Skip to main content

Home/ CIPP Information Privacy & Security News/ Group items tagged randomized

Rss Feed Group items tagged

Karl Wabst

Social Security Numbers Will Be Randomized | SmartCredit Blog - 0 views

  •  
    On June 25, 2011, the Social Security Administration (SSA) will began assigning random Social Security Numbers (SSN). The current numbering process had been in place since it was created in 1936.
Karl Wabst

Using Facebook and Facial Recognition to ID Random People - Digits - WSJ - 1 views

  •  
    "Using Facebook and Facial Recognition to ID Random People : A professor at Carnegie Mellon conducted a study recently and found that about one third of people he took snapshots of on campus could be identified using Facebook and a facial-recognition technology recently bought by Google. Not only that, but 27% of those folks had information on their Facebook profiles - like birth date or birthplace - that enabled him to correctly predict the first five digits of their Social Security numbers (you know, the part of your Social Security number that's supposed to be totally secret)."
Karl Wabst

Google Voice mails exposed for all to see and hear | Zero Day | ZDNet.com - 0 views

  •  
    "A simple search query has exposed Google Voice mail messages (audio and transcript) for anyone to see and hear. As first reported here, a user entering "site:https://www.google.com/voice/fm/*" into the Google search bar discovered random voice mail messages belonging to random Google Voice accounts (see screenshot below). Clicking on each revealed not only the audio file and transcript of the call, but it also listed the callers name and phone number as it would if you were checking your own Google Voice voice mail. I was able to replicate the issue and listen to several voice mail messages, including some legitimate ones with potentially sensitive information."
Karl Wabst

Unencrypted laptop with 1 million SSNs stolen from state - SC Magazine US - 0 views

  •  
    The Oklahoma Department of Human Services (DHS) is notifying more than one million state residents that their personal data was stored on an unencrypted laptop that was stolen from an agency employee. The computer file contained the names, Social Security numbers, birth dates and home addresses of Oklahoma's Human Services' clients receiving benefits from programs such as Medicaid, child care assistance, nutrition aid and disability benefits, the agency announced Thursday. The computer, which was stolen when a thief broke into the car April 3 after the employee stopped on her way home from work, was password protected, and officials do not believe the burglar realized what he or she was stealing. Therefore, the risk of the data being accessed is minimal, according to the agency. "We feel this was not a situation where someone was targeting the agency or that information," DHS spokeswoman Mary Leaver told SCMagazineUS.com on Friday. "We feel it was random." Leaver said the state Office of Inspector General is conducting an investigation, out of which likely will come a mandatory review of information security policies. However, it is not believed the employee violated existing policy when the incident occurred, she said. News of the theft comes one day after the Ponemon Institute, in conjunction with Intel, released a study that found the average value of a lost laptop is $49,246. About 80 percent of the cost is related to the chance that a breach could occur, the study showed.
Karl Wabst

Survey: Financial crisis fuels identity theft fears - SC Magazine US - 0 views

  •  
    Most Americans believe the world financial crisis has increased their risk of identity theft or related crimes, according to the latest Unisys Security Index. The biannual survey of consumers in nine countries found that more than two-thirds of Americans are "extremely or very concerned" about other people obtaining and using their credit or debit card details -- with 90 percent at least "somewhat concerned." In addition, computer security remains a major concern. More than 40 percent of Americans are extremely or very concerned about security in relation to viruses or unsolicited emails. Three-quarters of Americans believe that the world financial crisis will increase the risk that they will personally experience identity theft or related crimes. More than one-quarter believe that the risk will increase substantially. "Financial security for Americans has moved from third place to front and center, number one," Tim Kelleher, vice president of enterprise security at Unisys, provider of information technology consulting services, told SCMagazineUS.com Monday. "People feel they are much more financially at risk." This has major implications for banks and other financial institutions, as well as internet businesses, he said. "Banks and businesses need to understand that customers are more wary than ever about using services that may compromise their personal data," Kelleher said. "If economic concerns increase these fears, companies need new strategies to strengthen customer confidence through accountability and transparency, which also plays to part of the Obama administration's call to action for government and business." The U.S. Security Index is based on a random telephone survey of 1,004 persons ages 18 and over. The first wave of the study was conducted in August 2007.
  •  
    www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com
Karl Wabst

Get Real - 0 views

  •  
    The reality of any new technology, security or otherwise, rarely lives up to its promise. Once you move past the bright sheen of the product brochures and top-level user interfaces, only the practicalities of implementing the product in the real world remain. This is especially true of newer technologies we have little prior experience with, where our product expectations are defined by marketing, the press, and the rare peer reference. It's only after these tools are tested in the real world, under full production conditions, that we really start learning how to either best implement them, or kick them back to the vendor for a little more polish (and a compelling business use). Data loss prevention (DLP) is one of the most promising, and least understood, security technologies to emerge during the last few years. It dangles promises of ubiquitous content protection before our eyes, with shadows of complexity and costs glooming over its shoulder. As with everything, the reality is somewhere in-between. We've interviewed dozens of DLP users (including our own contacts, random volunteers and vendor references) to find out how DLP works in the trenches of the real world. The result is a collection of lessons learned and use cases to help you avoid common pitfalls while deriving maximum value. Lesson 1: Users are confused by a confusing market Lesson 2: Full DLP solutions take more effort to deploy, but are more effective and easier to manage Lesson 3: Set the right expectations and workflow early Lesson 4: Poor identity management hinders good DLP Lesson 5: False positives are a manageable concern Lesson 6: Progressive deployments are most effective Lesson 7: Endpoint DLP is still more limited than network or discovery Lesson 8: Content discovery is hot
  •  
    www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com
Karl Wabst

18,000 Nashville students' personal data put online | www.tennessean.com | The Tennessean - 0 views

  •  
    Parents of 18,541 Metro Nashville students will receive letters next week outlining a security breach that put their children's Social Security numbers online for three months. Advertisement Boston-based Public Consulting Group Inc., which holds a five-year, $2.6-million-a-year contract with the state to collect student data from various districts, corrected the error March 31 after a parent using Google to search her daughter's name found it - along with personal data for the students and 6,000 parent names. Art Staehling learned Wednesday that his teenage daughter was on the list and said he's concerned what could happen to her identity. "I find it hard to believe that an established company had a problem of this magnitude," Staehling said. The consulting group will pay for parents of affected children to check all family members' credit reports through Experian and for a year of monitoring. One of the group's owners, Stephen Skinner, said the error happened when workers running a test Dec. 28 on random student data inadvertently stored a file to an insecure directory. They discovered the error March 5 and took down the file, which contained student names, gender, race or ethnicity, date of birth, Social Security number and, in some cases, parent names. But they were unaware Google's search engine had already found the file and indexed it. That's how the parent, who is also a Metro schools employee, found out about the breach weeks later. Public Consulting Group worked with Google to take the information down.
Karl Wabst

Fingerprinting Blank Paper Using Commodity Scanners | Freedom to Tinker - 0 views

  •  
    Here's the paper's abstract: This paper presents a novel technique for authenticating physical documents based on random, naturally occurring imperfections in paper texture. We introduce a new method for measuring the three-dimensional surface of a page using only a commodity scanner and without modifying the document in any way. From this physical feature, we generate a concise fingerprint that uniquely identifies the document. Our technique is secure against counterfeiting and robust to harsh handling; it can be used even before any content is printed on a page. It has a wide range of applications, including detecting forged currency and tickets, authenticating passports, and halting counterfeit goods. Document identification could also be applied maliciously to de-anonymize printed surveys and to compromise the secrecy of paper ballots.
Karl Wabst

Fixing the privacy joke - Network World - 0 views

  •  
    The whole idea of privacy has become a joke. On one hand we have consumers who will give away their personal details to random Web sites (as well as to Mrs. Sikiratu Seki Adam, "a widow to Late Saheed Baba Adams") at the drop of a virtual hat, and on the other we have businesses losing personally identifiable information and transaction data with wild abandon … yes, I'm talking about you Heartland Payment Systems. (Heartland lost data on more than 100 million transactions although it is hardly alone - check out the data loss database at the Open Security Foundation). This widespread carelessness has compromised the privacy of tens of millions of consumers and businesses. While carelessness is the cause, what has allowed it to go unchecked are a number of factors: The Internet making transactions easier and faster; the systems we use on the Internet (particularly Windows PCs) being as secure as the First Little Pig's house of straw; organizations not taking security seriously enough; naive consumers; and inadequate regulation of the companies that hold private data. What got me thinking about this privacy void was a letter my wife received from Nordstrom Bank yesterday. My wife has a Nordstrom credit card and the company sent us, for what seems like the 1,000th time, its latest privacy policy. This version was one page of small text that more or less says what every other privacy notice from financial services companies say (we average about one of these "revised" policies every couple of weeks).
Karl Wabst

Athletes Protest Rule Requiring Drug Testers to Know Whereabouts - NYTimes.com - 0 views

  •  
    Every day for one hour, Olympic-level athletes all over the world have an appointment they cannot break. The swimmer Dara Torres, a 12-time Olympic medalist, squeezes her hour into training, running errands and caring for her 3-year-old daughter. The curler Nicole Joraanstad schedules her hour at dawn, but says it often interrupts her sleep. The Olympic decathlon champion Bryan Clay makes himself available at night, when he is most likely to be home with family. Since Jan. 1, Olympic-level athletes have had to schedule their daily availability - hour and place - three months in advance so drug testers can find them, according to new World Anti-Doping Agency rules. And violating those rules can have serious repercussions. Three missed drug tests within an 18-month period during an athlete's appointed hour count as a positive drug test and can result in a one- to two-year ban from competition. Because the element of surprise is crucial to effective testing, athletes are also subject to random out-of-competition tests at any time. And they are tested at competitions. Jacques Rogge, the president of the International Olympic Committee said, "Sports today has a price to pay for suspicion." But some athletes say the rules have gone too far. "It's absolutely too much," Torres said in a telephone interview. "Why make this more cumbersome when we do so much already? We're at the point where we have to find a middle ground." Never before has there been so much protest regarding out-of-competition testing. Athletes in nearly every sport as well as organizations like FIFA, soccer's international governing body, have publicly criticized the doping agency's regulations. At least one lawsuit challenging the rules is in court. Sixty-five Belgian athletes, including the world-class Quick Step cycling team and its star Tom Boonen, filed a class-action lawsuit claiming that the new rules violate European privacy laws.
Karl Wabst

Are You Ready for an OCR Audit? | Articles & Archives | Articles/News | Healthcare Info... - 0 views

  •  
    Hospital CIOs, chief information security officers, and privacy officers are working diligently to keep their names off that wall. But they are dealing with a regulatory environment that is still in flux. A final rule that will strengthen HIPAA privacy and security safeguards is due out before the end of the year. HHS also has proposed a rule for the accounting of disclosures from electronic records. The biggest shift under way may be a new enforcement regime as the HHS Office for Civil Rights (OCR) shifts gears from only reacting to data breach reports to begin random audits of the privacy and security safeguards of large and small providers and their business associates. Another new wrinkle under the HITECH Act is that state attorneys general can file civil lawsuits for HIPAA violations.
1 - 11 of 11
Showing 20 items per page