In early 2014, and over on PHIprivacy.net, I published some posts expressing concern about a vulnerability in Dentrix software, Dentrix’s claims at the time that its G5 product incorporated “encryption,” and their subsequent decision that the firm would not individually notify all customers that what the customers had been sold as “encryption” was not encryption. Following up on the public posts,…
Category: Commentaries and Analyses
‘Millions’ of routers open to absurdly outdated NetUSB hijack
Darren Pauli reports: SEC Consult Vulnerability Lab Stefan Viehbock says potentially millions of routers and internet of things devices using KCodes NetUSB could be exposed to remote hijacking or denial of service attacks. The packet fondler says the vulnerability (CVE-2015-3036) hits the Linux kernel module in scores of popular routers which serves to provide network…
Airplane hacking panic! Why it’s a surely a storm in a teacup
There has been much media coverage of Chris Robert’s alleged claims about controlling an airplane in-flight. I haven’t bothered to link to them as they generally just re-hash what is already known and not known. But Iain Thomson got a more detailed response from those who are skeptical about Roberts’ claims: At last year’s…
The Data Breach Notification That Cried Wolf: How Connecticut’s Overbroad Data Breach Notification Statute Undermines the Effectiveness of Consumer Protection
Jackson Raymond Schipke, Connecticut, 3L Roger Williams University Law School writes: Connecticut’s data breach statute is a wolf in sheep’s clothing. That statute’s definition of “breach of security” is overbroad, encourages over-notification, and undermines the goal of protecting consumers from identity theft. In Connecticut, notification is triggered by mere access of personal information, a statutory…
How Evil Hackers Can Cause Chaos At Horribly Vulnerable Car Parks
Thomas Fox-Brewster reports: There’s been growing interest in car hacking in recent years, inspired by researchers showing off exploits in real vehicles, tinkering with Teslas, and uncovering glaring vulnerabilities in third party kit. But criminal hackers could vex drivers in other ways, such as compromising internet-connected, easily hackable parking management systems, according to Spanish researcher Jose Guasch. At the Hack…
Where Does Sony Settlement Leave CGL Insurance for Data Breaches?
What does your CGL policy mean by “publication in any manner?” Jana Landon reports: It was reported recently that the parties in the closely watched data breach case of Zurich American Insurance v. Sony Corp. of America (N.Y. Sup. Ct. Feb. 21, 2014) settled while Sony’s appeal of an unfavorable trial court opinion was pending. That…