Third bug discovered this year: introducing “Poodle Bug”
After Heartbleed and Shellshock, a new security vulnerability has been discovered named Poodle – Padding Oracle on Downloaded Legacy Encryption. The bug is found in the encryption technology that is meant to protect browsing when using public Wi-Fi and means that hackers can now hijack a victim’s browsing session and access their email, social network account or online banking. The bug can only be exploited if the attacker is physically close to the victim.
3 in 4 cloud services flout EU data protection rules
A new study has reported that 72% of cloud services used by organisations in Europe do not meet the requirements of the current EU Data Protection Directive. A common violation was sending data to countries outside of the EU and without adequate levels of data protections. With harsher penalties and stricter policies set to come into force soon, organisations are encouraged to address any privacy compliance issues as soon as possible.
Staples investigating possible data breach
Staples, the office supplies retailer, has announced that it has been in contact with law enforcement officials regarding a potential credit card data breach. The investigation was disclosed after an online blog, krebsonsecurity.com, reported that several banks had noticed a pattern of fraudulent payments in the States. Staples did not provide any additional details of the attack but stressed that any customers affected would not be responsible for fraudulent payments if reported in a timely manner.
Obama announces new measures to protect financial data
President Obama signed an Executive Order last week aimed at securing financial and sensitive data. Among the measures is the requirement that all federal government-issued credit cards be equipped with chip-and- PIN technology, commonly used in Europe, and widely recognised to reduce fraud. Signing the order at the Consumer Financial Protection Bureau, Obama urged all banks and retailers to follow suit.
FBI calls for Congress to update privacy laws
After criticising Apple and Google for their enhanced smartphone encryption, James Comey, FBI Director has asked Congress to update privacy laws to allow officials to gain access to the stored information on smartphones and other devices. A major debate on Capitol Hill is expected on this issue in light of the call.
Enforcement starts of Singapore’s new data privacy law
Since coming into force this summer, the new data protection provisions of Singapore’s Personal Data Protection Act (PDPA) is already catching people out. Although the first convictions have generally been for offences related to the ‘Do Not Call Registry’, calls have been made for organisations to which the PDPA applies, to remain vigilant about data exports in particular.
The Apprentice: ‘Privacy is history’
Privacy issues were highlighted in episode two of UK’s The Apprentice when the boys’ team tried to sell a sweater with an in-built camera. When questioned about the issues that may be raised when covertly filming people, the reply was “privacy is history”. The retailer retorted that they thought the opposite was true and then, surprisingly, placed no orders.