The message at the top of a paste by two hackers pretty much nails it: A few days back, Team ITNRA hacker ‘HaxOr’ hacked into the University of Washington using a SQL injection. The SQL injection that was abused was fixed, but that doesn’t mean there wasn’t more. Just because someone finds an SQL injection…
Category: Of Note
Data Breach Case Research Paper Sheds Light
Kristin J. Mathews writes: In a draft research paper titled “Empirical Analysis of Data Breach Litigation”, three prominent scholars have collected and analyzed a sample of over 230 federal data breach lawsuits in order to deduce just what makes them tick. Romanosky, Hoffman and Acquisti examined, for example, what factual and legal characteristics made a company more likely to be…
Senate in search of consensus on data breach notification law may try a backdoor approach
Tony Romm writes: Congress failed to pass a new federal law last year requiring the litany of companies affected by data breaches — from gaming giant Sony to shoe e-tailer Zappos — to notify consumers. But now some lawmakers believe they have a new route for passage: the Senate’s upcoming cybersecurity reform bill. Read more…
Data breach? Blame your third party’s remote access systems
Ellen Messmer reports: An in-depth study of data-breach problems last year where hackers infiltrated 312 businesses to grab gobs of mainly customer payment-card information found the primary way they got in was through third-party vendor remote-access applications or VPN for systems maintenance. “The majority of our analysis of data-breach investigations — 76% — revealed that the third-party responsible for…
Law enforcement targeted by hackers
There have been a number of law enforcement-related web sites hacked since last June. Some of those hacks — like those involving the Arizona Department of Public Safety, BART, International Association of Chiefs of Police, Boston Police Patrolmen’s Association, Baldwin County Sheriff’s office in Alabama, Coalition of Law Enforcement and Retail (C.L.E.A.R.), the California Statewide Law…
SLC Police Department hack: hackers delete their own files after reiterating pledge not to expose residents’ personal info
Hacktivism raises all kinds of ethical issues. In an unusual move, hackers responsible for the hack of the Salt Lake City Police Department have deleted their copies of some of the files they had acquired from the PD’s web site. In announcing the hack on Tuesday, the hackers known as Kahuna and CabinCr3w indicated that…