Privacy & data protection

Editor's note: This is part of a series of stories about the recession's effect on the tech industry.

Last month, McAfee cybercrime strategist Pamela Warren sat down with a senior executive at a Sydney bank to discuss the risks to the corporate network from workers using social networking.

After going over the trade-offs associated with allowing insiders to use social networks at work, his team confirmed that they would use data leak prevention technology to monitor the network traffic--balancing the desire to benefit from such new technologies while ensuring company secrets remain protected.

Warren had a similar meeting … Read more

The use of malware on Web sites to steal passwords and other sensitive information is skyrocketing, according to a new report from the Anti-Phishing Working Group.

The number of URLs with hidden code for stealing passwords nearly tripled between July 2007 and July 2008, to a record high of 9,529, while the number of malicious-application variants hit a high of 442 this May, the APWG reports in its quarterly report (PDF) issued this week.

The increase is primarily due to malicious code being used in SQL injection attacks, in which a small malicious script is inserted into a database … Read more

Symantec is going to collaborate with VMware to sell its disaster-recovery products for virtual environments.

For mutual customers, VMware ESX will be integrated with Symantec's Veritas Cluster Server (VCS) disaster-recovery product. Support will be provided through TSANet, a database that participating vendors use to coordinate support responses, and exchange support information.

"VMware is pleased to see Symantec deliver solutions like VCS that integrate with and complement the value of VMware virtualization," Shekar Ayyar, vice president of infrastructure alliances at VMware, said in a statement on Tuesday.

Symantec's VCS is designed to protect applications from unplanned downtime … Read more

While no one can predict what will happen to the economy over the next 12 to 18 months, you can bet your bottom dollar that threats to confidential data will increase substantially in that time frame. Why? Malicious code threats are growing exponentially while the cyberunderground becomes ever more sophisticated.

Fortunately, industry players are starting to team up to lower the cost, complexity, and integration effort needed for data-centric security. Last week, EMC's RSA and Microsoft got together to announce that the software giant will integrate RSA's Data Loss Prevention (DLP) into the Windows infrastructure in order to … Read more

Updated 4:30 p.m. PST with Google comment.

There will be no antiphishing feature in the final version of Firefox 2.0 when it is released later this month, according to Computerworld.

Google asked Mozilla to disable the feature in Firefox 2.0.0.19 that warns users of sites suspected of hosting identity fraud scams because the older browsers rely on an outdated SafeBrowsing protocol that Google is not supporting anymore, Mike Beltzner, director of Firefox, told Computerworld.

Firefox 2.0.0.19 is scheduled to ship December 16 and will be the final security update for the … Read more

The DNA records of about 850,000 people could be wiped from the U.K.'s national database after the European Union ruled it breached human rights.

The European Court of Human Rights decision on Thursday means that the DNA details and possibly fingerprints of people suspected of a crime, but later cleared, could be removed.

The court found that in keeping the DNA details of people suspected of a crime the "state had overstepped any acceptable margin of appreciation."

The case was brought by two Britons, Michael Marper and "S", who were cleared of crimes … Read more

Updated at 1:14 p.m. PST Friday, December 5 with comment from Lenovo.

Editor's note: CNET editor and Crave contributor Dong Ngo is spending the month of December in his homeland of Vietnam and plans to file occasional dispatches chronicling his impressions of how technology has permeated the culture there. Click here for more of Dong's stories from abroad.

HANOI, Vietnam--Regardless of what some people seem to think, we Asians do not all look the same. But according to the current face recognition algorithm used in laptops, our faces are all about as flat as a piece of paper.

That's according to BKIS, the Vietnamese Internetwork Security Center that makes the antivirus software I mentioned in a blog post Monday. At a press conference here Tuesday, the company demonstrated vulnerabilities in laptops' face recognition-based authentication mechanisms that let anyone log in to a computer easily with a "special" photo of the legit owner, even at the highest authentication level.

Using your face as the password to log in to a computer--an alternative to the fingerprint method or the traditional username and password--marks a new trend found in laptops from Lenovo, Asus, and Toshiba. As far as I know, only these three vendors currently offer this technology in their laptops. These computers come with a built-in Webcam that's used to capture and analyze faces.

I've been impressed by this new way to log in and have found it to be so much more convenient than the fingerprint reader of my Dell XPS 1330. The finger scanner is a pain when my finger is wet or dirty. Unfortunately, on Tuesday I discovered that this new and exciting technology may not be such an effective security measure.

I participated in a demonstration on a Lenovo Y430, running Windows Vista, and here's how it panned out:… Read more

Reports that a purported Gmail vulnerability was being used by unauthorized third parties to hijack domains turned out to be nothing more than a phishing scam, Google announced Tuesday.

The alleged vulnerability reportedly allowed an attacker to set up filters on users' e-mail accounts without their knowledge, according to a proof of concept posted Sunday at the blog Geek Condition. In the post, Geek Condition's "Brandon" wrote that the vulnerability had caused some people to lose their domain names registered through GoDaddy.com.

However, after consulting with those who claimed to be affected by the so-called vulnerability, … Read more

I've grown rather cynical about industry standards, but I am pretty bullish on IEEE 1667 (aka: "Standard Protocol for Authentication in Host Attachments of Transient Storage Devices"). This standard should improve security and may have other benefits as well.

Here's the thing: We all have a plethora of flash drives, MP3 players, and USB disk drives. Yes, these may be a great way to replicate music or transport files, but they also create a huge security vulnerability. When you plug in the 250GB drive you bought at Fry's Electronics at lunch, you can steal a … Read more