In case you didn’t see this last month, it’s worth noting in light of current news stories about Chris Roberts’ research and claims. Public Intelligence writes: The following private industry notification was published online by RenderMan of RenderLab in late April. The notification concerns claims made by security researcher Chris Roberts about vulnerabilities in “commercial aircraft’s onboard avionics and wireless networks…
Month: May 2015
Sideways: A test too far?
It looks like the poo may have really hit the fan for Chris Roberts (@Sidragon1 on Twitter). If you’ve read this article on APTN and the affidavit for a search warrant that APTN obtained, you’ll already know that FBI agent Mark Hurley claimed that in interviews in February and March, Chris allegedly told the FBI that he was able to hack airplanes…
Starbucks blaming passwords, victims doesn’t fix the problem; burning questions about attack remain
As I pointed out in reporting on Starbuck’s response to Bob Sullivan’s disclosure of a breach involving the mobile app accounts, not everyone would find their explanation and response satisfactory. Today, Bob Sullivan fired back: Since I broke news of the Starbucks mobile pay / gift card /credit card attack last Monday, there has been some confusion…
Meru Cabs was exposing customer data
I had missed this one, but DataBreachToday has a write-up about the exposure of Meru Cabs customer data due to logs from its mobile app not being secured. The exposed data in the logs “included customers’ personally identifiable information, including mobile numbers, email addresses, pickup and drop locations, masked credit-card numbers, payment notification logs, Meru booking…
University of Texas Southwestern Medical Center sent 1,032 immunization records to state registry by mistake
Sherry Jacobson reports: UT Southwestern Medical Center accidentally transmitted the immunization records of about 1,000 patients to a confidential Texas registry used by physicians, health departments and school districts. Letters were sent last week to the UTSW patients involved, expressing regret that their vaccination information had been shared with ImmTrac, a statewide registry service used…
Columbia Casualty asks court to let it off the hook for $4.1M settlement in Cottage Health System breach
So you apply for cyberinsurance and in your application, you describe all the security controls and policies you have in place. And an insurance company looks it all over and issues you a policy because you meet the minimum security practices they require. But then you don’t actually adhere to all the controls and policies you…