One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 382352 |
| Date de publication | 2017-07-07 13:00:00 (vue: 2017-07-07 13:00:00) |
| Titre | Week in Review 7th July 2017 |
| Texte |
How to not handle a data breach
Car breakdown service provider the AA apparently suffered an issue whereby it was publicly disclosing customer data. Except it wasn’t. But it was.
Short version is that AA published 13GB worth of customer data to the internet, including partial credit card details.
However, in a masterclass on how not to handle a data breach, the AA proceeded to deny any such leak had occurred, despite there being clear evidence to the contrary. Then, when Graham Cluley pointed out that the AA may be fibbing, he was warned (threatened?) of being in breach of the computer misuse act. Note, that this is for posting a redacted screenshot of leaked data, that apparently didn’t occur in the first place.
Troy Hunt breaks down the five stages of data breach grief
The AA Exposed Emails, Credit Card Data, and Didn’t Inform Customers
AA Shop investigating 13 gigabyte data breach
On the flip side, DaFont had a pretty reasonable response to being breached.
A self-destructing PC
I remember watching the Mission Impossible TV series where at the end of the mission briefing, the director would say, “This message will self destruct in 30 seconds” and always found it to be so cool.
When my first MP3 player was stolen; I sorely wished that it had a similar functionality whereby I could remotely ‘detonate’ it so that the internals would go up in a puff of smoke.
It appears as if such a device is no longer in the realm of fantasy, as Orwl takes physical security to the next level. Not only do you need a password and wireless fob to turn it on, if the fob moves out of range, the processes goes to sleep and the USB and HDMI ports shut off.
If an attacker is persistent, the device will wipe data on the encrypted drive.
This $1,699 "secure PC" will self-destruct if tampered with
It will be interesting to see how law enforcement view this, and if such devices become favoured by those looking to do no good, if a master fob is requested.
Certificate revocation is broken
A nice piece by Scott Helme (why does autocorrect insist on referring to him as Helmet?) in which he illustrates the challenges that as more and more sites are using certificates, there isn’t a good way to revoke them if someone obtains our private key.
Kaspersky agrees to turn over source code to US government
In a story that will likely continue to take twists and turns along the way, Kaspersky has worryingly agreed to share its source code with the US government in order to continue conducting business with them.
CEO Eugene Kaspersky has stated that h |
| Notes | |
| Envoyé | Oui |
| Condensat | $40 “this 000 13gb 2017 699 7th able access accounting achieved act adam add added additionally after against agreed agrees alcohol allow allowing along altogether always anger any apparent apparently appears application approach apps are around art ascii attack attacker attackers autocorrect back backdoor backdoored backdoors bans based battling bbc become beers being bits breach breached breakdown breaks briefing broken built business businesses but came can’t car card ceo certain certificate certificates challenges change changed clear cluley code cold collect come companies company company; computer computers conducting construction continue contrary controlled cool could credit crypto customer customers cyber dafont dangerous data day decided demand deny departed departments designed despite destruct destructing details device devices didn’t digital director disclosing diskcoder doc doc's does doing down drive effect either email emails employee employees employer encrypted end ended energy enforcement engineer enterprises erdpou eugene every evidence exact except exposed extract fantasy favoured feature fibbing files fined fired firmware first five flanagan flip floyd fob folder folders former found frenzy frequencies from fuelled functionality gigabyte goes good government governments graham grief hacked had handle harvesting has hdmi heads helme helmet hide him his home how however hunt identify ignored illustrates impact important impossible include including inevitable inform information ingenious inserting insist installed interesting internals internet investigating investigation isn’t issue it’s its itself job july kaspersky key kiddie lab law lead leak leaked legitimate legitimizes let level light likely locking log longer looking lost lyrics machines malicious malware many master masterclass masts masts’ may message meter meters microsoft mission misuse modules more most move moves mp3 need needed network networking new next nice not note nothing notpetya numbers obtains occur occurred off offers one only opens order organisation orwl other otx out over partial password passwords persistent physical piece pink place player pointed ports posting power precedence pretty prison private proceeded processes protect protected prove provider publicly published puff pulse push question radio range ransomware read real realm reasonable recorded redacted referring release remember reminder remotely requested response retaliation revenge review revocation revoke root russia same say scott screenshot script seconds” secure security see seized self sentenced series servers service share shop short should showing shut side similar simply sites sleep small smart smoke software some someone song soon sorely source specific stages stated steps stolen; story such suffered take takes tampered them then those threatened threatens throw thwart towers troy turn turned turns twists ukraine ukrainian untoward updating uploaded usage usb use used users uses using utility version versions video view waltz war warned warnings wasn’t watching water way week whatever when where whereby whether which why will willing windows wipe wireless wished worked worrisome worryingly worth would wrap wrecks write year years your |
| Tags | Guideline |
| Stories | NotPetya |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.