Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Deja Vu - Web Apps - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Deja Vu - Web Apps

From FTC File No. 082 3113, the highlight is the Deja Vu, ymmv.

The complaint is for violations of the provisions of the Federal Trade Commission Act by an operator of a "computer network that consumers use" and it says;

"respondents engaged in a number of practices that, taken together, failed to provide reasonable and appropriate security for the personal information stored on their network. Among other things, respondents:

(1) stored personal information in clear, readable text;

(2) did not adequately assess the vulnerability of their web application and network to commonly known or reasonably foreseeable attacks, such as “Structured Query Language” (“SQL”) injection attacks;

(3) did not implement simple, free or low-cost, and readily available defenses to such attacks;

(4) did not use readily available security measures to monitor and control connections between computers on the network and from the network to the internet; and

(5) failed to employ reasonable measures to detect and prevent unauthorized access to personal information, such as by logging or employing an intrusion detection system.

FTC AGREEMENT CONTAINING CONSENT ORDER

Patrick

193 Posts

Sign Up for Free or Log In to start participating in the conversation!