Elise Viebeck reports: The number of individuals victimized in a cyberattack on a major background investigation service is higher than previously reported, the House Oversight Committee’s top Democrat said Wednesday. Rep. Elijah Cummings (D-Md.) reported that the initial estimate of 27,000 federal employees compromised in the breach of government contractor USIS is now believed to…
Category: Of Note
The Bad News For Infosec In The Target Settlement: OpEd
Giora Engel of LightCyber writes: The legal argument behind the $10 million Class Action lawsuit and subsequent settlement is a gross misrepresentation of how attackers operate. Central to the recent Target data breach lawsuit settlement was the idea that cyber attacks are mechanistic and follow a prescribed course or chain of events. The judge hearing the case…
HTTPS snooping flaw in third-party library affected 1,000 iOS apps with millions of users
Lucian Constantin reports: Apps used by millions of iPhone and iPad owners became vulnerable to snooping when a flaw was introduced into third-party code they used to establish HTTPS connections. The flaw was located in an open-source library called AFNetworking that’s used by hundreds of thousands of iOS and Mac OS X applications for communicating with Web…
“KYAnonymous,” the hacker who exposed Steubenville rapists, may get more prison time than the rapists
M. David reports: Deric Lostutter, the 26-year-old “hacktivist” who leaked the evidence that led to the conviction of two of the Steubenville, Ohio rapists is now facing more time behind bars than the rapists he exposed. The Steubenville Rape Case made national headlines when a video made by the rapists themselves, and their friends, proved that their victim…
At long last, Congress passes law to strip Social Security numbers from Medicare cards
Robert Pear reports that although the federal government already prohibits private insurers using Social Security numbers on insurance cards when they provide benefits under contract with Medicare, Medicare itself has continued to issue new Medicare cards with Social Security numbers imprinted on them. And as anyone who hasn’t been asleep through the past decade knows, that’s been a recipe…
FBI watched as NullCrew dumped Bell Canada passwords online
Andrew Seymour reports: When Bell Canada’s website was hacked last year — and the accounts and passwords of more than 12,000 Canadians posted online — the Federal Bureau of Investigation was not only watching, but letting the hackers stage the attack from what was secretly an FBI server. The bureau had spent more than a year keeping tabs on the 15-year-old Canadian teenager,…