Articles from last posting
Articles from last posting
'Diva of Disgruntled' exposes patient data to get back at ex-employer
UPDATE: US senators debate faith of data miners
Banks in New Zealand pull the plug on internet banking
News update
There was a fair bit of interesting news this past week. We try not to regurgitate every hack or scam making the rounds, as it gets tedious. Unless an incident is of particular significance, or there is no other news, we won't cover it here.
My latest column for the Globe & Mail is now up - a report from the RSA conference, and a hint of what the future may hold- none of it necessarily good.
US banks required to report security breaches
The Wall Street Journal reported on March 21, 2005, that the board of the FDIC (a US banking regulator) - as well as the OCC and the OTS - has approved a proposal to require US banks to notify customers about security breaches that expose their data. The Federal Reserve has yet to sign on.
I covered this story in the Globe & Mail some time ago,and it seems that the recent spate of incidents has finally forced the regulators hands.
According to the WSJ, the banks are supposed to comply "as soon as possible". When I have the final text of the rule, I will post it here.
This is a most welcome development and reflects the concern in the US banking sector that the recent tidal wave of scams and phishing attacks pose a serious threat to public confidence in the sector.
However, the level of concern in Canada, since I last wrote about the issues, remains unchanged- i.e. non- existent. Meanwhile, as Bernie Ebbers contemplates a less then rosy future behind bars, fellow Canadians with a hand in the Nortel accounting 'fiasco' remain at large.
Microsoft face $5 million a day fine from EU Commission
Meanwhile, MS remains in the proverbial dog house with EU regulators, for failing to licence certain software (server code related) to competitors under " reasonable and non discriminatory terms" in accordance with the March 2004 anti -trust order.
While the MS appeal against a fine of E497 and an order to sell a Windows independent version of Media Player is outstanding (and not scheduled for any day soon), the issue is compliance in the interim - no stay having been granted. MS has not, understandably, rushed to aid open source vendors smash it's hegemony, especially in open source friendly government markets throughout Europe.
Tales abound of momumental licence fee demands from our brothers in Redmond, and stubborn European developers refusing to pay up. Other stories (WSJ- March 21, 05 - EU Regulators Weigh MS Fine) include the suggestion that MS is only prepared to open the pearly gates to heaven if grubby, non MS developers come to a location it chooses; agree not to print or copy any nuggets of MS wisdom; and agree to peruse hundreds of pages of MS code in two eight-hour periods.
As this all sounds preposterous, I am inclined to believe it must be true. Great high camp drama in any event.
The main EU lobby group making MS's life miserable (all things in life being relative) - and with meagre funding at their disposal to do so- is the Free Software Foundation - a group of mainly German open- source developers. They are lobbying hard for the Commission to find MS in default of the anti-trust order and fine them as much as 5% of average daily world-wide sales.
MS spokespersons have been quoted making the usual conciliatory statements.
What Steve Ballmer makes of it all leaves little to the imagination. Flies on the walls of his office are reputed to be blushing; roaring red. |
Chip based bank cards open to attack
To prove yet again that no technology, however well hyped, is impervious to attack- and that half way measures are often worse than none at all- researchers in the UK have disclosed an attack on bank cards with chips and magnetic stripes that enables attackers clone cards with a modicum of effort.
Ross Anderson, head of security engineering and a much published security expert, and his research team at Cambridge University, have consistently pointed out flaws in smart card and secure hardware that would make a cynic out of the most fearless optimist.
As bank cards with magnetic stripes will be with us for a long time to come- especially as the US remains the main hold out in the much touted move to Chip and PIN ( magnetic stripes will endure on many cards to ensure inter- operability abroad), the inveterate criminal element will focus on the inevitable card weaknesses, and we will have to salute their ingenuity.
|
