said Stickley, of TraceSecurity, and limit access to sensitive information.
"An auto dealer shouldn't let any salesman pull a credit report any time they want," Hendricks said. "They should have a small number of people authorized to view very sensitive data."
One simple measure many companies can start with is collecting less information, said Stickley.
When Stickley signed his son up for karate recently, he was asked for his Social Security number, home address and drivers' license number.
"There's no reason for that," he said. "The security at the karate shop is not like a bank."
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Common Sense Moves Could Protect Privacy
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
By ELLEN SIMON, AP Technology Writer
NEW YORK - Stealing
Social Security numbers and other sensitive data isn't always a cloak-and-dagger, ultra-sophisticated operation: It's often a low-tech job made easier by carelessness and flimsy safeguards.
Plenty of inexpensive measures can protect data from the large-scale theft that big banks, data merchants and other companies have recently disclosed.
But "security and privacy, for a lot of large organizations, are an afterthought, not a priority," said Evan Hendricks, who publishes the newsletter "Privacy Times."
Consider the latest headache for some large banks:
Wachovia Corp., and Bank of America Corp. say they have notified more than 100,000 customers that their accounts and personal information may be at risk after former bank employees allegedly sold account numbers and balances to a man who then sold them to data collection agencies. Nine people have been arrested in New Jersey in the case.
Or consider MCI Inc.'s privacy problem:
An MCI laptop containing the names and Social Security numbers of 16,500 current and former MCI Inc. employees was stolen last month from the car of an MCI financial analyst in Colorado. The car was parked in the analyst's home garage. The computer was password-protected; the company would not comment on whether the data was encrypted.
Encryption, which is relatively inexpensive, would make all those records all but impossible to access.
After a previous embarrassment, Bank of America Corp. is testing different encryption methods. It lost backup tapes in December containing the Social Security numbers and account information for 1.2 million federal workers, including senators and 900,000 Defense Department employees.
Time Warner Inc. could have avoided a black eye had it encrypted backup tapes containing the names and Social Security numbers of 600,000 current and former employees that were lost by Iron Mountain Inc. The storage service company had been transporting the tapes by van.
After disclosing its loss, Time Warner said it would begin encrypting its employee data. (Iron Mountain, in a press release encouraging encryption, said it performs more than five million pickups and deliveries annually and has lost backup tapes only four times this year).
Such losses go to the heart of information technology security, whose importance is magnified as more data is concentrated in ever smaller packages.
That the backup tapes in the Bank of America case were shipped as commercial air cargo shows the bank didn't understand their worth, said Jim Harper, director of information policy studies at the Cato Institute think tank.
"That's like shipping stock certificates in an envelope," he said. "Personal data is cash money. If you leave it sitting out on a sidewalk, you're making a mistake."
Companies should also clean up their data before sending it to an outside party, said Jim Stickley, chief technology officer at TraceSecurity Inc., a Louisiana security company. Credit unions in San Diego sent their customer databases, including Social Security numbers, to a marketing firm. When the marketing firm was robbed, the numbers were stolen, he said.
Investments in security measures must be weighed against the potential payoff for an attacker, said Dan Geer, chief scientist at Verdasys Inc., a computer security company based in Waltham, Mass.
After a costly data theft by an insider that cost it millions, data broker Acxiom Corp. added a chief security officer, reconfigured its electronic files, added more encryption and increased both internal and customer audits, said Jennifer Barrett, the company's privacy leader.
The insider, contract employee Daniel J. Baas, was sentenced to 45 months in prison in March for stealing encrypted password files. Acxiom said the theft cost it $5.8 million, including employees' time and travel expenses, security audits and encryption software.
Greater scrutiny of clients could have spared ChoicePoint Inc. considerable grief, analysts say.
After ChoicePoint said in February that thieves using stolen identities had created 50 dummy businesses that pulled data including names, addresses and Social Security numbers on as many as 145,000 people, its stock dropped precipitously from $48 a share the day before the announcement to the current price of about $39.
A simple Google search on some of those company names came up empty but ChoicePoint "never had a system in place for really checking them," Hendricks said.
The company should have verified its clients' identities by visiting their offices and looking at their books, said Avivah Litan, vice president for payments and fraud research at Gartner Inc.
ChoicePoint says it has hired a retired Secret Service agent to help revamp its verification process. The data broker has also said it would limit access to Social Security numbers, dates of birth and drivers' license numbers to government agencies and publicly traded companies and would "re-credential" its remaining customers.
Hendricks says tighter screening and monitoring of employees and contractors would help, too, as would training employees to treat data as if they were their own and making them sign contracts promising to do so.
For inside jobs, like those at Bank of America, Wachovia and Acxiom, a well-monitored audit trail, which Hendricks recommends, would also come in handy.
Companies need to take shredding more seriously, too, said Stickley, of TraceSecurity, and limit access to sensitive information.
"An auto dealer shouldn't let any salesman pull a credit report any time they want," Hendricks said. "They should have a small number of people authorized to view very sensitive data."
One simple measure many companies can start with is collecting less information, said Stickley.
When Stickley signed his son up for karate recently, he was asked for his Social Security number, home address and drivers' license number.
"There's no reason for that," he said. "The security at the karate shop is not like a bank."
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Common Sense Moves Could Protect Privacy
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
By ELLEN SIMON, AP Technology Writer
NEW YORK - Stealing
Social Security numbers and other sensitive data isn't always a cloak-and-dagger, ultra-sophisticated operation: It's often a low-tech job made easier by carelessness and flimsy safeguards.
Plenty of inexpensive measures can protect data from the large-scale theft that big banks, data merchants and other companies have recently disclosed.
But "security and privacy, for a lot of large organizations, are an afterthought, not a priority," said Evan Hendricks, who publishes the newsletter "Privacy Times."
Consider the latest headache for some large banks:
Wachovia Corp., and Bank of America Corp. say they have notified more than 100,000 customers that their accounts and personal information may be at risk after former bank employees allegedly sold account numbers and balances to a man who then sold them to data collection agencies. Nine people have been arrested in New Jersey in the case.
Or consider MCI Inc.'s privacy problem:
An MCI laptop containing the names and Social Security numbers of 16,500 current and former MCI Inc. employees was stolen last month from the car of an MCI financial analyst in Colorado. The car was parked in the analyst's home garage. The computer was password-protected; the company would not comment on whether the data was encrypted.
Encryption, which is relatively inexpensive, would make all those records all but impossible to access.
After a previous embarrassment, Bank of America Corp. is testing different encryption methods. It lost backup tapes in December containing the Social Security numbers and account information for 1.2 million federal workers, including senators and 900,000 Defense Department employees.
Time Warner Inc. could have avoided a black eye had it encrypted backup tapes containing the names and Social Security numbers of 600,000 current and former employees that were lost by Iron Mountain Inc. The storage service company had been transporting the tapes by van.
After disclosing its loss, Time Warner said it would begin encrypting its employee data. (Iron Mountain, in a press release encouraging encryption, said it performs more than five million pickups and deliveries annually and has lost backup tapes only four times this year).
Such losses go to the heart of information technology security, whose importance is magnified as more data is concentrated in ever smaller packages.
That the backup tapes in the Bank of America case were shipped as commercial air cargo shows the bank didn't understand their worth, said Jim Harper, director of information policy studies at the Cato Institute think tank.
"That's like shipping stock certificates in an envelope," he said. "Personal data is cash money. If you leave it sitting out on a sidewalk, you're making a mistake."
Companies should also clean up their data before sending it to an outside party, said Jim Stickley, chief technology officer at TraceSecurity Inc., a Louisiana security company. Credit unions in San Diego sent their customer databases, including Social Security numbers, to a marketing firm. When the marketing firm was robbed, the numbers were stolen, he said.
Investments in security measures must be weighed against the potential payoff for an attacker, said Dan Geer, chief scientist at Verdasys Inc., a computer security company based in Waltham, Mass.
After a costly data theft by an insider that cost it millions, data broker Acxiom Corp. added a chief security officer, reconfigured its electronic files, added more encryption and increased both internal and customer audits, said Jennifer Barrett, the company's privacy leader.
The insider, contract employee Daniel J. Baas, was sentenced to 45 months in prison in March for stealing encrypted password files. Acxiom said the theft cost it $5.8 million, including employees' time and travel expenses, security audits and encryption software.
Greater scrutiny of clients could have spared ChoicePoint Inc. considerable grief, analysts say.
After ChoicePoint said in February that thieves using stolen identities had created 50 dummy businesses that pulled data including names, addresses and Social Security numbers on as many as 145,000 people, its stock dropped precipitously from $48 a share the day before the announcement to the current price of about $39.
A simple Google search on some of those company names came up empty but ChoicePoint "never had a system in place for really checking them," Hendricks said.
The company should have verified its clients' identities by visiting their offices and looking at their books, said Avivah Litan, vice president for payments and fraud research at Gartner Inc.
ChoicePoint says it has hired a retired Secret Service agent to help revamp its verification process. The data broker has also said it would limit access to Social Security numbers, dates of birth and drivers' license numbers to government agencies and publicly traded companies and would "re-credential" its remaining customers.
Hendricks says tighter screening and monitoring of employees and contractors would help, too, as would training employees to treat data as if they were their own and making them sign contracts promising to do so.
For inside jobs, like those at Bank of America, Wachovia and Acxiom, a well-monitored audit trail, which Hendricks recommends, would also come in handy.
Companies need to take shredding more seriously, too, said Stickley, of TraceSecurity, and limit access to sensitive information.
"An auto dealer shouldn't let any salesman pull a credit report any time they want," Hendricks said. "They should have a small number of people authorized to view very sensitive data."
One simple measure many companies can start with is collecting less information, said Stickley.
When Stickley signed his son up for karate recently, he was asked for his Social Security number, home address and drivers' license number.
"There's no reason for that," he said. "The security at the karate shop is not like a bank."
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
U.S. House votes to outlaw computer spyware
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
WASHINGTON (Reuters) - The U.S. House of Representatives on Monday voted to establish new penalties for purveyors of Internet "spyware" that disables users' computers and secretly monitors their activities.
Don't go to nuts, if the law is anything like the law they passed covering spam it a do nothing law.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
