Statistics. How much is security worth?

http://www.pogowasright.org/article.php?story=20070918180943683

CompTIA: Data breaches growing in severity

Tuesday, September 18 2007 @ 06:09 PM EDT Contributed by: PrivacyNews News Section: Breaches

Data leakage events continue to become more serious, with the types of information that companies are losing or having stolen becoming increasingly strategic and valuable, according to the Computing Technology Industry Association (CompTIA).

Based on the latest data breach study published by the consortium of IT companies -- which currently claims over 22,000 corporate members in over 100 countries around the world -- the businesses it polled regarding their information leakage incidents rated the value of the lost content a 4.8 on a 1-to-10 scale, compared to 2.3 in 2006 and 2.6 in 2005.

...According to the research, the average cost of a security breach across all companies was $369,388, a figure that the group said was skewed by a handful of companies who indicated leakage-related expenses over $10 million.

For roughly 50 percent of respondents, the cost of security breaches in the last 12 months was $10,000 or less, the report said.

Source - InfoWorld

A contractual solution to identity theft risk?

http://www.pogowasright.org/article.php?story=20070918083551567

Ca: Consumers fail to meet banks' online security demands: study

Tuesday, September 18 2007 @ 09:35 AM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

Many consumers who manage their money through online banking services may be unaware of their financial institution's strict security requirements, thereby jeopardizing their eligibility for fraud reimbursement, according to a study out of Ottawa's Carleton University.

Source - CBC

Interesting because the latter is signed by a “Chief Privacy Council”

http://www.pogowasright.org/article.php?story=20070918171223954

(update) Ameritrade Notification Letter

Tuesday, September 18 2007 @ 05:12 PM EDT Contributed by: PrivacyNews News Section: Breaches

A copy of Ameritrade's notification letter to customers is available online.

Source - NH Dept. of Justice

Is this deliberate disclosure? It doesn't look like hacking to me.

http://techdirt.com/articles/20070914/023532.shtml

No Wonder The Feds Hate Limewire; Terrorist Threat Assessment Leaked Via Limewire

from the so-that-explains-it dept

A few months back, we were a bit surprised at the misplaced anger directed by some Congressional representatives towards file sharing software provider Limewire. There were some outrageous claims about how Limewire represented a threat to national security and how it was all Limewire's fault that stupid government employees had leaked sensitive information. Of course, this was misplaced because it wasn't Limewire's fault that gov't employees were too stupid to configure the software properly. It wasn't Limewire's fault that gov't employees didn't follow rules that forbid them from installing unapproved apps on their machines -- or on transferring sensitive material to personal computers. Instead, it was all blamed on Limewire. It also wasn't entirely clear what sensitive reports had been leaked... but now we know of at least one. Apparently a national security terrorist threat assessment for the city of Chicago was recently available via Limewire. Though, again, the questions shouldn't be about Limewire, but what gov't employee would (a) have Limewire and classified info on the same computer and (b) configure Limewire to allow that classified info to be shared.

Tie this to the Virtual Machines, and you can have a system that only runs one application. Good security!

http://it.slashdot.org/article.pl?sid=07/09/19/0436203&from=rss

Internet Security Moving Toward 'White List'

Posted by Zonk on Wednesday September 19, @03:08AM from the instead-of-the-other-way-around dept. Security IT

ehud42 writes "According to Symantec, 'Internet security is headed toward a major reversal in philosophy, where a 'white list' which allows only benevolent programs to run on a computer will replace the current 'black list' system' as described an article on the CBC's site. The piece mentions some issues with fairness to whose program is 'safe' including a comment that judges need to be impartial to open source programs which can change quite rapidly. Would this work? The effort to maintain black lists is becoming so daunting that white lists may be an effective solution."

Ah! Rethinking time!

http://www.law.com/jsp/article.jsp?id=1190106164117

Circuits Split on Web Download as Interstate Commerce

Pamela A. MacLean The National Law Journal 09-18-2007

It may be called the World Wide Web, but the government cannot automatically equate Internet use with movement of photos of child pornography across state lines, the 10th U.S. Circuit Court of Appeals has held.

The Sept. 5 decision breaks with two other circuits, the 3rd and 5th, which simply assumed that the interstate character of the Internet means a connection to a Web site server invariably involves data moving in interstate commerce.

Judge Jerome A. Holmes ordered the reversal of the conviction of William Schaefer for receipt and possession of images of the sexual exploitation of children.

Holmes, joined by Judges David M. Ebel and Timothy M. Tymkovich, wanted more than proof that Schaefer used the Internet.

The government failed to offer any evidence to establish the requisite jurisdictional nexus of a movement across state lines to show interstate commerce. Schaefer's use of the Internet alone is not sufficient, the court said. The government must show the images moved between states.

"Simply stated, we decline to assume that Internet use automatically equates with a movement across state lines. With respect to such interstate movement, the government must introduce sufficient evidence to satisfy its burden of proof," wrote Holmes in U.S. v. Schaefer, No. 06-3080.

The government maintained that the evidence was sufficient because the compact disks containing child porn found in Schaefer's Topeka, Kan., home were re-writable, thus able to accept downloaded images from the Internet. They contained foreign-language movie clips of child porn and an image of one girl was familiar to police as having been on the Internet in other investigations.

Here's my business model: “Hey! Wake up!” “Dude! Eat Breakfast” “Yo! The school bus is waiting!” “Dude! Hillary promises a chicken in every pot!”

http://www.news.com/8301-10784_3-9781006-7.html?part=rss&subj=news&tag=2547-1_3-0-5

Study: Texting boosts young voter turnout

Posted by Stefanie Olsen September 18, 2007 5:00 PM PDT

Text-message spam may go up this November for voter-age youth.

Turns out that young people are more likely to vote when they receive a text-message reminder, according to a new study published this month by researchers at Princeton University and the University of Michigan.

The researchers ran their test in the November 2006 election, with text reminders sent to roughly 4,000 young voters. Researchers pulled data and cell phone numbers from voter registration records at the Student PIRG's New Voters Project and Working Assets Wireless; and following the election, they matched the files to find out which registrants had voted.

The study showed that voter turnout rates rose by 4 percent in the sample group of young people who had received a text message to vote. According to the study, short, to-the-point reminders were most effective, with a rise of nearly 5 percentage points.

But in a follow-up survey, nearly a quarter of the respondents said the messages were annoying just like you might expect from unsolicited messages. About 59 percent said the texts were helpful. That percentage could be hopeful news for campaigners this fall, especially considering that the study pegged the added cost per vote at $1.56, compared with about $30 for door-to-door canvassing.

Humor?

http://www.bbspot.com/News/2007/09/microsoft-reveals-windows-vista-sp1-will-install-xp.html

Microsoft Reveals Windows Vista SP1 Will Install XP

By Brian Briggs Monday, September 17 12:00 AM ET