Srinivas Kodali writes: In the wee hours of December 1, 2016, Javed Khatri, a 22-year-old programmer (note: not a hacker) discovered a common security vulnerability/bug in the Narendra Modiapp. Khatri was able to access the personal information of every registered user of the application through this vulnerability. After sending out a tweet (below) to Modi to report…
Category: Commentaries and Analyses
A Failed Strategy: Another Derivative Action In A Data Breach Case Goes Down To Defeat
Kevin M. McGinty of Mintz Levin writes: An attempt to impose liability on corporate officers and directors for data breach-related losses has once again failed. On November 30, 2016, a federal judge in Atlanta issued a 30 page decision dismissing a shareholder derivative action arising out of the September 2014 theft of customer credit card data…
Your VISA Credit Card Can Be Hacked In Just Six Seconds: Study
Press Trust of India reports: It may take as little as six seconds for hackers to guess your credit or debit card number, expiry date and security code, say scientists who were able to circumvent all security features meant to protect online payments from fraud. Exposing the flaws in the VISA payment system, researchers from…
Study Finds Companies May Do Too Much For Data Breach Victims
Joseph J. Lazzarotti writes: A recent study at the University of Arkansas suggests that organizations should avoid doing too much for individuals affected by a data breach. That is, when organizations provide compensation to breach victims that exceeds the victims’ expectations it could backfire. Those victims may become suspicious, thinking the organization has something to hide, which…
Fatal flaws in ten pacemakers make for Denial of Life attacks
Darren Pauli reports: A global research team has hacked 10 different types of implantable medical devices and pacemakers finding exploits that could allow wireless remote attackers to kill victims. Eduard Marin and Dave Singelée, researchers with KU Leuven University, Belgium, began examining the pacemakers under black box testing conditions in which they had no prior…
NYS audit of Glen Cove City School District finds deficiencies in IT procedures
NYS Comptroller DiNapoli has released the state’s audit of the Glen Cove City School District . The audit concerned portable electronic devices. Key findings from the audit: There was no written policy for notifying the IT office of new hires, keeping track of equipment assigned to employees and collecting equipment when an employee leaves District employment. The District’s…