Darren Pauli reports: And still we fail to learn: a quintet of researchers has found that the bad practice of writing keys into code persists among some of the world’s most popular Android and iOS applications. The researchers say the hard-coded credentials can be easily extracted to gain access and manipulate millions of sensitive individual…
Category: Commentaries and Analyses
BitLocker encryption can be defeated with trivial Windows authentication bypass
Lucian Constantin reports: Companies relying on Microsoft BitLocker to encrypt the drives of their employees’ computers should install the latest Windows patches immediately. A researcher disclosed a trivial Windows authentication bypass, fixed earlier this week, that puts data on BitLocker-encrypted drives at risk. Ian Haken, a researcher with software security testing firm Synopsys, demonstrated the…
Common Market in Maine notifies customers of payment card breach
I’m not sure that posting a breach notification on a Facebook page is sufficient when you also have a web site where you could post the announcement. Assuming everyone is on Facebook is risky. Case in point: Common Market in Union, Maine, posted this on their Facebook page on October 30. ATTENTION COMMON MARKET CUSTOMERS…
FTC v. LabMD ruling issued: FTC loses data security enforcement case (Update2)
In a data security enforcement action that some have characterized as a modern version of David vs. Goliath, David won today, and the FTC lost. It was an enforcement action that the FTC never should have commenced, as I’ve argued repeatedly, and today’s loss may actually make future enforcement actions more difficult for them as the standard for demonstrating…
OPM’s $20M contract for ID theft protection violated federal rules
Can OPM do anything right? In this week’s installment of their totally infuriating breach and breach response saga, it appears that they didn’t follow proper procedures in awarding a contract for ID theft monitoring services for breach victims. Jack Moore reports: The inspector general of the Office of Personnel Management says a $20 million sole-source…
Beaches, carnivals and cybercrime: a look inside the Brazilian underground
Fabio Assolini authored an interesting report on Brazilian cybercrime that begins: The Brazilian criminal underground includes some of the world’s most active and creative perpetrators of cybercrime. Like their counterparts in China and Russia, their cyberattacks have a strong local flavor. To fully understand them you need spend time in the country and understand its…