David E. Sanger reports: Stepping into a heated debate within the nation’s intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security, it should — in most circumstances — reveal them to assure that they will be fixed, rather than keep mum so that the flaws can…
Category: Commentaries and Analyses
WA: Audit shows security breach from state’s surplus computer sales
Joel Moreno reports: The state auditor is warning of a massive security breach caused by the government’s surplus computers. An investigation uncovered hard drives loaded with confidential information that could be plundered by identity thieves — and the problem has been going on for years. Every year, Washington state sells off 10,000 used computers as…
Hey “Chicken Littles,” Wyndham Doesn’t Mean the Sky is Falling
Jeff Kosseff writes: Based on the extensive news coverage of this week’s court ruling against Wyndham Hotels and Resorts in its battle with the Federal Trade Commission (FTC), one would think that the sky is falling on efforts to resist FTC enforcement actions relating to data security. Adweek wrote that the case is “a test for…
Reports of data protection breaches doubled for Welsh councils last year — BBC
BBC reports that Welsh councils had twice as many breaches in 2013 as they did in 2012. Here are their findings from the results of their FOI request: Cardiff council recorded 14 breaches including financial information about 15 employees was given to third parties and information being stolen from an employee’s car, who was later disciplined….
Hackers Lurking in Vents and Soda Machines
Nicole Perlroth reports: They came in through the Chinese takeout menu. Unable to breach the computer network at a big oil company, hackers infected with malware the online menu of a Chinese restaurant that was popular with employees. When the workers browsed the menu, they inadvertently downloaded code that gave the attackers a foothold in…
Critical crypto bug, Heartbleed, exposes Yahoo Mail, other passwords Russian roulette-style
Kudos to Dan Goodin for trying to help the public understand the significance of Heartbleed: Lest readers think “catastrophic” is too exaggerated a description for the critical defect affecting an estimated two-thirds of the Internet’s Web servers, consider this: at the moment this article was being prepared, the so-called Heartbleed bug was exposing end-user passwords, the…