Information Security all in one place!

Data Protection Law

NSA: Ultimate Internet Spy Center


The NSA‘s new spy center will see everything

Imagine a massive supercomputer in the desert, watched around the clock by armed guards, capable of intercepting and decrypting virtually every piece of information in the world. Sounds like science fiction doesn’t it? Well, according to Wired, the NSA is in the process of building just such a place, and they’ve madeleaps and bounds of progress at breaking the standard AES encryption algorithm that keeps your emails and other private information secure.

This new surveillance center is being constructed in the Utah desert, near a town called Bluffdale. When it’s finished, you’ll be able to fit five US Capitols inside, and most of that space will be occupied by supercomputers capable of storing more data than you can even imagine (you can imagine a lot, can’t you?). Your private emails, Google searches, receipts, travel information – pretty much ever scrap of data generated – will be stored here, while sophisticated software sifts through it in search of anything remotely suspicious.

More on this interesting story here: http://www.neowin.net/news/the-nsas-new-spy-center-will-see-everything

Advertisements

RSA Conference 2012: On the Agenda


This is the first RSA Conference since 2011’s high-profile security breaches. How did those incidents influence this year’s agenda? Hugh Thompson explains in an exclusive event preview.

By any account, 2011 was a banner year for prominent information security attacks.

“We’ve seen the rise of hactivism; we’ve seen just a huge amount of these highly-targeted, sophisticated attacks,” says Thompson, RSA Conference’s program committee chair. And these incidents have fundamentally influenced the conference agenda.

“If you look at many of the breaches over the past 12 months, most of them ended with some type of sensitive data leaving the enterprise,” Thompson says. “But it’s interesting to look at how many of [the incidents] began. A lot of them began with a person – a smart, well-intentioned person inside the company, making a choice. And the choice was either to install an executable, open a file, and I think you’ll see that play out in a fascinating way in this year’s agenda. We’ve got quite a few talks on the human element of security.”

Read More Here: http://www.bankinfosecurity.com/interviews.php?interviewID=1404


Apple: Aims to Flick the Privacy Flea


Apple Will Require Apps to Obtain User Permission Before Accessing Contact Data

US legislators sent a letter to Apple CEO Tim Cook asking why the company does not require iOS developers to obtain permission from users before apps download users’ contacts. The inquiry follows close behind news that the Path app downloaded users’ address books without their permission. Apple has responded to the question with a promise to change that policy so apps requiring use of address book data request that information explicitly.

apps

*More on this story here:

*More on this story here:

[Editor’s Comment  (SANs.org):

“I wonder if they will be in time to avoid a major disaster. I was surprised to read on slashdot that your data was safer on unapproved apps for jailbroken iPhones than on approved apps from Apple’s store”:

http://apple.slashdot.org/story/12/02/15/0036242/unauthorized-ios-apps-leak-private-data-less-than-approved-ones]

 

***Back story on NetsecurityIT.com:

  1. https://netsecurityit.wordpress.com/2012/02/09/path-ios-app-stores-address-books-on-its-servers/
  2. https://netsecurityit.wordpress.com/2012/02/09/update-path-apologizes-for-storing-address-books-on-its-servers/

Massachusetts Data Protection Law to Include Third Parties as of March 1


As of March 1, 2012, all companies that retain and store data about
Massachusetts residents must be able to demonstrate that they and all

English: Seal of the Commonwealth of Massachusetts

their contractors and other third party partners comply with the state’s data breach law. The law took effect on March 1, 2010, but the portions of compliance requirements were phased in. The last part, third-party
compliance, is what is taking effect just over a month from now. There

will need to be language in the contracts with third parties requiring
them to take reasonable steps to protect the information. Companies will
not be required to audit third-party partners for compliance, but it is
recommended that their contracts specify they reserve the right to
conduct an audit if they choose. The contract language also needs to
specify that the third-party will notify the companies immediately in
the event of a breach and destroy or return data when the contract is
terminated. The law applies to all companies that store data of
Massachusetts residents, whether or not that company is based in the
state. The law was scheduled to take effect in January 2009, but the
deadline has been extended twice.

 

Read More: http://tinyurl.com/DataProtectionLaw-MA