One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 459645 |
| Date de publication | 2018-01-12 14:00:00 (vue: 2018-01-12 14:00:00) |
| Titre | Things I hearted this week: 12th Jan 2018 |
| Texte |
Carphone Warehouse Fined £400,000
The Information Commissioner’s Office (ICO) has fined Carphone Warehouse an eye-watering £400,00 for what it referred to as distinct and significant inadequacies in the phone company’s security controls.
The full report by the ICO (PDF) is worth reading. It goes into a lot of detail around the vulnerabilities such as the attacker scanning using Nikto, and gaining access to a woefully out-of-date WordPress installation that was running its CMS. It also covers how credentials were stored in plaintext and how the attacker was able to access large amounts of personal data.
There are many more details in the report, that I highly encourage you to read, but essentially it boils down to an absence of fundamental security controls, no assurance to verify systems were secured, and a lack of monitoring or detection controls in place.
Carphone Warehouse cops £400k fine after hack exposed 3 meeellion folks’ data | The Register
Britain fines Carphone Warehouse 400,000 pounds over data breach | Reuters
Data protection bill amended to protect security researchers
The UK has revealed amendments to its data protection bill to de-criminalise research into whether anonymised data sets are sufficiently anonymous.
This is very good news for researchers who may have been worried they could be prosecuted for demonstrating weaknesses in anonymization.
UK gov updates Data Protection bill to protect security researchers | The Inquirer
UK Data Protection Bill tweaked to protect security researchers | The Register
Data protection bill amended to protect security researchers | The Guardian
Data Protection Bill | Parliament UK (pdf)
Toy firm VTech fined over data breach
VTech, the ‘smart’ toy manufacturer has been fined $650,000 by the FTC after exposing the data of millions of parents and children.
Troy Hunt brought up the issue back in November 2015 and it made for a chilling read. Not only was the website not secure, but the data was not encrypted in transit or at rest.
Hopefully, this kind of crackdown on weak ‘smart’ devices will continue until we see some changes. Not that I enjoy seeing companies being fined, but it doesn’t seem like many manufacturers are paying much attention to security.
FTC fines VTech toy firm over data b |
| Envoyé | Oui |
| Condensat | $650 $650k “working it £400 £400k 000 12th 2015 2017 2018 400 able about absence access acquisition added after ago agreement alex alienvault all allow allows alone also amended amendments amounts analysed and asks anonymised anonymization anonymous any anyone apparent appears application are around article attack attacker attention back basically beast been being believe bill bit blog blue boils breach britain brought businesses but buy can card carphone changes chat chats checkmarks children chilling chris christmas claims click cms cnbc colleague colleagues colours commissioner’s common community companies company’s compiled continue control controls conversations cops could covers crackdown credentials credit criminalise crypto cryptocurrency cso currency customer daily data date demonstrating detail details detection devices diet different directed distinct doesn’t doing domain doman down educational encrypted encryption end enjoy essentially eve even every everyone eweek exposed exposing eye facebook family fed feeds feeling fine fined fines firm first flaws folks’ font found from ftc full fundamental gaining get goes good gov group guardian hack hackers handed has have hearted helpnetsecurity highly encourage hill his home hopefully how hunt ico important inadequacies includes info information inquirer installation installer integrated interest invitation iot issue it’s its jan joined juicy kids kim kind korea korean labs lack language large later like link loneliness lot lots made magazine making manufacturer manufacturers many martin may mean media medium meeellion member might millions mine mined miner miner: miss monero money monitoring more much myself name new news news: night nikto no assurance nodding north not notification november number offer office official only onwards out outlets over owns pairs parents parliament part paying pdf penned personal phishing phone piqued place plaintext platform plus point posing pounds privacy promise promoted promotes promoting prosecuted protect protection prototype pyongyang questions quite rapid read reading referred register relation remote report research researchers rest reuters revealed rolled running sad said same scam scanning screen secure secured security see seeing seem send sent server sets sign signal significant site slide snoops software some spoof stamos standard status steals stealth stored stress stresses such sufficiently sums sung systems takes team techcrunch themselves then things though through thus tool toy toymaker transit tricky troy true tweaked tweet tweets twitter twitter’s two university until updates users users' using vendor verified verify very vtech vulnerabilities warehouse watering way we’re weak weaknesses weapon website week: weeks well what whatsapp whether which who who’s will wired woefully worded wordpress work working world worried worth would wulf years your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.