Jon Baines writes: If the Information Commissioner (IC) reasonably requires any information for the purpose of determining whether a data controller has complied or is complying with the data protection principles, section 43 of the Data Protection Act 1998 (DPA) empowers him to serve a notice on the data controller requiring it to furnish him with specified…
Category: Commentaries and Analyses
Fearing an FBI raid, researcher publishes 10 million passwords/usernames
Dan Goodin reports: A security consultant has published 10 million passwords along with their corresponding usernames in a move he characterized as both necessary and legally risky given a legal landscape he said increasingly threatens the free flow of hacking-related information. Most of the existing corpus of passwords exposed in hack attacks is stripped of…
Anthem Breach May Have Started in April 2014
Brian Krebs reports: Analysis of open source information on the cybercriminal infrastructure likely used to siphon 80 million Social Security numbers and other sensitive data from health insurance giant Anthem suggests the attackers may have first gained a foothold in April 2014, nine months before the company says it discovered the intrusion. Read his full article on…
Uncovering Security Flaws in Digital Education Products for Schoolchildren
Natasha Singer reports: When Tony Porterfield’s two sons came home from elementary school with an assignment to use a reading assessment site called Raz-Kids.com, he was curious, as a parent, to see how it worked. As a software engineer, he was also curious about the site’s data security practices. And he was dismayed to discover that…
Big cyberattacks crippling private cyberinsurance firms
I think many of us thought that the more aware businesses and organizations became aware of hacks and malware risks, the more they would rush to get cyberinsurance to protect themselves from financial ruin from a data breach. Cyberattacks should be good for business – if your business is cyberinsurance, right? But that’s not necessarily true, as Pymnts.com reports: Just hours after…
Dear EDUCAUSE Security Maillist – some advice from Abdilo
When someone who’s either hacked your databases or is likely to hack them in the future tells you how to prevent his type of attacks, you might want to pay some attention. Seen on Pastebin, as posted by Abdilo: Dear EDUCAUSE Security Mail-list, ( Good luck profiling me <3 ) How to stop me from…