Another one,

Citigroup, the world’s largest bank, on Monday said account and payment history data on 3.9 million of its customers were lost in transit by United Parcel Service.

[Via ZDNet -]

Pharming against IP telephony is now only possible, it is probable. ZDNet describes how pharming (or "poisoning" a DNS server to reroute traffic to a different destination) may be used to redirect IP phone traffic from the intended recipient to another location. Imagine you dialing your bank’s number, entering your SSN and password at the voice prompts, and then a month later, having your identity stolen.

Pharming exploits vulnerabilities in a piece of network equipment
responsible for translating e-mail and Web addresses into IP addresses.
Security experts speaking at Supercomm this week said that, by
hijacking a domain-name system (DNS) server–a computer that stores and
organizes IP addresses–pharmers get control of VoIP calls.

Without
their knowledge, VoIP users’ calls could then be redirected to IP
addresses completely different from the ones the users dialed, warns
Paul Mockapetris, the inventor of the domain name system.

[Via ZDNet -]

Here’s what Gartner considers data breach legislation,

"What will be the next Sarbanes-Oxley? It’s going to be some type of identity theft or data security legislation," said John Pescatore, a vice president and analyst at Gartner. "That’s such a politician-friendly issue, it’s the next big one coming."

[Via InternetNews.com -]

An interesting piece in Internetnews.com by Roy Mark about how the new anti-spyware legislation may end up allowing tons of activity that the legislation should ban.

Last month, the U.S. House of Representatives passed two anti-spyware measures. One bill (I-SPY Act) imposes tougher criminal penalties for spyware-related activities.

The other bill (SPY Act) also increases penalties but includes an opt-in, notice and consent regime for legal software — adware — that collects personally identifiable information from consumers.

Both bills contain a long list of exemptions, including pre-purchase installations, cookies and software and network security upgrades.

Mark points out that companies such as Claria have launched massive PR campaigns to distance themselves from what people commonly label as "adware" and thus position itself to distinguish then upcoming legislation as inapplicable to their activities. If a legislation has obvious loopholes even before it is signed, should it even reach the President’s desk?

[Via InternetNews.com -]

There is something wrong in the computer security industry if a security company has to sue to obtain the right to block a piece of software as being malicious. This is what Symantec has to do - sue an Internet company for the right to detect its toolbar (Hotbar) as adware.

The suit, which does not seek any monetary
damages, was filed against Hotbar.com late on Tuesday in the U.S.
District Court for the Northern District of California, San Jose
Division, said Cris Paden, a Symantec spokesman.

The move is a preemptive strike. Last October, Hotbar contacted
Symantec to complain about its enterprise antivirus products, which
flag the Hotbar programs as adware, Paden said.

In times of increased frequency and sophistication of the malware and adware programs, do we need this additional hurdle to having a clean and secure PCs?

[Via ZDNet UK, UK -]