Home » Archive

Articles Archive for January 2015

Data Management, In Other News | Posted 12 Jan 2015 | Comments Off on Obama Proposes 30 Day Hack Notification | 2,224 views
Secure Data

President Obama is pushing new legislation called the Personal Data Notification and Protection Act. This law, if enacted, will standardize the consumer notification requirements in the event of data breach. Under the law, companies would be required to notify …

Defense In Depth | Posted 11 Jan 2015 | Comments Off on Microsoft Limits Advanced Notifications | 2,236 views
Microsoft Windows Logo

According to a recent blog post, Microsoft will be limiting access to its Advanced Notification Service. ANS provides customers with a heads up of the upcoming patches, which allows them to schedule changes and maintenance windows. Chris Betz wrote …

In Other News | Posted 6 Jan 2015 | Comments Off on Moonpig API Exposes Customer Info | 8,886 views

Security researcher Paul Price discovered a flaw in the API used by UK greeting card company Moonpig. Their API does not require authentication and exposes customer account details.  He notified them of his findings in August 2013. After 17 months, …

Communications | Posted 5 Jan 2015 | Comments Off on Gogo Caught Forging SSL Certificates | 1,968 views

Inflight internet connectivity provider Gogo has been caught forging SSL certificates and serving them to their customers. Flyer Adrienne Porter Felt tweeted a screenshot of the a forgery for Google. Her tweet: hey @Gogo, why are you issuing *.google.com certificates

In Other News | Posted 4 Jan 2015 | Comments Off on Clock Runs Out on Microsoft Zero Day | 2,347 views

Microsoft failed to patch a zero day exploit before the automatic 90 day clock ran out. A research submitted a privilege escalation vulnerability in Windows 8.1 to Google’s Project Zero. The bug allows a local user to trick a …