For reasons that are too contorted or convoluted to fully explain, I’ve been keeping an eye on a number of Twitter accounts that I suspect include those arrested for the TalkTalk breach. But Brian Krebs dug deeper, and gives a master class on identifying “Glubz” (@Fearful). [material deleted, Jan. 4, 2018] Update: As TalkTalk continues to…
Category: Commentaries and Analyses
UK: Dozens of criminals have gone to jail to keep passwords secret
Fiona Hamilton reports: Convictions of suspects who refuse to hand over their encrypted passwords have risen sixfold in four years, potentially blocking police from examining their electronic devices. The sharp increase has led to fears that criminals are opting to plead guilty to encryption offences rather than allow detectives to go through their computers and…
MPs launch ‘TalkTalk’ inquiry over security of personal data online
It looks like the UK’s legislators are following in the footsteps of the Beltway: huff and puff, ask questions, and probably do nothing. Alexander J. Martin reports: Executives at TalkTalk, including CEO Dido Harding herself, may face a grilling from Members of Parliament over the shoddy security practices which led to the theft of than…
UK: Crown Prosecution Service fined £200,000 for breach involving contractor
Back in September, I prefaced a breach post involving the U.K.’s Crown Prosecution Service with the comment, “This is one of those really terrible breaches that are the stuff of nightmares.” It appears the Information Commissioner’s Office concurred, as CPS has been fined £200,000 after laptops containing videos of police interviews were stolen from a private…
Genome researchers hit back at infosec bods’ ‘network vuln’ claims
Alexander J. Martin reports that there’s a response to a report of vulnerabilities previously noted on this site. The Global Alliance for Genomics & Health has downplayed vulnerabilities found in its genome-sharing network by two Stanford researchers. Carlos Bustamante and Suyash Shringarpure, postdoctoral scholars in genetics at Stanford, had raised concerns about The Beacon Project’s…
KeePass looter: Password plunderer rinses pwned sysadmins
Darren Pauli reports: Kiwi hacker Denis Andzakovic has developed an application that steals password vaults from the popular local storage vault KeePass. The jeu de mots KeyFarce works when a user has logged into their vault, and will dump the contents to a file that attackers can steal. It is no death knell for KeePass or other…