Brian Martin of the Open Security Foundation and DataLossDB.org project writes: On the off chance you missed any news outlet the last 30 days, an “anti security” movement has been reborn. Started in 1999, theAntisec Movement focused on encouraging security consultants and hackers not to disclose vulnerabilities to vendors. The recent resurgence of this movement has…
Category: Commentaries and Analyses
Hiding in Plain Sight: Post-Breach
Gunter Ollmann writes: The majority of network breaches begin and end with the installation of malware upon a vulnerable device. For the rest, once that initial malware beachhead has been achieved, the story is only just beginning. The breach disclosures that make the news are often confusing as they’re frequently compiled from third-hand reports, opinions…
Few e-retailers are prepared to notify consumers of a loss of card data
Don Davis writes: Only 21% of online retailers are prepared to notify consumers in the event of a data breach that exposes cardholder data, according to a new survey sponsored by insurance agency Jacobson, Goldfarb & Scott Inc. 61% of the 300 e-retailers surveyed said they were not prepared to notify consumers and 18% were…
Pointer: right to know
Another consumer is singing my tune about how consumers have a right to know what merchant had a breach. That states and Congress have yet to recognize that right is disappointing.
Why Hackers Find Many US Companies Easy to Hack?
Why do big companies fall prey to cyber attacks very easily? According to hackers taking part in Defcon conference, the world’s largest hacking convention in Las Vegas, workers at big corporations are poorly trained in security, which makes it “ridiculously easy” for hackers to trick them and reveal key information to plan cyber attacks against…
We need more breach notifications, not fewer
Some topics are more than what Twitter can handle. The other day, I tweeted: If bills in Congress are enacted, this #databreach wouldn’t require notification: http://bit.ly/qeqRmR I think it should. I didn’t indicate why I think it should. Nevertheless, Jim Harper of Cato subsequently responded with his own tweet: Data breach notice is making its way…