UEA accidentally sent a spreadsheet with confidential medical information to 320 undergrads. The sheet wasn’t password protected, or encrypted, because… the confidential medical information was stored in a spreadsheet because… the spreadsheet was accessible to be attached to an email because…
Please tell me that the GDPR will prompt UK orgs to spend at least 10 minutes thinking about information security before they go back to being absolutely effing clueless.
UPnP is still shit. There’s a new malware variant, presently only affecting US IPs, which targets “Universal Plug ‘n’ Play”. Conficker did the same, for those of you with long memories. Anybody who actually uses UPnP for anything needs their head examining. Doubtless you’re smarter than that, so you’ll have it switched off everywhere. Won’t you?
Yet another American retailer has found long-running payment-card stealing malware on its tills. I’ve blogged about this so often it’s getting dull, but it still keeps happening. Their response wasn’t great either – not only did it take them months to find the issue, it also took them months to tell anyone about it. It’s still mostly an American problem because they’re making such a song-and-dance about moving to chip and pin (EMV in the jargon) but no UK retailer should assume they’re immune.
WannaCry is still out there. This is a fascinating (long and nerdy) post from Kryptos Logic, the firm employing the tech who accidentally turned WannaCry off while investigating it. One interesting point made in the blog is that the prevalence of new infections even now suggests that many people and firms still haven’t installed the necessary patches or updated their anti-virus. I mean, seriously? What does it take?