Darren Pauli reports: Much of the impact of the Shell Shocked vulnerability is unknown and will surface in the coming months as researchers, admins and attackers (natch) find new avenues of exploitation. The vulnerability, coined Shell Shocked by researcher Robert Graham, existed in the Bash command interpreter up to version 4.3 and affected scores of servers,…
Category: Other
Experts Condemn eBay After XSS Attack Puts Users At Risk
Tom Jowitt reports: The attack on eBay was a cross-site scripting (XSS) attack, in which users were redirected to a spoof website designed to steal their credentials. It is not known at this stage, how many users have been affected, said the BBC. “It would be nice to think that eBay, one of the world’s most popular…
IE: Private investigators charged with ‘blagging’ personal data
Elaine Edwards reports on a breach case previously noted on this blog: Two private investigators have appeared in court charged with allegedly ‘blagging’ personal information on a number of individuals from both the Department of Social Protection and the HSE nd with passing it to credit unions. Margaret Stuart (56) and Wendy Martin< (45), both directors of MCK Rentals…
IE: Dirty tricks at centre of credit union snooping
Niall O’Connor reports on a major case of social engineering: Sensitive personal data, including addresses and job details, was handed over by the Department of Social Protection after just one phone call from private investigators pretending to be State officials. The underhand tactics used to extract confidential information from a leading State agency is revealed…
PA: Investigation urged of security breach in Fayette County computer system
Mary Pickels reports: Fayette County Commissioner Angela Zimmerlink said on Tuesday that further investigation is needed into an alleged security breach caused when Commissioner Al Ambrosini directed IT department head Kebin Holbert to increase access to the county computer system for a financial consultant working for the county. Referring to a letter from acting Controller…
Ca: Henry v Bell Mobility: Another Federal Court case shows PIPEDA damages are hardly worth pursuing absent evidence of actual harm
Canadian privacy lawyer David T.S. Fraser writes: The Federal Court, in the recently issued decision in Henry v Bell Mobility 2014 FC 555 (not yet on CanLII or the Court’s site) has awarded a very modest sum of damages to a customer of Bell Mobility whose phone account was accessed by an impostor. At the hearing…