Group items tagged

It's not exactly what anyone might expect to find at a garbage dump in Ghana. Journalism students from the University of British Columbia discovered intact hard drives containing secret international security data and personal information at a digital dumping ground in Ghana, said their teacher, Peter Klein. Mr. Klein, a producer for the PBS television program Frontline and an Emmy Award winning journalist, said the drives included information about U.S. Homeland Security and Pentagon defence contracts as well as social security numbers, credit card numbers, and family photos. The dumps are frequented by criminal gangs in the country, he said. The findings are part of a project by Mr. Klein's graduate students investigating electronic waste, or e-waste. The team also travelled to Guiyu, China, and India, piecing together the afterlife of discarded computers, drives and parts. To find out if cyber criminals could get information stored on the computers, the students bought several hard drives from vendors near the Ghana dumps to test at home in Vancouver. One of the drives came from Northrop Grumman, a large U.S. military contractor. It contained "details about sensitive, multimillion-dollar U.S. government contracts" as well as contracts with the defence intelligence agency and NASA, according to a synopsis of the project on the PBS website.

Every time you get online, your privacy comes under attack. Whether it's an overbearing End User License Agreement, contact forms, or just website cookies, there are literally millions of ways that you can let your private information slip away online. One of the best ways to fight invasions of your privacy is to get informed and learn how to prevent it. Read on to find advice, organizations, and other resources that can help you keep your privacy safe online. Guides & Articles These resources have specific advice and information for protecting your online privacy. 1. EFF's Top 12 Ways to Protect Your Online Privacy: Read this guide from the Electronic Frontier Foundation to learn how you can protect private information online. 2. Frequently Asked Questions about Online Privacy: Get answers to questions about online privacy and safety from this resource. 3. Is Your PC Watching You? Find Out!: This article from CNN will help you figure out if your privacy is being violated through your PC. 4. Nameless in Cyberspace: Anonymity on the Internet: Find out why the right to anonymity online is so important to have by reading this article. 5. Consumer Privacy Guide: The Consumer Privacy Guide offers a variety of resources and information for protecting your privacy online. 6. This Email Will Self-Destruct: Learn about email security measures that you can take to protect your privacy. 7. Anti-Spam Resources: Visit this guide to learn how to stop receiving junk email. 8. All About Internet Privacy and Security: Read this guide to learn about security terms and Internet privacy settings. 9. Online Privacy: The Complete Guide to Protect You: WebUpon's guide discusses steps you can take to protect your online privacy. 10. Social Networking and Safety Online: Read this guide to learn how to practice common sense on social networking sites. 11. Internet privacy: Wikipedia's entry on Internet privacy offers a broad view at staying private o

"With a lot of prodding from the Federal Trade Commission, the Internet advertising industry has committed to telling Web site users about how they collect and use data to customize the ads they display. And it has agreed to find a more prominent and clear way to do this than the cryptic privacy policies you can find if you click a tiny link at the bottom of many Web pages. But how do you communicate something very complex in a way that is clear but doesn't bog down people who just want to check the latest sports scores?"

The global economic crisis has become the biggest near-term U.S. security concern, sowing instability in a quarter of the world's countries and threatening destructive trade wars, U.S. intelligence agencies reported on Thursday. The director of national intelligence's annual threat assessment also said al Qaeda's leadership had been weakened over the last year. But security in Afghanistan had deteriorated and Pakistan had to gain control over its border areas before the situation could improve. "The financial crisis and global recession are likely to produce a wave of economic crises in emerging market nations over the next year," said the report. A wave of "destructive protectionism" was possible as countries find they cannot export their way out of the slump. "Time is our greatest threat. The longer it takes for the recovery to begin, the greater the likelihood of serious damage to U.S. strategic interests," the report said. The report represents the findings of all 16 U.S. intelligence agencies and serves as a leading security reference for policymakers and Congress. Besides reviewing adversaries, it also considered this year the security impact of issues including climate change and the economy. It said a quarter of countries have already experienced at least "low-level" instability, such as government changes, linked to the economy.

Financial fraud last year caused 7.5 percent of all adults in the United States to lose money, largely because of data breaches. That's the finding of a survey conducted by Stamford, Conn. research firm Gartner. The survey polled 5,000 U.S. adults and also found that when compared with average consumers, nearly twice as many people who lost money to fraud changed their shopping, payment, and e-commerce behavior. In particular, victims of electronic checking and/or savings account transfer fraud were nearly five times more likely to change banks because of security concerns. "Fraud victims are also more cautious about which brick-and-mortar stores they shop at and how they pay for goods when they get there, demonstrating more awareness of the risk of data breaches," said Avivah Litan, vice president and distinguished analyst at Gartner, in a news release. High-tech crimes, such as data breaches (which typically involve hacking into enterprise systems) and phishing attacks against consumers, are the most prevalent causes of payment card fraud. Gartner found that financial losses were highest with new-account, credit card and brokerage fraud, with average losses per incident totaling $1,097, $929 and $900, respectively. However, victims of brokerage, credit card and debit/ATM card fraud find it easiest to recover their losses, receiving an average of 100 percent, 86 percent, and 77 percent of the funds stolen, respectively.

I was at an advertising conference last week. Some folks are concerned that privacy advocates will press the government to regulate the most common of tracking technologies: behavioral targeting. That's the system that drops a cookie onto our computers to record many of our wanderings through the Web in hopes of targeting us with relevant ads. I had just written The Next Net, about how we'll be tracked on the mobile Internet. And I was thinking that if behavior targeting worries people, the data cascading from our phone use will terrify them. But there are also plenty of reasons to worry about regulation. First, there's a divide in our society between people extremely worried about erosion of privacy and others who appear, with their Web postings, videos and Tweets, to celebrate it. Which group wins? They both can. Take a look at this new friend-finding location-based application for Facebook, Locaccino. It comes out of Carnegie Mellon. The idea is that people can fine-tune their privacy profiles, deciding who can see where exactly they are, and who gets a blurrier vision, or none at all. The point is that millions of people are clearly eager to exchange all sorts of data. It's a way for them to learn, make friends, find things, and have fun. What's more, it supports a vibrant and innovative software market in a gloom-infested tech industry. Some of the innovation will go toward protecting privacy. Because privacy is something that both sides of this debate want and need, even if they don't agree on what it is. Regulations? The most important privacy regs, in my view, should mandate clear communications on how customer data will be used, and will limit tracking to those who have chosen to participate.

Cloud services are now vulnerable to malicious use, a security company has suggested, after a techie worked out how Amazon's EC2 service could be used as a BitTorrent file harvester and host. Amazon's Elastic Compute Cloud (EC2) is a web service software developers can use to access computing, compilation and software trialling power on a dynamic basis, without having to install the resources locally. Now a developer, Brett O'Connor, has come up with a step-by-step method for using the same service to host an open source BitTorrent application called TorrentFlux. Getting this up and running on Amazon would require some technical know-how, but would be within the reach of a moderately experienced user, right down to following O'Connor's command line low-down on how to install the public TorrentFlux app straight to Amazon's EC2 rather than a user's local machine. Finding an alternative way of using BitTorrent matters to hardcore file sharers because ISPs and admins alike are increasingly keen to block such bandwidth-eating traffic on home and business links, and O'Connor's EC2 guide was clearly written to that end - using the Amazon service would make such blocking unlikely. "I created a web-based, open-source Bittorrent 'machine' that liberated my network and leveraged Amazon's instead," says O'Connor. He then quips "I can access it from anywhere, uploading Torrent files from wherever, and manage them from my iPhone." However, security company GSS claims the guide shows the scope for possible abuse, using EC2 to host or 'seed' non-legitimate BitTorrent file distribution. "This means, says Hobson, that hackers and other interested parties can simply use a prepaid (and anonymous) debit card to pay the $75 a month fee to Amazon and harvest BitTorrent applications at high speed with little or no chance of detection," said David Hobson of GSS. "The danger here is that companies may find their staff FTPing files from Amazon EC2 - a completely legitimate domain -

While the recession injured many industries in 2008, health care was one of the few bright spots in the employment picture, growing by 372,000 jobs last year, according to the U.S. Bureau of Labor Statistics' January 2009 Employment Situation Summary. The large aging population has health care employers in need of qualified workers: stat. Therefore, despite the current economic conditions, health care employers will continue to increase staff in 2009, according to CareerBuilder.com's annual health care hiring forecast, conducted online within the U.S. by Harris Interactive. Close to one-in-five (17 percent) of large health care employers (50 or more employees) plan to increase the number of full-time, permanent employees in 2009, while 67 percent foresee either making no change in the number of employees or are unsure. Sixteen percent plan to decrease the number of employees. "The health care industry continues to boast high demand for qualified workers. Employers are reacting to this need by continuing strong recruiting efforts this year," says Jason Ferrara, vice president of corporate marketing for CareerBuilder.com. "Half of health care employers, the highest among industries we surveyed, have open positions for which they can't find qualified candidates. In response, health care employers will have to adjust their recruitment and retention strategies to find and keep top talent."

As your day ticks by, it seems that everything you do can leave a data trail. From your purchases online to the resumes you post, to health care transactions made with your insurance cards, you probably are exposing your own personal data to possible snooping, fraud, or identify theft. "Having so much sensitive information available makes it even more difficult for other organizations to release information that is effectively anonymous," says Latanya Sweeney, associate professor of computer science, technology and policy, and director of Carnegie Mellon's Data Privacy Lab. Sweeney demonstrated that birth date, gender and 5-digit ZIP code is enough to identify 87 percent of people in the U.S. One year ago, Sweeney started to pull together a group of faculty who were looking at issues relating to privacy and security, and working toward possible solutions. In the Internet age, few areas of our private lives-and what U.S. Supreme Court Justice Louis Brandeis called "the right to be left alone"- remain untouched by technology. Lorrie Cranor, associate research professor in the School of Computer Science, and director of Carnegie Mellon's Usable Privacy and Security Laboratory, describes Carnegie Mellon as "the place to be for privacy research." She explains, "There's a concentration of researchers and experts here that you just don't find at any other university." So how do these Carnegie Mellon experts suggest you protect yourself when you find the information technology that drives your everyday life to be more sophisticated than you are? Here is a sample of some of their creative solutions-your wake-up call for keeping your data "self" both private and secure.

Hundreds of medical records kept by a longtime Acton family doctor who abruptly closed his practice last year are about to be destroyed, leaving patients without crucial information and exposing a gap in state law about who owns abandoned medical records. On April 8, a Lynn storage company is scheduled to discard the records and auction the equipment left by Dr. Ronald T. Moody, who was evicted from his office last September as state regulators pursued him, saying he was practicing without a license. Many of Moody's former patients have no idea that their records are slated for destruction: None has been notified, nor does the law require such notice. "We throw people's lives away on a daily basis, and, believe me, we go out of our way to try and find someone" to salvage belongings, said Jim Appleyard, owner of the storage company that was hired by Moody's former landlord to clean out the office and store the items for six months, as required by law. But the idea of dumping hundreds of patients' files without them knowing about it bothered Appleyard. Unable to find Moody, he contacted the state Board of Registration in Medicine and pleaded to take the dozens of boxes of records. The board regulates doctors and administers rules governing medical records of physicians in private and group practices.

Every day for one hour, Olympic-level athletes all over the world have an appointment they cannot break. The swimmer Dara Torres, a 12-time Olympic medalist, squeezes her hour into training, running errands and caring for her 3-year-old daughter. The curler Nicole Joraanstad schedules her hour at dawn, but says it often interrupts her sleep. The Olympic decathlon champion Bryan Clay makes himself available at night, when he is most likely to be home with family. Since Jan. 1, Olympic-level athletes have had to schedule their daily availability - hour and place - three months in advance so drug testers can find them, according to new World Anti-Doping Agency rules. And violating those rules can have serious repercussions. Three missed drug tests within an 18-month period during an athlete's appointed hour count as a positive drug test and can result in a one- to two-year ban from competition. Because the element of surprise is crucial to effective testing, athletes are also subject to random out-of-competition tests at any time. And they are tested at competitions. Jacques Rogge, the president of the International Olympic Committee said, "Sports today has a price to pay for suspicion." But some athletes say the rules have gone too far. "It's absolutely too much," Torres said in a telephone interview. "Why make this more cumbersome when we do so much already? We're at the point where we have to find a middle ground." Never before has there been so much protest regarding out-of-competition testing. Athletes in nearly every sport as well as organizations like FIFA, soccer's international governing body, have publicly criticized the doping agency's regulations. At least one lawsuit challenging the rules is in court. Sixty-five Belgian athletes, including the world-class Quick Step cycling team and its star Tom Boonen, filed a class-action lawsuit claiming that the new rules violate European privacy laws.

As online shopping becomes a greater force each year, the behavior of online shoppers becomes more and more scrutinized. Ad net AudienceScience, a key scrutinizer, announced today the findings of a commissioned study conducted on its behalf by JupiterResearch designed to measure the receptiveness of online shoppers to behavioral targeting. And the survey says: They like it -- at least that they are more responsive to ads that are behaviorally targeted than those that are contextually targeted. And they were pretty clear about it, with 65 % responding that they are more receptive to BT, and only 35% saying they paid more attention to contextual ads. "Since its inception, behavioral targeting has been an evolution of contextual advertising, and these findings are testament to its power to more effectively engage with consumers on their own level," said Marla R. Schimke, VP of Marketing, AudienceScience. "If we conduct the same study in a year, five years, ten years, I believe we'll see this already substantial gap between the two continue to widen as more and more brands and marketers realize that they can use behavioral targeting to specifically target their ideal customer."

Online spying or behavioral targeting?

A question: If you have 347 followers on the Twitter microblogging service, what are the chances that they'll click on the same online ad you clicked on last night? Advertisers are dying to know. Or, say you and a colleague exchange e-mails on a Saturday night. Can managers assume that you have a tight working relationship? Researchers at IBM and Massachusetts Institute of Technology are investigating. Friendships aren't what they used to be. We now have tools, from e-mail to social networks, to keep in touch with people who a decade ago would have drifted into distant memories. Practically every hand we shake and every business card we exchange can lead to an invitation, sometimes within minutes, for a "friendship" on LinkedIn or Facebook. And unless we sever them, these ties could linger for the rest of our lives. What do these relationships say about us and the people in our networks? Companies armed with rich new data and powerful computers are beginning to explore these questions. They're finding that digital friendships speak volumes about us as consumers and workers, and decoding the data can lead to profitable insights. Calculating the value of these relationships has become a defining challenge for businesses and individuals. Marketers are leading the way. They're finding that if our friends buy something, there's a better-than-average chance we'll buy it, too. It's a simple insight but one that could lead to targeted messaging in an age of growing media clutter.

Concerned that Google knows too much about you? The company provides many ways to protect your privacy online -- you just need to find them. Here are six good ones. 1. Know your privacy rights: Use the Google Privacy Center. This site includes all of Google's privacy policies, as well as privacy best practices for each of its products and services. Although the "legalese" of privacy policies can be difficult to understand, Google's Privacy Channel offers a library of short YouTube videos with practical tips on protecting your data when using Google products and services. Try the "Google Search Privacy" and "Google Privacy Tips" series. 2. Protect your content on the services you use. Some content that Google stores for you, such as photos uploaded in Picasa Web Albums, are public by default. You can protect your privacy when you upload photos by choosing the appropriate checkbox. Choices include "unlisted" (accessible only if you have the Web link, and not indexed by Web search engines) or private (viewable only by named users who must sign in). Another example: You can take a Google Chat "off the record" if you don't want the instant messaging transcript stored. In contrast, Google Latitude, which tracks your whereabouts by way of GPS-enabled cell phones, does not share your location data by default. You must authorize others to see it. Latitude stores your last known location, but not your history. 3. Turn off the suggestion feature in the Chrome browser. By default, Chrome retains a history of Web sites you've visited -- and the full text of those pages -- so it can try to guess which Web address you want as you type in the "Omnibox." You can turn the feature off by going to "Under the Hood" under Options and unchecking the "Use a suggestion service" box. You can also select other privacy options, including surfing in Chrome's "incognito" mode. 4. Turn off Web History. You may have turned on the Web History option, also called Personalized Search, when yo

A very heated reaction has followed the interview I conducted yesterday with Robert Carr, CEO of Heartland Payment Systems. One reader even said the resulting Q&A made his "blood boil." Why the outrage? Because Carr did something a lot of people find unacceptable. He threw someone else under the proverbial bus for his company's failure to keep customer credit and debit card numbers out of evil hands. Specifically, he thrust an angry finger at the QSAs who came in to inspect the security controls Heartland had in place to meet the requirements of PCI security. In the article, [Heartland CEO on Data Breach: QSAs Let Us Down] Carr said, "The audits done by our QSAs (Qualified Security Assessors) were of no value whatsoever. To the extent that they were telling us we were secure beforehand, that we were PCI compliant, was a major problem. The QSAs in our shop didn't even know this was a common attack vector being used against other companies. We learned that 300 other companies had been attacked by the same malware. I thought, 'You've got to be kidding me.' That people would know the exact attack vector and not tell major players in the industry is unthinkable to me. I still can't reconcile that." That one comment brought down the house, and not in a favorable way. "I just read Bill Brenner's interview with Heartland Payment Systems' CEO Bob Carr and truthfully, my blood is boiling," Mike Rothman, SVP of strategy at eIQnetworks and chief blogger at Security Incite wrote in a counterpoint piece CSOonline ran today. "Basically, he's throwing his QSA under the bus for the massive data breach that happened under his watch. Basically, because the QSA didn't find anything, therefore he should be off the hook. I say that's a load of crap."

A typical lost or stolen laptop costs employers $49,246, mostly due to the value of the missing intellectual property or other sensitive data, according to an Intel-commissioned study made public Wednesday. "It is the information age, and employees are carrying more information on their laptops than ever before," according to an analysis done for Intel by the Michigan-based Ponemon Institute, which studies organizational data-management practices. "With each lost laptop there is the risk that sensitive data about customers, employees and business operations will end up in the wrong hands." The five-month study examined 138 laptop-loss cases suffered over a recent 12-month period by 29 organizations, mostly businesses but also a few government agencies. It said laptops frequently are lost or stolen at airports, conferences and in taxis, rental cars and hotels. About 80 percent of the typical cost - or a little more than $39,000 - was attributed to what the report called a data breach, which can involve everything from hard-to-replace company information to data on individuals. Companies then often incur major expenses to prevent others from misusing the data. Lost intellectual property added nearly $5,000 more to the average cost. The rest of the estimated expense was associated with such things as investigative costs, lost productivity and replacing the laptop. Larry Ponemon, the institute's chairman and Advertisement founder, said he came up with the cost figure based on his discussions with the employers who lost the laptops. When he later shared his findings with the companies and government agencies, he said, some of their executives expressed surprise at the size of the average loss. But he noted that one of the employers thought the amount could have been even higher.

The team that ran the most technologically advanced presidential campaign in modern history is finding it difficult to adapt that model to government. WhiteHouse.gov, envisioned as the primary vehicle for President Obama to communicate with the online masses, has been overwhelmed by challenges that staffers did not foresee and technological problems they have yet to solve. Obama, for example, would like to send out mass e-mail updates on presidential initiatives, but the White House does not have the technology in place to do so. The same goes for text messaging, another campaign staple. Beyond the technological upgrades needed to enable text broadcasts, there are security and privacy rules to sort out involving the collection of cellphone numbers, according to Obama aides, who acknowledge being caught off guard by the strictures of government bureaucracy. "This is uncharted territory," said Macon Phillips, White House director of new media, which was a midlevel position in previous administrations but has been boosted by Obama to a "special assistant to the president."

Companies in the technology, media and telecommunications industries (TMT) significantly reduced investment in security spending in 2008, according to a new survey from Deloitte Touche Tohmatsu. The third edition of the Deloitte TMT Global Security Survey reveals that 32 percent of respondents reduced their information security budgets, while 60 percent of respondents believe they are "falling behind" or still "catching up" to their security threats -- a significant increase from 49 percent over the previous year. "This year's results indicate companies are explicitly scaling back. With funding decreasing and the threats increasing, it is more important than ever for TMT companies to be highly cost efficient in addressing their security risks," said Irfan Saif, a principal in Deloitte & Touche LLP's Audit and Enterprise Risk Services practice. "Companies that do not have a sound understanding of their security risk profile, or who under-invest in security now, may find themselves exposed to significant and increasingly sophisticated threats that they are not equipped to mitigate." With the proliferation of digitized assets, security should claim a significant portion of a company's overall IT budget. However, only 6 percent of respondents allocate 7 percent or more of their total budget to IT security. This year represents a significant decline from the previous edition of the survey, which showed that 36 percent of the respondents allocated 7 percent or more of their budget to IT security. The survey also indicates that declining security investment is hindering adoption of new security technologies, with only 53 percent of respondents considering their organizations to be early adopters, or part of the early majority, down from 67 percent in 2007. Companies are focusing more effort on optimizing solutions that are already in place rather than investing in cutting-edge technology that can be capitalized upon during economic recovery.