Hillary Borrud reports: Three years after state auditors identified security weaknesses at Oregon’s main data center in Salem, the state has yet to fix some of the problems. The vulnerabilities were outlined in a secret March 2012 letter to Michael Jordan, who, at the time, was director of the Department of Administrative Services, which manages…
Category: Commentaries and Analyses
The long road to catching “Bitcoin Baron,” the “Internet’s most inept criminal”
Jack Smith IV has a piece on Randall Charles Tucker (a/k/a “Bitcoin Baron”), who was recently arrested. Smith’s piece includes a recap of some of Tucker’s attacks on sites, but also includes chat transcripts that give insight into his thinking and behavior. The Observer article will be of interest to those interested in the motivation and…
Samsung ‘investigating’ claims of fingerprint hack on Galaxy S5
Alex Hern reports: Samsung is “investigating” claims from security researchers that hackers can steal copies of fingerprints from the company’s 2014 flagship Galaxy S5 smartphone, as well as other Android devices, by exploiting a weakness in the operating system’s handling of biometric data. According to security firm FireEye, Android fails in its attempts to render fingerprint…
Unhappy Third Birthday to My Experian Complaint?
Three years ago today, I filed a complaint with the Federal Trade Commission about Experian’s data breaches. Back then, I knew about 60 breaches of their credit reporting database due to client login credentials being misused. There were also other breaches of their database involving people being able to authenticate as others to obtain credit reports,…
CozyDuke hackers targeting prominent US targets
John Leyden reports: A newly discovered group of cyber-spies are closely targeting high profile US targets, possibly including both the White House and the State Department. The so-called CozyDuke hackers make extensive use of spear-phishing, sometimes using emails containing a link to a hacked (otherwise legitimate) websites such as “diplomacy.pl”. Read more on The Register.
The Bad News For Infosec In The Target Settlement: OpEd
Giora Engel of LightCyber writes: The legal argument behind the $10 million Class Action lawsuit and subsequent settlement is a gross misrepresentation of how attackers operate. Central to the recent Target data breach lawsuit settlement was the idea that cyber attacks are mechanistic and follow a prescribed course or chain of events. The judge hearing the case…