Language Selection

English French German Italian Portuguese Spanish

Senate moves toward new data security rules

Filed under
Security

In a flurry of activity before Congress prepares to skip town for an August recess, three different congressional committees considered similar legislation at the same time on Thursday morning.

The Senate's Commerce Committee voted unanimously to accept a bill introduced earlier this month by Sen. Gordon Smith, R-Ore. It would give the Federal Trade Commission the power to create an information security program that provides "administrative, technical and physical safeguards," and set guidelines for notifying people threatened by a data security breach.

The committee adopted a package of about a dozen amendments, including a compromise suggested by Sen. Barbara Boxer, D-Calif., that would cut, from 90 days to 45 days, the maximum number of days a company has to notify individuals of a breach. But even those guidelines are just broad suggestions, Smith said. "As soon as they know, they need to notify."

Senators also voted to accept an amendment proposed by Sen. Bill Nelson, D-Fla.--which would prohibit the sale and display of Social Security numbers except in special circumstances--but indicated it might be tweaked before it is final. Also, the bill will not go to a floor vote until some of its provisions are negotiated with members of the Senate Banking Committee, said Sen. Ted Stevens, R-Alaska, who chairs the Commerce Committee.

Meanwhile, the Senate Judiciary Committee pushed back its plans Thursday to vote on a trio of personal data security bills.

The committee had been scheduled to vote on the lengthiest and most far-reaching proposal, titled the Personal Data Privacy and Security Act. Sen. Arlen Specter, R-Penn., and Sen. Patrick Leahy, D-Vt., introduced the measure in late June, shortly after MasterCard announced that an intruder may have pilfered information from 40 million credit card accounts.

At the same time on Thursday, a U.S. House of Representatives Energy and Commerce subcommittee convened a hearing about its own draft of data protection legislation.

Full Story.

More in Tux Machines

Security: Uber, Replacing x86 Firmware, 'IoT' and Chromebook

  • Key Dem calls for FTC to investigate Uber data breach

    A key Democrat is calling on the Federal Trade Commission (FTC) to investigate a massive Uber breach that released data on 57 million people, as well as the company's delay in reporting the cyber incident.

  • Multiple states launch probes into massive Uber breach
  • Replacing x86 firmware with Linux and Go

    The problem, Minnich said, is that Linux has lost its control of the hardware. Back in the 1990s, when many of us started working with Linux, it controlled everything in the x86 platform. But today there are at least two and a half kernels between Linux and the hardware. Those kernels are proprietary and, not surprisingly, exploit friendly. They run at a higher privilege level than Linux and can manipulate both the hardware and the operating system in various ways. Worse yet, exploits can be written into the flash of the system so that they persist and are difficult or impossible to remove—shredding the motherboard is likely the only way out.

  • Connected sex-toy allows for code-injection attacks on a robot you wrap around your genitals

    However, the links included base-64 encoded versions of the entire blowjob file, making it vulnerable to code-injection attacks. As Lewis notes, "I will leave you to ponder the consequences of having an XSS vulnerability on a page with no framebusting and preauthed connection to a robot wrapped around or inside someones genitals..."

  • Chromebook exploit earns researcher second $100k bounty
    For Google’s bug bounty accountants, lightning just struck twice. In September 2016, an anonymous hacker called Gzob Qq earned $100,000 (£75,000) for reporting a critical “persistent compromise” exploit of Google’s Chrome OS, used by Chromebooks. Twelve months on and the same researcher was wired an identical pay out for reporting – yes! – a second critical persistent compromise of Google’s Chrome OS. By this point you might think Google was regretting its 2014 boast that it could confidently double its maximum payout for Chrome OS hacks to $100,000 because “since we introduced the $50,000 reward, we haven’t had a successful submission.” More likely, it wasn’t regretting it at all because isn’t being told about nasty vulnerabilities the whole point of bug bounties?
  • Why microservices are a security issue
    And why is that? Well, for those of us with a systems security bent, the world is an interesting place at the moment. We're seeing a growth in distributed systems, as bandwidth is cheap and latency low. Add to this the ease of deploying to the cloud, and more architects are beginning to realise that they can break up applications, not just into multiple layers, but also into multiple components within the layer. Load balancers, of course, help with this when the various components in a layer are performing the same job, but the ability to expose different services as small components has led to a growth in the design, implementation, and deployment of microservices.

Lumina 1.4 Desktop Environment Debuts with New Theme Engine and ZFS Integrations

Lumina 1.4.0 is a major release that introduces several new core components, such as the Lumina Theme Engine to provide enhanced theming capabilities for the desktop environment and apps written in the Qt 5 application framework. The Lumina Theme Engine comes with a configuration utility and makes the previous desktop theme system obsolete, though it's possible to migrate your current settings to the new engine. "The backend of this engine is a standardized theme plugin for the Qt5 toolkit, so that all Qt5 applications will now present a unified appearance (if the application does not enforce a specific appearance/theme of it’s own)," said the developer in today's announcement. "Users of the Lumina desktop will automatically have this plugin enabled: no special action is required." Read more

today's leftovers

  • qBittorrent 4.0 Is a Massive Update of the Open-Source BitTorrent Client
    qBittorrent, the open-source and cross-platform BitTorrent client written in Qt for GNU/Linux, macOS, and Windows systems, has been updated to version 4.0, a major release adding numerous new features and improvements. qBittorrent 4.0 is the first release of the application to drop OS/2 support, as well as support for the old Qt 4 framework as Qt 5.5.1 or later is now required to run it on all supported platforms. It also brings a new logo and a new SVG-based icon theme can be easily scaled. Lots of other cosmetic changes are present in this release, and the WebGUI received multiple enhancements.
  • FFmpeg Continues Working Its "NVDEC" NVIDIA Video Decoding Into Shape
    Earlier this month the FFmpeg project landed its initial NVDEC NVIDIA video decoding support after already supporting NVENC for video encoding. These new NVIDIA APIs for encode/decode are part of the company's Video Codec SDK with CUDA and is the successor to the long-used VDPAU video decoding on NVIDIA Linux boxes. That NVDEC support has continued getting into shape.
  • Kobo firmware 4.6.10075 mega update (KSM, nickel patch, ssh, fonts)
    A new firmware for the Kobo ebook reader came out and I adjusted the mega update pack to use it. According to the comments in the firmware thread it is working faster than previous releases. The most incredible change though is the update from wpa_supplicant 0.7.1 (around 2010) to 2.7-devel (current). Wow.
  • 3.5-inch Apollo Lake SBC has dual mini-PCIe slots and triple displays
    Avalue’s Linux-friendly, 3.5-inch “ECM-APL2” SBC features Apollo Lake SoCs, 2x GbE, 4x USB 3.0, 2x mini-PCIe, triple displays, and optional -40 to 85°C. Avalue’s 3.5-inch, Apollo Lake based ECM-APL single-board computer was announced a year ago, shortly after Intel unveiled its Apollo Lake generation. Now it has followed up with an ECM-APL2 3.5-incher with a slightly different, and reduced, feature set.
  • 7 Best Android Office Apps To Meet Your Productivity Needs
    Office application is an essential suite that allows you to create powerful spreadsheets, documents, presentations, etc., on a smartphone. Moreover, Android office apps come with cloud integration so that you can directly access the reports from the cloud, edit them, or save them online. To meet the productivity need of Android users, the Play Store offers an extensive collection of Android office apps. But, we have saved you the hassle of going through each one of them and provided you a list of the best office apps for Android. The apps that we have picked are all free, although some do have Pro version or extra features available for in-app purchases. You can also refer to this list if you’re looking for Microsoft Office alternatives for your PC.

Servers and Red Hat