Jeremy Kirk reports: An Australian teenager who notified a public transport agency of a serious database flaw is under police investigation. Joshua Rogers, 16, of Melbourne, found a SQL injection flaw in a database owned by Public Transport Victoria (PTV), which runs the state’s transport system. The flaw allowed access to a database containing 600,000…
Category: Commentaries and Analyses
INFORMATION SECURITY: Agency Responses to Breaches of Personally Identifiable Information Need to Be More Consistent – GAO Report
From the summary of GAO’s findings in INFORMATION SECURITY: Agency Responses to Breaches of Personally Identifiable Information Need to Be More Consistent (PDF, 67 pp.) The eight federal agencies GAO reviewed generally developed, but inconsistently implemented, policies and procedures for responding to a data breach involving personally identifiable information (PII) that addressed key practices specified…
Hacker backdoors Linksys, Netgear, Cisco and other routers
Richard Chirgwin reports: The new year begins as the old year ended: with yet more vulnerabilities turning up in consumer-grade DSL modems. A broad hint for any broadband user would be, it seems, to never, ever enable any kind of remote access to the device that connects you to the Internet. However, the hack published…
House Plans Vote On Security Requirements For Health Insurance Exchange
Kaiser Health News has a roundup of media coverage on the GOP’s intention to propose legislation requiring more security controls for HealthCare.gov. If you’re a supporter of Obamacare, you’ll likely see this as a move to undercut it. But even if you’re a supporter of Obamacare, is there any merit to the proposal? This may…
Alleged Snapchat hackers explain how and why they leaked data on 4.6 million accounts
Chris Ziegler reports: The individual or team claiming responsibility for SnapchatDB has responded to The Verge‘s requests for comment the morning after the database went online, containing a leaked collection of some 4.6 million apparent Snapchat usernames and partial phone numbers. “Our motivation behind the release was to raise the public awareness around the issue, and also put…
Better understanding of the Target breach through Credit Card anatomy
Really really helpful post over on 451 Security. Here’s the intro: I’ve written this post for two reasons. First, the recent Target breach has led to some confusion, which I will try to clear up here. Second, I wanted to create an easily referenced educational resource on how credit cards are designed to work. I’m…