Language Selection

English French German Italian Portuguese Spanish

Worry. But Don't Stress Out.

Filed under
Security

THE theft of computer data at an Arizona company that put as many as 40 million credit card accounts at risk for fraud may have been the largest case of stolen consumer information yet.

But the incident, which was revealed last week and may have occurred months ago, surely will not be the last. In fact, the theft was only the latest in a series of incidents, not all of which involved criminal activity. Earlier this month, for example, United Parcel Service lost data tapes with personal information on nearly four million customers of Citigroup.

The problem of keeping data secure "exists on lots and lots of levels," said Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington. "You begin to see that the United States has an enormous problem that is spiraling out of control."

And like seismologists who can look at smaller tremors and know that a major quake is in the offing, consultants and others who study data security and identity theft can confidently predict that more trouble is ahead.

The question, for them, is one of magnitude, whether there will be the electronic equivalent of the Big One, an incident so widespread, compromising so much personal information, that it devastates the system of financial transactions that underpins the consumer economy.

Data thefts and accidental losses have always occurred, Mr. Tenner said. What has changed is that there is now a law in California requiring companies to inform consumers when their information is breached.

Some experts argue that protecting personal data is a hopeless task, that the emphasis should be on making transactions more secure."Making information harder to use is the key," Mr. Schneier said. "Making it harder to steal is a dead end."

One problem is that there currently is little financial incentive to improve security for transactions. "Credit card companies are putting the cost of fraud on the merchants, who put it on us the cardholders," Mr. Spafford said. A governmental role may be necessary, he said.

Whatever the improvements, few experts envision a complete solution. "Any security measures are at best only buying time," Mr. Tenner said. "It's really like the development of antibiotics - they are always trying to stay ahead of the problem."

"For the optimist, this can go on indefinitely," he added. "For the pessimist, it's like the man who jumped out of the 20th floor of a building. As he passed the 10th floor he said, 'So far, so good.' "

Full Story.

More in Tux Machines

Avidemux 2.6.13 Open-Source Video Editor Gets AAC/ADTS Import and Export

The developers of the Avidemux open-source and cross-platform video editor software have announced a new maintenance update in the 2.6 series, bringing multiple improvements, bug fixes, and a handful of new features. Read more

5 Best Linux Distros for Security

Security is nothing new to Linux distributions. Linux distros have always emphasized security and related matters like firewalls, penetration testing, anonymity, and privacy. So it is hardly surprising that security conscious distributions are common place. For instance, Distrowatch lists sixteen distros that specialize in firewalls, and four for privacy. Most of these specialty security distributions, however, share the same drawback: they are tools for experts, not average users. Only recently have security distributions tried to make security features generally accessible for desktop users. Read more

Linux Foundation and Linux

  • How IoTivity and AllJoyn Could Combine
    At the Embedded Linux Conference in April, Open Connectivity Foundation (OCF) Executive Director Mike Richmond concluded his keynote on the potential for interoperability between the OCF’s IoTivity IoT framework and the AllSeen Alliance’s AllJoyn spec by inviting to the stage Greg Burns, the chief architect of AllJoyn. Burns briefly shared his opinion that not only was there no major technical obstacle to combining these two major open source IoT specs, but that by taking the best of both standards, a hybrid could emerge that improves upon both. Later in the day, Burns gave a technical overview of how such a hybrid could be crafted in “Evolving a Best-of-Breed IoT Framework.” (See video below.) Burns stated in both talks that his opinions in no way reflect the official position of OCF or the AllSeen Alliance. At the time of the ELC talk in April, Burns had recently left his job as VP of Engineering at Qualcomm and Chair of the Technical Steering Committee at the AllSeen Alliance to take on the position of Chief IoT Software Technologist in the Open Source Technology Center at Intel Corp.
  • ​Linus Torvalds' love-hate relationship with the GPL
    Linux's founder appreciates what the GNU General Public License has given Linux, but he doesn't appreciate how some open-source lawyers are trying to enforce it in court.
  • Linus Torvalds reflects on 25 years of Linux
    LinuxCon North America concluded in Toronto, Canada on August 25th, the day Linux was celebrating its 25th anniversary. Linus Torvalds, the creator of Linux, and Dirk Hohndel, VP and chief of open source at VMware, sat down for a conversation at the event and reflected upon the past 25 years. Here are some of the highlights of that conversation.
  • 6 things you should know from Linux's first 25 years
    Red Hat was founded in 1993, two years after Linux was announced and the company has been one of the top contributors to Linux. There is a symbiotic relationship between the company and the project. Whitehurst pointed out that it’s hard to talk about the history of Red Hat without talking about Linux and vice versa.
  • There Is Talk Of Resuming OpenChrome VIA KMS/DRM Driver Development
    Two or so years back or so it was looking hopeful that the mainline Linux kernel would finally have a proper VIA DRM/KMS driver for the unfortunate ones still have VIA x86 hardware and using the integrated graphics. However, that work was ultimately abandoned but there is talk of it being restored.

Security News

  • New FairWare Ransomware targeting Linux Computers [Ed: probably just a side effect of keeping servers unpatched]
    A new attack called FaireWare Ransomware is targeting Linux users where the attackers hack a Linux server, delete the web folder, and then demand a ransom payment of two bitcoins to get their files back. In this attack, the attackers most likely do not encrypt the files, and if they do retain the files, probably just upload it to a server under their control.
  • How do we explain email to an "expert"?
    This has been a pretty wild week, more wild than usual I think we can all agree. The topic I found the most interesting wasn't about one of the countless 0day flaws, it was a story from Slate titled: In Praise of the Private Email Server The TL;DR says running your own email server is a great idea. Almost everyone came out proclaiming it a terrible idea. I agree it's a terrible idea, but this also got me thinking. How do you explain this to someone who doesn't really understand what's going on? There are three primary groups of people. 1) People who know they know nothing 2) People who think they're experts 3) People who are actually experts
  • Why the term “zero day” needs to be in your brand’s cybersecurity vocabulary
    Linux is “open source” which means anyone can look at the code and point out flaws. In that sense, I’d say Linus Torvalds doesn’t have to be as omniscient as Tim Cook. Linux source code isn’t hidden behind closed doors. My understanding is, all the Linux code is out there for anyone to see, naked for anyone to scrutinize, which is why certain countries feel safer using it–there’s no hidden agenda or secret “back door” lurking in the shadows. Does that mean Android phones are safer? That’s up for debate.