CyberLaw Blog

Archive for the ‘Security’ Category

ISPs and public believe Government data safeguards inadequate: “The internet access industry and members of the public have rejected the Government’s plans to retain details of citizens’ internet access, saying that safeguards for internet users’ privacy were inadequate.”

(Via OUT-LAW News.)

EU – More action needed to fight spammers and protect online privacy, says Commission: (RAPID)
The European Commission has repeated its call for EU countries to do more to tackle online privacy threats to the public. A Commission-funded study found that although in recent years several EU countries have taken some measures to enforce Europe’s ban on spam, including fines for spammers, the number of prosecuted cases and sanctions imposed on lawbreakers vary considerably. The study confirms the need for the legislative improvements proposed under the reform of the EU’s Telecoms rules: clearer and more consistent enforcement rules and dissuasive sanctions, better cross-border cooperation, and adequate resources for national authorities in charge of protecting citizens’ online privacy.

(Via QuickLinks Update.)

Big differences in big banks’ security – Which? Computing magazine – Press – About Which?

27 August 2009

Some of Britain’s biggest banks appear to be leaving their customers’ online accounts vulnerable to fraud because of poor security, says Which? Computing.

Online accounts at Abbey and Halifax have weaker visible security measures in place than some of their rivals, while Barclays’ security is excellent, say Which? Computing experts.

Halifax has one of the least secure log-in procedures. It asks for three pieces of information to confirm a customer’s identity. As each entry is typed in full, this makes the information vulnerable to a simple keylogger, a virus that sits on a computer and tracks every keystroke with the aim of collecting passwords.

Keylogging software is blamed for online banking fraud more than doubling in 2008. It soared to £52.5m last year, up from £22.6m in 2007.*

In contrast, Barclays and Lloyds TSB ask customers to use drop-down menus. Simply using menus rather than the keyboard stops keyloggers from quickly capturing passwords. Barclays customers who forget their PINsentry device** must enter a five-digit passcode and two characters from a memorable word.

Browsing to another site can be unsafe with some accounts. Customers of Abbey, Alliance & Leicester, HSBC and Halifax are not immediately logged out if they browse, which means someone else could take over the session, leaving accounts vulnerable if accessed on a shared computer.

Which? Computing also found significant differences in how well money transfers appear to be protected. Abbey, First Direct, Halifax and HSBC have no visible security controls for money transfers, so if a banking session is hijacked, a criminal can enter the amount they want to.

Sarah Kidner, Editor, Which? Computing says:

‘There are surprisingly big differences between big banks’ visible online security systems. Some simple measures, like the use of drop-down menus, could improve safety considerably. The banks may say it’s the hidden security measures that count, but to have real confidence in an online account, customers need to see security in place.’

- Ends -
Notes to Editor

*According to the UK Payments Administration (formerly APACS).
**A device which generates a random password each time a customer logs in to their account.

How good is your bank’s consumer-facing security?
Barclays: Excellent.
First Direct, Lloyds TSB, Nationwide, NatWest, RBS: Good.
Alliance & Leicester, HSBC: Average.
Abbey, Halifax: Poor.

NHS body admits losing sensitive data on over 6,000 job applicants: “An NHS training body has promised to improve its security after losing the personal data of 6,377 applicants for medical posts. The data included information on equality and diversity in relation to the applicants.”

(Via OUT-LAW News.)

Judge bemoans small fine for former BNP officer’s data protection breach: “A man who published the personal information of 10,000 members of the British National Party (BNP) has been found guilty of breaking the Data Protection Act and has been ordered to pay a fine and costs.”

(Via OUT-LAW News.)

Home Office coughs to larger data loss: “

Another 250,000 records lunched

The Home Office has admitted to losing a quarter of a million more records than it originally thought.…

“

(Via The Register – Public Sector.)

Congress: File sharing leaks sensitive data: “

Sensitive files like Secret Service safehouse locations, military rosters, and IRS tax returns can still be found on file-sharing networks, according to a report to a U.S. House of Representatives committee on Wednesday.

In many cases, that’s because federal government employees or contractors installed peer-to-peer software on their …

“

(Via The Iconoclast.)

Exposed activist accuses Tiscali of putting life in peril

High Court threat for ‘recklessly’ publishing address

Exclusive A woman who passed national security information to UK authorities spent six months in fear for her life, after Tiscali published her phone number and address in public directories, despite repeated requests to keep the information secret.…

(Via The Register – Comms.)

Wife of Sir John Sawers, the future head of MI6, in Facebook security alertDiplomats and civil servants are to be warned about the danger of putting details of their family and career on social networking websites. The advice comes after the wife of Sir John Sawers, the next head of MI6, put family details on Facebook — which is accessible to millions of internet users.

(Via Tech and Web from Times Online.)

BBC News: MI6 boss in Facebook entry row

Personal details about the life of the next head of MI6, Sir John Sawers, have been removed from social networking site Facebook amid security concerns.

The Mail on Sunday said his wife had put details about their children and the location of their flat on the site.

The details were removed after the paper contacted the Foreign Office.

Foreign Secretary David Miliband denied claims security had been compromised, saying: “You know he wears a Speedo swimsuit. That’s not a state secret.”

Privacy protection

Sir John Sawers is currently the UK’s ambassador to the United Nations and is due to take up his new post in November.

The Mail on Sunday said information published on Facebook included the couple’s friendships with senior diplomats and actors, including Moir Leslie from BBC Radio 4’s The Archers.

Lady Sawers revealed the location of the London flat used by the couple and the whereabouts of their three grown-up children and of Sir John’s parents, the paper said.

She had not imposed privacy protection on her account, allowing any of Facebook’s 200 million users in the open-access “London” network to see the entries, it added.

Conservative MP Patrick Mercer, chairman of the counter-terrorism sub-committee, expressed concerns about the possible security risk.

He told the BBC: “It raises all sorts of worrying issues about the… personal life, in particular the location of flats, transport details, movement details, of an individual who is our most senior counter-terrorism officer abroad.

“A great deal of taxpayers’ money has been spent over the past several decades making sure he and his family are protected from security compromises. Well, it doesn’t seem to be very relevant anymore, does it?”
“ He’s a very able man, he’s a very able appointment. It’s pretty unfortunate that this has happened ”
Sir John Major

He added: “It’s distressing and worrying therefore that these sorts of details should be appearing in the public domain. I would have hoped these sort of mistakes would not have been made by people like that.”

Liberal Democrat foreign affairs spokesman Edward Davey said the disclosure had the potential to damage the security of Sir John’s family.

“We would be negligent if there wasn’t an internal inquiry into the security implications, not just in relation to MI6 but to Sir John and his family,” he said.

“We need to be reassured that this has been considered properly and there is nothing we need to worry about as a result of this.”

‘Grow up’

But Foreign Secretary David Miliband told the BBC’s Andrew Marr programme: “Are you leading the news with that? The fact that there’s a picture that the head of the MI6 goes swimming – wow, that really is exciting.

“It is not a state secret that he wears Speedo swimming trunks, for goodness sake let’s grow up.

“He is an outstanding professional who will do a really good job in an outstanding organisation.”

Former Prime Minister Sir John Major said the issue had been “overblown”.

He said: “I know John Sawers. He’s a very able man, he’s a very able appointment. It’s pretty unfortunate that this has happened, I think that is true.

“But I think when you’re faced with leaving Iraq possibly too early, huge problems in Afghanistan, the mess in Pakistan, the depth of the recession, I think this falls a long way below those.”

Sir John Sawers is due to replace Sir John Scarlett as head of the overseas Secret Intelligence Service (MI6).

He has been the UK’s Permanent Representative to the UN since 2007.

Before that he was political director at the Foreign Office, an envoy in Baghdad and a foreign affairs adviser to former Prime Minister Tony Blair.

He was in that post from 1999 to 2001 and was involved in the Kosovo conflict and Northern Ireland peace process.

Elsewhere overseas he worked in the British embassy in Washington, as an ambassador in Cairo and to South Africa from 1988 and 1991 when apartheid was ending.
Story from BBC NEWS:

http://news.bbc.co.uk/go/pr/fr/-/1/hi/uk/8134807.stm

Published: 2009/07/05 10:34:38 GMT