About a year after 57 million records were breached at Uber, the company issued a breach notification press release. The CEO made no excuses for the lateness of the notice and to be fair, he was not involved in the handling of the whole thing since he was hired after the event. The notification also … Continue reading
Tag Archives: media analysis
The internet is not a highway, but security is like driving a car
I think it is safe to say that the internet is not an information superhighway anymore. Maybe it was once, but now the interstates are threatening to become toll roads, the blue highways have sponsors and so many things are on the internet that if you do make a wrong turn you could literally end … Continue reading
EVERYONE’S WHITEPAPER…ever. A how-to.
Sample (analysis follows): The cyber security threat landscape is awash in an ever changing fabric of “slings and arrows”. It’s not just a matter of “if” script kiddies will attack the enterprise but “when” nation states. And big, big breaches. Before the 20th century, there are only two recorded Denial of Service attacks: the burning … Continue reading
Hooked on hacks
To distort a phrase from media criticism: if it HEARTBLEEDS, it leads. I have no proof of this, but I am guessing that the number of journalists that now have experience writing about cybersecurity events has increased dramatically in the past year. Big breaches have always been news, but with a cluster of them occurring … Continue reading
The 4th e-state of denial
Corporate web sites getting hacked is news. Corporate news sites getting hacked is news. News sites getting not hacked but going down anyway is…? When NYTIMES.com went down this week for a couple of hours, they felt they needed to provide the proper context for their downtime. The headline of the article they published read … Continue reading
When is a breach notification not a breach notification?
In Memoriam Barnaby Jack.(1) When it’s an indictment, a settlement or an ethical hack. It is interesting to note the difference between a breach notification press release (these are required by law, for example, for breaches of health care data affecting over 500 individuals) and the subsequent coverage and reports of indictments, settlements and ethical … Continue reading
Honest, Mom, lots of kids failed that test
The media are certainly becoming more sophisticated at reporting on data breaches and web site hacks. And as that happens, corporate communications departments are freer to craft ever more sophisticated messages about a breach/hack involving their organization. The new goal is to attempt to describe the organization as just the latest victim of an on-going attack … Continue reading
Hack on South Carolina data: criminal; act of international cyber terrorism: huh?
[note: the links are no longer active, apologies] In this example, the press takes advantage of recent comments about a “cyber Pearl Harbor” and implies that what looks like a case of identity theft for the purposes of tax and credit card fraud is an international cyber attack on the U.S. by our enemies. The press release … Continue reading
{Cyber Security} 