Privacy and data protection

Legal spying via the cell phone system

Two researchers say they have found a way to exploit weaknesses in the mobile telecom system to legally spy on people by figuring out the private cell phone number of anyone they want, tracking their whereabouts, and listening to their voice mail.

Independent security researcher Nick DePetrillo and Don Bailey, a security consultant with iSec Partners, planned to provide details in a talk entitled "We Found Carmen San Diego" at the Source Boston security conference on Wednesday.

"There are a lot of fragile eggs in the telecom industry and they can be broken," Bailey said in … Read more

School Webcam snapped 'partially undressed' kid

A new motion in the Lower Merion School School District Webcam-spying case has presented extraordinary suggestions as to the frequency and intimate nature of the photographs allegedly taken remotely by the cameras on school-issued laptops.

On Thursday, lawyers for 15-year-old Blake Robbins and his family claimed that thousands of images were taken by the laptop Webcams. Included in these were, according to the motion, "pictures of Blake partially undressed and of Blake sleeping." In addition, images of Web sites visited and snapshots of their instant messages were also allegedly captured.

According to the Philadelphia Inquirer, lawyers claim that … Read more

Facebook offers security tips for teens, parents

Facebook brings families closer together. But as with any medium, Facebook is sometimes abused, occasionally to damaging effect.

The Facebook Privacy Settings options let you control who has access to your personal information. The page includes a Block List that prevents contact with the people and e-mail addresses you specify without their knowledge.

A welcome addition to Facebook's security arsenal is the new Safety Center that provides information specifically for children, parents, educators, and law enforcement. The Safety for Teens section addresses bullying, public bad-mouthing, and how to report abuse. (If you'd like to remove an unflattering photo … Read more

Facebook rejects suggested 'Panic Button' for pages

commentary Facebook on Tuesday launched a so-called Safety Center as a worldwide resource for parents, teens, law enforcement, educators, and the general public, but it's taking safety a step further in the U.K.

In addition to the global safety page, Facebook has developed more resources specifically for members in the United Kingdom, where it has been under pressure from Britain's Child Exploitation and Online Protection Centre (CEOP) to include a clearly visible "panic button" on every page. Facebook has agreed to redesign its report abuse system for U.K. members but hasn't agreed to … Read more

Anti-fraud tips and tools for tax season

As April 15 approaches, U.S. citizens preparing to file their taxes are susceptible to online scams designed to steal their personal information and, ultimately, their money. Here is a roundup of tips for how people can protect themselves.

First off, the Internal Revenue Service does not initiate taxpayer communications through e-mail, and the agency does not request details on personal information via e-mail. The IRS has detailed information on how to report and identify phishing and e-mail scams and bogus IRS Web sites here. More information about specific tax fraud schemes is here.

Microsoft's Security Tips & Talk blogRead more

Let's not create a cyberbullying panic

Recent stories in the press about teenage cyberbullying and real-world bullying are sickening. It's hard to know how much cyberbullying contributed to her decision to kill herself, but the case of Phoebe Prince brings tears to my eyes. The South Hadley, Mass., 15-year-old was reportedly the brunt of repeated cruelty at the hands of classmates (six of whom are now facing criminal charges) until she put an end to her life.

There is also the recent cyberbullying case of Alexis Pilkington, a 17-year-old girl from Long Island, N.Y., who committed suicide last month after being taunted with cruel … Read more

Survey: Cloud computing risks outweigh reward

Though cloud computing is often touted as a cost-saver for companies, IT pros still have lingering doubts about the safety and security of working in the cloud.

Around 45 percent of IT professionals recently surveyed by the ISACA (formerly known as the Information Systems Audit and Control Association) said the risks involved in cloud computing outshine any benefits. A global organization focused on the auditing and security of information systems, the ISACA conducted its first annual IT Risk/Reward Barometer survey (PDF) in March.

Questioning more than 1,800 IT professionals in the U.S. who are members of the … Read more

Google launches Buzz teen safety video

There was quite a privacy backlash after Google announced Buzz in February. The day it was announced, I was one of many who raised questions about both the privacy and safety implications of the service, including the fact that it is possible to use Buzz to disclose your location from a GPS-enabled mobile device. CNET's Molly Wood was less charitable, calling Buzz a "privacy nightmare."

The collective groan caused Google to almost immediately apologize for it missteps and quickly tweak its privacy settings.

On Monday, the company announced plans to start reminding users to reconfirm their privacy … Read more

Security driven by compliance, rather than protection

A new report by Forrester Research, commissioned by Microsoft and RSA, the security division of EMC, found that even though corporate intellectual property comprises 62 percent of a given company's data assets, security programs are focused on compliance rather than data protection.

The report highlights a number of key findings, that provide a number of things to think about if you are remotely involved in the security of corporate data:

Secrets comprise two-thirds of the value of firms' information portfolios Compliance, not security, drives security budgets Firms focus on preventing accidents, but theft is where the money is The more valuable a firm's information, the more incidents it will have CISOs do not know how effective their security controls actually are

According to Forrester, corporate security programs are typically divided into two main categories of data types to protect: secrets and custodial data.

Secrets--that can confer long-term competitive advantage such as product plans, earnings forecasts, and trade secrets.

Secrets refer to information that the enterprise creates and wishes to keep under wraps. Secrets tend to be messily and abstractly described in Word documents, embedded in presentations, and enshrined in application-specific formats like CAD.

Custodial data--which includes customer, medical, and payment card information that becomes "toxic" when spilled or stolen.

Custodial data has little intrinsic value in and of itself. But when it is obtained by an unauthorized party, misused, lost, or stolen, it changes state. Data that is ordinarily benign transforms into something harmful. When custodial data is spilled, it becomes "toxic" and poisons the enterprise's air in terms of press headlines, fines, and customer complaints. Outsiders, such as organized criminals, value custodial data because they can make money with it. Custodial data also accrues indirect value to the enterprise based on the costs of fines, lawsuits, and adverse publicity.

Forrester notes that while toxic data spills are both dramatic and expensive, secrets are actually much more valuable and are an "underappreciated and underprotected information asset." … Read more

MI5 to let go of tech-averse staffers

The United Kingdom's Security Service has introduced a redundancy program for staff who lack IT skills, according to the Intelligence and Security Committee's annual report (PDF).

In the report, which was laid before parliament on March 18, Security Service Director General Jonathan Evans is quoted as saying the service--commonly known as MI5--was instituting voluntary and compulsory reduncancies--that is, layoffs--after a review of its staff profile.

"I think some of the staff perhaps aren't quite the ones that we will want for the future," Evans said, according to the report.

Read more of IT-illiterate MI5 staff face redundancy&… Read more