Entries with tag information security.

US Feds Uninvited to Defcon

Defcon information security convention organizers asked US government employees not to attend the event this year, citing concerns within the hacker community related to recent disclosure about the government’s electronic surveillance promulgated by the continuing Edward Snowden saga. Jeff Moss, the event organizer and chief security officer of the Internet Corporation for Assigned Names and Numbers, publically posted a request asking them to not attend. “When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. … I think it would be best for everyone involved if the feds call a 'time-out' and not attend DEF CON this year,” he wrote. “This will give everybody time to think about how we got here, and what comes next.” The event, which begins 2 August, is a gathering of hackers, researchers, corporate security experts, privacy advocates, and others interested in security issues. In recent years, government agencies have attended in part to recruit new employees. (Computerworld)(Network World)(Reuters @ NBC News)(Defcon)
 

Google Not Responsible for “Right to Be Forgotten”


A senior European judicial official issued a formal opinion stating that Google and other search providers are not responsible for third-party information  in their search results and that there is no general “right to be forgotten” in current data protection laws. The right to be forgotten addresses the storage of personal public data by organizations, including telecommunications providers, and places limits on the time the data is available. Under the EU’s Data Protection Directive, originally adopted in 1995, search engine service providers are not responsible for any personal data that may appear on the webpages they return in response to queries, stated European Court of Justice advocate general Niilo Jääskinen, in a formal opinion written to the court. National data protection authorities in Europe cannot require a search engine to remove third-party information from its index, such as a newspaper article, unless it is incomplete, inaccurate, libelous, or criminal. Jääskinen issued his opinion in response to a 2009 Spanish case in which an individual asked Google to remove old financial information about his debts that were originally published in a newspaper article from its index. Spain’s data-protection agency found in the individual’s favor and asked Google to remove the third-party information so that it wouldn’t appear again in search results. Google contested the ruling in court. Jääskinen’s opinion is not binding on the European Court of Justice, which is expected to issue a ruling later this year. (Financial Times)(BBC)(The Associated Press @ The San Jose Mercury-News)(PC World)(European Network and Information Security Agency)
 

New European Regulations Require Companies to Disclose Breaches

Under new EU regulations, any ISP or telecommunications provider serving the European market that suffers a security or data breach that leads to theft, loss, or compromise of data must disclose it within 24 hours. They will be required to provide information about the breach’s exact nature and size, and disclose all details about the event within three days. They will also have to disclose the information that was compromised and any steps they took to resolve the matter. For breaches in which personal information or privacy were compromised, ISPs and providers will have to notify customers and the appropriate national data-protection authority. The European Commission said this will clarify existing regulations, ensuring that all customers are getting equal treatment. The commission also intends to give companies incentives for encrypting personal data and, with the European Network and Information Security Agency, plans to publish a list of these possible protections for data. Any company that encrypts personal data that experiences a data breach would be exempt from notifications. (SlashDot)(European Commission)

Google Widens Warnings about State-Sponsored Attacks


Google has widened the scope of a campaign designed to warn users when their computers or accounts might be compromised by possible state-sponsored attacks. A warning will be sent to Gmail, Google, and Chrome users: Warning: “We believe state-sponsored attackers may be attempting to compromise your account or computer.” The Google information-security team reportedly obtained additional information about state-sponsored attack methods and the countries using them since June, when it started the awareness campaign. Google suggests that users who receive the warning should change their account passwords, activate Google’s two-step authentication service, and make sure their software is up-to-date. (The New York Times)(PC Magazine)(Google)

Showing 4 results.