Security

In response to last week's post about former supermodel Liskula Cohen forcing Google to give up the identity of an anonymous blogger ("Skanks for nothing: Google must identify anonymous blogger"), I got a couple of e-mails that are worth exploring in a little more depth. So here goes.

The United States Department of Justice announced today the arrest of Albert Gonzalez, a 28-year old Miami man, in the largest identity theft prosecution on record. Gonzalez is accused, along with two as-yet-unnamed Russian co-conspirators, of compromising more than 130 million credit and debit card accounts from a variety of targets including Heartland Payment Systems and 7-Eleven.

Is your Palm Pre spying on you and sending your GPS coordinates and more back to the Palm mothership on a daily basis? According to mobile application developer Joey Hess that's exactly what is happening. He asserts on his personal blog that data on the location and app used on the Palm's Pre smartphone is being sent to Palm.

A reader who wishes to remain anonymous is concerned about a very scary looking website. I attempt to calm the waters.

Twitter and Facebook were hit today with denial-of-service attacks that can knock a site offline, but don't steal information or cause permanent damage. The question is, why?

For the early adopters of Twitter who have been around for a while, Twitter's two-hour outage this morning may not seem unusual. What makes this morning's outage different from past failures is that this time Twitter fell prey to a denial-of-service attack. Twitter has expanded its capacity to accommodate the normal volume of users and tweets, but there is still a maximum that it is capable of managing. An attacker can effectively shut down the site by generating so many requests that it overwhelms the servers and prevents legitimate tweets from getting through.

It's a good time to work in the security field. Nemertes has completed it's research benchmark for the first half of 2009, incorporating interviews with IT and security executives during a recession. The research participants told us that they consider security and compliance spending to be "recession proof", third only to data network and voice/telecom spending.

Have you heard about the plan by Absa, a bank in South Africa, that was planning on arming ATMs with pepper spray to deter thieves from tampering with the machine? Unfortunately, not even the ATM technicians were able to figure out how to disarm them and subsequently three people ended up needing to go to the hospital after one of these ATMs discharged during maintenance.

Your cell phone number is about to be handed over to telemarketers.

You may wonder if DLP is the updated version of RUN-DMC, but what it really stands for is Data Loss Prevention. Some call it "Data Leak Prevention" to emphasize that important company data often "leaks" away through no malicious action. But as compliance regulations like HIPAA, PCI-DSS, and FRCP multiply like acronym rabbits, more and more companies must take steps to stop data from leaving their business, whether it's lost, leaked or stolen.