Commentaries and Analyses – Page 749

Starbucks caught storing mobile passwords in clear text

Posted on January 16, 2014 by Dissent

Evan Schuman reports: The Starbucks mobile app, the most used mobile-payment app in the U.S., has been storing usernames, email addresses and passwords in clear text, Starbucks executives confirmed late on Tuesday (Jan. 14). The credentials were stored in such a way that anyone with access to the phone can see the passwords and usernames…

New Hagens Berman Lawsuit: Target Was Informed of Data Vulnerability in 2007, but Ignored Danger

Posted on January 14, 2014 by Dissent

Press release: SEATTLE– January 14, 2014– Today consumers represented by law firm Hagens Berman Sobol Shapiro LLP filed a proposed class-action lawsuit against Target (NYSE: TGT) claiming the retail giant ignored warnings from as early as 2007 that the company’s point-of-sale (POS) system was vulnerable to attack, a move that put millions of Americans’ credit-cards…

Ruling delayed in FTC v. Wyndham (updated)

Posted on January 13, 2014 by Dissent

Over on phiprivacy.net, I had noted that Commissioner Julie Brill had recused herself from the LabMD case after they moved to disqualify her over public statements she made. Somehow I missed a development in the Wyndam case, even though Law360 had first reported it on January 2. Now Stacey Brandenburg of Zwillgen reports that Judge Salas agreed to…

Australian police investigating teen who found database flaw

Posted on January 12, 2014 by Dissent

Jeremy Kirk reports: An Australian teenager who notified a public transport agency of a serious database flaw is under police investigation. Joshua Rogers, 16, of Melbourne, found a SQL injection flaw in a database owned by Public Transport Victoria (PTV), which runs the state’s transport system. The flaw allowed access to a database containing 600,000…

INFORMATION SECURITY: Agency Responses to Breaches of Personally Identifiable Information Need to Be More Consistent – GAO Report

Posted on January 8, 2014 by Dissent

From the summary of GAO’s findings in INFORMATION SECURITY: Agency Responses to Breaches of Personally Identifiable Information Need to Be More Consistent (PDF, 67 pp.) The eight federal agencies GAO reviewed generally developed, but inconsistently implemented, policies and procedures for responding to a data breach involving personally identifiable information (PII) that addressed key practices specified…

Hacker backdoors Linksys, Netgear, Cisco and other routers

Posted on January 6, 2014 by Dissent

Richard Chirgwin reports: The new year begins as the old year ended: with yet more vulnerabilities turning up in consumer-grade DSL modems. A broad hint for any broadband user would be, it seems, to never, ever enable any kind of remote access to the device that connects you to the Internet. However, the hack published…