Security Web Digest: New Identity Theft Law ... and More

.NAME registrar hacked New mailing list on patch management Gartner says not to rely on CAN-SPAM


President Bush on Thursday signed legislation giving consumers new protections against identity theft, including free credit reports and a national fraud-alert system to minimize damage once a theft has occurred. The measure also requires that receipts omit the last digits of credit cards. Opponents of the bill say it pre-empts tougher state privacy laws that prevent businesses from sharing their customers financial information with other companies.


The web site for Global Name Registry, which operates the .name registry database, was hacked last week. Hackers replaced the home page, but no other data was accessed, the company said. The .name top-level domain was introduced in 2001, designed for individuals and families to register domains like ""


A group of security experts joined forces Thursday to launch a moderated mailing list and Web site called, a service targeting IT professionals who want to keep up on patch management and security vulnerability issues. Among the mailing lists moderators are Bird, a member of the information security team at Stanford; Jason Chan, a principal security architect for @stake; and Ben Laurie, the director of the Apache Software Foundation.


Enterprises should not rely on the Controlling the Assault of Non-Solicited Pornography and Marketing Act, or CAN-SPAM, law to prevent the flow of spam into their mailboxes, research company Gartner said Wednesday. Instead they should rely on good e-mail management practices and the use of appropriate spam-filtering technology, Gartner said. The CAN-SPAM bill, which was passed by the U.S. Senate in November, requires approval by the House of Representatives before it can be signed into law by President Bush.