“Kapustkiy,” a self-described teenager who has been using SQL injection attacks on a number of government sites, today dumped some data from the National Assembly of Ecuador. There were 655 email addresses and passwords in his public paste, although the list contained some duplicates. As he has done in the past, and as he informed this site…
Category: Commentaries and Analyses
NaMo app non-hack is a small fry; tech security on govt apps is even worse
Srinivas Kodali writes: In the wee hours of December 1, 2016, Javed Khatri, a 22-year-old programmer (note: not a hacker) discovered a common security vulnerability/bug in the Narendra Modiapp. Khatri was able to access the personal information of every registered user of the application through this vulnerability. After sending out a tweet (below) to Modi to report…
A Failed Strategy: Another Derivative Action In A Data Breach Case Goes Down To Defeat
Kevin M. McGinty of Mintz Levin writes: An attempt to impose liability on corporate officers and directors for data breach-related losses has once again failed. On November 30, 2016, a federal judge in Atlanta issued a 30 page decision dismissing a shareholder derivative action arising out of the September 2014 theft of customer credit card data…
Your VISA Credit Card Can Be Hacked In Just Six Seconds: Study
Press Trust of India reports: It may take as little as six seconds for hackers to guess your credit or debit card number, expiry date and security code, say scientists who were able to circumvent all security features meant to protect online payments from fraud. Exposing the flaws in the VISA payment system, researchers from…
Study Finds Companies May Do Too Much For Data Breach Victims
Joseph J. Lazzarotti writes: A recent study at the University of Arkansas suggests that organizations should avoid doing too much for individuals affected by a data breach. That is, when organizations provide compensation to breach victims that exceeds the victims’ expectations it could backfire. Those victims may become suspicious, thinking the organization has something to hide, which…
Fatal flaws in ten pacemakers make for Denial of Life attacks
Darren Pauli reports: A global research team has hacked 10 different types of implantable medical devices and pacemakers finding exploits that could allow wireless remote attackers to kill victims. Eduard Marin and Dave Singelée, researchers with KU Leuven University, Belgium, began examining the pacemakers under black box testing conditions in which they had no prior…