Dennis Fisher writes: A pair of security researchers have implemented an attack that exploits the way that ASP.NET Web applications handle encrypted session cookies, a weakness that could enable an attacker to hijack users’ online banking sessions and cause other severe problems in vulnerable applications. Experts say that the bug, which will be discussed in…
GAO Finds Agencies Lax On Data Protection
Elizabeth Montalbano reports: Some federal agencies that deal with highly sensitive data are not adequately protecting it from contract workers, a new Government Accountability Office (GAO) report found. The Departments of Defense (DoD), Homeland Security (DHS), and Health and Human Services (HHS) have some guidance and contract provisions in place for what data contractors can…
GAO: Stronger Safeguards Needed for Contractor Access to Sensitive Information
Elizabeth Montalbano reports: Some federal agencies that deal with highly sensitive data are not adequately protecting it from contract workers, a new Government Accountability Office (GAO) report found. The Departments of Defense (DoD), Homeland Security (DHS), and Health and Human Services (HHS) have some guidance and contract provisions in place for what data contractors can…
Is your browser being lied to? Survey says: “Maybe”
Cross-posted from PogoWasRight.org: In a year when both Congress and the FTC have been making noise about regulating online advertising, you would think that the industry would be eager to show that such regulation is not needed. Yet a new study released last week by researchers at Carnegie Mellon University’s CyLab suggests that not only…
ACH Case: Headed to Trial?
Linda McClasson writes: A series of motions in the Experi-Metal vs. Comerica Bank case indicate that this high-profile ACH fraud conflict could be headed for a jury trial. Both sides have filed recent motions, with EMI requesting a jury trial and Comerica asking for a non-jury trial. The case is set to be heard after mid-November, with Nov. 16…
AHIMA Files Response to HHS Privacy Rules
Press release from AHIMA: “While AHIMA continues to applaud federal government support for the ideal of protecting patients’ health information rights, the proposed rule-making for HIPAA privacy, security and enforcement by HHS has a number of requirements that we do not believe the industry is ready to undertake; especially as it gears up for Meaningful…