From the stop-me-if-you’ve-heard-this-one-before dept: Over on Daily Dot this morning, I reported that the FBI executed a search warrant at the home of researcher Justin Shafer. Shafer’s name will be familiar to regular readers of DataBreaches.net because he exposed a long-standing security vulnerability in Dentrix software and challenged Henry Schein’s claims that their product provided “encryption.” Our combined efforts resulted in…
Search Results for: justin shafer
DEA obtains a federal search warrant for patient data on MicroMD
Justin Shafer pointed me to a case where the government, investigating a healthcare provider, served SaaS MicroMD with a federal search warrant for some patients’ data. You can read Justin’s write-up on his blog, but the case reminds us that patient data can be disclosed to law enforcement without patients’ awareness or consent, and that unencrypted patient…
Malvertising Attack Hits Realtor.com Visitors
Jerome Segura reports: As the debate about online ads is raging thanks to Apple’s introduction of ad blockers in its App Store, malvertising keeps on striking high profile sites. The latest victim is popular real estate website realtor.com, ranked third in its category with an estimated 28 million monthly visits according to SimilarWeb. People browsing the site in the last…
5-year-old Ocean Beach boy exposes Microsoft Xbox vulnerability
Michael Chen reports: A young Ocean Beach boy is in the spotlight after he discovered a back door in to one of the most popular gaming systems in the world. When 5-year-old Kristoffer Von Hassel is playing his Xbox, his feet don’t touch the ground. But something he did has made the smartest guys at…
URLs Are NOT Passwords, and Sadly, That Needed to Be Said (Stolowitz vs. Nuance Communications)
In 2014, Nuance Communications discovered that anyone could access protected health information on one of its platforms. After the situation persisted for years, a former employee decided to submit a whistleblower complaint to HHS. For his efforts, he spent more than one year fending off threatened federal hacking charges, even though no hacking was involved….
Stop calling all hacks with ransom demands “ransomware”
For the past year, I’ve been criticizing entities that describe their data leaks as “hacks” (cf, this article of mine on The Daily Dot or this post as examples). More recently, Zack Whittaker has also forcefully raised that issue on ZDNet. Whether other journalists will adapt their language and correctly report incidents as “leaks” instead of “hacks”…