Wednesday, December 19, 2007
• The Times Online reports that the personal details of three million UK learner drivers have been lost in Iowa. The UK Transport Secretary said that the data was housed on a hard drive in the Iowa City offices of Pearson Driving Assessments Ltd., a company employed by the Driver and Vehicle Licensing Agency. The Information Commissioner had said the case did not appear to present “a substantial risk” to individuals. (See item 10)
• According to the Associated Press, an error by two air traffic controllers caused a military jet and a commuter plane to fly within 3.17 miles of each other over northern Illinois. Minimum spacing between planes is 5 miles horizontally or 1,000 feet vertically; the Federal Aviation Administration said that planes were never in danger of colliding and that an investigation is ongoing. (See item 12)
27. December 18, Security Products – (National) Upcoming report will help protect businesses against identity theft, fraud. With the holiday shopping season in full swing, banks, card issuers, and retailers, among others, are mindful of the dangers of identity theft and the importance of protecting their customers’ personal financial data. A report coming in January will help businesses and other organizations arm themselves from the theft and fraudulent use of such information. The report is being prepared by the Identity Theft Prevention and Identity Management Standards Panel (IDSP). Sponsored by the American National Standards Institute and the Better Business Bureau and spearheaded by nine leading companies, the panel has spent the past year defining a set of cross-sector standards and best practices to address this critical issue. “The IDSP has brought together a diverse group of public and private sector interests to identify guidelines and standards-based solutions that can be used to address this critical marketplace problem 365 days per year,” said the panel’s director. The panel’s collective findings and recommendations will be issued on January 24. The IDSP will host a webinar that day to formally announce the release of the report and engage key analysts and industry leaders in a roundtable discussion of the panel’s findings. For more information about the IDSP, visit www.ansi.org/idsp.
28. December 17, Computerworld – (Ohio) Ohio e-voting system security criticized in new state report. E-voting in Ohio faces a host of potential security, equipment, and process changes following the release of an 86-page report that criticizes the existing voting systems used in the state. The report concludes that security shortcomings in Ohio’s e-voting systems are a continuing danger to the accuracy of elections there. The study was done at the request of Ohio’s secretary of state, who is in charge of the state’s elections. Between October 5 and December 7, teams of academic researchers, accredited e-voting system testing labs, and scientists evaluated the state’s existing hardware and software and made recommendations for improvements. The stakes are big for Ohio, which faces two key elections next year -- a March 4 primary election, and the November 4 general election. “The findings of the various scientists engaged by Project EVEREST are disturbing,” the report states. EVEREST is short for Evaluation & Validation of Election-Related Equipment, Standards & Testing. The main problem, according to the report, is that while security and privacy standards generally exist for critical technology systems, “unfortunately ... the computer-based voting systems in use in Ohio do not meet computer industry security standards and are susceptible to breaches of security that may jeopardize the integrity of the voting process.” The report is available in PDF form at: http://www.sos.state.oh.us/sos/info/EVEREST/00-SecretarysEVERESTExecutiveReport.pdf.
29. December 17, United Press International – (International) U.K. Olympic teams hacked from China. Chinese hackers have penetrated the Internet server used by the British Olympic canoeing team, who suspect the aim was to steal performance data to help rivals. The U.S. Olympic Committee told United Press International it was unaware of any similar attempts against American teams. Internet servers used by the British Canoe Union were penetrated in mid-October, a spokeswoman told UPI. “Our IT security consultants traced the origination (of the attacks) to China,” she said. The spokeswoman said that no data was stolen from the server during the attack, first reported Friday by the Times of London. She said while the union did not know exactly what the hackers were after, the suspicion was that they were attempting to steal performance data of the kind that might be useful to the team’s competitors. “None of our athlete information is stored on our Internet servers, for exactly that reason,” she said, adding that security had been beefed up on the group’s Web site. A U.S. Olympic Committee spokesman told UPI, “We are not aware of any entities or individuals trying to hack into our system.” He added that the committee was “happy” with its security arrangements. “We go to great lengths to guard against any compromise of our systems. We are aware of the dangers and we have a forward-looking plan to deal with them,” he said.
30. December 17, Network World – (National) Successful phishing attacks up, online survey shows. A Gartner survey shows phishing attacks against consumers in the United States have been more successful this year than last. The good news is that consumers have been able to recover their losses from phishing a bit more than they did in the past. An online survey of 4,500 adults (said to be representative of the U.S. population) showed 3.3 percent of them lost money because of a phishing attack, compared with 2.3 percent who lost money in 2006 or 2.9 percent in 2005, according to Gartner. The average dollar loss per incident declined this year to $886 from $1,244 on average in 2006. But because there were more victims, the overall loss to phishing was higher. By extrapolating the numbers out to the entire U.S. population, Gartner says it appears that 3.6 million adults lost $3.2 billion to phishing attacks in the 12 months ending in August 2007. The good news is that these phishing victims are recovering the lost money more often that they did in the past, thanks to greater help from banks and PayPal, said a Gartner analyst. “There were more victims but they’re getting more of their money back.” Pulling out the numbers to represent the United States as a whole, the Gartner survey shows some 1.6 million adults recovered about 64 percent of their losses in 2007, up from 54 percent that the 1.5 million adults recovered in 2006. PayPal and eBay continue to be “the most-spoofed brands,” the Gartner survey says. Another trend seen is that attackers are more eager to get hold of debit and check cards than credit cards because there are fewer protections for them and they are harder to catch, said the Gartner analyst.
31. December 18, Associated Press – (National) Cell phone spending surpasses land lines. 2007 is likely to be the first calendar year in which U.S. households spend more on cell phone services than on land line service, industry and government officials say. The most recent government data show that households spent $524, on average, on cell phone bills in 2006, compared with $542 for residential and pay-phone services. By now, though, consumers almost certainly spend more on their cell phone bills, several telecom industry analysts and officials said. As recently as 2001, U.S. households spent three times as much on residential phone services as they did on cell phones. But the expansion of wireless networks has made cell phones more convenient, and a wider menu of services, including text messaging, video, and music, has made it easier for consumers to spend money via their cell phone. While there are roughly 170 million land lines in use nationwide, industry officials estimate there are close to 250 million cell phones. (These figures include residential and corporate use.)