Dan Goodin reports: A security consultant has published 10 million passwords along with their corresponding usernames in a move he characterized as both necessary and legally risky given a legal landscape he said increasingly threatens the free flow of hacking-related information. Most of the existing corpus of passwords exposed in hack attacks is stripped of…
Category: Commentaries and Analyses
Anthem Breach May Have Started in April 2014
Brian Krebs reports: Analysis of open source information on the cybercriminal infrastructure likely used to siphon 80 million Social Security numbers and other sensitive data from health insurance giant Anthem suggests the attackers may have first gained a foothold in April 2014, nine months before the company says it discovered the intrusion. Read his full article on…
Uncovering Security Flaws in Digital Education Products for Schoolchildren
Natasha Singer reports: When Tony Porterfield’s two sons came home from elementary school with an assignment to use a reading assessment site called Raz-Kids.com, he was curious, as a parent, to see how it worked. As a software engineer, he was also curious about the site’s data security practices. And he was dismayed to discover that…
Big cyberattacks crippling private cyberinsurance firms
I think many of us thought that the more aware businesses and organizations became aware of hacks and malware risks, the more they would rush to get cyberinsurance to protect themselves from financial ruin from a data breach. Cyberattacks should be good for business – if your business is cyberinsurance, right? But that’s not necessarily true, as Pymnts.com reports: Just hours after…
Dear EDUCAUSE Security Maillist – some advice from Abdilo
When someone who’s either hacked your databases or is likely to hack them in the future tells you how to prevent his type of attacks, you might want to pay some attention. Seen on Pastebin, as posted by Abdilo: Dear EDUCAUSE Security Mail-list, ( Good luck profiling me <3 ) How to stop me from…
Why even strong crypto wouldn’t protect SSNs exposed in Anthem breach
Steve Bellovin explains: Another day, another data breach, and another round of calls for companies to encrypt their databases. Cryptography is a powerful tool, but in cases like this, it’s not going to help. If your OS is secure, you don’t need the crypto; if it’s not, the crypto won’t protect your data. In a case…