Swati Khandelwal reports: Following the bloody terror attacks in Paris where over 130 people were killed, the hacktivist collective Anonymous has declared total war against the Islamic State (IS, formerly ISIS/ISIL). Anonymous released a video message, posted in French, on YouTube Sunday announcing the beginning of #OpParis, a coordinated campaign to hunt down ISIS’s social media channels and every single…
Category: Commentaries and Analyses
Medical data, staff creds exposed as scores of apps bork the backend
Darren Pauli reports: And still we fail to learn: a quintet of researchers has found that the bad practice of writing keys into code persists among some of the world’s most popular Android and iOS applications. The researchers say the hard-coded credentials can be easily extracted to gain access and manipulate millions of sensitive individual…
BitLocker encryption can be defeated with trivial Windows authentication bypass
Lucian Constantin reports: Companies relying on Microsoft BitLocker to encrypt the drives of their employees’ computers should install the latest Windows patches immediately. A researcher disclosed a trivial Windows authentication bypass, fixed earlier this week, that puts data on BitLocker-encrypted drives at risk. Ian Haken, a researcher with software security testing firm Synopsys, demonstrated the…
Common Market in Maine notifies customers of payment card breach
I’m not sure that posting a breach notification on a Facebook page is sufficient when you also have a web site where you could post the announcement. Assuming everyone is on Facebook is risky. Case in point: Common Market in Union, Maine, posted this on their Facebook page on October 30. ATTENTION COMMON MARKET CUSTOMERS…
FTC v. LabMD ruling issued: FTC loses data security enforcement case (Update2)
In a data security enforcement action that some have characterized as a modern version of David vs. Goliath, David won today, and the FTC lost. It was an enforcement action that the FTC never should have commenced, as I’ve argued repeatedly, and today’s loss may actually make future enforcement actions more difficult for them as the standard for demonstrating…
OPM’s $20M contract for ID theft protection violated federal rules
Can OPM do anything right? In this week’s installment of their totally infuriating breach and breach response saga, it appears that they didn’t follow proper procedures in awarding a contract for ID theft monitoring services for breach victims. Jack Moore reports: The inspector general of the Office of Personnel Management says a $20 million sole-source…