Down the Security Rabbithole Podcast (DtSR) DtSR Episode 185 - NewsCast for March 15th 2016
Mar 21, 2016
42:27
Send the hosts a message - try it now!
In this episode...
The FTC is getting into providing guidance on password changes
- Well OK, this isn't really guidance, it's just a blog
- But - does this mean that the FTC is getting into technical guidance?
- https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes
Dwolla hit by CFPB and fined $100,000
- Who is the CFPB (Consumer Finance Protection Bureau)?
- This opening sentence is crucial: "The Consumer Financial Protection Bureau (Bureau) has reviewed certain acts and practices of Dwolla, Inc. (Respondent, as defined below) and has identified the following law violations: deceptive acts and practices relating to false representations regarding Respondent’s data-security practices in violation of Sections 1031(a) and 1036(a)(1) of the Consumer Financial Protection Act of 2010 (CFPA), 12 U.S.C. §§ 5531(a), 5536(a)(1)"
- http://files.consumerfinance.gov/f/201603_cfpb_consent-order-dwolla-inc.pdf
- http://blog.dwolla.com/we-are-never-done/
FTC To Study Credit Card Industry Data Security Auditing
- The FTC is asking for specific information from a specific number of companies (9 of them in total)
- Studying "how companies and their assessors interact" - is that code for something?
- Interesting to see what the FTC will do with this?
- https://www.ftc.gov/news-events/press-releases/2016/03/ftc-study-credit-card-industry-data-security-auditing
Bengladesh bank hackers steal ~$100M
- There is definitely more to this story
- Lots of finger-pointing, failed/unknown processes in SWIFT clearinghouse
- Was this account compromise? System compromise? An insider threat? All of the above?
- http://www.bankinfosecurity.com/bangladesh-bank-hackers-steal-100-million-a-8958
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast