Roy Wenzl reports: Kevin Steinmetz, a criminologist at Kansas State University, has studied and met a lot of hackers and he sees value in them. Hacker culture is far more diverse, more interesting, more valuable and more sophisticated than most of us realize, he said. […] His latest work, “An Ethnographic Study of Hacking,” has…
Category: Commentaries and Analyses
Say What? Required contents of notice in data breach notifications
Fer O’Neil did some comparisons of state laws on the content of notices. His write-up of what he found is well worth reading. Here’s a snippet from it: The first metric I looked at was the number of states and territories that had some required content of notice. I was a little surprised that 63% (31…
Time for an Updated Cyber Risk Approach; BPI Data Breach
Judy Selby and George Viegas write: Our traditional approach to cyber risk and security has been focused on privacy and financial data. The data breach or loss concerns that typically rank high on our risk ratings are private and confidential data like names and social security numbers with other identifying non-public information and financial data…
Japan Sees 25 billion Cyberattacks in 2014: Govt Agency
AFP reports: The National Institute of Information and Communications Technology (NICT), which has a network of a quarter of a million sensors, said there were 25.66 billion attempts to compromise systems, according to a report by Kyodo News. The figure includes attacks aimed at testing the vulnerability of software used in servers. The survey was…
Cybersecurity and Privacy: A Country of Mushrooms re: Recent Major Data Breaches
Shamoil T. Shipchandler of Bracewell & Giuliani LLP has a great commentary about how our country is doing on cybersecurity and privacy. It begins: When it comes right down to it, we are about as bad at cybersecurity as Twitter’s CFO is at Twitter or North Korea is at coming up with new political slogans to commemorate its 70th anniversary. As…
Resource: Introduction to Social Engineering (CERT-UK)
An introduction to social engineering was released by the UK Computer Emergency Response Team (CERT) on January 21, 2015: Social engineering is a prolific and effective means of gaining access to the secure systems and sensitive information of an organisation. Attacks vary from bulk phishing emails to highly targeted, multi-layered techniques. These attacks often prey on common aspects…