Group items matching

in title, tags, annotations or url

Cornell University officials are investigating the theft of a school computer that may have compromised the personal information of about 45,000 current and former students, faculty and staff. University spokesman Simeon Moss says the university has sent e-mails about the incident to everyone whose data was on the computer. They're being offered one year of free credit reporting, credit monitoring and identity restoration services. A Cornell Web page on the theft says there have been no known misuses of the data, which include Social Security numbers. The page says the laptop was in the possession of a Cornell technician who was doing some troubleshooting. Moss says police are investigating the theft.

Companies in the technology, media and telecommunications industries (TMT) significantly reduced investment in security spending in 2008, according to a new survey from Deloitte Touche Tohmatsu. The third edition of the Deloitte TMT Global Security Survey reveals that 32 percent of respondents reduced their information security budgets, while 60 percent of respondents believe they are "falling behind" or still "catching up" to their security threats -- a significant increase from 49 percent over the previous year. "This year's results indicate companies are explicitly scaling back. With funding decreasing and the threats increasing, it is more important than ever for TMT companies to be highly cost efficient in addressing their security risks," said Irfan Saif, a principal in Deloitte & Touche LLP's Audit and Enterprise Risk Services practice. "Companies that do not have a sound understanding of their security risk profile, or who under-invest in security now, may find themselves exposed to significant and increasingly sophisticated threats that they are not equipped to mitigate." With the proliferation of digitized assets, security should claim a significant portion of a company's overall IT budget. However, only 6 percent of respondents allocate 7 percent or more of their total budget to IT security. This year represents a significant decline from the previous edition of the survey, which showed that 36 percent of the respondents allocated 7 percent or more of their budget to IT security. The survey also indicates that declining security investment is hindering adoption of new security technologies, with only 53 percent of respondents considering their organizations to be early adopters, or part of the early majority, down from 67 percent in 2007. Companies are focusing more effort on optimizing solutions that are already in place rather than investing in cutting-edge technology that can be capitalized upon during economic recovery.

Proof that George Bush was actually protecting us by limiting access to government information!

At the National Archives and Records Administration's annual conference Thursday, one keynote speaker asked the crowd of several hundred how many of the archivists in attendance were sold on the use of social media. Only a smattering raised their hands. Clearly, it's a challenge for the government to figure out how to navigate complex archival and e-discovery regulations that require it to capture and store all sorts of new content in the age of social media, cloud computing, and seemingly endless storage. "The federal government is in a constantly evolving records environment," Adrienne Thomas, acting archivist of the United States, said in a luncheon speech to the conference. "These are exciting and challenging times." Obama administration ambitions toward cloud computing and more openness only make that issue more complicated. "Many of us in the federal records administrations have struggled with the implications of this new direction," Paul Wester, director of modern records programs at the National Archives, said in an interview. "We deeply believe in transparency and openness, but we are concerned about FOIA, HIPAA, the Privacy Act, personally identifiable information, and compliance with the Disability Act and Federal Records Act."

Be careful what information you give to recruiters!

Insurance company Aetna has contacted 65,000 current and former employees whose Social Security numbers (SSNs) may have been compromised in a Web site data breach. The job application Web site also held names, phone numbers, e-mail and mailing addresses for up to 450,000 applicants, Aetna spokeswoman Cynthia Michener said. SSNs for those people were not stored on the site, which was maintained by an external vendor. The company found out about the breach earlier this month when people began receiving spam messages that appeared to come from Aetna and complained to the company, Michener said. The spam purported to be a response to a job inquiry and requested more personal information. The spam campaign showed the intruders successfully harvested e-mail addresses from the Web site, although Michener said it's not clear if SSNs were also obtained. Nonetheless, Aetna sent letters last week notifying the 65,000 people whose SSNs were on the site of the breach. The company is offering them one year of free credit monitoring, as SSNs are often used by identity thieves. "We wanted to err on the side of caution," Michener said. Aetna hired an IT forensics company to investigate how the Web site had been compromised. "At this point despite a thorough review, they've not been able to pinpoint the precise breach," Michener said. Aetna posted alerts on the job site, its main Web site and its internal intranet about the spam campaign, Michener said.

Another report on Sears getting slapped on the wrist for questionable data collection. Gee, why don't businesses take information law seriously? Maybe because it is more profitable to ignore it and pay a small fine? Not impressed by Obama's enforcement of privacy law.

Sears today agreed to settle Federal Trade Commission charges that it failed to disclose the depth of consumers' personal information it collected via a downloadable software application. The settlement calls for Sears to stop collecting data from the consumers who downloaded the software and to destroy all data it had previously collected. If Sears advertises or disseminates any tracking software in the future, it must clearly and prominently disclose the types of data the software will monitor, record, or transmit, the FTC stated. Sears must also disclose whether any of the data will be used by a third party, the FTC said.

Point by Marcus Ranum THERE'S AN OLD SAYING, "Sometimes things have to get a lot worse before they can get better." If that's true, then breach notification laws offer the chance of eventual improvements in security, years hence. For now? They're a huge distraction that has more to do with butt-covering and paperwork than improving systems security. Somehow, the security world has managed to ignore the effect voluntary (?) notification and notification laws have had in other fields-namely, none.We regularly get bank disclosure statements, stock plan announcements, HIPAA disclosures, etc.-and they all go immediately in the wastebasket, unread.When I got my personal information breach notification from the Department of Veterans Affairs, it went in the trash too. Counterpoint by Bruce Schneier THERE ARE THREE REASONS for breach notification laws. One, it's common politeness that when you lose something of someone else's, you tell him. The prevailing corporate attitude before the law-"They won't notice, and if they do notice they won't know it's us, so we are better off keeping quiet about the whole thing"-is just wrong. Two, it provides statistics to security researchers as to how pervasive the problem really is. And three, it forces companies to improve their security. That last point needs a bit of explanation. The problem with companies protecting your data is that it isn't in their financial best interest to do so. That is, the companies are responsible for protecting your data, but bear none of the costs if your data is compromised. You suffer the harm, but you have no control-or even knowledge- of the company's security practices. The idea behind such laws, and how they were sold to legislators, is that they would increase the cost-both in bad publicity and the actual notification-of security breaches, motivating companies to spend more to prevent them. In economic terms, the law reduces the externalities and forces companies to deal with the true costs of

"Facebook founder Mark Zuckerberg told a live audience yesterday that if he were to create Facebook again today, user information would by default be public, not private as it was for years until the company changed dramatically in December. In a six-minute interview on stage with TechCrunch founder Michael Arrington, Zuckerberg spent 60 seconds talking about Facebook's privacy policies. His statements were of major importance for the world's largest social network - and his arguments in favor of an about-face on privacy deserve close scrutiny. Zuckerberg offered roughly 8 sentences in response to Arrington's question about where privacy was going on Facebook and around the web. The question was referencing the changes Facebook underwent last month. Your name, profile picture, gender, current city, networks, Friends List, and all the pages you subscribe to are now publicly available information on Facebook. This means everyone on the web can see it; it is searchable. I"

Zuckerberg should not be trusted with your personal data. The range of reader comments in response to this article are worth a read.

In this new age of data protection, where most information is stored digitally and paper shredding is commonplace, you don't need to worry about private information ending up in the garbage, right? Steve Hunt shows that assumption is just plain wrong (includes video).

"Part one of a two-part series: Facebook, the global phenomenon in Web-based social media, rolled out a massive overhaul of its privacy protection policies and technology this week-and in so doing may have drawn up a playbook for healthcare as well, industry experts say. The privacy upgrade gives its 350 million worldwide users increased control over who has access to some of, but not all, the information on their personal pages. These new, so-called "granular" controls-specifically those embedded in the site's "publisher" function, which enables a user to post new material to his or her Facebook pages-reach down to the level of discrete data elements. The new controls, for example, allow a user to restrict who gets to see each newly posted photo or typed comment"

"Beginning next week, the FTC will hold a series of public roundtables covering the growing number of challenges to consumer privacy on the Internet. Dubbed "Exploring Privacy," the daylong discussions will focus on "the collection and use of information by retailers, data brokers, third-party applications, and other diverse businesses." Hold that yawn. Behavioral tracking and ad targeting have everything to do with the pesky "Warning!" pop-up blinking behind your browser window right now. The one that could shatter your online privacy. In advance of the roundtables, Fast Company spoke with online privacy advocates Jules Polonetsky, co-chair and director of the Future of Privacy Forum, and Ari Schwartz, vice president and chief operating officer of the Center for Democracy and Technology. Below, Polonetsky and Schwartz highlight five of most nefarious techniques used to trick and track you." 1. "Malvertising Gangs" 2. Flash Cookies 3. "Cookie appends" 4. Personal Health Data 5. ISP Tracking

"Sherry Natoli is followed everywhere she goes while shopping online, but she doesn't mind at all. Natoli, who owns a seashell business in Tampa, does all but her grocery shopping on the Internet and even opts in whenever she's asked whether she's willing to have her online movements tracked by websites." Companies have been monitoring our online behavior for almost as long as there's been an Internet, often using our online footsteps (cookies) whenever we search, browse or buy online. Tracking technology has advanced so much that everything from how long we linger over a product description to whether we are searching for sexual-dysfunction drugs can be collected and stored on individual profiles. Our profiles are numeric descriptions, not our real names, but in some cases, it's not hard to determine personal information behind the numbers. Privacy concerns abound, and several privacy and consumer groups are urging Congress to enact laws on what can and can't be collected and for how long.

Heartland Payment Systems, a credit card processor, may have had up to 100 million records exposed to malicious hackers. Payment processors CheckFree and RBS Worldpay, and employment site Monster.com have all reported data breaches in recent months, as have universities and government agencies. Experts at Wharton say that personal data is increasingly a liability for companies, and suggest that part of the solution may be minimizing the customer information these companies keep.

Like this http://cheaptravelbooker.com Like this http://cheaptravelbooker.com like this http://killdo.de.gg travel,hotel,fun,hotel new,new offer,hotel best,best hotel,hotel travel,seo,backlinks,edu,gov,ads,indexing,bookmark,killgoggle,gogglesuck,goggle bookmark,kill goggle,yahoo,bing,indexing,quality links,linkwell,traffic boster,index best

A top affliction of privacy professionals is the growing complexity of privacy laws. The number of jurisdictions regulating data privacy and the number of other laws in which privacy provisions are tucked has increased with no letup since 2000. Like the Lilliputians in Gulliver's Travels, the tiniest jurisdictions are now lassoing their privacy ropes around the mightiest of corporations. Where does this leave those who are charged with keeping their organizations privacy-compliant? Desperately looking for a way to organize news about all of these developments. I recently surveyed the landscape of possible solutions to this problem. What did I find? Three different approaches: free Web sites, newsletters and news feeds; fee-based periodicals; and fee-based databases, such as Nymity's PrivaWorks, Cecile Park Publishing's DataGuidance and law firm Morrison and Foerster LLP's Summit Privacy. What were the pros and cons of each approach? Free sources Privacy leaders with no budget will want to exploit what's free, including these options: * Morrison & Foerster's Privacy Library, probably the most comprehensive and current free online listing of privacy laws in 95 countries. * Law firm Baker & McKenzie's annual Global Privacy Handbook, which is distributed to clients and friends. * Computerworld's own Security Newsletter, which offers a regular look at news about the technical threats to personal data. * The International Association of Privacy Professionals' Daily Dashboard, Canada Dashboard Digest and monthly Inside 1to1: Privacy. These are the best available free news feeds on privacy.

Congrats on your inheritance! Okay, you knew that one's the start of a scam. Here are other come-ons you'll encounter when criminals come knocking. What the average guy might call a con is known in the security world as social engineering. Social engineering is the criminal art of scamming a person into doing something or divulging sensitive information. These days, there are thousands of ways for con artists to pull off their tricks (See: Social Engineering: Eight Common Tactics). Here we look at some of the most common lines these people are using to fool their victims.

Like this http://www.hdfilmsaati.net Film,dvd,download,free download,product... ppc,adword,adsense,amazon,clickbank,osell,bookmark,dofollow,edu,gov,ads,linkwell,traffic,scor,serp,goggle,bing,yahoo.ads,ads network,ads goggle,bing,quality links,link best,ptr,cpa,bpa. www.killdo.de.gg

IT and business both understand the need to protect regulated customer and business data -- so long as they're in business, analysts say. Here's a look at how some folding businesses are falling short protecting data and the possible liabilities for the IT group and CIO. From HIPPA to Sarbox, a slew of regulations to protect customer and employee data force CIOs to step lively to comply. The punishment for failure to do so is costly and even dire. But once a company folds-and more are folding every week given the economy-what happens to that data? Who in the business and IT could be hit by the splatter if it all hits the fan? "Certain companies have been disposing of records containing sensitive consumer information in very questionable ways, including by leaving in bags at the curb, tossing it in public dumpsters, leaving it in vacant properties and/or leaving it behind in the offices and other facilities once they've gone out of business and left those offices," says Jacqueline Klosek, a senior counsel in Goodwin Procter's Business Law Department and a member of its Intellectual Property Group. "In addition, company computers, often containing personal data, will find their ways to the auction block," she adds. "All too often, the discarded documents and computer files will sensitive data, such as credit card numbers, social security numbers and driver's licenses numbers. This is the just the kind of data that can be used to commit identity theft." Discarded and unguarded data is now low-hanging fruit for criminal harvesters and corporate spies. "Recent client activity supports that competitors are beginning to buy up such auction devices specifically with the intention of trying to salvage the data," says James DeLuccia, author of IT Compliance & Controls. "Hard drives are being removed and sold online, or whole servers are sold via Craigslist and Ebay." In some cases, the courts insist data be sold during a bankruptcy. "Company servers, once I restore

Mixed receptionThe state hopes changes to Massachusetts' data privacy regulation plan will calm business community fears over the cost of the new controls, but watchers of the process say the government may have made things worse. One thing seems certain: the recent changes aren't likely to be the last word on regulating sensitive data in the Bay State. The regulations mandate all "personal information" belonging to Massachusetts residents be encrypted whenever it is stored on portable devices, transmitted wirelessly or shared on public networks. Changes enacted just in time to beat a deadline of Thursday, Feb. 12, pushed the effective date back eight months, from May 1 to Jan. 1, 2010. They also removed a requirement that businesses certify third-party vendors' compliance. The latter move was aimed to address an issue raised in a public hearing with business leaders held Jan. 15 at the State House. The change was designed to make the third-party regulations more adaptable to companies of various sizes and business models, said Massachusetts Consumer Affairs undersecretary Daniel Crane.

BBC Click's tweet states that they took legal advice following comments on the potential violation of U.K's Computer Misuse Act. There's a slight chance that you may have unknowingly participated in a recent experiment conducted by the BBC. In a bit of an awkward and highly unnecessary move, a team at the BBC's technology program Click has purchased a botnet consisting of 22,000 malware infected PCs, self-spammed themselves on a Gmail account, and later on DDoS-ed a a backup site owned by security company Prevx (with prior agreement), all for the sake of proving that botnets in general do what they're supposed to - facilitate cybercrime. A video of the experiment is already available. Here are more details : Upon finishing the experiment, they claim to have shut down the botnet, and interestingly notified the affected users. Exposing cybercrime or exposing the obvious, the experiment raises a lot of ethical issues. For instance, how did they manage to contact the owners of the infected hosts given that according to the team they didn't access any personal information on them? It appears that they modified the desktop wallpapers of all the infected hosts to include a link notifying them that they've been part of the experiment. Thanks, but no thanks.

Locaccino is the only location-sharing system that gives you precision control over who can see your location. While most location-based systems only allow you to list which of your contacts should or shouldn't be able to see your location, our privacy settings allow you to create rules as simple or complex as you want them to be! Our technology allows you to easily define the times when you want to share your locations. Locaccino lets you create groups for your friends to simplify your location preferences. With Locaccino, allowing your co-workers to see your location from 8AM - 5PM is a snap. Locaccino also allows you to specify where you can be located. Using a Google maps interface, you can define regions where you do and don't want other people to be able to find you. Locaccino Location Sensing Our software will sense your location without even requiring GPS! By leveraging the wifi network of Skyhook Wireless, a nearby location will be found for you. The Locaccino software you'll download will do all the work. We Protect Your Privacy We are the only location-based system with privacy researchers actively working to make sure that your data is kept safe. Our Privacy Policy explains in detail exactly how we store and process all of your data. We want you to know that your location information is saved anonymously and we will never sell any of your personal data.

The first sign that something was wrong seemed harmless: A new Dell credit card arrived in my mail one afternoon. More landed in the mailbox the next day. Macy's. Bloomingdale's. Crate and Barrel. Radio Shack. Then later: Visa Sony, Toys R Us and Lowe's cards turned up. I didn't request any of these cards. My first call to Dell revealed what I suspected. Someone had applied for a credit card using my name. I felt violated and vulnerable. Then, it hit me: I've become a statistic, a victim of identity theft. A thief had taken my name, my credit and my identity and managed to spend more than $8,000 (money that, I'm grateful, I didn't have to pay). I still don't know who the culprit was or how it happened. All I know is that if this happened to me - a Sun Sentinel consumer affairs and watchdog reporter - it can happen to anybody. Thieves move quickly Identity theft is the fastest growing crime in the United States, according to the Federal Trade Commission, which enforces identity theft laws. Experts estimate 10 million Americans become victims of identity fraud each year. Last year, businesses lost $56.6 billion to ID theft, the commission said. I've spent hours on the phone talking to fraud investigators, credit bureaus and bank staff as I've tried to sort out the mess that is now mine to clean up. I was exhausted every time a call ended. Individual investigations, conducted by fraud departments for each of the credit card companies that issued accounts in my name, took months to complete before concluding I was a victim of ID fraud. But there is a bright side to this story. I thought I knew how to protect myself. But what I've learned through this experience has taught me that you can never be too careful. I also learned some hard lessons along the way about how best to safeguard my personal information in the future - and respond, if my identity is targeted again.

Data breaches are running at record levels, according to the San Diego-based Identity Theft Resource Center, a non-profit that tracks cybercrime. ITRC says it recorded 342 data breaches from Jan. 1 through June 24, up 69% from the same period in 2007. But, like the origins and perpetrators of so many individual data breaches, mystery also lies behind the aggregated numbers. "I'm not sure that this says breaches are increasing," ITRC founder Linda Foley tells Digital Transactions News. "What we know is the reporting of breaches is increasing." A handful of states now require some disclosure of data breaches to authorities, Alaska being the most recent. And some companies that have been hacked are starting to report breaches voluntarily, Foley says. While data breaches can compromise all manner of personal and business records, they often involve credit and debit card data and bank-account information. ITRC lists five major categories of breached entities, with the so-called banking/credit/financial sector accounting for 10% of 2008's breaches. Businesses, which include physical and Internet retailers, insurance companies and other private enterprises, accounted for 36.8%. Schools accounted for 21.3%; government and military facilities, 17%; and health-care facilities, 14.9%. IRTC also categorizes breaches by how they happened, such as through hackings-break-ins into computers and related systems, insider thefts, data lost in physical transit, and by other methods. The number of 2008 hackings through late June in the banking/credit/financial category was 10-double the five for all of 2007. The estimated number of records compromised as a result was 227,864. In 2007, the reported number of compromised records at financial institutions through hackings was 83,500. But Foley says not to put too much stock in the records numbers because so many breached organizations don't know or fail to report the number of compromised records when they report a bre