to help enterprise security across Europe
The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations
sarbaines oxley ofcom communications regulator
Latest Resources      data protection register
compliance resources privacy resource center

Breaking Global News
Global Compliance and Privacy News
- Breaking News, updated every 30 minutes
•   Compliance, Privacy and Security
•  Money Laundering
•  Phishing
•  Regulatory Issues
•  SOX, Basel 2, MiFID

You Tell Us:

We use SSL Technology for web data entry points:

What is SSL?

Are Smartphones Endangering Security? - Wick Hill
Dealing with Internet Security Threats - Ian Kilpatrick
How the New EU Rules on Data Export Affect Companies in and Outside the EU - Thomas Helbing
Farmers' Data Leak Highlights Old Technology Use - Wick Hill
Saving Money with SFTP - Wick Hill
UK Information Commissioner targets firm selling vetting data - Eversheds e80
12 Key Steps to Internet Security - Wick Hill
Telephone Monitoring Legality in the UK - Dechert
Firewall or UTM - Wick Hill
UK Information Commissioner demands mobile device encryption - Eversheds e80
Data loss - liability, reputation and mitigation of risk - Eversheds e80
Phorm, Webwise and OIX - BCS Security Forum
The challenges of PCI DSS compliance - Thales, Russell Fewing
"Quality" Data Vendor Spams us! Editor astounded!
National Gateway Security Survey 2008 - Wick Hill
Unified Threat Management - Watchguard Technologies

news archives
0 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 |
12 | 13
[What is this?]

Industry Blogs
Tim Berners Lee's Blog
Tim Callan's SSL Blog
Davis Wright Tremaine's Privacy & Security Law Blog
Emergent Chaos Blog
Michael Farnum's Blog
Phillip Hallam-Baker's Blog - The dotFuture Manifesto: Internet Crime, Web Services, Philosophy
Stuart King's Security and Risk Management Blog
David Lacey's IT Security Blog
Metasploit Official Blog
Jeff Pettorino's Security Convergence Blog
Jeff Richards's Demand Insights Blog
David Rowe's Risk ManagementBlog
Bruce Schneier's Security Blog
Larry Seltzer's Security Weblog
Mike Spinney's Private Communications Blog
Richard Steinnon's Threat Chaos Blog
The TechWeb Blog
Tim Trent's Marketing by Permission Blog
Rebecca Wong 's DP Thinker Blog

23 February Newsletter
Newsletter Archives are located in "News"

Industry Update
Internet Security Intelligence Briefing - November 2005
Find out the latest trends in e-commerce, web usage & the latest threats from adware/Spyware

Phorm, Webwise and OIX
- BCS Security Forum

'The Any Era has Arrived, and Everyione has Noticed' - Stratton Sclavos - VeriSign
Identity Security - Time to Share
Malicious code threats - iDefense
Public Alerts - updated as they happen from
Public Alerts - updated as they happen from Websense
Public Advisories - updated as they happen, from iDefense
Phoraging - Privacy invasion through the Semantic web: a special report by Mike Davies of VeriSign

Privacy Laws & Business International E-news, Issue 57
Privacy Laws & Business UNited Kingdom E-news, Issue 60

Security Reviews
February 2007 - VeriSign Security Review
The security review archive is here

Case Studies
Finance Industry
Case Study Example

A case study on a Finance industry company.

White Papers
VeriSign® Intelligent Infrastructure for Security
VeriSign® Intelligent Infrastructure: An Overview
Identity Protection Fraud Detection Service - description of the service
Life of a Threat - Video on Threat Management Lifecycle
Optimizing Enterprise Information Security Compliance - Dealing with all the audits
For a full list of all whitepapers, visit our Whitepaper library

Legal Notices
Privacy Policy
Terms of use

basel 2 sarbanes oxley
data controller notification binding corporate rules BCR data transfer third countries third part data transfer basel 2 regualtor regulation regulate FSA banking network security RSA encryptin algorithm Bits sacked bank staff
Blogs compliance Reports compliancy Legislation Data Protection Case Studies data privacy White Papers data protection act News information commissioner Events security standards Links information security iDefense
Retail Solutions

News - a Roundup of all News Items between March 2006 and end June 2006, Newest First

Current News Updates compliance and privacy

An archive of all the news items between March 2006 and end June 2006 on Compliance and Privacy

To avoid long load times news is archived periodically. If you can't find what you are looking for on this page please refer to our archives. Please use the search engine for ease of retrieval.

Main News page | Archives: (oldest) 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 (most recent)

Compliance and Privacy Newletter - 29 June 2006

In this issue:

  • An Analysis of New Security Features Within Microsoft Vista and Internet Explorer 7 - an iDefense Webcast
  • iDefense Webcast replays
  • What is SSL?
  • Internal fraud coupled with IT savvy is a killer combination
  • News Snippets

Click Here for the Newsletter

SWIFT in Dock re Privacy?

A human rights group has announced that it has lodged complaints with data protection authorities in 32 countries against Society for Worldwide Interbank Financial Telecommunications, or SWIFT (a consortium of financial institutions), claiming that it has violated European and Asian data protection rules by providing the USA with confidential information about international money transfers.

SWIFT is the nerve centre of the global banking industry. It operates a secure electronic messaging service that 7,800 financial institutions use to communicate with their counterparts in more than 200 countries. Each day, the network routes nearly 4.8 trillion euros, among banks, brokerages, stock exchanges and other institutions.

Read the article

VeriSign SSP PKI First Certified Under GSA FIPS 201 Evaluation Program

VeriSign SSP PKI First Certified Under GSA FIPS 201 Evaluation Program . VeriSign announced that its Shared Service Provider (SSP) Public Key Infrastructure (PKI) was the first service to be certified under the General Services Administration (GSA)-managed FIPS 201 Evaluation Program. The FIPS 201 certification enables VeriSign to provide PKI services for Federal agencies needing to comply with Homeland Security Presidential Directive 12 (HSPD-12), or the government smart card initiative.

Read the article

Michael Sutton and Recent Microsoft Patches

Both Computerworld and TopTechNews reported how security firms are warning consumers about the availability of attack code targeting some of the flaws for which Microsoft Corp. released patches Tuesday. "Exploit code had already existed for three of the vulnerabilities prior to Tuesday, as they were already public issues," said Michael Sutton , director of VeriSign iDefense Labs. "Beyond that, we're seeing public exploit code emerge for some of the new vulnerabilities and are hearing rumors of private code existing for others." The availability of such exploits heightens the risk for companies that have not yet been able to patch their systems and are important factors to consider when deciding which systems to patch first, he said.

Ken Dunham on Yahoo's New Worm

Ken Dunham, senior engineer at iDefense, a VeriSign company was quoted in TechNewsWorld , on Yamanner, a new worm targeted at Yahoo!'s Web-based e-mail service. Ken said, "The problem is the end users may not realize their computer is affected.  Who would have thought you could get a virus just browsing the Internet? It violates the trust that people have for the basic use of the Internet and causes them to feel they are helpless to stop it."

"This worm has a larger scope that originally was thought. It may impact other Web e-mail services as well," Ken told TechNewsWorld. "This worm required a lot of testing to successfully attack users of Web-based e-mail services. These attacks are getting more sophisticated."

Phillip Hallam-Baker Discusses the Pros and Cons of the  Semantic Web

A recent IT Week news article defined the “semantic web” as technologies that will make web pages easier for computer systems to interpret. Phillip Hallam-Baker , principal scientist for VeriSign, said an unintended consequence of semantic web technology would be to expose individuals' details more easily to criminals searching for ways to crack passwords and commit identity fraud. "More and more information is being put online, and all the semantic web is doing is making it easier for people to access that data and use it to their advantage," Hallam-Baker argued. "Professional criminals are looking to exploit that information – obscurity can buy you some time but it's running out." He added that widespread use of the semantic web would probably hasten the end of simple passwords as a means of authentication, to be replaced by stronger, two-factor systems for customers to prove their identity to online merchants and service providers.

Compliance and Privacy Newletter - 15 June 2006

In this issue:

  • Why don't you use SSL?
  • Bruce Schneier's Security Blog
  • Eversheds on Data Security Policies
  • VeriSign Security Review - May 2006
  • I lost my Laptop!
  • Emerging Economic Models for Vulnerability Research - iDefence Webcast

Click Here for the Newsletter

“I lost my Laptop!”

Those are probably the scariest words a CIO can hear. But are they taken seriously?

Read the article

How valuable is your company's data security policy?

Security policies form an essential part of effective data protection compliance. The Data Protection Act requires that appropriate technical and organisational measures are taken against unauthorised or unlawful processing of personal data and against accidental loss or damage.

Therefore, although policies are valuable in many different types of business, they form a fundamental part of those businesses which store and utilise high volumes of sensitive or confidential information. Not only do such policies aid companies in operating within the Data Protection Act but they can also be used to help minimise any repercussions where data security does, for whatever reason, fail.

Click Here for the full article

Compliance and Privacy Newletter - 1 June 2006

In this issue:

  • ID Theft: US FTC's Awareness Initiative
  • Identity and Privacy Strategies Service Orientation - Courtesy of VeriSign
  • Whither Chip and PIN?
  • New Security Blog - Richard Steinnon
  • 60% Have No Information Security Policy
  • Geopolitical Hot spots: An Internet Demographic Analysis - Live WebCast

Click Here for the Newsletter

Charles Schwab Selects VeriSign Identity Protection For Online Clients

VeriSign today (25 May 2006) announced that Charles Schwab has selected VeriSign to provide a full set of online security services for their clients. 

Under terms of the agreement, Charles Schwab will deploy both VeriSign Identity Protection (VIP) Fraud Detection and Authentication Services to secure client login and transaction information.  Additionally, Charles Schwab plans to become an anchor tenant of the VIP Fraud Intelligence and Shared Authentication Network. The VIP Shared Authentication Network is already supported by PayPal, eBay and Yahoo!

Click Here for the full article

When Asked, What Percentage of Staff Know if They Have an Infosec Policy?

Information Security is basic stuff. It's part of everything we do, or should be. So why were we not surprised when we asked people, knowledgeable people, who visit this site " Do you have an Information Security Policy?" and we were given the results in the article?

Click Here for the full article

Whither Chip and PIN?

It can't just be Shell and its UK filling stations that makes us doubt Chip and PIN, but Shell slamming its Chip and PIN equipment shut last week certainly pours a whole lot of cold water on the technology, brought in with such a fanfare in February 2006.

Before the Chip and PIN Day we had our doubts, but oddly they were not about the technology presenting attack vulnerabilities. Instead we were worried about the things ordinary people worry about:

  • What if I forget my PIN?
  • Why do I need to remember yet another number?
  • Why is this better than a signature?
  • How do I stop people looking over my shoulder wherever I use the card? I can do it at an ATM, but at the supermarket, in the newsagent, at the dentist, that is just plain impossible
  • What if I lose my card? I now need two separate letters, one with a card and the other with a PIN before I can fill my car with petrol!

Which brings us back to Shell

FTC Launches Nationwide ID Theft Education Campaign

"AvoID Theft: Deter, Detect, Defend"

You can take steps to minimize your risk of becoming a victim of identity theft. That is the message of a nationwide education program launched today by the Federal Trade Commission:"AvoID Theft: Deter, Detect, Defend."

  • Deter – Take steps to reduce your risk of ID theft
  • Detect – Monitor your personal information
  • Defend – Act quickly when you suspect identity theft

The program coincides with issuance of an executive order signed by President Bush, creating an Identity Theft Task Force, chaired by Attorney General Alberto R. Gonzales and co-chaired by FTC Chairman Deborah Platt Majoras. The Task Force will develop a strategic plan to enhance the effectiveness and efficiency of government efforts to deter, prevent, detect, investigate, and prosecute identity theft.

Click Here for the full article

VeriSign to Acquire GeoTrust

Acquisition Complements VeriSign's Direct-Sales SSL Presence With Well Developed Reseller Channel

VeriSign today (17 May 2006) announced it has entered into a definitive agreement to purchase Needham, MA-based GeoTrust, Inc., a leading supplier of SSL and other solutions to secure e-business transactions, for approximately $125 million in cash.  The acquisition is subject to regulatory approvals and other conditions and is expected to close in the second half of this year. 

Click Here for the full article

Compliance and Privacy Newletter - 18 May2006

In this issue:

  • Wi-Fi: Are you broadcasting personal data?
  • Metafisher Trojan Activity - an iDefense Webcast
  • IDS Evasion Techniques and How to Prevent Them - an iDefense WebCast Replay
  • Chip and PIN - Just how safe is it?
  • The International Worldwide Web Conference - Dinner Invitation
  • ****STOP PRESS**** - Skimmer Spam

Click Here for the Newsletter

Are you broadcasting personal data?

Hundreds of thousands of businesses, large and small, world-wide now use Wi-Fi to connect PCs to their network. Millions of homes have Wi-Fi to connect their PCs to the Internet and, of course, millions more use laptops, with Wi-Fi in public places the length and breadth of virtually every country. From where I'm sitting, writing this right now I have no less than nine wireless networks I could connect to.

So, what's the problem?

Wi-Fi uses an easily interceptible frequency to transmit/receive data to and from a PC - if it didn't it wouldn't work without huge antennae. So anyone could easily intercept whatever you send or receive to or from your PC. Secondly when you connect to a network via Wi-Fi you are then dependent on the security of that network to protect you from anyone trying to access your PC. In your office or at home the chance are you have a Firewall between your PC and the network (a Firewall is a device or software that only allows certain very limited types of data through and in theory prevents someone “hi-jacking” or loading viruses onto your PC or extracting data from it).

Read what the FBI say:

Just How Secure is Chip and PIN

If you knew that the unit you put your Chip and PIN card into could be transmitting your details to a fraudster, how happy would you be to use the card ever again? Just how secure is Chip and PIN? Has this new technology simply played into the hands of the fraudster? And where will that leave Smart Card based ID Card Systems like that proposed for the United Kingdom?

In fact, just how smart is it to enter your PIN nowadays, and just what is waiting to catch you out?

We're not talking about technology that is simple but "old hat", here. While it's well known that cameras can be aimed at ATMs to snoop on our keystrokes and on our card number when we key the data in, these are the crude end of the current advanced technology offerings.

Click Here for the full article

The RFID Debate is set to run on

At present Compliance and Privacy has formed no opinion, but it does have questions:

Some of these have been prompted by the latest announcement from IBM, carried in Computer Weekly on Thursday 4 th May 2006, where IBM has announced a new RFID tag that can be emasculated at checkout.

As the press release says, “A Clipped Tag label allows the consumer to tear it along a perforated edge to remove a portion of the tag's antenna after purchasing an item, which reduces the signal distance the silicon chip can transmit.

Click Here for the full article

Compliance and Privacy Newletter - 4 May2006

In this issue:

  • Eleven Major Presentations from InfoSecurity Europe 2006!
  • The Evolution and Current State of DDoS Attacks - WebCast Replay
  • IDS Evasion Techniques and How to Prevent Them - an iDefense WebCast

Click Here for the Newsletter

VeriSign was at Infosecurity Europe in London in 2006

Verisign as part of their sponsorship of Compliance and Privacy has let us host their presentations and we are pleased to confirm that you can now download the presentations that they hosted on their stand throughout the three days, here. We have pdfs currently, and hope for PowerPoint presentations too, so bookmark this page:

In addition, you can also access the presentations that VeriSign held in the London Rooms on Tuesday 25th April:

And don't forget to download their keynote presentation at the conference on business strategy:

Compliance and Privacy Newletter - 25 April 2006

In this special issue:

  • The European e-Identity Conference
  • The Evolution and Current State of DDoS Attacks
  • iDefense Vulnerabilities Report Jan 2005-October 2005
  • The VeriSign Security Review - April 2006
    • Identity Theft Tops 3 Percent
    • March Threat Summary
    • GAO Reports on Information Security
    • IEEE To Propose New Wireless Security Standard
    • VeriSign and BITS to Provide Banking Security
  • Security Events

Click Here for the Newsletter

Compliance and Privacy Newletter - 18 April 2006

In this Special issue:

  • Infosec 2006, Europe's number one dedicated Security Event
  • We feature Influential Bloggers

Click Here for the Newsletter

Where should security be applied to prevent Identity theft?
By Mike Davies of VeriSign

What a wonderful place the internet is, only today I registered for free at 10 online sites.

I now have a new email address, will be alerted about the latest holidays, electrical goods or jobs that interest me, am a registered user at a major political party's website, have a brochure from a healthcare provider being posted to me, gained access to a computing magazine's website as well as a national newspaper, and will be attending a talk on aromatherapy.

The information I provided to register varied by site but included name, email and physical address, mothers maiden name, salary, political persuasion, preferred holiday dates (when my house will be empty), gender, date of birth, employer's name, mobile telephone number and job title.

At no point during any of the registrations was the personal data I entered secured. This worries me and it should worry you too.

Click Here for the full article

Compliance and Privacy Newletter - 11 April 2006

In this issue:

  • Where should security be applied to prevent Identity theft?
  • Webcast Replay - Money Mules: Sophisticated Global Cyber Criminal Operations
  • Security of the Google Desktop Toolbar - WebCast
  • Improving online consumer confidence through mutual authentication

Click Here for the Newsletter

Improving online consumer confidence through mutual authentication

When the first cars were produced it is a pretty safe bet that they weren't fitted with an alarm, immobiliser or tracking device. Such advances in car security were introduced in response to escalating car crime.

Almost daily online security threats emerge, threats which are eroding already fragile consumer confidence.

Without consumer confidence the cost effective and efficient online channel could well become marginalised.

But this is only one side of the story. The growing fraud losses that online service providers such as banks or merchants suffer could render their business model void.

Click Here for the full article


This site is independent of all its sources
The contents of the site are sourced from across the industry. All copyrights are acknowledged.