Another Site Leaks Plaintext Passwords, Runs Afoul of COPPA.

The site arstechnica.com is reporting that i-Dressup not only experienced a data breach – over 2.2 million affected – but has been slow as molasses in responding to Ars’s emails that they have been hacked or, more importantly, fixing the vulnerability that lead to the security failure. Perhaps we shouldn’t be surprised, merely exasperated, that […] read more

Yet Another US Court Says FBI Hacking Is Unauthorized Search, Won’t Suppress Evidence.

Earlier in the year, the FBI revealed that they had taken over a site in the dark web and reeled in hundreds of suspects in a sting operation. Due to the nature of the site (a shadowy community where its content very heavily leaned towards, but not exclusively to, child porn) many people online voiced […] read more

Data Security: Social Engineering Still More Effective Than Zero-Day Hacks.

According to a security company’s 100 penetration attempts, most organizations succumb to five attacks, none of which involve malware or zero-day flaws. The top five attacks, according to darkreading.com: abuse of weak domain user passwords — used in 66% of Praetorian pen testers’ successful attacks broadcast name resolution poisoning (like WPAD) — 64% local admin […] read more