August 20, 2014
The Federal Trade Commission (FTC) has approved two orders with two apps services, Credit Karma and Fandango, regarding very poor security protections against interception by third parties, known as “man in the middle” attacks. These orders highlight Read the rest of this entry »
I have recently posted on the problem of internal threats to data security (see here and here). Organisations may have strong cyber defences and office security may still be exposed to a significant risk of a data breach by the actions of ex employees, whether of the disgruntled or gruntled variety. Poor practices in password management, closing access and accounts and generally preventing access to records by ex employees can easily expose a business to financial and reputational loss. Similarly checking the on line and computer activities of employees soon to be former employees may prevent malware or other cyber bombs being placed within a businesses computer system. These issues are illustrated in Why Former Employees Could Be Your Next Great Security Threat.
It provides, absent slides: Read the rest of this entry »
Cnet in Hack of hospital chain leads to theft of up to 4.5M users’ data reports on a very significant breach of security affecting a Health group operating 206 hospitals. The largest breach of hospital patient information since 2009, when the Government started tracking breaches. The reported concern is that the suspected goal of the data breach is to facilitate future attacks using the data obtained, such as through personal information which can Read the rest of this entry »
August 19, 2014
Zndet in Six ways to secure your vulnerable network router sets out some very sensible steps that any organisation Read the rest of this entry »
The Canberra Times in Federal privacy authorities called in over Centrelink breach reports on personal information of Centrelink clients left in public. The Privacy Commissioner has been notified. So far there has been no reference to any investigation on the OAIC homepage. This will be Read the rest of this entry »
The quality and quantity of data security by organisations in Australia is, anectodally, quite poor. The common law and statutory regulation remain inadequate in Read the rest of this entry »
In an ongoing series the Privacy Commissioner has released another video on matters privacy. This addition to the collection is Is my real estate agent allowed to take photos in my house?
The youtube of the video is found here:
Is real estate agent allowed to take photos of my house
The transcript Read the rest of this entry »
August 18, 2014
The Australian in Australians flock to VPNs to avoid data retention reports on consumers response to the Government’s data retention plans. It is interesting to see how the market responds to government proposals – when they are made public. It is Read the rest of this entry »
August 17, 2014
The Age reports in Australian teen uncovers security flaw in PayPal the continuing role of a white hat hacker in showing up flaws in the Paypal website which potentially allowed a hacker to by pass its two factor authentication system. Unfortunately Read the rest of this entry »
According to a survey of 2,000 US consumers found that 44% will not use mobile banking services and 48% will not use billing payment apps. In a similar survey in the UK the figures are even starker with 53% not being prepared to use mobile banking services, half avoiding money transfer apps and 24% not feeling safe shopping on their handsets. That apps are causing concern for consumers should not come as a surprise. The weaknesses of privacy protection in apps are Read the rest of this entry »