Friday, Jan. 31, 1:40PM Eastern: FBI spokesman James Marshall tells reporters FBI is aware of an incident at Mar-A-Lago and have agents responding to the scene. A car chase near the resort ended with shots being fired near President Donald Trump's Mar-a-Lago resort Friday in Florida, police said. — Read the rest
Many large-scale data-breaches involve attackers gaining access to administrators' database logins; from there, they can clone the whole database and plunder it at will; but leading nosql database vendor Mongodb proposes to add another layer of security it's calling "Field Level Encryption" which encrypts the data in database fields with its own key — possibly a different key for every user or every field. — Read the rest
A new bill from Senator Elizabeth Warren proposes personal, criminal liability for top executives of companies turning over more than $1B/year when those companies experience data breaches and scams due to negligence (many of the recent high-profile breaches would qualify, including the Equifax giga-breach, as well as many of Wells Fargo's string of scams and scandals).
Writing on Techcrunch, Zack Whittaker (previously) calls out the timeworn phrase "we take your privacy and security seriously," pointing out that this phrase appears routinely in company responses to horrific data-breaches, and it generally accompanied by conduct that directly contradicts it, such as stonewalling and minimizing responsibility for breaches and denying their seriousness. — Read the rest
Equifax doxed 145 million Americans, dumping their most sensitive financial data into the world forever, with repercussions that will be felt for decades to come.
Troy Hunt, proprietor of the essential Have I Been Pwned (previously) sets out the hard lessons learned through years of cataloging the human costs of breaches from companies that overcollected their customers' data; undersecured it; and then failed to warn their customers that they were at risk.
My latest Guardian column, "Why is it so hard to convince people to care about privacy," argues that the hard part of the privacy wars (getting people to care about privacy) is behind us, because bad privacy regulation and practices are producing wave after wave of people who really want to protect their privacy.
U.S. Securities and Exchange Commission employees did not encrypt some computers that contained "highly sensitive information from stock exchanges, leaving the data vulnerable to cyber attacks, according to people familiar with the matter." Reuters has the full story. The SEC spent $200K to confirm that "no hacking or spying on the SEC's computers took place," however, and there is no evidence that any data was actually breached.
On Monday, the Burger King burst into a McDonald's restaurant in Rome, Georgia, handed out free hamburgers to customers, danced, and posted for photos with children. Managers called the police, but the Burger King escaped in a white Acura before the fuzz arrived. — Read the rest
The mangled body of a 16-year-old boy from North Carolina mysteriously dropped from the sky down to a Boston suburb last month. Authorities now believe the teen breached airport security, and managed to hide himself inside the wheel well of a US Airways Boeing 737. — Read the rest
Nathan Yau of FlowingData created posted a graphic showing the 10 largest data breaches in the last 8 years. "Notice the higher frequency as we get closer to the present?" writes Nathan. Follow the link to see the whole thing. Link(Thanks, Mike Love!)
It's being called the largest digital security breach ever. Earlier this month, a leaked database inconspicuously titled Compilation of Many Breaches was made available in a popular hacking forum. Inside were 3.2 billion unique sets of email addresses and passwords, all aggregating from past leaks from Netflix, LinkedIn, and other platforms. — Read the rest
Hackers managed to break into a Tampa Bay water plant and momentarily poison the water, remotely, on Friday. Fortunately, a plant operator noticed his mouse moving across his computer screen. Although he thought it was nothing at first, minutes later he noticed the levels of sodium hydroxide – or lye, used in liquid drain cleaners – shoot up from 100 parts per million to more than 11,100 parts per million, "a hazardous level that could sicken residents and corrode pipes," according to The Washington Post. — Read the rest