Worried about nefarious computer-hacking geniuses stealing your important information like Internet passwords? You probably should be, given recent leaks from websites like Yahoo! and LinkedIn.
While the Yahoo! hackers expressed no ill will, that doesn?t make the information any more secure. Even the fact that most of the passwords didn?t match up with the usernames brings little comfort, considering how vulnerable the information was in the first place.
Matthew Schwartz at InformationWeek points out a few reasons for the vulnerability of the Yahoo! infrastructure. First, the kind of attack the hackers used is well-known. Second, Yahoo didn?t store the passwords in an encrypted form.
Unfortunately, even if the passwords had been encrypted, there are ways around that too. Jack Newton at Slaw discussed how hackers can even discover passwords that have been encrypted, as with the LinkedIn security breach. But all is not lost. Newton goes into further detail about what LinkedIn should have done to make encrypted passwords even more secure.
While these websites may not have had the greatest security, at least we can trust financial institutions to have impenetrable computer systems to stop the ne?er-do-wells and keep our money safe.? Maybe not. Back in 2009, hackers were able to move over a half a million dollars in fraudulent transactions.
So, what happened? Did the banks forget to encrypt their users? passwords? Brian Donahue and Paul Roberts looked at the issue for Threatpost in an article titled ?Appeals Court Calls Bank?s Security ?Commercially Unreasonable.?? They observed that, while no one is certain how the attack happened, a virus was discovered on an employee?s laptop. This virus might have been able to track the letters being typed by the user. The hacker could then discover the username, password, and answer to a security question.
People?s United Bank was able to recover only less than half of the fraudulently transferred funds. Of course, a lawsuit followed. The bank sued the hackers, right? Wrong. Patco Construction Company, the owner of the breached account, brought a suit against the bank for violating the Uniform Commercial Code Article 4A as codified under Maine Law.
But it wasn?t the bank?s fault they got hacked. Well, it?s not quite that simple. Article 4A of the UCC creates an obligation for the bank to ensure the secure transfer of its customer?s funds. Patco Construction complained that the bank?s security procedures were commercially unreasonable. Among other things, the bank seemed to ignore alerts that the transactions were high-risk and uncharacteristic of its customer.
While the district court granted summary judgment in Ocean Bank?s favor, finding the security practices commercially reasonable, the First Circuit Court of Appeals recently overturned that decision and held the bank liable for Patco?s losses. The Sanford News, Patco?s hometown newspaper, published an article yesterday discussing the decision. Ellen Todd of the Sanford News noted that
The First Circuit Court ordered that further proceedings be remanded back to the trial court to resolve several subsidiary questions in the case. The decision also suggested that the parties ?may wish to consider whether it would be wiser to invest their resources in resolving this matter by agreement.?
Pamela Ryckman of the New York Times recently highlighted the dangers of information-security breaches for small-business owners in particular:
[O]wners often assume incorrectly that the protection they have on personal bank accounts applies to their business accounts. Many are shocked to learn that most banks do not take responsibility for unauthorized debits from business accounts. Unless the owners have fraud insurance, they must shoulder the losses alone.
It may be difficult to tell which business operations have secure procedures for protecting everything from your bank account to your password. But, consumers can do their part by avoiding simplistic passwords and by scanning their computers for viruses.
In Texas, computer crimes are covered by Penal Code chapter 33. The full text of the statute and accompanying annotations are available in O?Connor?s Texas Criminal Codes Plus.? Look for the new edition soon. The notification requirements following an information-security breach are codified in Business & Commerce Code ?521.053. The section was amended during the 2011 legislative session, effective for conduct occurring on or after September 1, 2012. For the amended text, along with the rest of the Business & Commerce Code and annotations selected by leading business attorneys, pick up your copy of O?Connor?s Business & Commerce Code Plus.
?
jay z and beyonce the big chill tony blankley steelers charles barkley beyonce troy polamalu
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.