“Unu” of HackersBlog reports that they have been able to access at least one of UK telecom BT’s databases through SQL injection: A faulty parameter, improperly sanitized opens the vault to the pretious databases. One can gain access to such ordinary things as personal data, login data, and the like. In the first syntax I…
Author: Dissent
More on whether breach notification laws work
George Hulme of Information Week also responded to Kim Zettner’s article in Threat Level about a recent seminar on whether data breach notification laws are working. He raises some points about the value of such laws and similar to what I said here yesterday, notes “Helping consumers avoid identity theft and fraudulent transactions is only…
Scotland: Patient data security overhauled
The BBC reports that NHS Dumfries and Galloway in south west Scotland improved its security after the loss of two memory sticks carrying patient data in May 2008. It now uses USB devices with built-in security, and is nearing completion on a program to fully encrypt all other portable devices. Patient groups had called for…
TX: Computers With NEISD Personal Information Stolen
Personal information, resumes, photos of students and other information was found on computers from the North East Independent School District that were scheduled for destruction, but ended up for sale online and in flea markets. District officials said the computers, including three computers and two hard drives obtained by KSAT 12 News, were sent to…
Experts Debate the Value of Breach Notification Laws
Kim Zettner of Threat Level discusses the different views expressed at a seminar last week on whether data breach notification laws do any good. As expected, the upshot was “we don’t know” because there are not enough data, surveys may not be reliable indicators, etc. Of course, there is another way to frame the issue…
USAID.gov compromised, malware and exploits served
Dancho Danchev of ZDnet reportsthat the Azerbaijan section at the United States Agency for International Development (azerbaijan.usaid.gov) has been compromised and is embedded with malware and exploits serving scripts since approximately March 1. He also provides a dissection of the attack. There’s a YouTube video from AVG as well, although it’s either somewhat blurry or…