Tag: data privacy

Uber paid $100,000 to a Florida man to keep quiet about the theft of its customer data. The repercussions could damage the reputation of bounty programs, experts warn.

Podcast: will Uber’s Florida Man Problem chill Bug Bounties?

In our latest podcast: the ride sharing firm Uber finds itself on the wrong side of a Florida Man story after paying $100,000 in hush money to a man from The Sunshine State who stole information on 57 million Uber customers. We speak with Katie Moussouris about how the company’s actions could affect the future of the young vulnerability disclosure industry. Also: with BitCoins trading for $16,000 each, Wandera researcher Dan Cuddeford joins us to talk about mobile crypto-jacking schemes that hijack mobile devices to mine crypto currencies. And we invite Alan Brill of the firm Kroll back to discuss recent House of Representatives hearings on the future of authentication in an age of rampant data sharing and data theft. Podcast: Play in new window | DownloadSubscribe: Android | RSS

North American firms may be early targets of EU regulators once the GDPR data privacy laws go into effect in May, 2018.

US Firms May Be Early GDPR Targets

Large US firms may be among the first targets of EU regulators once the General Data Protection Rule goes into effect. (Editor’s Note: this blog post first appeared on Digital Guardian’s Digital Insider blog. You can read the full post here. )

A bulletin from the Department of Homeland Security warns that drones made by China-based DJI are collecting sensitive data on US critical infrastructure and industry and giving it to the Chinese government.

Spy Eyes In the Sky: DHS says DJI Drones spy for Chinese Government, Industry

The Department of Homeland Security is warning that commercial drones made by the China-based firm Da Jian Innovations (DJI) may be providing “U.S. critical infrastructure and law enforcement data” to the Chinese government and favored industries in that country, according to a copy of an August, 2017 Intelligence Bulletin (PDF) published by the website Public Intelligence. 

Podcast: Infosec has a #MeToo Problem also TOR-ifying Wikipedia

Podcast: Infosec has a #MeToo Problem also TOR-ifying Wikipedia

In this week’s Security Ledger Podcast, we talk with Genevieve Southwick, CEO of the B-Sides Las Vegas hacker conference about the information security industry’s #metoo problem and what steps conference organizers are taking to stem sexual assault and harassment at information security events. Also: researcher Alec Muffet talks with us about making a TOR version of Wikipedia (and why it’s not sticking around). Finally, Martin McKeay of Akamai talks about the state of Internet security one year after Mirai. (Spoiler alert: Mirai is still a problem.) Podcast: Play in new window | DownloadSubscribe: Android | RSS

Experts testifying before the House Energy and Commerce Committee about the impact of data breaches on online authentication. (Image courtesy of US House of Representatives.)

Congress told Breaches, Sharing Spell End of Authentication by What We Know

The days of logging into a web site or application with nothing more than facts stored in your brain are nearing their end, pushed to extinction by the unrelenting pace of information sharing online and an equally unrelenting storm of data breaches that expose that data.