Data Security

Hacker accesses 70,000 Healthcare.gov records, says website is 100% insecure

Hacker accesses 70,000 Healthcare.gov records, says website is 100% insecure

The Healthcare.gov website has had its fair share of troubles since launch, and one that has been persistent among them is claims of security vulnerabilities. TrustedSec's CEO David Kennedy has been vocal about these issues, though little has been done to address them. Perhaps to make a bigger point, he took advantage of the vulnerability in recent times and managed to access 70,000 records over the course of four minutes, saying, "Seventy-thousand was just one of the numbers that I was able to go up to, and I stopped after that."

Continue Reading

NSA Dishfire program pilfers millions of text messages per day

NSA Dishfire program pilfers millions of text messages per day

The latest in a long line of NSA-centric leaks comes a report about alleged project "Dishfire" from The Guardian, a program said to result in the harvesting of millions of text messages by the security agency on a daily basis. This is not targeted message collection, instead being the mass harvesting of nearly 200 million messages per day, which are then stored and used to extract details like credit card info, geolocation, and one's contact networks.

Continue Reading

Starbucks mobile payment app stores user data in clear text

Starbucks mobile payment app stores user data in clear text

Shopping at Starbucks is convenient for the mobile users among us via the use of the company's mobile payment app. As it turns out, this same app stores user data in clear text, causing a potential privacy issue. Confirmation of this was made by Starbucks yesterday night, and executives confirmed they were previously aware of the method of storage. The discovery was first made known by Daniel Wood, a security researcher who reportedly attempted to contact the company about it this past November.

Continue Reading

Google runs afoul of Canadian privacy law

Google runs afoul of Canadian privacy law

Coming a few hours after word surfaced that Google will be appealing a fine issued by France over privacy violations, issues have arisen over another breach of privacy, with this particular instance resulting in Canada. According to the nation's Privacy Commissioner, Google utilized so-called "sensitive personal information" to target certain advertisements in violation of privacy law.

Continue Reading

Banking mobile apps largely vulnerable, reveals IOActive study

Banking mobile apps largely vulnerable, reveals IOActive study

Personal banking apps make managing a checking or savings account easy, eschewing the need for a laptop or firing up a browser. Whether they keep your personal data secure is another matter, however, one that IOActive Labs Research says needs more attention. In a recent study, the research group looked into forty different so-called home banking apps from what it says are the world's top 60 most influential banks, none of which were specified by name.

Continue Reading

Wickr founder details FBI request for backdoor

Wickr founder details FBI request for backdoor

In December, it was reported that security firm RSA -- according to documents leaked by Edward Snowden -- was paid millions by the NSA to put a back door into its encryption products. A couple days later, the company denied having a secret contract with the government agency, and said that it never knowingly put a back door in its offerings. That didn't stop some companies from gravitating away from RSA, however, and one such company was Wickr. The company's founder, Nico Sell, announced this change at an RSA Security Conference, during which she made it clear her company would not have a back door and that users' security was important. Immediately after, an FBI agent approached her with a request -- to add a backdoor on behalf of the agency.

Continue Reading