From the summary of GAO’s findings in INFORMATION SECURITY: Agency Responses to Breaches of Personally Identifiable Information Need to Be More Consistent (PDF, 67 pp.) The eight federal agencies GAO reviewed generally developed, but inconsistently implemented, policies and procedures for responding to a data breach involving personally identifiable information (PII) that addressed key practices specified…
Category: Commentaries and Analyses
Hacker backdoors Linksys, Netgear, Cisco and other routers
Richard Chirgwin reports: The new year begins as the old year ended: with yet more vulnerabilities turning up in consumer-grade DSL modems. A broad hint for any broadband user would be, it seems, to never, ever enable any kind of remote access to the device that connects you to the Internet. However, the hack published…
House Plans Vote On Security Requirements For Health Insurance Exchange
Kaiser Health News has a roundup of media coverage on the GOP’s intention to propose legislation requiring more security controls for HealthCare.gov. If you’re a supporter of Obamacare, you’ll likely see this as a move to undercut it. But even if you’re a supporter of Obamacare, is there any merit to the proposal? This may…
Alleged Snapchat hackers explain how and why they leaked data on 4.6 million accounts
Chris Ziegler reports: The individual or team claiming responsibility for SnapchatDB has responded to The Verge‘s requests for comment the morning after the database went online, containing a leaked collection of some 4.6 million apparent Snapchat usernames and partial phone numbers. “Our motivation behind the release was to raise the public awareness around the issue, and also put…
Better understanding of the Target breach through Credit Card anatomy
Really really helpful post over on 451 Security. Here’s the intro: I’ve written this post for two reasons. First, the recent Target breach has led to some confusion, which I will try to clear up here. Second, I wanted to create an easily referenced educational resource on how credit cards are designed to work. I’m…
More than 1,400 Financial institutions in 88 Countries targeted by Banking Trojan in 2013
Swati Khandelwal writes: As the year draws to a close, we have seen the number of emerging threats like advance phishing attacks from the Syrian Electronic Army, financial malware and exploit kits, Cryptolocker ransomware infections, massive Bitcoin theft, extensive privacy breach from NSA and many more. The financial malware’s were the most popular threat this year….