Deja Vu - Web Apps
From FTC File No. 082 3113, the highlight is the Deja Vu, ymmv.
The
complaint is for violations of the provisions of the Federal Trade Commission Act by an operator of a "computer network that consumers use" and it says;
"respondents engaged in a number of practices that, taken together, failed to provide reasonable and appropriate security for the personal information stored on their network. Among other things, respondents:
(1) stored personal information in clear, readable text;
(2) did not adequately assess the vulnerability of their web application and network to commonly known or reasonably foreseeable attacks, such as “Structured Query Language” (“SQL”) injection attacks;
(3) did not implement simple, free or low-cost, and readily available defenses to such attacks;
(4) did not use readily available security measures to monitor and control connections between computers on the network and from the network to the internet; and
(5) failed to employ reasonable measures to detect and prevent unauthorized access to personal information, such as by logging or employing an intrusion detection system.
Comments