Last summer Animoto was the target of a data breach, in their posted-but-not-emailed announcement of the breach Animoto assured users that any compromised passwords had been “hashed and salted”. And yet, blackmail spammers now have full Animoto passwords.
If you run the Wordpress plugin Simple 301 Redirect plugin, or the 301 Redirect addon Bulk Uploader by Webcraftic and Ash Durham, you are in danger of having your site get redirected to a malicious site.
Zombie Load, Spectre, and Meltdown are security holes in the processors of many, many personal computers as well as servers, including those in the cloud.
The City of Baltimore had their city government computer system shut down by the Robbinhood ransomware. Yet it could have been avoided, or at least mitigated. Here’s how to protect yourself or a business from ransomware.
The same data uploads and downloads that make Teslas dream cars for some Tesla owners also may make them security hell for all Tesla drivers. That’s because Tesla vehicles are big, wheeled Internet of Things devices.
It all started with a seemingly innocent Google blog post earlier this month, in which Google announced that their ‘Hey Google’ Google Assistant was ready to go live on Nest Secure Nest Guard home security devices. Then people started having that ‘waaaait a minute…’ moment: this meant that there had to be a microphone in that Nest Guard device.
Last year (in fact almost a year ago exactly) we told you about the U.S. Post Office’s new ‘Informed Delivery’ service. For those of you not familiar with the USPS Informed Delivery service, well, count your blessings. Because the postal service has experienced a serious breach, making the personal information of all 60 million plus Informed Delivery vulnerable.
Hot on the heels of California passing their California Consumer Protection Act (CCPA) which is actually a consumer data protection law, and on the slightly more distant heels of the passage and enactment of the General Data Protection Regulation (GDPR), Colorado has both passed and enacted the Colorado Consumer Data Protection Act (CCDPA).
Reddit experienced a “security incident” in June, which they announced by email this month (August, 2018). While an email to Reddit users says that the hack affected “account credentials from 2007”, the full story paints a substantially broader picture.
If your child, or someone you know, received a My Friend Cayla doll, a Furby Connect doll, a Q50 children’s smartwatch, or a Sphero BB-8 droid (or quite likely one of a number of other toys or devices aimed at children, and that connect to the Internet via Bluetooth), that device – and thus the child who plays with it or uses it – is at risk of being hacked, personal data stolen, and even a hacker talking to the child, all because of unsecure Bluetooth connections.
As news of the Intel chip security flaw has started to permeate public awareness, people are asking themselves two main questions: “Do I have to worry about it, and if so what do I need to do?” and “Just what is speculative execution?” (The issue with the chips has to do with the speculative execution function.) This flaw is said to affect millions of Windows, Mac, and Linux computers around the world. “Major flaw in millions of Intel chips revealed” screams the BBC headline. “A Critical Intel Flaw Breaks Basic Security for Most Computers,” banners Wired. Even Popular Mechanics is getting in on it, stating that “Horrific Security Flaw Affects Decade of Intel Processors.” Although, others are starting to say that it’s not limited to Intel chips, as pointed out by the Axios story, “Massive chip flaw not limited to Intel.”
I was recently interviewed, in my capacity as an Internet law and policy attorney, and head of the Institute for Social Internet Public Policy, for an article sponsored by RSA about the impact that GDPR (the EU’s General Data Protection Rules), which goes into effect in the European Union in May 2018, is going to impact, well, everything. And, in particular, about how it will impact U.S. based businesses, because, trust me, it will.
Last week we started hearing about the Equifax data breach, although Equifax had actually known about the data breach at least a month earlier. (The full text of the Equifax statement about the cybersecurity data breach is reprinted below.) The most stunning thing about this breach is the breadth of it: the Personally Identifiable Information (PII), including names, social security numbers, and driver’s license numbers of 143 million U.S. citizens were exposed in this breach. Here is what you need to do, right now, to protect yourself.
We here at the Internet Patrol are thrilled to have been voted a “top security blog” by Credit Donkey, which, while focusing primarily on making personal finance “donkey-proof” (by which they mean fun and easy to understand), also covers the online security sector.
There has been quite a bit in the news this week about “forged cookies” and “forged cookie attacks”, but little to actually explain them. A forged cookie attack is exactly what it sounds like though: a way for hackers to forge the information in your browser cookie, and when that information includes an authentication mechanism, voila! They can log into your account.