Dan Goodin critiques LivingSocial’s statements about the security of their passwords, noting how using SHA1 hashed passwords is not a particularly strong method, even though salting the passwords helps. Read his coverage on Ars Technica.
Category: Commentaries and Analyses
When, oh when, will people stop leaving unencrypted laptops in their cars?
OptiNose US Inc. has been notifying some of its consultants that their names and Social Security numbers were on a laptop stolen from an employee’s car. The laptop was stolen on March 26 in a Philadelphia suburb, and OptiNose started sending out notification letters on April 16. The letter did not inform recipients that the…
‘Hacker’ convicted by US court despite never hacking
Matt Brian has an interesting take on the conviction of David Nosal, which I reported yesterday on this blog: After more than a year of bouncing between appeals courts, the hacking case involving David Nosal has ended with a conviction. Wired reports that Nosal was yesterday found guilty of conspiracy, stealing trade secrets, and violating the Computer Fraud and Abuse…
CA: Government data breached thousands of times in last decade, documents say
Jordan Press reports: The federal government has seen more than 3,000 data and privacy breaches over the past 10 years, breaches that have affected more than 725,350 Canadians, according to documents tabled in Parliament on Tuesday. The responses from departments, given to the New Democrats in response to an order paper question, also show that…
UK security breach study should prompt retailers to consider cyber insurance, expert says
Research commissioned by the Government has revealed that 87% of all UK SMEs and 93% of firms with more than 250 staff had experienced at least one security breach in 2012. The 2013 Information Security Breaches Survey report, (22-page / 640KB PDF) published by the Department for Business, Innovation and Skills, also outlined a growing trend…
APF responds to AU’s data breach notification draft bill
The Australian Privacy Foundation has responded to Australia’s draft breach notification law. You can read their comments here. Not surprisingly, I agree with their concerns.