The EC has published new breach disclosure rules that exempt companies from disclosure if they're using encryption. It's an odd loophole, given how data handling can be bungled, encryption or no.
Domain registrar and web hosting company Name.com, part of the Demand Media group, has suffered a data breach.
Crooks have apparently made off with data up to and including credit card numbers...but it sounds as though everything was encrypted, which is a silver lining.
Serial Java fault-finder Adam Gowdiak has embarrassed Oracle yet again.
The Polish researcher is publicly bragging about two brand-new vulnerabilities he's found even since Oracle's most recent patch just a week ago.
The second of two FTC reports on kids' mobile apps shows that the industry hasn't improved with regards to privacy, with many apps sharing personal information with third parties, all without notifying parents or asking for their permission.
If you've found a security issue with PayPal, you could receive a monetary reward for informing the firm responsibly.
The Australian government has thumbed its nose at legal safeguards for ethical hackers, according to security researcher Alana Maurushat.
Industry professionals say they went out of their way to submit proposals for recent reviews of cybercrime laws, but the government decided to reject them all.
Of all the information you've entrusted to others, which would you consider the most embarrassing to see popping up on the internet?
How about the date of your latest paternity test?
It's no good having mandatory data breach disclosure laws if all they teach us is to admit we had a breach. We also need to convey information of obvious practical value to all affected parties.
Three words. Promptness. Clarity. Openness.