Back in 2010 and 2011, I posted a number of blog entries about a breach at SilverPop. SilverPop was not particularly transparent/forthcoming about the scope of the breach, but it seemed to be pretty large. Today, Ryan M. Martin of Winston & Strawn LLP writes: A Georgia court recently agreed on a summary judgment motion…
Category: Of Note
900 social insurance numbers taken in Canada Revenue Agency security breach involving Heartbleed
Meghan Hurley reports: The social insurance numbers of 900 Canadians were swiped from the Canada Revenue Agency website after its Internet software was compromised by the so-called Heartbleed computer bug. Andrew Treusch, the commissioner of the Canada Revenue Agency, said in a statement the CRA has worked around the clock to implement a “patch” for…
Obama Lets N.S.A. Exploit Some Internet Flaws, Officials Say
David E. Sanger reports: Stepping into a heated debate within the nation’s intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security, it should — in most circumstances — reveal them to assure that they will be fixed, rather than keep mum so that the flaws can…
Message from CloudFare concerning Heartbleed (updated)
Email I received from CloudFare this morning: You’re protected from the Heartbleed vulnerability because you have CloudFlare turned on for your website. We fixed the flaw on March 31 for all CloudFlare customers, a week before it was publicly announced. Heartbleed (CVE-2014-0160, http://www.openssl.org/) is a flaw in OpenSSL, encryption software used by the vast majority…
Pointing fingers, Thursday edition – U.S. Info Search tells its side
On April 8, this blog published a post concerning the Court Ventures breach that questioned whether Experian was getting a bad rap for a breach that started with Court Ventures and its reciprocal data sharing agreement with U.S. Info Search. Unbeknownst to DataBreaches.net at the time, U.S. Info Search had issued a press release the…
Before you panic and change all your passwords because you’ve read dire warnings on Heartbleed….
For my non-techy, non-security professional readers: Before you panic and race around to change all your passwords because you’ve heard how serious the Heartbleed bug is as a threat to your privacy and data security, read this piece by Graham Cluley. There’s been a lot of bad advice out there, and as he notes, changing…