Tag: Dataloss

  • Crossing the line on ‘appropriate’ response to a breach…

    You have likely seen the news that eBay was compromised and disclosed on Wednesday the 21st, resulting in as many as 145 million customers being affected. eBay was quick to state that the criminals did not gain access to financial information, trying to allay customer concerns. Despite that, there are many aspects of the aftermath…

  • Data Breaches Harder to Understand

    [This was originally published on Credant, now a Dell company, under my OSF byline. Archived on attrition.org] On the off chance you missed any news outlet the last 30 days, an .anti security. movement has been reborn. Started in 1999, the Antisec Movement focused on encouraging security consultants and hackers not to disclose vulnerabilities to…

  • Brief analysis of “Analyzing Websites for User-Visible Security Design Flaws”

    [This was originally published on attrition.org] On July 23, 2008, an article was released touting the numbers of a recent study on website security design flaws. The article only quoted some statistics from the research and did not link to it or go into detail on how the statistics were derived. I posted a quick rebuttal to the…

  • Useless Compensation for Data Loss Incidents

    [This was originally published on attrition.org. It was written by Apacid and Jericho.] If you have been the victim of a data loss incident, odds are you have received a letter from the careless organization that lost your information. These letters always offer apologies and sincere hope that your identity or personal information isn’t abused. The…

  • Useless Compensation for Data Loss Incidents

    [This was written with Apacid and originally published on attrition.org.] If you have been the victim of a data loss incident, odds are you have received a letter from the careless organization that lost your information. These letters always offer apologies and sincere hope that your identity or personal information isn’t abused. The recent BNY Mellon incident (which…

  • What The Hell Was He Thinking?

    [This was originally published on attrition.org. It was written by Lyger and Jericho.] For those who haven’t heard, a recent data loss incident involving the Louisiana Board of Regents was recently disclosed to the media. In short, about 80,000 Social Security numbers were inadvertently exposed over the internet, and the media seemed to be very quick in…

  • “We recovered the laptop!” … so what?

    [This was written with Lyger and originally published on attrition.org.] In May of 2006, the United States Department of Veterans Affairs publicly disclosed the fact that “Personal data on about 26.5 million U.S. military veterans was stolen from the residence of a Department of Veterans Affairs data analyst who improperly took the material home”, prompting a mass…

  • “We recovered the laptop!” … so what?

    [This was originally published on attrition.org. It was written by Lyger and Jericho.] In May of 2006, the United States Department of Veterans Affairs publicly disclosed the fact that “Personal data on about 26.5 million U.S. military veterans was stolen from the residence of a Department of Veterans Affairs data analyst who improperly took the material home“,…

  • Screw the thief. Convict the state department morons…

    [This is a rebuttal/rant in which I ‘reply’ to various parts of a news article, originally published on attrition.org. This version has been updated for style.] Desperate US offers 25,000 dollars for missing State Department laptophttps://seclists.org/isn/2000/Aug/53 (Original now 404)Thursday, August 10 4:20 AM SGT WASHINGTON, Aug 9 (AFP) – Apparently frustrated and desperate for leadsafter…