Archive
French Internet Piracy law ineffective..
Perhaps uniquely, the French legal system has the means to ban people from the internet in what’s known as the “Three Strikes Law”. Passed in September 2009, it allows for a new government agency, HADOPI ( The Haute Autorite pour la Diffusion des Oeuvres et la Protection des droits sur internet, or Hight Authority fro the Diffiusion of Works and the Protection of Rights on the internet) to forcefully have individuals who flout copyright laws disconnected, and even take measures against people with “insecure connections” who allow them to be used in this manner. Read more…
Threat of hacker-obtained tax information yields $137m revenue
This week, the German Tax Authorities opened cases on 1,100 suspected tax evaders thanks to information purchased from a “hacker”. As reported on BusinessWeek and other sites, the hacker offered a CD of information of German nationals with “secret” Swiss bank accounts managed by Credit Suisse to the German authorities, who quickly snapped it up, apparently for the price of 2.5 million euros.
Reports indicate that around 400 million euros of unpaid taxes could be reclaimed. Read more…
CSO Executive Seminar Series on Data Protection and Encryption…
Just a reminder that tomorrow I will be speaking at the CSO Executive Seminar at the Hilton, Tysons Corner VA – http://public.cxo.com/conferences/index.html?conferenceID=64. The topic will be “5 practical steps for data protection”. I don’t expect it to be a McAfee sales push, I’ll be talking about technologies in general.
If you’re a reader of my blog(s) please come and say hello.
NIST 800-111. Practical Advice for Data Protection Projects
This week I want to take an opportunity to remind readers of the excellent NIST publication 800-111.
Yes, I know, another complex government sponsored report, but 800-111, for those implementing any kind of data protection project, is one of the best reports on the subject, dealing with technology, practical use of, and risk analysis. It’s really (for NIST publications anyway) a very good read.
The other reason to pay attention to 800-111, is quite simply it’s the document regulations mention when talking about “Good Practice”, “Industry Standard processes”, “Accepted Best Practice” etc. This document contains the advice that you’ll be measured against if you ever end up in court defending your Security Policy against something like Massachusetts 201 CMR 17.00. Read more…
HITECH Name-And-Shame goes up a gear…
Not content with naming-and-shaming companies who break the HIPAA/Hitech health regulations through the normal press, The U.S. Department of Health and Human Services is now reporting companies who lose control of more than 500 people’s records on their site.
A duty to do this comes via section 13402(e)(4) of the HITECH act .
4) Posting on HHS Public Website.—The Secretary shall make available to the public on the Internet website of the Department of Health and Human Services a list that identifies each covered entity involved in a breach described in subsection (a) in which the unsecured protected health information of more than 500 individuals is acquired or disclosed.
For those not in the know – HITECH is U.S act which enforces some duty of care on people’s health information. “Covered Entities” like Health Plan providers, Care Providers (hospitals, doctors etc) need to put safeguards in place to ensure that our individual health information is not seen or accessible by unauthorized people. You can find out about HITECH on their excellent consumer web site. Read more…
Speaking at the “Security: The New Business Imperative” Event
For those in the area, I will be speaking next week (on the 23rd Feb) at the Security: The New Business Imperative event at the Westin Diplomat Golf Resort & Spar, Hallandale Beach FL.
The topic will be a review of current regulations, and practical steps you can take not to fall foul of them.
You can reserve a seat by contacting Tricia_Brown@mcafee.com, or (678) 653 9606
Shell Oil’s 170,000 Personnel list leaked to Activists..
Last week (13th Feb) Shell Oil announced that the personal details of all 170,000 employees and contractors had been leaked to a number of non-Government organizations via email, these included Greenpeace’s American office, Earthrights, Justice in Nigeria Now, Shell Guilty, Friends of the Earth (Netherlands). Also included was the anti-Shell website Royaldutchshellplc.com. The story was well covered in the UK national press.
The list included a limited number of personal addresses. Read more…
Shortest Scam ever, and worth $1,600,000!
This is a great one – short and to the point. I hope you can all understand that I’m going to cash in and spend the rest of my days on a desert island. How does this stuff get through my spam filter!
Date: Mon, 1 Feb 2010 15:36:00 +0100
From: British Telecom <15189085@users.siol.net>Your email ID has been awarded 1,000,000,00 GBP. in our British telecom Promo. Do send your:
Name:
Occupation:
Country:
MA 201 CMR 17 Revisited..
Though the deadline for MA 201 compliance has been extended until the end of the quarter, it’s a good time NOW to review what this regulation means to you and your business.
I must start with the usual “ask Gary” disclaimer – I’m not a lawyer, but the regulation is pretty easy to read (compared to many others) and I reccomend anyone subject to it prints it out and pays attention.
So, how do you know if you’re subject to MA 201 CMR 17 or not? Lets start from the top of the regulation itself: Read more…
Bank sues customer for $200,000 of unrecovered cybercrime losses..
An interesting standoff going down in Plano, Texas, between Hillary Machine Inc, a manufacturer and supplier of fabricating equipment, and their Bank, PlainsCapital.
It seems back in November 2009, Cybercriminals obtained the details to Hillarys account in the PlainsCapital online banking system, and made a series of transfers totalling $801,495. Roughly $600,000 was recovered, and the remainder is now subject to dispute. Read more…
Who?
 | EVP Cyber Product Innovation for Mastercard. Formally the Chief Technology Officer for Intel Secure Home Gateways, CTO for McAfee Enterprise Endpoint, CTO McAfee Innovation team, and Founder/CTO SafeBoot Corp. |
Simon Says - Musings of a Technology CTO 
Comments