Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Privacy Security IT

Data Theft Soars to Unprecedented Levels 116

Posted by Zonk from the never-been-easier-to-be-someone-else dept.
A Wired article reports on data loss in 2007, and the numbers aren't good. Credit card and social security theft was at an all-time high, with even more losses expected in 2008. Information thieves, it seems, are just one step ahead of IT security. "While companies, government agencies, schools and other institutions are spending more to protect ever-increasing volumes of data with more sophisticated firewalls and encryption, the investment often is too little too late. 'More of them are experiencing data breaches, and they're responding to them in a reactive way, rather than proactively looking at the company's security and seeing where the holes might be,' said Linda Foley, who founded the San Diego-based Identity Theft Resource Center after becoming an identity theft victim herself."
This discussion has been archived. No new comments can be posted.

Data Theft Soars to Unprecedented Levels More

Data Theft Soars to Unprecedented Levels

Comments Filter:

  • Use Arizona's anti-illegal immigrant method (Score:3, Interesting)

    by schwit1 ( 797399 ) on Sunday December 30, 2007 @09:41PM (#21861108)
    Knowingly having an unsecure system or not doing basic security due-diligence causes penalties, a second offense and you lose your business license.

  • Truenames and identity (Score:4, Interesting)

    by Fractal Dice ( 696349 ) on Sunday December 30, 2007 @10:16PM (#21861332) Journal

    What amazes me about "identity" (financial, blog or otherwise) in the Internet age is how similar it is starting to feel to the concept of identity in fantasy fiction (such as the Earthsea books) where people have disposable day-to-day common names, but also truenames that hold the real power of identity, shared only with the most trusted of companions.

  • Re:call me a cynic (Score:3, Interesting)

    by gmack ( 197796 ) <gmack@noSpAM.innerfire.net> on Sunday December 30, 2007 @11:14PM (#21861706) Homepage Journal
    You laugh but I used to work for a small credit card processing company and that was exactly the reason for many, many charge backs.

    wife: Honey what's this charge for porn on our creditcard?
    man: Oh you know I would never look at THAT. Someone must have stolen our credit card.

  • Finding and stopping IDT (Score:4, Interesting)

    by buss_error ( 142273 ) on Sunday December 30, 2007 @11:26PM (#21861776) Homepage Journal
    At $DAYJOB, we insert fake data in two ways: First, fake data that is in the database with known markers, second, more fake data generated each time a user logs in and present only during that log in for that user. In this way, we know if the data theift occured via authintication (and by whom, from where, and when), or via some hole in the app.

    The way to make this more effective requres a huge amount of work: Longer CC numbers and SSNs. It's the same problem IT has had with users FOREVER. Users expect the moon, stars, and all the oort cloud between, yet do not want to provide the least effort. There's no "buy in" from Soc Sec and the CC companies. As long as they get to pass along the cost to someone else, then the current system is "good enough". No need to expend any of THEIR effort to find, track, and plug up problems.

    But make THEM accountable in a tangable way, and I think we'll start to see effective measures to stop this nonsense. And no few RSG and 419'ers in jail to boot.

  • It's a game of roulette (Score:3, Interesting)

    by bl8n8r ( 649187 ) on Sunday December 30, 2007 @11:51PM (#21861986)
    And one that too many companies are willing to put gamble with. Many IT shops haven't got the experience in house to maintain security so they shop around for the doitallforyousecuritygizmo to do it for them. These gizmos are usually 90% snake oil with a hefty support contract. There is also a big lapse in education and awareness across all facets of the security realm. Programmers think security is up to Layer 1 and that they are free to break all the rules at layer 7. Windows admins think security means that if Bitdefender doesn't complain, everything must be peachy and that having software installed through ActiveX by a remote website is just a prank. Management is made up more of bean counters than technically savvy personnel. In the end, it seems management views a spin-of-the-wheel as being more cost effective than re-training a bunch of people that can't see past the Whack-a-Monkey javascript they just got in their inbox.

  • I work for a web hosting company... (Score:3, Interesting)

    by Omniphobic ( 1210274 ) on Monday December 31, 2007 @12:14AM (#21862188)
    This information doesn't surprise me. I think the increase is do to the increasing ease of standing up a website. Anybody with minimal computer/coding/security experience can stand up a website that takes your credit card information. I've dealt with COUNTLESS sites that have horrible file permissions, no security apps (like mod_security), and their DB connection password is weak. It's unbelievable how little effort folks will put into securing their business operations. On top of that, customers who repeatedly get hacked won't be willing to go through the hassle of auditing their customers or upgrading their software, so the same vulnerabilities get exploited again.

Slashdot Top Deals

Kleeneness is next to Godelness.

Close