SEARCH RESULTS
 
Showing 1-10 of 59 records
 
Expand article

Privacy and Power

2008-03-11 06:09:57 by schneier in Schneier on Security
 
...discloser and the disclosee If I disclose information to you, your power with respect to me increases. One way to address this power imbalance is for you to similarly disclose information to me. We both have less privacy, but the balance of power is maintained. But this mechanism fails utterly if you and I have different power levels to begin...
 
Tags: relative power differential, relative power, power, relative power levels, power levels, additional power, power imbalance, officer enormous power, officer
 
 
 
 
Expand article

The Point of Breach Notification Laws

2007-11-07 21:57:00 by Security Retentive in Security Retentive
 
...disclose, but I have yet to see an analysis of the costs on both sides of the issue. I'm hoping someone can point me to one Part of the argument of course hinges on the responsibility of companies to not disclose data entrusted to them and the rights that the data owner has. There are costs of our current regime however, and based on public...
 
Tags: breach notification laws, breach, breach notification, laws, data, public policy data, data owner, data custodian, data breaches
 
 
 
 
Expand article

When do you have an obligation to go public?

2008-05-29 21:13:01 by HASH0x8b01008 in StillSecure, After All These Years
 
...disclosed the information on hackers.org, as a "whistleblower". The term whistleblower is a term of art and in many circles will invoke some special immunity for the person who disclosed the confidential information. However, usually the disclosure of this information is made to a person or entity with the power or at least willingness to...
 
Tags: public, public forum, tjx, tjx fraud, martin, cryptic, confidential information, cryptic mauler, ipo public
 
 
 
 
Expand article

AT&T management information on stolen laptop

The Article has images
2008-06-08 18:28:48 by Evan Francen in The Breach Blog
...disclosed number of management-level workers at AT&T have been notified that their personal information was stored unencrypted on a stolen laptop Reference URL PogoWasRight SC Magazine NetworkWorld Report Credit PogoWasRight Response From the online sources cited above An undisclosed number of management-level workers at AT&T have been...
 
Tags: information, employee, att employee, personal information, laptop, att, store confidential information, actual att correspondence, information security
 
 
 
 
Expand article

Safari For Windows Vulnerabilities

2008-06-20 18:36:54 by Dave Lewis in Liquidmatrix Security Digest
 
...disclose sensitive information or to compromise a users system 1) A boundary error within the handling of BMP and GIF images can be exploited to trigger an out-of-bounds read and disclose content in memory 2) A security issue exists due to Safari automatically launching downloaded executable files from sites in a Internet Explorer 7 zone with...
 
Tags: safari, sites zone, zone, internet explorer, apple safari, sites, vulnerabilities, memory corruption, disclose sensitive information
 
 
 
 
Expand article

Managers Admit Theyd Exploit Private Data

2008-06-23 10:21:46 by Dave Lewis in Liquidmatrix Security Digest
 
...disclose customers sexual orientation, 14 per cent their involvement in political activism, and 19 per cent their credit card details Some managers said they would also disclose data about ethnicity and religious beliefs The research found that marketing managers never reported data losses or thefts to customers in 90 per cent of cases, as...
 
Tags: managers, data security, data security breaches, strongmail systems, cent, e-mail security company, credit card details, folks, privacy watchdog
 
 
 
 
Expand article

Boston Court's Meddling With 'Full Disclosure' Is Unwelcome

2008-08-21 04:00:00 by Bruce Schneier in Wired Security
 
...disclose details of a fare-card vulnerability that allows people to ride the subway for free The "Oyster card" used on the London Tube was at issue in the Dutch case, and a similar fare card used on the Boston "T" was the center of the U.S. case. The Dutch court got it right, and the American court, in Boston, got it wrong from the start --...
 
Tags: computer security improves, security improves, computer security, security, mit security researchers, security devices, security holes, disclosure, security properly
 
 
 
 
Expand article

Full Disclosure and the Boston Farecard Hack

2008-08-26 06:04:49 by schneier in Schneier on Security
 
...disclose details of a fare-card vulnerability that allows people to ride the subway for free The "Oyster card" used on the London Tube was at issue in the Dutch case, and a similar fare card used on the Boston "T" was the center of the U.S. case. The Dutch court got it right, and the American court, in Boston, got it wrong from the start --...
 
Tags: computer security improves, security improves, computer security, security, mit security researchers, security devices, security holes, disclosure, security properly
 
 
 
 
Expand article

Some Yahoo! employees exposed through mistaken email

The Article has images
2007-12-12 15:11:31 by Evan Francen in The Breach Blog
...Disclosed information is always disclosed, but I understand what Fidelity means in this context. You can't un-disclose information We are writing to notify you of a recent issue that involved some personal information about you maintained by Fidelity Stock Plan Services (Fidelity SPS), the administrative service provider and recordkeeper of...
 
Tags: fidelity investments, fidelity, fidelity inadvertently, fidelity investments client, email, fidelity investments inadvertently, yahoo, administrator, email administrator
 
 
 
 
Expand article

Passport Canada web site suffers serious breach

The Article has images
2007-12-05 11:51:09 by Evan Francen in The Breach Blog
...disclose when they've suffered security breaches Comfyllama] Canadian law SHOULD require it (and more Other Responses I was expecting the site to tell me that I couldn't do that," said Jamie Laning of Huntsville. "I'm just curious about these things so I tried it, and boom, there was somebody else's name and somebody else's data This is...