I think many of us thought that the more aware businesses and organizations became aware of hacks and malware risks, the more they would rush to get cyberinsurance to protect themselves from financial ruin from a data breach. Cyberattacks should be good for business – if your business is cyberinsurance, right? But that’s not necessarily true, as Pymnts.com reports: Just hours after…
Category: Commentaries and Analyses
Dear EDUCAUSE Security Maillist – some advice from Abdilo
When someone who’s either hacked your databases or is likely to hack them in the future tells you how to prevent his type of attacks, you might want to pay some attention. Seen on Pastebin, as posted by Abdilo: Dear EDUCAUSE Security Mail-list, ( Good luck profiling me <3 ) How to stop me from…
Why even strong crypto wouldn’t protect SSNs exposed in Anthem breach
Steve Bellovin explains: Another day, another data breach, and another round of calls for companies to encrypt their databases. Cryptography is a powerful tool, but in cases like this, it’s not going to help. If your OS is secure, you don’t need the crypto; if it’s not, the crypto won’t protect your data. In a case…
BakerHostetler’s 2014 Year-End Review of Class Actions
BakerHostetler’s 2014 Year-End Review of Class Actions (and what to expect in 2015) is available online. It includes discussion of data breach class actions as well as privacy class actions, and covers theories of liability, standing, and other issues raised in recent and ongoing cases.
The FTC’s requested budget: implications for data security enforcement cases?
I was never good with budgets, but damned if I can figure out FTC’s budget request to Congress for Fiscal 2016. Is it seeking funds to expand the number of data security enforcement cases it undertakes or is the budget based on simply maintaining the current level(s)? So when @FTC didn’t respond to my tweeted inquiry,…
Tweets that give me a knot in my stomach, Monday edition
32 edu sites all vuln to the same sql injection vuln….. this is going to be fun — abdilo (@abdilo_) February 2, 2015 and .@jessysaurusrex@g33kspeed@sambowne to put your mind at ease here is the amount in all the dbs together from the 0day sqli: 9,468,248 — abdilo (@abdilo_) February 2, 2015 If/when he posts a…