Warwick Ashford reports: The single most important change required in UK data protection regulation is to bring the law into line with European legislation, says Stewart Room, partner at law firm Field Fisher Waterhouse. Section 13 of the UK Data Protection Act (DPA) is totally out of kilter with the EU directive on personal data,…
Category: Commentaries and Analyses
Ca: Risks remain in wake of mortgage broker breaches, audit shows
Several mortgage brokerages improved some privacy and security measures following a string of major data breaches, but failed to implement controls to raise the alarm about any future suspicious activity, a privacy audit has found. The audit by the Office of the Privacy Commissioner of Canada (OPC) was launched after the brokerages reported 14 data…
Kobil smartcard reader hacked
A vulnerability in smartcard readers made by vendor Kobil allows intruders to install specially crafted firmware without opening the sealed housing. Attackers could exploit this to read PINs such as those used for digital document signatures or to display forged data on-screen. To prevent such intrusions from happening, smartcard readers are usually subjected to a…
Facebook dev move won’t stop rogue apps, say researchers
Gregg Keizer reports: Security researchers today said Facebook’s new requirement that developers link legitimate accounts to their software won’t stop rogue applications from infecting its users with adware. On Wednesday, Facebook announced that it will now demand that developers verify a Facebook account to create new apps on the service. “We’re taking this step to…
UK: Call for ban on physical transfer of digital files
Andrew Charlesworth reports: A complete ban on using physical media to transfer digital files has been called for in a recent report, which found that nearly one in five companies is still using couriers such as the postal system to send media containing large or sensitive files. This is despite the well-publicised data breach caused…
Educational Security Incidents Year in Review – 2009
After a hiatus, Adam Dodge’s ESI blog is back, and Adam has published his analysis of education sector breaches in 2009. From his summary: The ESI Year in Review – 2009 examines all of the information security incidents occurring at colleges and universities around the world as reported in the news during 2009. The information…