Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

Password Management Incompetence: The Blur Story

January 07, 2019 by Marc Handelman in Security Incompetence

via Catalin Cimpanu, writing at ZDNet News, comes the sorry tale of fundamental security incompetence (compounded by utter stupidity, I'll wager) as displayed by Abine, the publishers of password manager Blur'. Reportedly, the comnpany exposed their estimated 2.4 million customer records in a discrete file exposed to public retreival via our beloved interwebs... Astounding.

"The breach came to light last year, on December 13, when a security researcher contacted the company about a server that exposed a file containing sensitive information about Blur users, an Abine spokesperson told ZDNet via email." - via Catalin Cimpanu, writing at ZDNet News

January 07, 2019 /Marc Handelman
Security Incompetence

Inspector General's Report: The DOD Software Fail

December 28, 2018 by Marc Handelman in Security Incompetence, US DOD

via Heather Kuldell, reporting for DefenseOne, comes the sorry tale of the fundamental failure of information security capability, this time at the Department of Defense, and revolving around the lack of control of what bits are installed on the Department's networks worldwide. All this, via the latest Department of Defense Office of the Inspector General's Report, DoD Management of Software Applications DODIG-2019-037. Astounding.

December 28, 2018 /Marc Handelman
Security Incompetence, US DOD

Stearing Clear Of SSO

October 04, 2018 by Marc Handelman in Security Incompetence

While it may be a foregone conclusion - as most conclusions are, simply by a calculus of time - Slate's Will Oremus has published food-for-thought on the true utility (or Lack Thereof) of logging into a useful site utilizing a Single Sign-On tokenized function foisted on unwary and the great unwashed by the Social-Media-Site-That-Has-Deeply-Flawed-Ideas-About-User-And-Data-Security. Just Saying...

October 04, 2018 /Marc Handelman
Security Incompetence

RSAC 2018, The Leakage →

April 24, 2018 by Marc Handelman in Blatant Stupidity, Application Security, Security Incompetence

Security, Heal Thyself

April 24, 2018 /Marc Handelman
Blatant Stupidity, Application Security, Security Incompetence
View fullsize bw dickie smith's mug shot.png
View fullsize m dickie smith's mug shot.png
View fullsize g dickie smith's mug shot copy.png
View fullsize b dickie smith's mug shot copy.png

EQUIFAX CEO, The Prepared Statement →

October 04, 2017 by Marc Handelman in Corporate Evil, Security Incompetence

The Utterings of a Fool - a $90,000,000 Fool...

October 04, 2017 /Marc Handelman
Corporate Evil, Security Incompetence

Great Idea! Let's Publish Our Private PGP Key! →

September 25, 2017 by Marc Handelman in Secrets, Security Incompetence

Via Sean Gallagher, writing at our beloved ArsTechica, comes the astonishing (well, not so astonishing give the source company...) news of Adobe Product Security Incident Response Team (PSIRT) blog publishing capers. This time, they managed to blogify their PGP private key for all the world to see. Crypto-Darwin Award canditate you say? Maybe, if there was one.

September 25, 2017 /Marc Handelman
Secrets, Security Incompetence

Gruber's 'Wading Through AccuWeather's BS Response' →

September 01, 2017 by Marc Handelman in Security Incompetence, Excuses

So Good.

'The accusation has nothing to do with “GPS coordinates”. The accusation is that their iOS app is collecting Wi-Fi router names and MAC addresses and sending them to servers that belong to Reveal Mobile, which in turn can easily be used to locate the user. Claiming this is about GPS coordinates is like if they were caught stealing debit cards and they issued a denial that they never stole anyone’s cash.'
via John Gruber on Daring Fireball

September 01, 2017 /Marc Handelman
Security Incompetence, Excuses
  • Newer
  • Older