Commentaries and Analyses – Page 756

They’re guilty of ID theft, but don’t ask the government how/where they got the personal info?

Posted on December 26, 2012 by Dissent

Here’s another case where it’s clear there’s been some compromise of PII, but we have no idea how from what law enforcement tells us: According to documents filed in court, Miami-Dade Police Department (MDPD) officers executed a search warrant at [Travonn Xavier Russell’s] residence on January 18, 2012. During the search, MDPD officers found the following…

Glitch imperils swath of encrypted records

Posted on December 25, 2012 by Dissent

Shaun Waterman reports: A widely used method of computer encryption has a little-noticed problem that could allow confidential data stored by almost all Fortune 500 companies and everything stored on U.S. government classified computers to be “fairly easily” stolen or destroyed. The warning comes from the inventor of the encryption method, known as Secure Shell or SSH. “In…

Verizon DBIR Researchers’ Predictions for 2013 Threats

Posted on December 20, 2012 by Dissent

BASKING RIDGE, N.J. – Although many security experts predict that the most likely data breach threats organizations will face in 2013 include cloud exploits, mobile device attacks and all-out cyber war, “Verizon Data Breach Investigations Report” (DBIR) researchers have reached a far different conclusion: The most likely threats involve authentication attacks and failures, continued espionage and…

Cheng v. Romo and Applying Unauthorized Access Statutes to Use of Shared Passwords

Posted on December 10, 2012 by Dissent

Orin Kerr writes: The federal computer crime statutes punish unauthorized access to a computer. As regular readers know, courts are hopelessly divided on what this language means, and in particular what makes an access to a computer authorized versus unauthorized. In Cheng v. Romo, 2012 WL 6021369 (D. Mass. Nov. 28 2012), Judge Casper authored an…

Update and commentary on SCDOR breach: Where would they be without media coverage?

Posted on December 9, 2012 by Dissent

I’ve been pretty critical of the South Carolina Department of Revenue breach and the state’s incident response. Some will think my criticism is well-deserved, while others may feel I’ve been too harsh. But it is now six weeks since we first learned of the breach and here is what hasn’t happened so far: Notification letters…

Yes, sometimes it’s as bad as we fear

Posted on December 7, 2012 by Dissent

In the process of researching something else, I stumbled across an audit of a NYS agency with the grim title, “Mobile Devices with Sensitive Information are not Secure.” By the time I got done reading and browsing other audits, I totally forgot what I was looking for in the first place, but here’s what I…