Saturday, March 14, 2015

United States Congress seeks compromise on data breach notice bill

US Congress is working on legislation about data breach notification. It was time!, when we are sadly accustomed to daily news about thefts of tens of millions of people's personal information. We are happy because when US plays trick on something, the rest of the world moves too. On this Saturday we also talk about a virus that attacks gamers, phishing with Amazon gift cards and a security hole in Google Apps for Work.

Marsha Blackburn, bill's co-sponsor
Data Breach Notice Bill's still a draft but is already taking much interest in US Congress. It faces two lobbies: industry and privacy advocates. The law has some hot spots like deciding whether an email address and a password to access an account can be considered information that allows a person's identification; or in which cases a company that has suffered an attack must notify its users, in how many time (30 days) or the amount of fines (up to $ 2.5 million).

Meanwhile, cybercrime continues doing its own thing. A virus called TeslaCrypt is spreading like wildfire. It's a variant of the infamous CryptoLocker, and not only encrypts images and documents on your computer, it also goes for games: Call of Duty, World of Warcraft, Assassin's Creed, League of Legends, Minecraft. .. The virus waits on a website and infects those who visit it using Windows operating system and vulnerable Adobe Flash or Internet Explorer. TeslaCrypt asks for a between 500 and 1,000 dollars rescue.

Another particularly intense criminal campaign, against Spanish users, sends emails that inform the recipient that he or she has earned an Amazon gift card worth 1,000 euros. To get the card you must go to a website and fill out a form where you are prompted to put a lot of details, including credit card number. This phishing is notable for being well written and without spelling errors, which can be misleading to more than one.

The sense of vulnerability is high when you see cybercrime in combination with bugs that  inadvertently commit companies and free software projects. The last to fall has been a corporation that happens to be one of most aware about safety: Google. Its service Google Apps For Work had, since 2013, a bug that allowed to see private data of those who had registered a website, even if they had paid for hiding this information on WHOIS. When Google was reported about the bug, the company contacted the nearly 300,000 affected.

What it teaches us that, having a safety problem with a company, it's better to have it with whom rectifies in time.


Post a Comment