Jaime Chanaga, CISSP, CISA

TrustedID (www.trustedid.com), a relatively new company in the field of consumer ID fraud detection services, has launched a free online search service called StolenID Search (www.stolenidsearch.com).  This free service allows consumers to conduct their own online searches to validate whether or not their social security and/or credit card numbers have been stolen and being transmitted over the Internet.   

A consumer can enter their own social security and/or credit card numbers on the www.stolenidsearch.com website and in seconds find out if their information is being misused. Data is provided by a database of over 2 million compromised social security and/or credit card numbers.  There is a back end offer for TrustedID's Identity monitoring services after you search database.

The problem with offering this service for free and anonymously to anyone who wishes to use this, is the fact that criminals could potentially use the StolenID Search database to screen for social security and/or credit card numbers that haven't been flagged as being stolen or misused. 

Final Thoughts:  Empowering consumers is a good thing for companies to do. TrustedID is providing a free service other companies see fit to profit from. That is admirable.  However, there also comes a great responsibility for TrustedID to do the right thing in protecting their systems from being used a tool for abuse by anyone.  TrustedID and consumers should each know their responsibilities and act appropriately.

For more information:

StolenID Search
http://www.stolenidsearch.com

TrustedID
http://www.trustedid.com

Disclaimer:  The above blog post is not an endorsement or recommendation for anyone to use the services of TrustedID.com or StolenID Search.com.  The information presented herein is for informational purposes only.

A hacker by the nickname of "muslix64" has once again struck at the heart of the entertainment companies and video electronics device manufacturers by defeating the digital rights management (DRM) content protection systems for Blu-Ray high-definition video discs.

A few weeks ago the same hacker had released a software tool on the Internet, to help crack/defeat the DRM system protections for HD-DVD discs, a competing high-definition audio/video disc format.

Slyck:  Interview with muslix64
http://www.slyck.com/story1390.html

PC Pro UK
http://www.pcpro.co.uk/news/102916/bluray-drm-cracked.html

Engadget Blog
http://www.engadget.com/2007/01/24/backupbluray-available-now-too/

A University of Arizona computer server containing sensitive financial transaction information and university employee personal data has been breached by external hacker(s).  There is no preliminary information to suggest the full scope of the breach, but the university and FBI continue to investigate this incident.

Tucson Citizen
http://www.tucsoncitizen.com/daily/local/38055.php

SC Magazine
http://www.scmagazine.com.au/news/44180,hacker-cracks-university-of-arizona-network.aspx

Stop the presses! 

With all the hoopla over Apple Inc.'s (NASDAQ:AAPL) announcement yesterday at Macworld of their new convergence device, the much hyped "iPhone" (iPod + PDA + cell phone, etc.), it seems the story is just starting to get interesting. 

Cisco Systems (NASDAQ:CSCO) has filed a lawsuit against Apple Inc. claiming infringement of the "iPhone" name, which Cisco claims they hold trademark rights of that name.  This promises to be more interesting and more glamorous than the litigation between NTP vs. Research In Motion (NASDAQ:RIMM; TSX: RIM).

Note to Cisco Systems and Apple, Inc.:  All trademarks and copyrights referenced in this publication (blog) are the property of their respective owners.

News.com
http://news.com.com/Cisco+sues+Apple+over+use+of+iPhone+trademark/2100-1047_3-6149285.html

Today during the annual Macworld conference, Apple CEO Steve Jobs unveiled a new consumer electronics device called the "iPhone" which will include iPod MP3 player, digital camera, and celular telephone functionality.

Beyond the coolness factor, it would be interesting to see what device and data security features are included in the final specifications for the upcoming iPhone.

WIBU-Systems USA, Inc. is inviting anyone to try and break and remove their anti-piracy software from a protected sample software application.  The reward for anyone who is able to accomplish this feat is $40,000 (yes, forty thousand) dollars.

My $0.02:  Instead of rewarding people who normally cause economic harm to companies by finding ways to circumvent their intellectual property protection mechanisms, why not use the $40,000 to fund scholarships for tomorrow's information security and software engineering professionals?

InformationWeek
http://www.informationweek.com/news/showArticle.jhtml?articleID=196800978

The industry companies behind the content protection system used in high definition dvd and Sony's Blu-ray are investigating reports that a hacker may have broken or found a way to defeat the encryption and protection systems that prevent illegal copying of movies and dvd content, PC Magazine is reporting.

PC Magazine
http://www.pcmag.com/article2/0,1895,2078280,00.asp

Computerworld has an interesting article on how Microsoft (www.microsoft.com) deals with information security issues such as e-mail and remote access for employees and vendors.  Not surprisingly, the article shares that Microsoft receives approximately 10 million email messages per day--almost 9 million of that email is spam--or junk email! 

Nice to know how one of the largest computer software companies in the world uses a multi-layered approach to dealing with the risks of email and remote access.

Computerworld
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9005756

Government Executive magazine reported on October 2 (Article: http://www.govexec.com/dailyfed/1006/100206p1.htm), that the U.S. Department of Homeland Security has not taken action to secure laptop computers that hold sensitive and classified information.  Not too long ago, we read news stories of data loss on laptop computers from the U.S. Department of Veterans Affairs that potentially affected the privacy of over 26.5 million veterans.

The Federal government must do more to secure the information it has been entrusted with. There is no excuse for any business or federal agency for not securing their information systems, including laptop computers. 

Today we have many resources, some at very low costs, that allow any organization to secure its systems and information. It is time for all organizations, public and private to act responsibly and protect its information, systems, and people.

I strongly urge executive leaders in federal service, to please reach out to private industry for help.  Private industry is ready to help organizations secure their people, information, and systems.

A friend shared a recent article in SC Magazine which included commentary from me. Comments regarding the article are welcome.

"Know your client

Frank Washkuch Sep 7 2006

Ask any IT expert for a cookie cutter approach to protect customer data and there might not be much of an answer. After all, hackers are just one group to worry about when looking to prevent the theft of customers' personal information. Company executives also must concern themselves with their own employees, as well as government legislators."

http://www.scmagazine.com/us/news/article/591722/know-client