Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
OPM Data Breach Lawsuit Tossed, Fed Plaintiffs will Appeal
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/25/2017 | 11:36:09 AM
Re: Information vs Money
If a thief steals your money you don't have to prove they spent it only that they stole it. That makes sense, I wonder where the judge is coming from. Very strange decision.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/25/2017 | 11:34:55 AM
Re: Interesting
Lawyers love this stuff Yes, it does not make sense and confuses the public, that would help lawyers.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/25/2017 | 11:33:37 AM
Strange
The workers won't be able to sue because they cannot show the stolen data has been used by attackers This is new for me, so breach can happen but if data is not used that would not be consider an issue. Interesting.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
9/22/2017 | 2:39:41 PM
Re: Based on outcome
There is also a time-value on WHEN an attacker decides to use that stolen Mastercard number of SS number is there not?  An actor may wait weeks or months or have to dig through the 143 million stolen from Equifax before action is indeed taken.  Theft is theft - and break-in is theft writ large.  This is quite a legal tangle!!!  Kinda like stealing a car out of a driveway without breaking the window but parking it around the block until, oh, one night when it is sold for parts!!!  When IS the criminal act perfrmed?  
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/22/2017 | 8:28:02 AM
Based on outcome
I understand that this judgement was made based on the lack of evidence that attackers maliciously used the data in question but is there a statute of limitation for instances like this?
gwilson001
50%
50%
gwilson001,
User Rank: Strategist
9/21/2017 | 2:06:00 PM
Re: Interesting
That is the underlying threat here - a precedent that Equifax will surely jump on to ward off the class action suits against them.  This was a shortsighted decision by a Judge that clearly does not understand the problem or the the impact this stupid decision will have on millions of victims of the Equifax and other future data thefts.

This is a common probelm, the judiciary does not understand technology and they consequently make idiotic rulings based on that lack of understanding.  This could let Equifax off the hook as far as civil actions are concerned.  unfortunate because Equifax should not be allowed to continue as a business - they cannot be trusted with sensitive data we have not given them explicit permission to aggreagate and store.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
9/21/2017 | 12:41:35 PM
Re: Information vs Money
Good point - information theft is invisible if compared to car or money theft.  If a thief breaks into your home, that is a robbery.  If a thief steals a garden hose outside, that is theft.  There is a difference.  Information is invisible of course but if you went to your ATM and instead of seeing $33,202 in savings and there is $-29.33 there, I would think legal recourse has to be taken somewhere.  A thief broke INTO SOMETHING to get your data.  The thief did NOT RETRIEVE YOUR ATM CARD from the street.  Same difference.  

The answer to your question is WHO was guarding the vault?  Who has responsibility for the vault?  If i leave my house wide open with a sign saying MONEY IN HERE, then I am clearly at fault.  Same with Experian to a degree.
tim77
50%
50%
tim77,
User Rank: Apprentice
9/21/2017 | 12:25:18 PM
Information vs Money
Why should one have to prove they are damaged by having their information stolen? If a thief steals your money you don't have to prove they spent it only that they stole it. Information should be treated in the same manner!
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
9/21/2017 | 9:40:34 AM
Interesting
Workers cannot sue because of a data breach.  Read that: PEOPLE cannot sue over a data breach - Equifax.  This could have enormous legal consequences - something to watch.  (Lawyers love this stuff).
<<   <   Page 2 / 2


44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5162
PUBLISHED: 2020-02-25
An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as t...
CVE-2019-5165
PUBLISHED: 2020-02-25
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker ...
CVE-2020-9383
PUBLISHED: 2020-02-25
An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.
CVE-2019-5136
PUBLISHED: 2020-02-25
An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands ...
CVE-2019-5137
PUBLISHED: 2020-02-25
The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13.