Legal for providers to use navigation information for profiling / advertising? [closed]

My internet provider knows which sites I am connecting to (even if only the server names, when using https). Can they legally use that information for profiling / advertising? For instance, if they see me visiting www.babynames.com they mi… Continue reading Legal for providers to use navigation information for profiling / advertising? [closed]

Patent Law And The Legality Of Making Something Similar

When [Erich Styger] recently got featured on Hackaday with his meta-clock project, he probably was not expecting to get featured again so soon, this time regarding a copyright claim on the ‘meta-clock’ design. This particular case ended with [Erich] removing the original blog article and associated PCB design files, leaving …read more

Continue reading Patent Law And The Legality Of Making Something Similar

Would it be illegal to brute force to gather the information that is available publicly on a govt. website? [closed]

Yesterday the results for my class were announced and released on a website. To check my result I have to enter two things

My Roll Number
My Application Number

I want to see one of my friends’ result, and I only know their roll number
an… Continue reading Would it be illegal to brute force to gather the information that is available publicly on a govt. website? [closed]

Insurer’s huge data exposure draws charges from New York state

New York regulators have charged an insurer with violating state cybersecurity law for allegedly exposing hundreds of millions of documents that included Americans’ personal data, including Social Security numbers and financial information. The New York State Department of Financial Services announced legal action Wednesday against the First American Title Insurance Company, the second-largest real estate title insurer in the U.S. The company is accused of exposing customers’ Social Security numbers, bank account information, driver’s license numbers and mortgage and tax records through a software vulnerability that went undetected between May 2014 and December 2018. Upon discovering the flaw during a routine security test, the insurance company failed to fix it, DFS alleged. “After the data exposure was discovered by an internal penetration test in December 2018, First American failed to conduct a reasonable investigation into the scope and cause of the exposure, reviewing only 10 of the millions of documents exposed and […]

The post Insurer’s huge data exposure draws charges from New York state appeared first on CyberScoop.

Continue reading Insurer’s huge data exposure draws charges from New York state

Researchers to Supreme Court: Terms of service violations shouldn’t be CFAA crime

As the Supreme Court prepares to consider a controversial federal anti-hacking law, a group of prominent cybersecurity researchers and legal advocates is pleading with the court not to criminalize digital research in the public interest. In a brief filed with the court Wednesday led by digital rights group Electronic Frontier Foundation, the researchers warned that if violations of a company’s “terms of service” are deemed to be illegal, it risks chilling important research into voting systems, medical devices and other key equipment. “Despite widespread agreement about the importance of this work—including by the government itself— researchers face legal threat for engaging in socially beneficial security testing,” wrote the EFF, the nonprofit Center for Democracy & Technology, and cybersecurity companies Bugcrowd, Rapid7, SCYTHE and Tenable. Famous security researchers like Peiter “Mudge” Zatko and Chris Wysopal, who warned Congress of the internet’s insecurities in the 1990s as members of the L0pht hacking collective, […]

The post Researchers to Supreme Court: Terms of service violations shouldn’t be CFAA crime appeared first on CyberScoop.

Continue reading Researchers to Supreme Court: Terms of service violations shouldn’t be CFAA crime