Before we can effectively fight and legislate against spyware, shouldn’t we first define it?

"Because of the challenges of developing a workable definition of
spyware, nearly all panelists expressed the concern that legislation or
regulations tied to a definition of the term ’spyware’ might define the
term so broadly that it would inadvertently cover some types of
beneficial or benign software," the FTC observes.

[Via Information Week -]

Whenever there is demand - inevitably there will be supply. If your identity has been stolen - there is little you can do - report the breach to your Attorney General’s office and start fighting the credit agencies to clear your name and record. Statistics show that on average it takes $500 and 30 hours of intensive work to clear your name. However, now there is an alternative - hire a private investigator - or "consultant."

In this discouraging, even frightening situation, privacy gumshoes
offer a ray of hope. More adept with gigabytes than guns, these
21st-century Sam Spades can make the problems go away - for a price.

The price, of course, varies, depending on your situation. But what these companies do might appeal to many - help victims understand their legal rights and work
with police and collection agencies to sort out claims - basically,
everything except those tasks that victims must do themselves, such as
report the crime and appear in court.

[Via CBS News -]

Customers who shopped at DSW Shoe Warehouse in the last three months should watch their credit card statements.

The company is still trying to determine how many customers were affected, said spokesman Rob Whitehouse, and how the thieves managed to hack in.

"They (company officials) wanted to get the info out to the consumers as quickly as possible," Whitehouse said.

[Via Columbus Business First, OH -]

Would this string of personal information theft news ever stop? It this a period of increased attacks by hackers, or companies are now going back into their systems and discovering undiscovered breaches because of the heightened scrutiny?

Hackers have gained access to personal information of about 32,000
U.S. citizens on databases owned by publisher Reed Elsevier, the second
company to reveal a major breach in the past month. Anglo-Dutch publisher Reed Elsevier said the breach at the Seisint unit
was found after a customer’s billing complaint in the last week led to
the discovery that an identity and password had been misappropriated.

Reed-Elsevier is also known to many as the parent company of LexisNexis.

[Via News.com]

Assistant Attorney General Christopher A. Wray of the Criminal Division
and U.S. Attorney Kevin J. O’Connor of the District of Connecticut
announced yesterday that three men have pleaded guilty to charges of
conspiracy to commit criminal copyright infringement in the first U.S.
cases to be brought as a result of an 18-month, multinational software
piracy investigation known as “Operation Higher Education.”

“Cybercrime and online piracy respect no boundaries,” said Assistant
Attorney General Wray. “Operation Higher Education, and the broader
Operation Fastlink of which it is a significant part, are just another
step in our increasingly global effort to target organized online
piracy at all levels and around the world.”

[Via LinuxElectrons, TX -]

Some tech-savvy MBA applicants would not be studying business this fall. After the announcement of a breach in the online application system used by top business schools was announced in an Internet website, a number of applicants decided to use the easy-to-follow directions and obtain their admission results before the school had oficially released them.

Earlier this week Harvard Business School, the MIT Sloan School of Management, and
Carnegie Mellon University’s Tepper School of Business have pledged to
reject any applicants who tried to get an early peek at their
acceptance or rejection letter. Other schools asked applicants who had seen their results to come forward voluntarily and explain themselves - how is this for an admissions test?

[Via Washington Post -]

Another proposed anti-spyware legislation is making its way among the numerous Congress committees - the Securely Protect Yourself Against Cyber Trespass Act, or Spy Act, is sponsored by Rep. Mary Bono (R-California). The bill makes it unlawful for software to hijacking a homepage, or tracking users’ keystrokes; requires that spyware be easily identifiable and removable, and allows personal information collection only after express consent by the user.

"To my mind, invading a personal computer is no different than breaking
and entering a person’s home," said House Commerce Committee chairman Joe Barton (R-Texas). "Those who do it are crooks, if not strictly burglars…. I want the FTC to go after them with a vengeance."

Under the bill, the Federal Trade Commission would be allowed to pursue abusers and fine them up to $3 million for each violation.

[Via Wired News -]

A great editorial by Larry Seltzer listing 10 laws for computer security. Among my favorites,

Law No. 1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore.
..
Law No. 5: Weak passwords trump strong security.
..
Law No. 7: Encrypted data is only as secure as the decryption key.

Very interesting read!

[Via eWeek -]