Dennis Fisher writes: A pair of security researchers have implemented an attack that exploits the way that ASP.NET Web applications handle encrypted session cookies, a weakness that could enable an attacker to hijack users’ online banking sessions and cause other severe problems in vulnerable applications. Experts say that the bug, which will be discussed in…
Category: Commentaries and Analyses
GAO Finds Agencies Lax On Data Protection
Elizabeth Montalbano reports: Some federal agencies that deal with highly sensitive data are not adequately protecting it from contract workers, a new Government Accountability Office (GAO) report found. The Departments of Defense (DoD), Homeland Security (DHS), and Health and Human Services (HHS) have some guidance and contract provisions in place for what data contractors can…
Is your browser being lied to? Survey says: “Maybe”
Cross-posted from PogoWasRight.org: In a year when both Congress and the FTC have been making noise about regulating online advertising, you would think that the industry would be eager to show that such regulation is not needed. Yet a new study released last week by researchers at Carnegie Mellon University’s CyLab suggests that not only…
Article: Contracts for Clouds: Comparison and Analysis of the Terms and Conditions of Cloud Computing Services
I posted this to PogoWasRight.org last week but probably should have posted it here, too: Simon Bradshaw of University of London – Centre for Commercial Law Studies, Christopher Millard of the Centre for Commercial Law Studies; Oxford Internet Institute, and Ian Walden of Queen Mary University of London, School of Law have a working paper…
Great resource: Cloutage.org
The good folks at Open Security Foundation have created a database of cloud computing incidents. The incidents are tagged as “AutoFail,” “DataLoss,” “Hack,” “Outage,” or “Vulnerability,” permitting researchers and professionals to analyze different types of incidents. As of this morning, there are 222 incidents in the database as they have backfilled some earlier incidents…
Unauthorized Computer Access and the California Penal Code
Attorney Andy Serwin writes: California Penal Code Section 502 regulates unauthorized access to computers and computer networks and has implications for employers with employees in California. It is an offense if any person: knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order…