For my non-techy, non-security professional readers: Before you panic and race around to change all your passwords because you’ve heard how serious the Heartbleed bug is as a threat to your privacy and data security, read this piece by Graham Cluley. There’s been a lot of bad advice out there, and as he notes, changing…
Category: Of Note
Critical crypto bug, Heartbleed, exposes Yahoo Mail, other passwords Russian roulette-style
Kudos to Dan Goodin for trying to help the public understand the significance of Heartbleed: Lest readers think “catastrophic” is too exaggerated a description for the critical defect affecting an estimated two-thirds of the Internet’s Web servers, consider this: at the moment this article was being prepared, the so-called Heartbleed bug was exposing end-user passwords, the…
The Biggest Security Breach in the History of the Internet May Have Hacked All Your Information
Tom McKay reports: The news: Security researchers have identified a very, very serious security hole in one of the fundamental technologies protecting personal data all across the Internet. OpenSSL, the cryptographic software library that an estimated two-thirds of web servers worldwide use to connect with end users and guard against digital eavesdropping, has been vulnerable to hackers for…
EXCLUSIVE: U.S. Info Search is responsible for notifying victims of breach, not us – Experian
Because the data were owned and controlled by U.S. Info Search, Experian says they are not responsible for notifying victims of a breach involving Court Ventures, a firm it acquired in 2012. So why does the media only have Experian’s name in the headlines? Jim Finkle of Reuters recently reported that there is a multi-state investigation…
Federal court denies Wyndham Hotels & Resorts’ motion to dismiss FTC’s complaint
Ashkan Soltani has uploaded an important ruling in FTC v. Wyndham, a case discussed many times on this blog. The short version of the ruling is that Wyndham went 0 for 3 on its challenges to the FTC’s authority to enforce data security under the FTC Act, to enforce data security in the absence of regulations that…
Experian sues Court Ventures to enforce indemnification in wake of Court Venture’s breach
As I tweeted last night, Experian has sued the former owner/shareholder of Court Ventures over the mess Experian found itself in when it acquired Court Ventures and later learned that a criminal had been using a Court Ventures account to access a U.S InfoSearch database with information on over 200 million Americans. Today, Jim Finkle…