Fiona Hamilton reports: Convictions of suspects who refuse to hand over their encrypted passwords have risen sixfold in four years, potentially blocking police from examining their electronic devices. The sharp increase has led to fears that criminals are opting to plead guilty to encryption offences rather than allow detectives to go through their computers and…
Category: Commentaries and Analyses
MPs launch ‘TalkTalk’ inquiry over security of personal data online
It looks like the UK’s legislators are following in the footsteps of the Beltway: huff and puff, ask questions, and probably do nothing. Alexander J. Martin reports: Executives at TalkTalk, including CEO Dido Harding herself, may face a grilling from Members of Parliament over the shoddy security practices which led to the theft of than…
UK: Crown Prosecution Service fined £200,000 for breach involving contractor
Back in September, I prefaced a breach post involving the U.K.’s Crown Prosecution Service with the comment, “This is one of those really terrible breaches that are the stuff of nightmares.” It appears the Information Commissioner’s Office concurred, as CPS has been fined £200,000 after laptops containing videos of police interviews were stolen from a private…
Genome researchers hit back at infosec bods’ ‘network vuln’ claims
Alexander J. Martin reports that there’s a response to a report of vulnerabilities previously noted on this site. The Global Alliance for Genomics & Health has downplayed vulnerabilities found in its genome-sharing network by two Stanford researchers. Carlos Bustamante and Suyash Shringarpure, postdoctoral scholars in genetics at Stanford, had raised concerns about The Beacon Project’s…
KeePass looter: Password plunderer rinses pwned sysadmins
Darren Pauli reports: Kiwi hacker Denis Andzakovic has developed an application that steals password vaults from the popular local storage vault KeePass. The jeu de mots KeyFarce works when a user has logged into their vault, and will dump the contents to a file that attackers can steal. It is no death knell for KeePass or other…
CEA Releases Guidelines on Privacy and Security of Personal Wellness Data
Meena Harris writes: Last week, the Consumer Electronics Association (“CEA”) announced its Guiding Principles on the Privacy and Security of Personal Wellness Data, a set of baseline, voluntary guidelines for private-sector organizations that handle the type of data often produced by wearable technologies. Read about the guidelines on Covington & Burling InsidePrivacy.