Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

12/21/2007
04:05 AM
50%
50%

Privacy Goes Public

While end users remain confused about online privacy issues, enterprises - and vendors - now make it their business

2:05 PM -- For years, "privacy" was something people kept to themselves. If you wanted to protect your identity, you kept your address to yourself, didn't give out your phone number, and asked not to have your Social Security number put on your driver's license.

My, how times change.

Over the past year -- and particularly in recent weeks -- "privacy" has gone corporate. In fact, we could now legitimately argue that corporations and government agencies place a higher priority on privacy than the end users themselves.

Don't believe me? Ask someone -- anyone -- in the British government right now. Over the past few weeks, the U.K. media has uncovered breach after breach in the country's government, revealing what could only be described as a systemic disregard for citizens' personal data. Officials are desperately struggling to right the ship, but a couple of top officials have already been thrown to the sharks. (See EED Appoints Iron Mountain Exec, UK Government Breach Exceeds Original Estimates, and Data on 3M UK Drivers 'Lost in Iowa'.)

And these sort of breaches are no longer isolated. In fact, research released earlier this month indicates that as many as 85 percent of companies have experienced a breach of personally identifiable information in the last 12 months; 65 percent have experienced more than six. (See Study: Breaches of Personal Data Now Prevalent in Enterprises.)

These breaches aren't just embarrassing for the officials involved. In study after study, consumers say they are increasingly avoiding companies that have experienced a breach. Such public scrutiny can't be good for business partnerships, either, especially if it reveals blatant disregard for security or privacy policies. Think about it: Would you really want to add TJX to your supply chain system right now? (See Breaches Cause Skittish Attitudes Among Holiday Shoppers.)

And consumers aren't the only ones who smell blood in the water. Vendors are making big business out of the privacy breach market. Who had ever heard of "data leak prevention" even a year ago? And now there's a burgeoning market for services that protect consumers' data as well. (See Amid Confusion, Market for ID Theft Services Grows.)

Yet, while businesses and government agencies begin to regard privacy with a much more serious eye, recent developments suggests that individuals actually are less concerned about privacy than they were previously. The rise of social networking sites suggests that online users are increasingly willing to reach out to strangers, sometimes with disastrous results. (See Google's Orkut Social Network Hacked .)

And in a new study by the Pew Internet Project, 60 percent of Internet users said they are not worried about how much information is available about them online. Only 38 percent of users say they have taken steps to limit the amount of online information that is available about them. (See Internet Privacy: No Big Deal?)

So has individual privacy now become everyone's business? Maybe not, but it certainly seems to be important business for enterprises, government agencies, and vendors. It's still not clear whether there's money to be made in privacy, but there clearly is money to be lost. And where money is involved, you can bet you'll see business stepping up.

— Tim Wilson, Site Editor, Dark Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Tor Weaponized to Steal Bitcoin
Dark Reading Staff 10/18/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18387
PUBLISHED: 2019-10-23
Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.
CVE-2019-18212
PUBLISHED: 2019-10-23
XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal.
CVE-2019-18213
PUBLISHED: 2019-10-23
XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response cap...
CVE-2019-18384
PUBLISHED: 2019-10-23
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring.
CVE-2019-18385
PUBLISHED: 2019-10-23
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.