Shuts stable door on ‘largest data spillage in American history’

The US government on Monday enacted new policies designed to prevent mass leaks similar to one rolled out over the weekend, when Wikileaks released thousands of classified diplomatic cables.…

“

(Via The Register – Public Sector.)

(Via OUT-LAW News.)

(Via QuickLinks Update.)

27 August 2009

Some of Britain’s biggest banks appear to be leaving their customers’ online accounts vulnerable to fraud because of poor security, says Which? Computing.

Online accounts at Abbey and Halifax have weaker visible security measures in place than some of their rivals, while Barclays’ security is excellent, say Which? Computing experts.

Halifax has one of the least secure log-in procedures. It asks for three pieces of information to confirm a customer’s identity. As each entry is typed in full, this makes the information vulnerable to a simple keylogger, a virus that sits on a computer and tracks every keystroke with the aim of collecting passwords.

Keylogging software is blamed for online banking fraud more than doubling in 2008. It soared to £52.5m last year, up from £22.6m in 2007.*

In contrast, Barclays and Lloyds TSB ask customers to use drop-down menus. Simply using menus rather than the keyboard stops keyloggers from quickly capturing passwords. Barclays customers who forget their PINsentry device** must enter a five-digit passcode and two characters from a memorable word.

Browsing to another site can be unsafe with some accounts. Customers of Abbey, Alliance & Leicester, HSBC and Halifax are not immediately logged out if they browse, which means someone else could take over the session, leaving accounts vulnerable if accessed on a shared computer.

Which? Computing also found significant differences in how well money transfers appear to be protected. Abbey, First Direct, Halifax and HSBC have no visible security controls for money transfers, so if a banking session is hijacked, a criminal can enter the amount they want to.

Sarah Kidner, Editor, Which? Computing says:

‘There are surprisingly big differences between big banks’ visible online security systems. Some simple measures, like the use of drop-down menus, could improve safety considerably. The banks may say it’s the hidden security measures that count, but to have real confidence in an online account, customers need to see security in place.’

- Ends -
Notes to Editor

*According to the UK Payments Administration (formerly APACS).
**A device which generates a random password each time a customer logs in to their account.

How good is your bank’s consumer-facing security?
Barclays: Excellent.
First Direct, Lloyds TSB, Nationwide, NatWest, RBS: Good.
Alliance & Leicester, HSBC: Average.
Abbey, Halifax: Poor.

(Via OUT-LAW News.)

(Via OUT-LAW News.)

Another 250,000 records lunched

The Home Office has admitted to losing a quarter of a million more records than it originally thought.…

“

(Via The Register – Public Sector.)

Sensitive files like Secret Service safehouse locations, military rosters, and IRS tax returns can still be found on file-sharing networks, according to a report to a U.S. House of Representatives committee on Wednesday.

In many cases, that’s because federal government employees or contractors installed peer-to-peer software on their …

“

(Via The Iconoclast.)

High Court threat for ‘recklessly’ publishing address

Exclusive A woman who passed national security information to UK authorities spent six months in fear for her life, after Tiscali published her phone number and address in public directories, despite repeated requests to keep the information secret.…

(Via The Register – Comms.)

(Via Tech and Web from Times Online.)