Compliance and Privacy News
Compliance and Privacy News )
Essential Reading for Today's Business 28th February 2006

in this issue:
  • Sober Worm Postmortem
  • Rootkits and Other Concealment Techniques in Malicious Code - iDefense Webcast Replay
  • Online identity theft: What businesses can do
  • Durant Takes UK to Strasbourg over Data Protection Act

    Dear Visitor,

    Welcome to this week's issue of Compliance and Privacy. This week we look at latest Sober Worm outbreak and you can register for a webcast on the topic. Rootkits have been in the news lately - thanks largely to Sony - and we have a webcast you can download whenever you'd like to look in more detail at this issue. And our third webcast covers the ever-present issue of identity theft.

    Data protection law is increasingly an issue for anyone concerned with corporate compliance. And the latest developments are certainly cause for concern. Read all about the latest developments in the increasingly infamous "Durant vs Barclays Bank" case!

    As always, we welcome your comments - why not contribute to C&P yourself? Post a comment on your views, issues and experiences.

    Do also participate in our simple survey on Information Security Policies - it appears in the left hand margin on Compliance and Privacy. Do you have one in your organisation? If you do, is it comprehensive enough?

    Peter Andrews

    Sober Worm Postmortem

    Sober was the most prevalent e-mail worm of 2005. The carefully planned and coordinated attack started in early November 2005 and lasted until Jan. 6, 2006. In this presentation, iDefense will examine the progression of the Sober attacks and the techniques the worm used to both infect its hosts and spread to others. iDefense will also cover the impact that these attacks had on key corporate infrastructure and the future of the Sober worm itself.

    This is a live webcast, to be held on 1 March 2006 at 2pm US EST (that is 7pm GMT). Expected duration is between 30 and 60 minutes. If you want to interact with this webcast you will need full audio facilites on your PC.

    We will mount a replay on this site as usual, a couple of days after the webcast.

    Rootkits and Other Concealment Techniques in Malicious Code - iDefense Webcast Replay

    In order for malicious code to provide its author with some benefit, it must be successful in four areas: propagation, infection, malicious actions and persistence. With the advent of multi-tasking computers, the increased popularity of networking in general, and the Internet in particular, the tools and techniques used by malicious code authors have improved considerably. This webcast focuses on these tools and techniques, concentrating on the evasion of first-line defenses, autostart considerations and rootkits.

    We stream this to your desktop. It's a replay so no participation is possible. It runs for 28 minutes and a headset or speakers are required.

    Online identity theft: What businesses can do

    Identity theft is one of the most damaging and frightening computer-aided crimes to emerge in the information age. Research in both the US and in Europe shows that it is not only becoming increasingly common, but individuals are so frightened of falling victim that it is undermining their trust in e-commerce. What can be done? And specifically, what can businesses operating through the Internet do to prevent their customers falling victim to identity theft and thereby maintain or restore confidence in their online brands? And what role can technological solutions play? Our panel of experts moderated by Andrew Lawrence, Editorial Director, Information Age debated with an online audience the best answers to these issues.

    The expert panelists were:

    • David Lacey , former chief security officer of Royal Mail, and a member of the Home Office Committee on ID Theft
    • Ryan Kalember , Technology Director of Verisign, and a leading authority on federated identity management technology
    • Bori Toth , Biometric Research and Advisory Project Lead Deloitte & Touche

    The panelists opened the debate with presentations outlining the threats to business posed by ID theft, and presented their view of what can best be done to combat them. The debate was then opened up to the online audience, and an enlightening half hour discussion ensued

    Durant Takes UK to Strasbourg over Data Protection Act

    Michael Durant is heading for Strasbourg! It will be a long slog, but he is heading for the European Court of Human Rights and is seeking to force the United Kingdom government to rethink the way it has interpreted its own Data Protection Act 1998.

    His case as a former Barclays Bank customer is that, following a dispute with the bank, he requested the Financial Services Authority to investigate the dispute. The FSA closed its investigation in 2001. Mr Durant was not informed of the result of the investigation due to confidentiality restrictions. Following an unsuccessful application to the FSA, Mr Durant submitted a subject access request under the Data Protection Act 1998. The request was denied on the grounds that the information was not "personal data" held in a "relevant filing system".

    The case in Strasbourg is against the UK Government. "If a national court doesn't fulfil its obligations under the Convention when it applies national law, the government is responsible," said Tamsin Allen, of Bindmans, the solicitors instructed in the case

    Quick Links...


    Readers should note that references to VeriSign's sponsorship are historical. That sponsorship ended on 28 February 2007, and is simply included here for context and historical purposes. VeriSign is not formally associated with this site in any manner, and has asked us to emphasise this point.