The sensitive personal information found on the new German identification cards with data chips scheduled for nationwide introduction this November can be easily hacked, according to testing done by a TV news show. Public broadcaster ARD’s show “Plusminus” teamed up with the hacker organisation the Chaos Computer Club to find out how secure the controversial…
Category: Commentaries and Analyses
Banks Siding Against the Customer in Fraud Cases
Naomi Wolf recounts the ugly story of her interactions with WaMu when she reported suspected fraud on her account. … I noticed eventually that checkbooks were missing from my home, and finally my accountant got enough of the records to see an unmistakable pattern of fraud, and called my attention to it. I filed a…
Leaks
Ben Zimmer’s On Language column in the New York Times magazine section discusses the use of the word “leak.” Although the context of his column are leaks of a political nature such as the Afghan war files, it struck me as just applicable to data “leaks.” Here’s a snippet of the column: Do we need…
How to create a ‘super password’
John D. Sutter reports: Say goodbye to those wimpy, eight-letter passwords. The 12-character era of online security is upon us, according to a report published this week by the Georgia Institute of Technology. The researchers used clusters of graphics cards to crack eight-character passwords in less than two hours. But when the researchers applied that…
Making Sense of Security Breach Cost Numbers
Larry Walsh writes: What is the most expensive security breach ever? Before you answer, read the rest of this blog (trust me, you’re probably wrong). According to a recent report by the Ponemon Institute, the mean corporate loss to IT security breaches last year was $3.8 million. During the four-week study period, participating companies reported…
Data breach demonstrates need for access control policies
Remember the breach reported a few weeks ago when a Freedom of Information request uncovered that a Canada Revenue Agency employee had been mining the database to identity high-wealth individuals that she might recruit as customers for her side business? The individuals whose data were accessed were never notified of the incident because the government…