MCI admits laptop with employee data stolen last month
Telecommunications giant MCI Inc. says a laptop computer containing the names and Social Security numbers of 16,500 current and former employees was stolen from a Colorado financial analyst's car last month. A company spokeswoman told the Wall Street Journal the laptop, taken from the analyst's garage, was password-protected. However, she did not say if the data was encrypted. In addition to investigating the analyst's possible policy violations, MCI is sending letters to those whose information was stolen.
As these types of data theft disclosures become commonplace, some wonder why more companies are not encrypting sensitive data by default. According to Noah Groth, CEO and CTO of San Francisco-based encryption management provider PC Guardian Technologies, they are. "Companies and government agencies are, in fact, responding to these thefts rapidly," he said. "One of our clients plans to encrypt more than 13,000 laptop computers in less than 45 days as a result of a single computer being stolen. Numerous other enterprises are approaching us because they do not want to be the next headline."
Groth, whose company's clients include Northrop Grumman, Lockheed Martin and Deutche Bank, warned that enterprise-wide encryption policy-making is not as simple as it may seem. "Numerous issues need to be addressed before the solution can be installed, such as defining key recovery processes or training administrators, planning the deployment of the solution, and, then, finally, installing the solution on computers."
Netscape 8.0 releases security patch within days of its launch
Netscape 8.0, billed as a more secure browser, was forced to issue v8.0.1 a day after its official launch last week to fix security holes recently unveiled in Firefox, whose features are incorporated in the latest Netscape browser. The most serious vulnerability allows an attacker to gain remote control of a PC, according to the advisories. Netscape, part of a Time Warner AOL subsidiary, had hoped to show its Web browser was more secure than even Firefox and could automatically adjust security settings during browsing based on whether the user went to a trusted or unknown site, according to CNET News.com. This feature also helped prevent phishing scams and spyware installations. The two browsers have unique relationship, since Firefox, which has gained significant market traction since its release last fall, is based on Netscape's blueprint.
Web defacers now targeting fake phishing sites
Internet monitor Netcraft reports vigilante hackers are honing in on fake financial sites used in phishing scams and defacing them with antiphishing messages. Such digital graffiti, though still rare, could serve as a warning tool to users who otherwise might for the traps. "It is undoubtedly a good thing in that they are helping to protect innocent Web users," Netcraft developer Paul Mutton told Security Focus. "On the other hand, it is perhaps unfortunate in that it's probably illegal." Experts in phishing scams say that public awareness has led to fewer victims, but that success also has bred more technically sophisticated attacks to bait users into divulging their financial data. Among those hacker groups believed to be involved in the Web defacements are The Lad Wrecking Crews and Artists Against 419, whose moniker stems from "419 scams" in which e-mails are sent purporting to be from a Nigerian seeking help with a financial crisis.