Andrew Sadauskas reports: In the immediate aftermath of a security breach, companies should ensure they don’t use weasel words and have in place strong internal communications and clearly-defined staff guidelines, according to Atlassian head of security intelligence Daniel Grzelak. Read more at ITNews. Why? Because I actually agree with pretty much everything he advises, and if…
Category: Commentaries and Analyses
Connected kettles boil over, spill Wi-Fi passwords over London
Darren Pauli reports: A security man has mapped and hacked insecure connected kettles across London, proving they can leak WiFi passwords. The iKettle is designed to save users precious seconds spent waiting for water to boil by allowing the kitchen staple to be turned on using a smartphone app. Pen Test Partners bod Ken Munro…
NHS Health Apps Library closing amid questions about app security & quality: what can we learn?
Satish Misra, M.D. writes: The United Kingdom’s National Health Service (NHS) launched the Health Apps Library as part of their NHS Choices program in 2013. It was pitched as a pilot program, one that would guide patients and clinicians to safe, effective health apps. And now after a troubled two years, the NHS Health Apps…
The cost of a cyber breach, in 5 different industries
Rosalie F. Donlon reports: Travelers’ cybersecurity experts have developed common cyber claims scenarios across five industries, as shown in the following pages. The costs add up quickly, often reaching more than $1 million. For each of the scenarios/industries, Donlon reports estimates based on the NetDiligence® Data Breach Cost Calculator and then factors in estimates from Ponemon’s Ponemon’s…
Lawful Hacking After the Encryption Debate
Marshall Erwin writes: The Obama administration has apparently decided not to support exceptional access proposals that would provide law enforcement with the means to access data on iPhones and other personal devices. As I argued previously on Just Security, instead of pursuing exceptional access, policymakers should seek to build a durable legal structure that would provide the FBI with the…
Shared passwords and the Computer Fraud and Abuse Act
Orin Kerr writes: Next week, a panel of the Ninth Circuit Court of Appeals (Thomas, Reinhardt, and McKeown) will hear oral argument in the second round of United States v. Nosal. This time around, the main question in the case is whether and when accessing an account using a shared password is an unauthorized access under the Computer…