Saturday, April 09, 2011

We don't need no stinking regulation!”

http://www.databreaches.net/?p=17610

The Epsilon Hack Attack: Time For “SOX For Consumers”?

April 8, 2011 by admin

Matt Pauker of Voltage Security discusses the Epsilon breach and where we go from here. He writes, in part:

What about requiring every third-party service provider to protect personal customer data through encryption, tokenization or another advanced security technology, through clauses written into and enforced as part of standard service level agreements? This is something that companies can initiate today, without waiting for federal, state or industry regulation.

Or, has the time come for “SOX for consumers”: a consumer-focused plan calling for new rules that force companies to certify that they have adequate data protection in place to protect data even in the event of a breach?

Read more on Forbes.



Are Social Networks at risk? Perhaps, if the legislative pendulum swings too far...

http://www.pogowasright.org/?p=22308

Internet firms wake up to federal privacy scrutiny

April 8, 2011 by Dissent

Cecilia Kang reports:

As LinkedIn prepares to sell its stock to the public, the social network for professionals is warning of a potential threat to its business: Internet privacy laws.

In a filing to the Securities and Exchange Commission this month, the startup said a push by federal regulators to create first-time privacy rules “could deter or prevent us from providing our current products and solutions to our members and customers, thereby harming our business.”

Read more in The Washington Post.


(Related)

http://www.pogowasright.org/?p=22311

DOJ filing would create dangerous precedent on privacy policies

April 8, 2011 by Dissent

Declan McCullagh reports:

The U.S. Justice Department today dismissed as “absurd” any privacy and free speech concerns about its request for access to the Twitter accounts of WikiLeaks volunteers.

In a 32-page brief filed in federal court in Virginia, prosecutors characterized their request for a court order as a “routine compelled disclosure” that raises no constitutional issues.

Read more on cnet.

In related coverage, Andy Greenberg of Forbes focuses on the DOJ’s argument that the presence of a privacy policy on Twitter obliterates any reasonable expectation of privacy, even if the user never looks at it:

In their brief, the U.S. attorneys attack an argument from Appelbaum, Jonsdottir and Gonggrjip’s team that they shouldn’t be held to Twitter’s privacy policy–which allows authorities to lift data like users’ IP addresses–because it’s unreasonable to assume that users have read it or any other of the dense policies they face on commonly used sites.

“The existence of the Privacy Policy, even if unread by the Subscribers, undermines the legitimacy of any expectation of privacy the Subscribers may have had in the IP addresses they conveyed to Twitter,” reads the brief. “Although individual users might be ignorant of the terms of Twitter’s Privacy Policy, society is not prepared to recognize as reasonable an expectation of privacy that is directly contradicted by policy statements available to all who wish to read them.”

Read more on Forbes.



For my Computer Security students

http://www.makeuseof.com/tag/put-passwords-crack-test-password-strength-tools/

Put Your Passwords Through The Crack Test With These Five Password Strength Tools

How Secure Is My Password

The Password Meter

Test Your Password

Strength Test

Microsoft Safety And Security Center


No comments: