News briefs

December 14, 2006

The U.S. Department of Veterans Affairs (VA) was again forced to notify veterans that their identity could be at risk — this time after the theft of an unencrypted laptop from the agency's New York Harbor Healthcare System.

The breach, less than six months after the department's infamous employee laptop theft, affects 1,600 veterans who receive pulmonary care at the system, according to an October letter to veterans released by U.S. Rep. Carolyn Maloney, D-N.Y.

The computer, stored in a locked room at the time of the theft, contained names, Social Security numbers and diagnosis data.

 

The first vulnerability in Internet Explorer 7 (IE7) was found just hours after its release, only to be followed by others.

Just after the release, researchers warned of a flaw in redirection handling for URLs with the html: URI handler. Secunia reported a flaw in IE7 that could be exploited during phishing attacks.

Two weeks after IE7's release, Secunia warned of another flaw that could allow attackers to steal a user's personal information through pop-up windows. Microsoft disagreed, saying the company had determined that the issue wasn't a vulnerability.

 

Open-source rival Mozilla didn't stand idly by for the release of IE7, releasing the latest version of its alternative browser, Firefox 2.0.

The browser's most visible security feature is new anti-phishing technology. Drawing from a constantly updated blacklist, the anti-phishing controls alert users with a pop-up when they come across a questionable website.

A less visible security feature is the browser's use of "sandboxing," a technology that prevents untrusted — and possibly malicious — code from interacting outside of the context of a specific webpage.

 

Sanjay Kumar, the former chief executive of CA, was sentenced to 12 years in prison for his role in an accounting scandal at the company.

U.S. District Judge I. Leo Glasser fined the former head of the Islandia, N.Y.-based company $8 million. Kumar pleaded guilty to conspiracy, securities fraud and obstruction of justice.

Kumar improperly stated company revenue from 1999 to 2000 to meet investors' expectations and then lied to investigators, according to the charges against him.

 

Hackers breached databases at an Ohio children's hospital, gaining access to the personal information of 240,000 donors and patients.

Akron Children's Hospital told victims that one database contained the names, addresses and Social Security numbers of patients. An investigation by the hospital, however, determined that there was no evidence that hackers accessed any personal information.

 

Errata: A response in October's Me and my job column was incorrectly attributed to Mark Odiorne. The correct column is online.

prestitial ad