NCIX Database Servers Sold at Craigslist Without Being Wiped Canadian retailer NCIX filed for bankruptcy and closed 10 months ago. They were the premiere PC hardware retail store in Canada and even did a sizable business on the other side of the border. However, as Travis Doering of Privacy Fly found out, the company did not go quietly away without doing some damage to… Read More
Florida skips gun background checks for a year after employee forgets login In Florida, the site of recent mass shootings such as at the Stoneman Douglas High School and the Pulse nightclub, more than a year went by in which the state approved applications without carrying out background checks. This meant the state was unaware if there was a cause to refuse a licence to allow somebody… Read More
Teen phone monitoring app leaked thousands of user passwords The mobile app, TeenSafe, bills itself as a ‘secure’ monitoring app for iOS and Android, which lets parents view their child’s text messages and location, monitor who they’re calling and when, access their web browsing history, and find out which apps they have installed. Although teen monitoring apps are controversial and privacy-invasive, the company says… Read More
UK cell giant EE left a critical code system exposed with a default password EE, the largest cell network in the UK with some 30 million customers, has secured a critical code repository after a security researcher found anyone could log in with the default username and password. An anonymous security researcher, who goes by the handle Six and is founder of Project Insecurity, discovered a Sonarqube portal on… Read More
Every major OS maker misread Intel’s docs. Now their kernels can be hijacked or crashed Linux, Windows, macOS, FreeBSD, and some implementations of Xen have a design flaw that could allow attackers to, at best, crash Intel and AMD-powered computers. At worst, miscreants can, potentially, ‘gain access to sensitive memory information or control low-level operating system functions,” which is a fancy way of saying peek at kernel memory, or hijack… Read More
Idaho State University Lost Enough Weapons-Grade Plutonium to Make a Dirty Bomb On Friday, the Nuclear Regulatory Commission announced that Idaho State University may face an $8,500 fine after losing one gram of weapons-grade plutonium. Although this quarter-sized amount of plutonium is nowhere near enough to make a nuclear weapon, it is enough to make a dirty bomb that spreads radiation, according to the Associated Press. Source:… Read More
Australia’s Commonwealth Bank lost 20 Million customer records According to thebroadcaster ABC, the data were supposed to have been destroyed when a sub-contractor after the dismantled a data centre. The sub-contractor did not provide the bank the documentation to confirm this the disruption of the magnetic data tapes, anyway the bank tried to downplay the situation confirming that the records don’t include passwords,… Read More
23,000 HTTPS certificates axed after CEO emails private keys A major dust-up on an Internet discussion forum is touching off troubling questions about the security of some browser-trusted HTTPS certificates when it revealed the CEO of a certificate reseller emailed a partner the sensitive private keys for 23,000 TLS certificates. Source: arstechnica… Read More