It looks like the UK’s legislators are following in the footsteps of the Beltway: huff and puff, ask questions, and probably do nothing. Alexander J. Martin reports: Executives at TalkTalk, including CEO Dido Harding herself, may face a grilling from Members of Parliament over the shoddy security practices which led to the theft of than…
Category: Commentaries and Analyses
UK: Crown Prosecution Service fined £200,000 for breach involving contractor
Back in September, I prefaced a breach post involving the U.K.’s Crown Prosecution Service with the comment, “This is one of those really terrible breaches that are the stuff of nightmares.” It appears the Information Commissioner’s Office concurred, as CPS has been fined £200,000 after laptops containing videos of police interviews were stolen from a private…
Genome researchers hit back at infosec bods’ ‘network vuln’ claims
Alexander J. Martin reports that there’s a response to a report of vulnerabilities previously noted on this site. The Global Alliance for Genomics & Health has downplayed vulnerabilities found in its genome-sharing network by two Stanford researchers. Carlos Bustamante and Suyash Shringarpure, postdoctoral scholars in genetics at Stanford, had raised concerns about The Beacon Project’s…
KeePass looter: Password plunderer rinses pwned sysadmins
Darren Pauli reports: Kiwi hacker Denis Andzakovic has developed an application that steals password vaults from the popular local storage vault KeePass. The jeu de mots KeyFarce works when a user has logged into their vault, and will dump the contents to a file that attackers can steal. It is no death knell for KeePass or other…
CEA Releases Guidelines on Privacy and Security of Personal Wellness Data
Meena Harris writes: Last week, the Consumer Electronics Association (“CEA”) announced its Guiding Principles on the Privacy and Security of Personal Wellness Data, a set of baseline, voluntary guidelines for private-sector organizations that handle the type of data often produced by wearable technologies. Read about the guidelines on Covington & Burling InsidePrivacy.
The Hacking Team Defectors
Lorenzo Franceschi-Bichhierai has a good piece about members of the Hacking Team who left, and what happened afterwards. Here’s a teaser from it: His name is Alberto Pelliccione. Until last year, he was the man responsible for developing Hacking Team’s Android spyware, and one of the employees who had worked on the company’s marquee product,…