Here we go again with shooting the messenger. Whenever someone points out leaks, breaches, or vulnerabilities involving Aadhaar data, the UIDAI often responds by denying most claims, and stating that because there’s been no breach of their database, there’s nothing to worry about. Even when there is something to worry about. Now UIDAI is making threatening…
Category: Commentaries and Analyses
How “Hacker Search Engine” Shodan Caught Leakage of 750MB Worth Of Server Passwords
Update: I missed the original credit/source for this story when I posted it, but do see Dan Goodin’s article on Ars Technica. Original post: Remember Memcached servers? Now, we have another case of servers exposed online and fulfilling evil intentions of the hackers. This time, thousands of etcd servers maintained by corporates and organizations are…
Prosecution drops five felony charges against Justin Shafer, accepts plea to one misdemeanor charge
In May 2016, the Dallas FBI raided dental integrator and independent researcher Justin Shafer because of allegations that he had accessed an FTP server without authorization. Shafer was subsequently raided twice more, and in March 2017, he was arrested and charged with stalking a federal employee – not hacking or any criminal conduct related to…
AU: Medical records exposed by flaw in Telstra Health’s Argus software
Ben Grubb reports: A flaw in medical software used by more than 40,000 Australian health specialists and distributed by Telstra has potentially exposed Australians’ medical information to hackers, who have been logging into practitioners’ computers and servers to carry out illegal activities. Read more on Sydney Morning Herald.
Hospitals Are Throwing Sensitive Patient Information Out With the Recycling
Kristen V. Brown reports: …. Researchers conducted a “recycling audit” of five hospitals in Toronto between November 2014 and May 2016 and found that frequently hospitals improperly threw out sensitive patient information. All the hospitals had policies designed to get rid of confidential patient health information without potentially exposing it, along with shredders to get the…
He tried to tell you you’re leaking data. Even after you stupidly blocked him.
Today’s episode of Incident Response Fail involves a cybersecurity professional/bug bounty hunter, Mohamed Suwaiz, and a driver training company in Texas, Smith System, that seemed to stubbornly resist his efforts to alert them to a data leak. Although Suwaiz (@Msuwaiz on Twitter) describes himself as being motivated by bug bounties, when there’s no bounty to…