Cue Peter, Paul, and Mary singing, “When will they ever learn? Oh, when will they ever learn? Oh, when will they ever learn?” The best place to store your private keys of your production environment is probably NOT a public Amazon AWS S3 bucket. This is a top 500 “Cybersecurity” company btw. 🙂 pic.twitter.com/8Vu7mGpwox —…
Category: Commentaries and Analyses
FBI Is Disrupting 10X Fewer Cyber Crime Rings Than In 2015
Joseph Marks reports: FBI agents took down or disrupted only about one-tenth as many cyber criminal operations during the 2017 fiscal year as they did three years earlier, according to annual reports. The number of cyber crime operations that FBI agents dismantled or disrupted fell from nearly 2,500 in fiscal year 2014, the first year…
Inside Uber’s $100,000 Payment to a Hacker, and the Fallout
Nicole Perlroth and Mike Isaac report: “Hello Joe,” read the November 2016 email from someone identifying himself as “John Doughs.” “I have found a major vulnerability in Uber.” The email appeared to be no different from other messages that Joe Sullivan, Uber’s chief security officer, and his team routinely received through the company’s “bug bounty”…
The Coca-Cola Breach and Who’s on Hook for Security of Employee Data
Chris Opfer writes: Six years after Shane Enslin left his repairman job at a Coca-Cola distribution plant in Pennsylvania, the company told him that his Social Security number and other personal information might have fallen into the wrong hands. A few months later, a declined credit card upended his family vacation. Then came a third…
Website operators are in the dark about privacy violations by third-party scripts
by Steven Englehardt, Gunes Acar, and Arvind Narayanan Recently we revealed that “session replay” scripts on websites record everything you do, like someone looking over your shoulder, and send it to third-party servers. This en-masse data exfiltration inevitably scoops up sensitive, personal information — in real time, as you type it. We released the data…
New Event of Note: International Privacy+Security Forum: Feb. 26 and Feb. 27
One of the absolute joys of blogging about privacy and breaches for the last 11+ years is that I’ve had the opportunity to meet so many fantastic scholars and practitioners. But I’ve only had that opportunity because a few people have done the hard work to organize events and to graciously offer to comp me so…