Some days, it’s not easy being a data breach researcher and citizen journalist. In time, you somewhat get used to legal threats because you published something a company took exception to, and you shrug when your site gets DDoSed by those who don’t like your criticism of their hacking activities. But when the U.S. Department of…
Category: Of Note
U.S. Agent Lures Romanian Hackers in Subway Data Heist
Del Quentin Wilber reports: … The Secret Service and FBI are investigating an increasing number of attacks on U.S. retailers’ data, including the massive breach of Target Corp. (TGT:US) last year that affected more than 40 million debit and credit card accounts. Investigators won’t talk about the Target probe. Instead, the Secret Service pointed to O’Neill’s investigation that…
Court Rules SilverPop Not Liable for Damages After Data Breach
Back in 2010 and 2011, I posted a number of blog entries about a breach at SilverPop. SilverPop was not particularly transparent/forthcoming about the scope of the breach, but it seemed to be pretty large. Today, Ryan M. Martin of Winston & Strawn LLP writes: A Georgia court recently agreed on a summary judgment motion…
900 social insurance numbers taken in Canada Revenue Agency security breach involving Heartbleed
Meghan Hurley reports: The social insurance numbers of 900 Canadians were swiped from the Canada Revenue Agency website after its Internet software was compromised by the so-called Heartbleed computer bug. Andrew Treusch, the commissioner of the Canada Revenue Agency, said in a statement the CRA has worked around the clock to implement a “patch” for…
Obama Lets N.S.A. Exploit Some Internet Flaws, Officials Say
David E. Sanger reports: Stepping into a heated debate within the nation’s intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security, it should — in most circumstances — reveal them to assure that they will be fixed, rather than keep mum so that the flaws can…
Message from CloudFare concerning Heartbleed (updated)
Email I received from CloudFare this morning: You’re protected from the Heartbleed vulnerability because you have CloudFlare turned on for your website. We fixed the flaw on March 31 for all CloudFlare customers, a week before it was publicly announced. Heartbleed (CVE-2014-0160, http://www.openssl.org/) is a flaw in OpenSSL, encryption software used by the vast majority…