From FTC File No. 082 3113, the highlight is the Deja Vu, ymmv. The "respondents engaged in a number of practices that, taken together, failed to provide reasonable and appropriate security for the personal information stored on their network. Among other things, respondents: (1) stored personal information in clear, readable text; (2) did not adequately assess the vulnerability of their web application and network to commonly known or reasonably foreseeable attacks, such as “Structured Query Language” (“SQL”) injection attacks; (3) did not implement simple, free or low-cost, and readily available defenses to such attacks; (4) did not use readily available security measures to monitor and control connections between computers on the network and from the network to the internet; and (5) failed to employ reasonable measures to detect and prevent unauthorized access to personal information, such as by logging or employing an intrusion detection system. |
Patrick 193 Posts Feb 27th 2009 |
Thread locked Subscribe |
Feb 27th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!