Research

Expert content, for researchers by researchers

Research

What would a credit card breach cost your company?

We’ve noted recently that many companies store credit card information in an unencrypted form, sometimes several years' worth. So what happens if your systems get hacked before you get around to securing that credit card data? Sure, there’s the embarrassment of telling your customers their data has been exposed–a legal requirement in more than 40

Facebook credit score?

We recently noted that the data broker industry, in conjunction with social media outlets will become increasingly relied upon as a kind of shadow credit score for judging candidates’ qualifications. Now we see a startup that uses your Facebook profile directly to determine a “credit score” used for microloans. We hear horror stories of lost

A dozen predictions for 2012

While I share the reluctance of my colleagues to predict the future, I think there are some trends that can be classified as “reasonably likely to occur” in 2012. I make no promises, but here’s what I think we will see, in no particular order of importance or certainty. We will see increased interest in

2012 predictions: online data brokers come under fire

In 2011 we saw an increase concern about, and scrutiny of, what exactly social networking sites do with the data you input, both internally as well as what gets shared with third parties. But in 2012 some of that scrutiny will shift to those third parties as more people ask: What are they doing with

Unencrypted credit card storage on the rise

More websites stored unencrypted credit card payment information than ever this year, according to a recent report. I thought we had this figured out? Obviously this is a direct violation of Payment Card Industry Data Security Standard (PCI DSS) requirements. But seriously, this stuff is simple for the developers to fix, so why don’t they?

How secure is TSA? Congress isn’t impressed

In a scathing and far-reaching US Congressional report released recently the Transportation Security Administration (TSA) was characterized in these unflattering terms: “Since its inception, TSA has lost its focus on transportation security. Instead, it has grown into an enormous, inflexible and distracted bureaucracy, more concerned with human resource management and consolidating power, and acting reactively

Secure DNS? Encrypt the last mile

DNSSEC has been making the headlines lately as a possible defense against nasty DNS redirection schemes on the server end. Combined with anti-malware efforts at thwarting DNS changing via malicious registry/host file modification, it’s making a dent. Now OpenDNS is proposing a last mile approach called DNSCrypt which intends to secure the problematic link between users’