Every day, I see reports of SQLi vulnerabilities or cross-scripting vulnerabilities for university/college sites, and I wonder, “How many students and employees have personal information at risk because of this?” Consider this tweet from a self-described black hat hacker, @JM511: @amzh702 I’m tryin to fucked up any college or ESL or university as much as…
Category: Commentaries and Analyses
UK: Councils losing personal data four times a day: Tens of thousands affected by leaks of confidential information including medical records (updated)
Ian Drury reports on the results of a FOIA investigation by Big Brother Watch: Bungling councils have lost or wrongly shared the sensitive personal information of tens of thousands of people, a damning report reveals today. Officials breach data rules at least four times a day, often involving the confidential details – including medical records…
HTC caught storing fingerprints as clear-text images in “world readable” folder
Darren Pauli reports: Four FireEye researchers have found a way to steal fingerprints from Android phones packing biometric sensors such as the Samsung Galaxy S5 and the HTC One Max. The team found a forehead-slapping flaw in HTC One Max in which fingerprints are stored as an image file (dbgraw.bmp) in a open “world readable”…
Cheatin’ Ain’t Easy: Potential Theories of Liability Emerge for Online Cheating Website Ashley Madison
Joseph F. Welborn III discusses possible theories of liability for lawsuits against Ashley Madison in the wake of its massive databreach. He writes, in part: One interesting theory of liability comes from an old common law tort that has been phased out legislatively in all but seven states – alienation of affections. In fact, this…
Hundreds of Millions of Android Smartphones hit with ‘Certifi-gate’ Security Breach
According to the researchers at security firm Check Point, “Hundreds of millions of Android smartphones may be at risk from a security flaw that allows hackers to hijack a handset without a victim’s knowledge. Devices made by Samsung, HTC, LG and ZTE, including those running the latest version of Android, are potentially vulnerable. Check point…
Little progress made in FOIA lawsuit against FTC over data security standards
On May 14, I noted an article in Legal Times about a FOIA lawsuit filed by Philip Reitinger against the FTC. Reitinger sued the FTC after it returned no responsive documents to his FOIA request of November, 2014. Reitinger originally sought: Any and all documents including memoranda, communications, decisions, deliberations, and analyses regarding standards, guidelines, or…