New Mexico Now Has A Data Breach Notification Bill.

New Mexico will be the latest US state to add a data breach notification law to its books. Once the bill officially becomes a law, only two states – Alabama and South Dakota – will remain outsiders to the crazy idea that people should be notified if their personal data is hacked. You can read […] read more

WikiLeaks Shows That Encryption Works, Even Against Spooks.

Last week, the world saw another bombshell announcement from WikiLeaks. Per their tweets and resulting confidential data dump, it was readily apparent that the CIA had amassed techniques for breaking into many kinds of digital devices imaginable: smartphones and computers, yes, but also things connected to the internet, like smart TVs (perhaps they’ve looked into […] read more

Third Circuit Appellate Court Says “OK” To Data Breach Lawsuit.

Recently, the US Court of Appeals for the Third Circuit concluded that “the improper disclosure of one’s personal data in violation of FCRA [Fair Credit Reporting Act] is a cognizable injury for Article III standing purposes.” In other words, people can go to court over data breaches and data breaches alone; there is no need […] read more

Frequent Password Changes Not A Secure Data Security Practice.

According to the Federal Trade Commission’s Chief Technologist, forcing users to frequently change their password can be counterproductive when it comes to fighting data breaches. Mind you, it’s not the frequency itself that leads to security weaknesses. Rather, it’s what happens at the weakest link in most security systems — individual behavior — that leads […] read more

UK Court Says Hacker Can’t Be Compelled To Provide Encryption Password.

Many will read the title above and think this has a bearing on RIPA, the Regulation of Investigatory Powers Act of 2000. It does, but only barely. I’ve got to admit it is a bit misleading. It’s also 100% true… but only because of the degree of farce involved in this matter. According to the […] read more

Gibberish = Encryption? Not By A Long Shot.

As the world descends into utter chaos, I take comfort in knowing that people are generally very levelheaded. It doesn’t quite always work that way, but seeing how North Korea’s government lives another day to threaten the flooding of Seoul in a sea of fire; or that European countries haven’t copped out to what some […] read more

Apple Security Could Be About Marketing But It’s Also About Security.

I’ve been contemplating on the FBI’s accusations that Apple is using encryption and security as a marketing ploy to sell more phones. So what if it is? It doesn’t mean that Apple’s arguments regarding security are any less true just because they’re using it to push phones. Remember when Blackberry was the device to have […] read more

Password Security: Ashley Madison Patrons Had Terrible Passwords.

Last week, motherboard.com reported that 4000 cracked passwords belonging to Ashley Madison customers were “awful,” security-wise.  The site went on to conclude that: It’s understandable for users to be frustrated with Ashley Madison for failing to protect their data. But when customers are choosing passwords that could probably just be guessed, they need to take […] read more