Breach Blog

A great resource for learning about security foibles is The Breach Blog.  This fellow finds some really good stuff, things like lost USB drives, poorly secured sites, etc. 

Here’s a good one: The US Transportation Security Administration is responsible for securing air travelers in the post 9-11 apocalypse.  The TSA has a method of allowing innocent travelers to remove their names from their ‘watch list’, thereby avoiding hassles when boarding aircraft in the US.  Unfortunately, the web application was poorly secured, resulting in serious problems.

Of course, in many (most?) states in the US, it is the law to report information breaches.  Here in Canada, we have to wait for the news services to hear of a investigation or report before such information sees the light of day… 

While our Privacy Commissioner has voluntary guidelines available for reporting breaches, the legislation has not been changed to make this reporting mandatory.

Mike

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: