Archive
iPhone 3GS and BlackBerry (In)securities..
This weeks (potential) major fail goes to Apple for the iPhone 3GS security. As reported by Wired and others, it seems the new 3GS encryption touted by Apple in their “iPhone Security Overview” isn’t so secure after all.
The offical description of the new feature sounds pretty good:
iPhone 3GS offers hardware-based encryption. iPhone 3GS hardware encryption uses AES 256 bit encoding to protect all data on the device. Encryption is always enabled, and cannot be disabled by users.
But this excellent 2nd video demonstration by Jonathan Zdziarski shows plainly that there could be something very flawed about it. Read more…
FSA Fines HSBC Companies $7,500,000 for data security issues
Following on from my recent posts regarding fines and the cost of data leakage (TJX and Cornell), I thought I’d also bring to your attention the latest initiated by the FSA (Financial Services Authority of UK) against HSBC – On 22nd July A tidy penalty of £4,550,000 ($7.5m) for two failures to protect personal information. HSBC will get a nice 30% discount on this for early payment, leaving them with a bill for £3,185,000 ($5.26m) plus their own internal costs.
Changes to PII and PCI regulations in Nevada
This week Linda McGlasson talked on BankInfo security about some changes to Nevada’s data protection stance. Nevada’s laws are no less complex than other states, but interestingly they have a few which, when combined, give a tighter than usual position.
The interesting bills are CHAPTER 603A – SECURITY OF PERSONAL INFORMATION, which deals with the regulations of Business Practices. This law puts the state teeth behind the PCI regulations, enforcing things which the payment card industry require as part of PCI compliance with state-driven criminal and financial penalties. Read more…
Are we really too dumb to handle protected data?
Following on from my posts on how identitiy / personal data theft protection should be considerd a personal goal of everyone carrying around such information, I thought I’d solicit your opinions – Are we really too dumb to handle password protected information?
TJX (T.J. Maxx) reaches settlement with states on Data Loss
For those who were included in the January 2007 94 million record loss of credit card numbers from TJX (Still the highest loss by number of records ever reported), You may be interested to know that they have agreed a settlement with the 41 various states on the fine. Around $5.5 million of the settlement was for data and consumer protection, and $1.75 million to reimburse the states costs of the investigation.
You can read the details of the deal struck with the FTC from their website. Read more…
Cornell University looses 45,000 records..
datalossdb.org entry / Cornell University Entry
Another typical notification of data loss by an educational establishment. In summary, the personal details of around 45,000 current and former students and staff were lost when the laptop containing them was stolen.
Cornell have been very open with the facts of the matter, their site talks about what they have, and will do about it, and the help they are offering people affected. They also mentioned that their policy is that such data should be either encrypted, or in a secure location. Two things they admit this particular member of staff violated. Read more…
Data Loss Goes Personal…
Today I received yet another of those annoying “We may have lost your personal information…” letters from my bank. No information on how it happened, or what they are doing to stop it happening again. It’s almost as though this was an inevitable and repeatable condition of doing business….
Yet again I’m going to get another bank card, yet again I’m going to have to change the numbers in my Blockbuster, Amazon, etc. accounts, and (again) I have yet another free 12 month subscription to “Identity Theft Monitoring.”
Great news indeed, but I suspect many readers of this blog have also been through this a few times as well.
Lose One Customers data, tell EVERY customer?
For the last few weeks I’ve been traveling around the country presenting at our Security Innovation Alliance roadshow. It’s been great meeting and presenting alongside some of the 60+ companies who’ve chosen to integrate their security products into McAfee’s ePO platform. Looking at the portfolio it seems that soon it might actually be possible to service any IT security need through one pane-of-glass management interface.
One question that came from the audience during one of the sessions surprised me, as it wasn’t about IT at all. The question was “What laws apply to PII in printouts?”
Well, unfortunately the simple and unfortunate answer is – all of them. Read more…
Hackers – Criminals, Pirates – Politicians…
It’s been an interesting week in the IT world with some quite amazing (to me anyway) news. No, I’m not referring to the FTC’s decision to shut down the known spam ISP Pricewert, or the announcement by T-Mobile that their network had not indeed been hacked…
I’m referring to the news that the Swedish “Pirate Party” gained a seat in the European Parliament. Read more…
Data theft for political gain? No way!
Computerworld today reported that a Dell PC was stolen by some enterprising thieves from John McCain’s Missouri campaign office. While I usually steer clear from commenting on political activities, being only a legal alien and therefore not even able to vote for things I really care about (the local Fire Chief and Sherriff), let alone something so influential as the 44th President of the United States of America, I find myself unable to hold back.
You can read more about the theft from the link above, but of course as this is a blog I’m duty bound to make some observations: Read more…
Who?
 | EVP Cyber Product Innovation for Mastercard. Formally the Chief Technology Officer for Intel Secure Home Gateways, CTO for McAfee Enterprise Endpoint, CTO McAfee Innovation team, and Founder/CTO SafeBoot Corp. |
Simon Says - Musings of a Technology CTO 
Comments