Commentaries and Analyses – Page 716

SEC Needs to Improve Controls over Financial Systems and Data – GAO Report

Posted on April 18, 2014 by Dissent

Highlights from a GAO report released yesterday: Although the Securities and Exchange Commission (SEC) had implemented and made progress in strengthening information security controls, weaknesses limited their effectiveness in protecting the confidentiality, integrity, and availability of a key financial system. For this system’s network, servers, applications, and databases, weaknesses in several controls were found, as…

DOJ sends evidence preservation request to Domains by Proxy for details of CyberWarNews.info blogger

Posted on April 17, 2014 by Dissent

Some days, it’s not easy being a data breach researcher and citizen journalist. In time, you somewhat get used to legal threats because you published something a company took exception to, and you shrug when your site gets DDoSed by those who don’t like your criticism of their hacking activities. But when the U.S. Department of…

Half to one third of personal data in Bulgaria ‘completely compromised’

Posted on April 16, 2014 by Dissent

The Sofia Globe reports: The scandal in Bulgaria about illicit use of personal data by some political parties to file election registration applications has highlighted the lack of security of official personal identity numbers. Such numbers, commonly known by their Bulgarian abbreviation as EGNs, can be found on the internet, such as on lists of…

TrueCrypt audit: Probe’s nearly all the way in … no backdoor hit yet

Posted on April 15, 2014 by Dissent

John Leyden reports: The first phase of crowd-funded audit of TrueCrypt has turned up several vulnerabilities, but nothing particularly amiss and certainly nothing that looks like a backdoor. iSEC Partners, which was contracted to carry out the audit by the Open Crypto Audit Project (OCAP), ‪found‬ 11 vulnerabilities in the full disk and file encryption…

Breaking down the court’s decision in FTC v. Wyndham Worldwide

Posted on April 14, 2014 by Dissent

Here’s another commentary/analysis of Judge Salas’s ruling on Wyndham’s motion to dismss that is worth noting here, by the law firm of Covington & Burling: They write, in part: The FTC’s data-security authority is still in jeopardy. Although the FTC is the plaintiff in this case, it is really Wyndham that is on the offensive. If…

Part II: Fair Notice or No Notice? The Wyndham Worldwide Case and the Expanding Power of the FTC to Police Data Security

Posted on April 14, 2014 by Dissent

As I expected, a slew of law firms posted their analyses and commentaries on Judge Salas’s ruling on Wyndham’s motion to dismiss the FTC’s complaint about its data security. I haven’t linked to most of them, but took note of this commentary by Lance Koonce and Christin McMeley of Davis Wright Tremaine as they take a less FTC-friendly view…