Darren Pauli reports: A security man has mapped and hacked insecure connected kettles across London, proving they can leak WiFi passwords. The iKettle is designed to save users precious seconds spent waiting for water to boil by allowing the kitchen staple to be turned on using a smartphone app. Pen Test Partners bod Ken Munro…
Category: Commentaries and Analyses
NHS Health Apps Library closing amid questions about app security & quality: what can we learn?
Satish Misra, M.D. writes: The United Kingdom’s National Health Service (NHS) launched the Health Apps Library as part of their NHS Choices program in 2013. It was pitched as a pilot program, one that would guide patients and clinicians to safe, effective health apps. And now after a troubled two years, the NHS Health Apps…
The cost of a cyber breach, in 5 different industries
Rosalie F. Donlon reports: Travelers’ cybersecurity experts have developed common cyber claims scenarios across five industries, as shown in the following pages. The costs add up quickly, often reaching more than $1 million. For each of the scenarios/industries, Donlon reports estimates based on the NetDiligence® Data Breach Cost Calculator and then factors in estimates from Ponemon’s Ponemon’s…
Lawful Hacking After the Encryption Debate
Marshall Erwin writes: The Obama administration has apparently decided not to support exceptional access proposals that would provide law enforcement with the means to access data on iPhones and other personal devices. As I argued previously on Just Security, instead of pursuing exceptional access, policymakers should seek to build a durable legal structure that would provide the FBI with the…
Shared passwords and the Computer Fraud and Abuse Act
Orin Kerr writes: Next week, a panel of the Ninth Circuit Court of Appeals (Thomas, Reinhardt, and McKeown) will hear oral argument in the second round of United States v. Nosal. This time around, the main question in the case is whether and when accessing an account using a shared password is an unauthorized access under the Computer…
CERT.pl report on “The Postal Group”
From CERT.pl: During the SECURE conference, we presented a talk outlining actions performed by a group of criminals, which we have called “The Postal Group”. Their name is derived from the fact that they masquerade their phishing attacks as messages from the post office. This phishing then leads to either cryptolocker or a banking trojan….