Another Site Leaks Plaintext Passwords, Runs Afoul of COPPA.

The site arstechnica.com is reporting that i-Dressup not only experienced a data breach – over 2.2 million affected – but has been slow as molasses in responding to Ars’s emails that they have been hacked or, more importantly, fixing the vulnerability that lead to the security failure. Perhaps we shouldn’t be surprised, merely exasperated, that […] read more

Manhattan DA Asks Apple and Google To Roll Back – Not Weaken – Encryption (Kinda the Same Thing, Mister).

It’s just like a lawyer to sing a differen tune to confuse the issue. Last week, Manhattan District Attorney Cyrus Vance Jr. spoke at the International Conference on Cyber Security (all quotes from tomsguide.com): [He] said that law enforcement officials did not need an encryption “backdoor,” sidestepping a concern of computer-security experts and device makers […] read more

Ashley Madison Passwords Easy To Crack After All.

Ah, Ashley Madison.  Even as one tries to move away from it to other issues, new problems surface like toxic malaise at a swamp: fraudulent $19 data scrubbings, men being conned by bots, some of the weakest passwords known to mankind securing their servers, an ex-CTO who supposedly hacked the competition…  Michael Corleone, I get […] read more

Password Security: Ashley Madison Patrons Had Terrible Passwords.

Last week, motherboard.com reported that 4000 cracked passwords belonging to Ashley Madison customers were “awful,” security-wise.  The site went on to conclude that: It’s understandable for users to be frustrated with Ashley Madison for failing to protect their data. But when customers are choosing passwords that could probably just be guessed, they need to take […] read more

HIPAA Encryption: Indiana Medical Firm Data Breach Affects 230 Healthcare Organizations.

Last week, a Indiana medical firm saw a massive medical data breach that extended throughout the entire U.S.  Per online reports, possibly 4 million people in more than 230 hospitals and other healthcare organizations were affected by the breach, which occurred in May of this year. Hackers stole protected health information that included: “patients’ names, […] read more

Data Encryption: Creating Passphrases That You Can Memorize While Thwarting Would-Be Monitors.

Over at firstlook.org, The Intercept has an article on creating passphrases (not passwords) that are strong and memorizable.  The trick lies in the number of elements (that is, how many words are used in the passphrase) and randomness.  Indeed, the principle is not different from how encryption works to secure data.  For example, AlertBoot’s managed […] read more

Medical Laptop Disk Encryption: Valley Community Healthcare Reports Stolen (Unencrypted) Laptop.

One of the worst US states in which to have a data breach, especially a medical data breach, is probably California: in addition to federal HIPAA regulations, California has shown itself to be quite aggressive when dealing with medical entities that experience a data breach.  Indeed, there’s some (valid) criticism that the CA Dept. of […] read more

Data Encryption: Can Moral Hazard Account For Low Levels Of Corporate Data Security?.

Over at theconversation.com, an article is tackling “why companies have little incentive to invest in cybersecurity.”  One of the arguments is that companies encounter moral hazard.  That is, they’re don’t really feel the effects of the risk of their actions because someone or something else is taking care of the hazard. Moral Hazard – Beneficiaries […] read more