And another security bubble or delusion bursts. Kim Zetter reports: The most sensitive work environments, like nuclear power plants, demand the strictest security. Usually this is achieved by air-gapping computers from the Internet and preventing workers from inserting USB sticks into computers. When the work is classified or involves sensitive trade secrets, companies often also institute…
Category: Of Note
A simple developer error is exposing private information on thousands of websites
Owen Williams reports: Git is a developer’s best friend… except when it’s not used properly and exposes a site’s security. The tool is used for version control. It tracks changes to code over time, so that multiple developers can work together efficiently and roll back if they need to. […] As it tracks your changes over time, it…
TV5Monde in chaos as data breach costs roll into the millions
Just because a hack is no longer in the news, it doesn’t mean it still isn’t having a major impact on its target. The TV5Monde hack was apparently much more damaging than some of us had imagined at the time. Doug Drinkwater reports: TV5Monde was very visibly hacked back in April when the French news channel, which…
Steam Hit by Major Security Breach, Many Accounts Hacked
Steam (Valve), who has had a number of data breaches over the years – including one that impacted 35 million users – seems to have had another breach. Arash Fekri reports: Reports are still blurry and information keeps coming out – Valve themselves are yet to make an official statement on the issue – but according to…
NIST releases draft guidelines for protecting patient data on mobile devices; comments sought
Mohana Ravindranath reports: The federal government is attempting to ensure that doctors don’t inadvertently compromise patient data when they use smartphones to access electronic health records. The National Institutes of Standards in Technology this week released a step-by-step guide for hospitals and IT professionals, listing ways to secure the connection between devices and electronic health records. NIST is collecting public comment on…
More details on the FTC-LifeLock case
In light of the FTC’s action against LifeLock, and the latter’s response, I thought it might be interesting to post this statement from LifeLock’s 10-Q SEC filing for the period ending March 31, 2015: On March 13, 2014, we received a request from the FTC for documents and information related to our compliance with the…