It’s no secret that Google retains search data and metadata regarding searches—in fact, it’s quite open about doing so. What’s unsure, though, is the long-term threat to information security and privacy. Let’s review Google’s elements.
Google Search: This search engine is gathering many types of information about online activities. Its future products will include data gathering and targeting as a primary business goal. All of Google’s properties— including Google Search, Gmail, Orkut and Google Desktop—have deeply linked cookies that will expire in 2038. Each of these cookies has a globally unique identifier (GUID) and can store search queries every time you search the Web. Google does not delete any information from these cookies. Therefore, if a list of search terms is given, Google can produce a list of people who searched for that term, which is identified either by IP address or Google cookie value. Conversely, if an IP address or Google cookie value is given, Google can also produce a list of the terms searched by the user of that IP address or cookie value.
Gmail: The primary risk in using Gmail lies in the fact that most users give their consent to make Gmail more than an email-delivery service and enable features such as searching, storage and shopping. This correlation of search and mail can lead to potential privacy risks. For example, email stored on third-party servers for more than 180 days is no longer protected by the Electronic Communications Privacy Act, which declares email a private means of communication.
Read more here
08/09/09
Trends in Financial Crimes
Malicious attacks on databases and incidents of online and other tech-related thefts continue to evolve in number and manner-- leaving both consumers and businesses scrambling to pay for the damage to their reputations and bottom lines. The Identity Theft Resource Center reports that in the first half of 2009, 18.4 percent of all breaches were from insider theft. That's up from 15 percent in 2008 and 6 percent in 2007. During the same period, the ITRC reports that hacking totaled 18 percent of all data breaches, compared with 11.7 percent in 2008. Combined, these malicious attacks are up more than 10 percent in 2009, with data breaches and insider theft accounting for 36 percent of the 250 reported breaches this year. Information security experts, including ITRC, say companies must implement effective data-protection policies and systems to safeguard their businesses and customers. Knowing what you are up against is a solid start in planning a defense against would-be thieves- from both inside and outside your company. What follows are some of the latest trends in information security breaches and technology-related theft examples that hold valuable lessons for information security professionals.
Read more here
XML Feeds