Peter A Clarke

The saying “The Cobblers children go shoeless” is apt when viewing the ICO’s media release Information Commissioner ‘sounds the alarm’ on data breaches within the legal profession.  The release comes on the back of 15 incidents (so described) of possible data breaches.  In an industry/profession which generates a significant volume of data in paper and digital form coupled with the fact that much of that data contains sensitive and usually privileged information, the need for proper data management is important.  Unfortunately it is also Read the rest of this entry »

Mozilla has had to provide a grovelling apology regarding the loss of data relating to 76,000 members together with 4,000 encrypted passwords.  Given Mozilla’s role it is a significant reputational slip.  Itnews covers the story in  Red-faced Mozilla apologises for leaking user data.

It provides:

The Mozilla Foundation has apologised for an accidental data leak that went unnoticed for a month and which resulted in the exposure of tens of thousands of email addresses and encrypted passwords exposed. Read the rest of this entry »

Bloomberg reports in Brazilian Web Provider Fined $1.6 Million For Selling Browsing Data to Advertisers that the Justice Ministry has fined a Brazilian telecommunications company for selling history of web usage of its customers to advertisers. It would be an egregious breach of APPs Read the rest of this entry »

Another loss of health records in the UK.  In Patient record probe is underway at GP surgery the Nuneaton News reports on a bag of patient records being found Read the rest of this entry »

Today thePrivacy Commissioenr released a video, the first in a series, on privacy.

It is found here:

https://www.youtube.com/watch?v=wmCE_CkV58I

The transcript provides:

What is privacy?

In Australia, personal information is protected by the Commonwealth Privacy Act. Personal information is information that could identify you, like your name or a photo. Read the rest of this entry »

In the new world of privacy regulation and enforcement in Australia the issue of cyber security, or APP 11 under the Privacy Act 1988 goes further than maintaining adequate firewalls, passwords and anti virus software.  How data is stored, how personal information is secured behind the outer defences of an organisations internet interface can be as important as those defences themselves.  The law of averages suggests that at some stage an organisation which is a tempting target to cyber criminals will find its defences breached by either a hack or social engineering.  The issue then is whether data is encrypted, whether personal information is stored in such a way as to be difficult to match by an opportunistic thief and whether there are systems in place to detect unauthorised access.  In many organisations those issues are rarely considered let alone properly implemented. In Australia there is no mandatory data breach notification regime. That assists organisations in avoiding making potentially embarrassing disclosures and gives a false sense of the problem with data security that, if overseas experience is any judge, is quite significant.  It also contributes to a laxity by organisations in properly protecting themselves and, more particularly, the personal information of clients they hold. Read the rest of this entry »

Ad hocracy is the watch word when it comes to regulation of drones.  The LA Time story LAPD seeks to limit civilian drone flights over police stations bears this out.  An operator guides a drone over a police station, takes videos of police cars coming and going, posts what must be interminably boring footage on you tube.  Not surprisingly the Read the rest of this entry »

The roll out of the multi path TCP highlights the dilema with new technology, benefits of a new and far more effective means of keeping internet sessions operating but security and privacy weaknesses.  According to Multipath TCP Introduces Security Blind Spot there are real dangers of TCP outpacing security programs and protocols.  That poses significant problems for organisations using TCP and those purporting to providing security for organisers.

The article provides:

If multipath TCP is the next big thing to bring resilience and efficiency to networking, then there are some serious security issues to address before it goes mainstream.

MPTCP is an extension to the Internet’s primary communication protocol. It allows a TCP session to move over multiple connections and network providers to the same destination. Should one drop, the session seamlessly moves to its second, backup connection, keeping phone calls or Internet sessions alive. Read the rest of this entry »

Many organisations believe that good data security begins and ends with the firewall and anti maleware software.  A rather brittle defence.  The reality is that data breaches come from a range of sources.  Hacking through digital defences is but one way.  Social engineering and phishing especially is a common means of entreport.  Organisations need to have protections within their systems to deal with those who have breached their outer security infrastructure.  One effective means of thwarting a hacker is encrypting personal information. It is both practical and affordable to do it.  But very few organisations bother as Read the rest of this entry »

That malware can find its way into a computer via a USB stick is not news.  Anti virus scans and reformatting can and do address these problems.  A more significant problem has been highlighted by Wired in Why the Security of USB Is Fundamentally Broken regarding malware being inplanted in the firmware of USB sticks which can remain hidden. That is a real concern both for those designing anti virus defences including programs but for organisations who have responsibility to maintain data security.  Some organisations have very strict controls on the use of USB sticks and other portable devices, with some removing USB ports on most computers or restricting access to their use.  But many organisations don’t have adequate policies on the use of portable devices and put their faith in anti virus software programs. The question now is Read the rest of this entry »