April 03, 2007

Privacy and Security Watch: More Security/Identity Breaches and Issues

According to an article in ComputerWorld, "RadioShack Corp. dumped 'thousands' of customer records behind a store near Corpus Christi, exposing consumers to possible identity theft." The article goes on to say "According to Attorney General Greg Abbott, the Fort Worth-based company violated multiple state statutes, including the Identity Theft Enforcement and Protection Act, a 2005 law that requires businesses to protect and properly dispose of customer personal information."

But in another ComputerWorld article in the same state of Texas, it seems that "Texas Gov. Rick Perry has signed into law a bill that allows the state's county and court clerks to disclose "in the ordinary course of business" Social Security numbers contained in documents held by their offices."

So, at least in Texas, Social Security numbers are no longer considered protected data if they exist in "public records held by clerks in the state" but are protected data if held by anyone else. So if you have public documents containing personal data, such as mortgage records and tax liens in the state of Texas, your private information, already being posted by Texas to the internet and for sale unredacted, is no longer protected.

And now your browser may be used to capture your personal information on your computer and as a hacking tool against others. According to another article in ComputerWorld, javascript code that could be used to turn a Web browser into a hacker's tool is now available on Internet.

Meanwhile, in yet another ComputerWorld article we are told that there is a critical Windows flaw that Microsoft has apparently known about since December 2006 that affects Windows 2000 SP4, XP SP2, Server 2003 (up to SP2), and even Vista (both 32- and 64-bit versions). Microsoft was apparently in no hurry to fix this but the pressure has mounted and they are supposedly rolling out a fix soon. This critical flaw will allow a rogue program to "run malicious code on a victimized PC, infecting it with spyware, stealing identity information or adding it to a botnet of hijacked systems."

To borrow from a tag line in an old TV show (NYPD Blue, if memory serves):
"Be careful out there."

Richard Kuper
The Kuper Report