Fast response, but not detected internally.
WP Engine
Resets Passwords After Data Breach
Popular WordPress hosting service WP Engine
informed customers this week that their credentials may have been
compromised in a security breach.
Only few details have been provided about the
incident as the investigation, conducted in collaboration with law
enforcement and a “leading” cybersecurity firm, is ongoing. WP
Engine became aware of the breach on December 9 and customers were
first notified later that day.
… Many
have complained about the lack of details from WP Engine,
particularly regarding the way passwords were stored. The company
has promised to share
information about the data breach as soon as it’s available.
Failure to encrypt.
Jett Goldsmith writes:
A security vulnerability affecting 16 companies worldwide, including Air Canada, the CN Tower, and the San Diego Zoo, has potentially revealed the unencrypted credit card data of hundreds of thousands of customers, according to a report by threat detection firm Wandera.
Read more on Neowin.
Over on Wandera’s
blog, they write:
Today, Wandera announced the discovery of the CardCrypt security flaw affecting sixteen companies, including four major airlines – Air Canada*, easyJet*, AirAsia and Aer Lingus*. Each of the companies has been failing one of the most basic of security requirements by not fully encrypting the traffic to the payment portion of their mobile web site or app. This means that customers who use these services unknowingly may have had their credit card information sent ‘in the clear’, and have been at risk of having that information stolen.
* UPDATE: We are pleased to say we have learned that easyJet, Chiltern Railways, San Diego Zoo, CN Tower, Aer Lingus and Air Canada have now confirmed there is no ongoing issue. We will continue to assist others in trying to swiftly resolve this issue.
Reportedly, it was not just credit card numbers
that were leaking in some cases:
What information was exposed?
Every one of the companies has exposed the full credit card number unencrypted. All of the companies, except for Air Canada, also exposed the CVV number. But the CardCrypt flaw is not limited to just this information. Alarmingly, the amount of additional information that was exposed by some of the companies has been significant and included card expiration date, full name, billing address, email addresses and even passport information.
Read more on Wandera.
Yeah, but they will shop online anyway.
AMSTERDAM
– December 10, 2015 – Nearly two-thirds (64%) of
consumers surveyed worldwide say they are unlikely to shop or do
business again with a company that had experienced a breach where
financial information was stolen, and almost half (49%) had the
same opinion when it came to data breaches where personal
information was stolen. This is according to a recent global
survey by Gemalto (Euronext NL0000400653 GTO), the world leader in
digital security, titled “Broken Trust: ‘Tis the Season to Be
Wary”, which surveyed 5,750 consumers in Australia, Brazil, France,
Germany, Japan, United Kingdom and United States.
Should we really expect good management from OPM?
Tal Koppan reports:
The federal agency that had more than 21 million Americans’ personal information stolen in a massive hack is once again in congressional cross-hairs — this time for improperly doling out taxpayer dollars to protect those Americans after the data breach.
The Office of Personnel Management’s inspector general released a report this month, made public Thursday, finding that the agency improperly handled its contract award to a company hired to protect the identities of the first 4 million federal employees affected by the breach, which has been blamed on China.
Read more on WPTZ.
The least impactive nugget of data gathered by the
candidates is your phone number so they can make way too many
automated phone calls urging you to vote for them. This kind of
research simply helps them tailor their lies.
Harry Davies reports:
Ted Cruz’s presidential campaign is using psychological data based on research spanning tens of millions of Facebook users, harvested largely without their permission, to boost his surging White House run and gain an edge over Donald Trump and other Republican rivals, the Guardian can reveal.
A little-known data company, now embedded within Cruz’s campaign and indirectly financed by his primary billionaire benefactor, paid researchers at Cambridge University to gather detailed psychological profiles about the US electorate using a massive pool of mainly unwitting US Facebook users built with an online survey.
Read more on The
Guardian.
Does the FBI have the tools to identify terrorists
by reading the plaintext messages they send? Isn't that what the big
fuss over NSA's bulk interception was about?
Lawmakers on Thursday said there was no evidence
yet the two suspected shooters used encryption to hide from
authorities in the lead-up to last week's San Bernardino, Calif.,
terror attack that killed 14 people.
… But that hasn’t ruled out the possibility,
Burr and others cautioned.
… The recent terror attacks in San Bernardino
and Paris have shed an intense spotlight on encryption.
While no evidence has been uncovered that either
plot was hatched via secure communications platforms, lawmakers and
federal officials have used the incidents to resurface an argument
that law enforcement should have guaranteed access to encrypted data.
(Related) It's not like there are no tools for
terrorists. But most of these actors are minimally trained amateurs.
If they are identified and stopped, no big deal. They are just
cannon fodder.
Sadly Rachman reports:
Computer scientists at the Massachusetts Institute of Technology (MIT) have developed a new SMS text messaging system that is untraceable and apparently even more secure than the Tor anonymity network, in order to create truly anonymous communications.
Read more on TreeAngle.
Perspective. Why would we expect corporations (or
terrorists) to be more concerned about security than the courts?
(Note that publishing a list of weaknesses give hackers a roadmap.)
Nick Cahill reports:
Despite a 2013 audit revealing significant information security flaws, the Judicial Council of California hasn’t improved its control systems and remains “unacceptably” at risk for data breaches, according to a follow-up audit.
The council’s case management records and human resources data are specifically jeopardized because of its failure to implement recommendations from the original audit, the state auditor said Thursday. The audit also criticized the council for a lack of urgency in setting a timeline for implementing better controls.
Read more on Courthouse
News.
My Cayman Islands bank account is about to get a
lot of deposits, because I have a phone book and I know how to use
it!
Latest
Google Wallet update lets you send money using just a phone number
For the gamers in my Spreadsheet class.
6 Iconic
Games Recreated in Microsoft Excel
Because conversions are useful in many
applications. To and from PDFs for example.
The
Complete Microsoft Office
File Converter Guide
Perspective. So now you can wait until you are
down to your last couple of six-packs before re-ordering.
Amazon
Starts One-Hour Booze Delivery in Manhattan
… One-hour delivery costs $7.99, and two-hour
service is free, Amazon said. Prime Now, a one-hour delivery service
available only to Prime members, is available in 23 cities such as
Dallas, Chicago, and Nashville.
No comments:
Post a Comment