According to a News Limited report, customers visiting clothing retailer Witchery's mobile website were able to get at the PII of other users via a feature called "track my order."
Customers could also view every order currently being processed, not just their own...
If you follow technology gossip, you probably saw the fuss kicked up last week by a Seattle resident called Nick Starr, who went into a local 24-hour diner wearing Google Glasses.
Briefly put, the restaurant said, "No!"
At this time of year, as we search for Cyber Monday bargains and prepare for Christmas, it is rather tempting to enjoy the comfort of shopping from our own homes and not have to battle the seasonal queues. But shopping on the web is not always a perfect experience as many consumers discover to their cost.
Turn bad news into good with "what you can do better" advice from Chet and Duck.
Learn from: an XP zero-day, a spate of Bitcoin "bank robberies," the outcome of a European user security survey, and yet another cryptographic blunder, this time from Drupal.
Dutch banks have agreed on a common framework of rules for their online banking customers, which they will require people to follow if they are to qualify for refunds of money stolen through phishing, carding or other forms of online fraud.
When is Computer Security Day? What can forward secrecy do for you? Can you believe there's an 0-day in XP?
Have some fun finding out the answers in this week's 60 Second Security!
The Debian Linux security team recently pushed out a wry security advisory for popular web CMS Drupal.
In amongst the laundry list of fixes was a common modern malady - non-cryptographic random numbers used cryptographically...
When it comes to electronic devices, bad things do happen. Components fail, power outages do occur, files can be accidentally deleted... oh and millions of dollars worth of Bitcoins can be chucked in the bin.
Microsoft has gone public to warn about a zero-day vulnerability in the Windows XP kernel.
Full details are still to be released, as it isn't patched yet, but here's what we know so far...
Google's recent decision to revamp YouTube's comment system by integrating Google+ in order to reduce spam has proven to be extremely unpopular with users. Ironically, however, it has proven to be quite a hit with the spammers themselves.
The risk of cyberattacks on SMBs has been examined in detail in a recent Sophos-sponsored report by the Ponemon Institute. The report - The Risk of an Uncertain Security Strategy - surveyed over 2,000 IT security managers within organisations employing up to 5,000 people.
15 months ago, we reported on a data breach at online entertainment company Blizzard. We were complimentary back then, not least because the company owned up within three days.
Blizzard's follow-up, however, hasn't been quite as swift or impressive...
According to a large-scale survey which questioned over 27,000 people across the European Union on their internet use, security attitudes and experiences, many are put off using online services by the potential dangers, but few are taking all the necessary steps to carry out their online business in safety.
Eric Schmidt said recently that encrypting everything can end government censorship in a decade. Activists battling China's Great Firewall say why wait, when we just did it in a fraction of the time?
US officials certainly don't like that he published top-secret documents, but they say that legally, he hasn't committed a crime - at least, not that they've determined so far. They've refrained from formally closing the grand jury investigation, though, so maybe they're holding out hope.
Paul Ducklin looks why hackers are more than merely interested in online Bitcoin repositories - and why you need more than just a hunch about a repository's trustworthiness before you hand over your Bitcoin data.
Chet and Duck dig into the good and bad of the week's news, from the amusing "Happy Hour Virus", through Twitter's implementation of forward secrecy, to LG's data-grabbing TVs and the company's unamusingly casual attitude...
Aaaaaaaaand they're OFF! Encrypted (unsalted? unhashed?!) passwords are out of the gate, heading into the first turn toward potential decryption by cybercrooks. Anybody care to place bets on how many of those passwords are reused on other sites?