databreaches – SSL and internet security news

Congressional Report on the 2017 Equifax Data Breach

December 19, 2018 infossl

breaches, databreaches, nationalsecuritypolicy, reports, Security technology

The US House of Representatives Committee on Oversight and Government Reform has just released a comprehensive report on the 2017 Equifax hack. It’s a great piece of writing, with a detailed timeline, root cause analysis, and lessons learned. Lance Spitzner also commented on this. Here is my testimony before before the House Subcommittee on Digital … Read More “Congressional Report on the 2017 Equifax Data Breach” »

Your Personal Data is Already Stolen

December 6, 2018 infossl

breaches, databreaches, datacollection, dataloss, dataprotection, Security technology

In an excellent blog post, Brian Krebs makes clear something I have been saying for a while: Likewise for individuals, it pays to accept two unfortunate and harsh realities: Reality #1: Bad guys already have access to personal data points that you may believe should be secret but which nevertheless aren’t, including your credit card … Read More “Your Personal Data is Already Stolen” »

Deloitte Hacked

September 29, 2017 infossl

breaches, cloudcomputing, databreaches, disclosure, hacking, passwords, Security technology

The large accountancy firm Deloitte was hacked, losing client e-mails and files. The hackers had access inside the company’s networks for months. Deloitte is doing its best to downplay the severity of this hack, but Bran Krebs reports that the hack “involves the compromise of all administrator accounts at the company as well as Deloitte’s … Read More “Deloitte Hacked” »

Massive Government Data Leak in Sweden

August 24, 2017 infossl

cloudcomputing, databreaches, insiders, leaks, privacy, Security technology, sweden

Seems to be incompetence rather than malice, but a good example of the dangers of blindly trusting the cloud. Powered by WPeMatico

Indiana's Voter Registration Data Is Frighteningly Insecure

October 11, 2016 infossl

databases, databreaches, dataprotection, fraud, Security technology, voting

You can edit anyone’s information you want: The question, boiled down, was haunting: Want to see how easy it would be to get into someone’s voter registration and make changes to it? The offer from Steve Klink — a Lafayette-based public consultant who works mainly with Indiana public school districts — was to use my … Read More “Indiana's Voter Registration Data Is Frighteningly Insecure” »

NSA Contractor Arrested for Stealing Classified Information

October 7, 2016 infossl

databreaches, homelandsecurity, intelligence, leaks, nationalsecuritypolicy, nsa, Security technology

The NSA has another contractor who stole classified documents. It’s a weird story: “But more than a month later, the authorities cannot say with certainty whether Mr. Martin leaked the information, passed them on to a third party or whether he simply downloaded them.” So maybe a potential leaker. Or a spy. Or just a … Read More “NSA Contractor Arrested for Stealing Classified Information” »

The Cost of Cyberattacks Is Less than You Might Think

September 29, 2016 infossl

academicpapers, costbenefitanalysis, cyberattack, cybersecurity, databreaches, externalities, nationalsecuritypolicy, nist, reputation, Security technology, securityengineering, securitystandards

Interesting research from Sasha Romanosky at RAND: Abstract: In 2013, the US President signed an executive order designed to help secure the nation’s critical infrastructure from cyberattacks. As part of that order, he directed the National Institute for Standards and Technology (NIST) to develop a framework that would become an authoritative source for information security … Read More “The Cost of Cyberattacks Is Less than You Might Think” »

Samsung Television Spies on Viewers

February 13, 2015 infossl

android, cellphones, databreaches, eavesdropping, essays, internetofthings, iphone, nationalsecuritypolicy, phones, privacy, samsung, Security technology, surveillance, television

Earlier this week, we learned that Samsung televisions are eavesdropping on their owners. If you have one of their Internet-connected smart TVs, you can turn on a voice command feature that saves you the trouble of finding the remote, pushing buttons and scrolling through menus. But making that feature work requires the television to listen … Read More “Samsung Television Spies on Viewers” »