| Top
Security News |
RFID Tags Vulnerable To Viruses
A new study, released in Europe shows it's possible to put viruses in the tags containing RFID chips. The little radio identification tags will soon be in more and more products and tracking all kinds of things and now, it seems they will be loaded with viruses too.
Critical Vulnerabilities In Flash
Macromedia's Flash Player has been tagged with some vulnerabilities that could allow attackers to take control of an affected system. Although an SWF must be loaded into the system for someone to take it over, mistakes are made. Macromedia recommends users to upgrade immediately.
Feds Crack Internet Child Porn Ring
Attorney General Alberto Gonzalez held a press conference in Chicago on Wednesday to announce the cracking of a child pornography ring. In all, 27 people in the United State, Canada, Australia and England were charged in connection with the ring.
Milosevic Trojan Horse
Recently deceased Serbian strongman Slobodan Milosevic became the focus of a Trojan loaded email. The message claims evidence Milosevic was killed and instead a Trojan horse leaves some horse apples in the form of Dropper-FB.
DirectRevenue Settles Up
Adware distributor DirectRevenue settled up with Illinois over DirectRevenue's nasty adware that is incredibly difficult to get rid. The lawsuit, filed in April, included charges like using deceptive business practices and bundling adware and spyware.
Microsoft’s Patch Tuesday
Microsoft's monthly Patch Tuesday included an update rated critical, tied to Microsoft Office and one as important, tied to Windows itself...
More Apple Security Updates
Apple continues improvements on OS X security with the second update in as many weeks...
60% Of Wireless Networks Vulnerable
PandaLabs released their new report on Tuesday on the strengths and weaknesses of WiFi networks. They found about 60% of those networks are vulnerable and highlights deficiencies in WEP, one of the more common protocols in WiFi environments.
Webroot’s New Toy
Webroot Software, Inc now offers a feature to their Premium Channel Edge partners in the form of their Webroot Enterprise SpyAudit tool...
|
|
|
|
The Financial Data and Protection Act of 2005 (HB3997) currently in the House of Representatives has some problems. The bill, supposedly meant to offer relief for consumers who've been victims of data breaches, is really very weak, particularly compared states laws like California's version. In fact, some may say it offers consumers even less protection than they have now.
While the majority of identity fraud doesn't occur through these types of breaches, if criminals ever figured out what they have, it would get very bad. Privacy advocates have real problems with this bill, calling it "easily the worst data breach bill ever."
Ed Mierzwinksi, Program Direct for the U.S. Public Interest Research Group (PIRG) discussed the bill on his blog. His words were none to kind to this legislation. One of his beefs is how the bill deals with stronger state legislation, namely preempting it. Freeze laws for example "give consumers real control over access to their credit report that no other identity theft prevention action provides them with." This bill only offers the freeze to victims after the damage has been done.
The Privacy Rights Clearinghouse rails against the bill. They've put together a list of problems with the bill based on a letter sent around by US PIRG :
-- establish a trigger for data breach notification that experts believe would result in no notices to consumers, because the standard is too high. We only know about the 100 breaches that have occurred since Choicepoint because of the strong California trigger.
-- Establish a weak, but preemptive security freeze that only applies to victims. You've already been shot, so they give you but no one else a bulletproof vest.
-- Establish a process to begin to undercut the privacy protections of the federal Gramm Leach Bliley Act while simultaneously permanently preempting all state activities on financial privacy.
-- Fail to even lightly regulate the activities of data brokers like ChoicePoint, the unregulated company that sold 163,000 dossiers to identity thieves (other than to subject them to the same weak data security rules that shoe stores would be subject to under HR 3997).
-- Expressly disallow state Attorneys General from protecting their citizens from privacy invasions.
-- Fail to assist non-English speaking individuals who have difficulty gaining access to their credit report. The inability of Latinos and other immigrants to access their credit report in languages they can understand means that they will be unable to file complaints and fraud alerts, and monitor their credit report for identity theft purposes.
Perhaps the biggest problem for consumers is the severe limiting of liability for the financial institutions if said institutions provide six months of free credit monitoring. Consumers won't be able to pursue litigation against these companies though, in some case, identity fraud may not be detectable for years after the fact.
The legislation, as a whole, needs to be much stronger in order to force various organizations and institutions to be more careful with consumer data. While most of the new rules and regulations are left to be worked out by the appropriate financial bureaucrats, namely the Secretary of the Treasury and the Fed Board of Governors, one can't help but wonder if they will even try to provide effective law.
Penalties for these data breaches need to be swift and harsh, with severe financial penalties for these companies. There need to be solid rules in place for maintaining appropriate date security including high-end encryption to protect the data. One's financial worries should not be tied leaving a compact disc on an airplane.
With literally millions of individuals compromised in 2005, carelessness is the rule of the day here. These organizations and institutions need to realize major financial loss for their lackadaisical approach to protecting their consumers. That's the only way for some organizations to comprehend the seriousness of this problem. This bill, if made into law, simply won't do it. It let's organizations off the hook and still makes for a very miserable experience by the consumer, who, many cases, won't even have a course of legal action against the financial institution.
About
the Author:
John Stith is a technology writer with SecurityProNews. |
|
,
Inc. 2549 Richmond Rd. Lexington KY, 40509
