Privacy Roundup #0005 • December 2006
December 2006 closed the year with British surveillance plans, fresh data breaches and a wave of phishing, spyware and wiretap scandals.
1. Data protections are being eroded, says EU watchdog
The European Data Protection Supervisor warned that talks on a framework for data sharing between police forces risked undermining basic privacy principles. He singled out the weaker treatment of cross-border data and the thin safeguards for sensitive personal information.
2. Spam: now made in China
An Irish email monitoring firm reported that China was quickly overtaking the United States as the largest single source of junk mail. The country's share of global spam leapt from roughly one tenth to a quarter in a single month.
3. Phishing worm hooks MySpace users
A JavaScript worm abusing a QuickTime flaw spread across MySpace, hijacking user profiles. The compromised pages redirected victims towards phishing sites and pages laden with malware.
4. Citizens will face fine rather than sign up to ID card register
A YouGov survey found that around 4.8 million Britons would refuse to enrol in the planned national identity database even if fined for it. The figures pointed to deep public hostility towards the government's surveillance scheme.
5. VXers dabble in mobile spyware
Researchers found Mobispy-A, an early piece of spyware aimed at Symbian phones that quietly logged text messages and call records. The discovery signalled a shift among malware writers from destruction towards profit-driven data theft.
6. US outlines privacy safeguards and reveals plans to mine personal data
Washington published privacy guidelines for data sharing while at the same time launching a scheme to score air passengers for risk. The Automated Targeting System assigned ratings that travellers could neither see nor challenge, and retained them for forty years.
7. UK plans 'real-time' no-fly lists plus fingerprint ID for air travel
The government set out proposals for biometric fingerprint checks at airports tied to live screening of passengers. Officials would be able to clear or block travellers before their flights departed.
8. Pentagon hacker appeals US extradition
Gary McKinnon lodged an appeal against his extradition to the United States over intrusions into military and NASA systems. American prosecutors had floated the prospect of charging him under anti-terror laws.
9. Massive security breach at UCLA
UCLA told 800,000 current and former students and staff that intruders had reached a restricted database holding names, addresses and Social Security numbers. The attackers had exploited an application flaw and gone undetected for more than a year.
10. Phishing scams thrive in the UK
Reported phishing incidents in Britain rose by some 8,000 per cent over two years as fraudsters industrialised their craft. Losses for 2006 were projected to reach £45.7 million, driven mainly by attacks on online banking.
11. Microsoft wins UK ruling to ban spam list sales
Microsoft secured a court order against a business that sold email lists used to send junk mail. The ruling relied on British privacy regulations and opened the way to a claim for compensation.
12. Vodafone fined €76m over Greek wiretap scandal
Greece's privacy authority penalised Vodafone for failing to stop unauthorised access to its surveillance equipment. Intruders had used that access to tap the phones of senior officials around the 2004 Athens Olympics.
13. 100m US records exposed by security blunders
The Privacy Rights Clearinghouse counted 100 million personal records exposed in American breaches since February 2005. The latest incident, a lost Boeing laptop, alone put 382,000 employees at risk.
14. Home Office bumps up innocents on DNA Database
The Home Office disclosed that more than 1.1 million people with no criminal record were held on the National DNA Database. The figure was roughly eight times the number previously admitted.
15. Yahoo! Messenger in security flap
Yahoo urged users to update Messenger after a buffer overflow was found in one of its ActiveX controls. The flaw could let an attacker take control of a vulnerable Windows machine.
16. Opera adds tech to foil phishers
Opera 9.1 shipped with fraud protection built from GeoTrust and PhishTank data. The browser promised near immediate warnings when users strayed onto known phishing sites.
17. Hackers call on Skype to spread Trojan
Malware writers turned Skype into a delivery channel by tricking users into running hostile code that posed as a file from a contact. The attack relied on social engineering rather than any flaw in the software itself.
18. Home Office to register biometrics of foreign nationals in UK
The Home Office announced that foreign nationals would be compelled to surrender biometric data for new identity documents. The plan paved the way for biometric visas covering non-EEA citizens who came to work, study or settle.
19. Germany jails €12m porn Trojan scam duo
A court in Osnabrück jailed two men who had spread malware that infected more than 100,000 computers. Their Trojan placed fraudulent premium-rate calls and netted around €12 million.
20. US.gov looks to crypto to plug data leak holes
After a run of breaches involving lost laptops, the US government ordered full-disk encryption across federal computers. Vendors competed to supply approved tools in time for a March 2007 deadline.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: