Twitter Carries a Torch for Privacy
In mid-May, Twitter published an updated privacy policy, which every Twitter user should read - and other social media sites would be smart to emulate. The policy includes a clearer explanation of the situations in which Twitter will share user information with others.
Most notably, the policy provides better clarifications about how your personal information is used than most other social media sites.
The updates include a new section on how Twitter tailors content. It makes clear that Twitter can use users' contact information to help third-party services, client applications and others find Twitter accounts.
While that particular practice is not new, it is much more clearly stated today.
The policy also indicates how users can opt-out of several data-sharing practices, which is incredibly important to privacy-minded individuals.
You may find Twitter very helpful to use for sharing information, learning of breaking news and doing research. It's a good option; just make sure you set your privacy settings appropriately.
How to protect yourself when your most trusted insiders go bad
Breaches of security by a privileged user are usually hushed up, but sometimes the damage is way too big to sweep under the rug. In January 2008, Societe Generale, the second-largest bank in France, reported that a 31-year-old trader named Jerome Kerviel had made unauthorized trades of European equities futures that caused the bank to lose $7.6 billion and exposed it to risks amounting to billions more.
How could such liability have gotten so enormous without supervisors becoming aware of it?
The bank characterized Kerviel as a "computer genius" who was able to evade internal monitoring because of the knowledge he had acquired while working for five years on the bank's security systems.
A Compliance Mentality
Companies make themselves more vulnerable than they realize. They usually don't vigilantly monitor those they trust with privileged access. Often, privileged access is not rescinded when it is no longer necessary.
Moreover, a disgruntled employee who knows he maybe terminated may create a back door into the organization's system, which he can use later to create mischief. Even though disgruntled employees almost always give warning of their hostility by overt cantankerous behavior, according to security professionals, in many cases this evidence is ignored.
In addition, companies tend to think of security in terms of protecting organizations from attacks by outsiders rather than insiders. Another source of vulnerability is "privilege creep". That's when an administrator is granted certain privileges and retains them even after his or her role changes and the privileges are no longer necessary.
Typically, access is rescinded less frequently and far less vigilantly than it is granted. Such vulnerabilities are easily overlooked if a company has a compliance mentality rather than a risk-based approach to security.
The compliance mentality slaps technical fixes onto the network in order to meet regulations. The company may be compliant, but not necessarily secure.
Pay-At-The-Pump Skimming - a Growing Threat
Card fraud is growing. At the root of the problem is skimming. This is a global challenge that impacts all types of card-reading machines, including ATMs and POS devices. The Secret Service estimates that in 2008 some $8.5 billion was lost as a result of skimming and phishing attacks.
A rash of attacks in Utah resulted in the compromise of 180 pay-at the-pump terminals with skimming devices and Bluetooth technology to transmit card data.
When it comes to the ATM, the global financial industry has invested heavily in solutions to thwart skimming. Visa and MasterCard have mandated several security precautions, such as encrypting PIN pads and Triple DES compliance, to ensure ATM deployers adequately protect cardholder data.
But what about unattended self-service devices, which have proven to be much more vulnerable?
Case in point: The pay-at-the-pump terminal.
Pay-at-the-pump terminals are targets because they can easily be entered with universal gas keys. Once the terminals are opened, skimmers can be placed inside, away from view. In comparison, ATMs are required to have unique keys and codes for service and maintenance checks.
Let's be fair. Unless a skimming device is found, or law enforcement notifies a business that its terminals have been compromised, a typical merchant would never see the fraud. The cards are skimmed, duplicates are created, and the fake cards are used at ATMs, online and/or at retailers globally.
But does that free the merchant from bearing some of the responsibility?
Leak-proof error correction-based protocol to ensure integrity
Computer scientists in the United Kingdom are developing a system that would offer a high level of security at one-tenth the cost of existing systems that use special quantum technology. The fiber-optics system would offer security to two online users by broadcasting a continuous stream of information around the communication loop.
Access to the information would be limited to users who have a secret key. "It is like using background noise to allow two users to share a secret that no one else knows," says University of Hertfordshire professor Bruce Christianson. The fiber-optics system uses a leak-proof error correction-based protocol to ensure integrity.
"Various people have proposed similar ideas in the past, but our system has introduced a novel error correcting scheme, which means we can use cheap fiber-optics technology and make it work at amazingly high transmission rates," Christianson notes.
Refer here for more details.
