Kevin Lizarazo writes: More than a year and a half ago, in a computer lab in Stony Brook University, Peter Yeh and his friend sat down at their terminals with one goal: to hack into a computer system. The target was the school’s SOLAR System, a web-based service for students and faculty to manage their…
Category: Commentaries and Analyses
Sony answers some questions, while more inquiries pile on
Sony has posted a Q&A #1 for PlayStation Network and Qriocity Services, responding to some of the concerns raised about their recent breach. Of note, they say that all of the credit card data were encrypted, although they acknowledge that the personal data table was not encrypted. More will come out in time, of course….
Data breach fines can risk more harm than good, experts say
George V. Hulme writes: Are regulatory and security breach fines protecting the consumer, or beginning to unduly drive security policy? As penalties begin to be levied against organizations who have been attacked, or employees violated data policy, some experts now question whether the government is penalizing one of the victims in a crime, rather than…
ICO slammed for data protection enforcement failures
As regular readers of this blog already know, the ICO has issued fines over data protection breaches precisely four times since he acquired the authority to do so, despite public clamor for him to really get tough. Now Caroline Donnelly reports: … In total, information concerning 2,565 potential data breaches was passed on to the…
Verizon-USSS 2011 data breach investigations report released – what do they know that we don’t?
The annual report based on breaches investigated by Verizon and the U.S. Secret Service is out. On first reading of the report and the available media coverage, the big headline seems to be that while the number of records or data lost is down significantly, the number of breaches is significantly up – and more…
Hundreds of College and Government websites still redirecting to fake stores
In January, I talked about high-profile websites, which had been hacked to redirect users to fake online stores. One unique aspect of the hack was the fact that the attackers had set up additional web servers on non-standard ports. Most of the domains I listed in the post were cleaned up pretty quickly. Three months…