William Alden reports: Palantir Technologies has cultivated a reputation as perhaps the most formidable data analysis firm in Silicon Valley, doing secretive work for defense and intelligence agencies as well as Wall Street giants. But when Palantir hired professional hackers to test the security of its own information systems late last year, the hackers found…
Category: Commentaries and Analyses
Screwing up the basics of incident response, Friday edition
For today’s object lesson (and maybe abject lesson), I give you FIS Global and Guaranty Bank and Trust. I’ve written up the incident in more detail over on the Daily Dot, but the short version is a hacker (@1×0123) found a vulnerability in FIS Global’s client portal login and tweeted about it. FIS didn’t respond to him directly. Instead, they…
Computer Crash Wipes Out Years of Air Force Investigation Records
Marcus Weisgerber reports: The U.S. Air Force has lost records concerning 100,000 investigations into everything from workplace disputes to fraud. A database that hosts files from the Air Force’s inspector general and legislative liaison divisions became corrupted last month, destroying data created between 2004 and now, service officials said. Neither the Air Force nor Lockheed Martin, the defense…
Boards ready to fire over bad security reporting
Maria Korolov reports: If CISOs don’t do a good job of communicating, 59 percent of board members said that the security executives stand to lose their jobs, according to a new survey released today. “If they’re not up to par in the minds of the board, there will be action taken,” said Ryan Stolte, co-founder and…
Tennessee Breach-Notification Law Indicative of Data-Security Regulators’ Lack of Creativity
David Zetoony of Bryan Cave writes: There is no shortage of data-privacy and security laws in the United States. By our count there are now about 300 state and federal statutes. They include breach-notification laws, data-disposal laws, data-safeguard laws, payment card information-protection laws … the list goes on and on. Many of these laws, and…
A Computer Security Start-Up Turns the Tables on Hackers
Nicole Perlroth reports: Standing before a crowded room of entrepreneurs and investors at a conference in San Francisco last summer, former Vice President Al Gore described how climate change could be contained, possibly even reversed. Next to take the stage was Kevin Mandia, the founder of Mandiant, a security company acquired by another security company called FireEye,…