The White House debated various options to punish Russia, but facing obstacles and potential risks, it ultimately failed to exact a heavy toll on the Kremlin for its election meddling.
Source: Obama’s secret struggle to punish Russia for Putin’s election assault
If you were one of those hit by the intrusion, don’t expect a big payout. Plenty of others will be getting their cuts first. According to the terms of the settlement, a full third of the package ($37,950,000) has been earmarked to cover attorney fees.
An additional $17m will be paid out to Experian, who is handling the credit and identity monitoring services for victims. Any taxes the government levies on the $115m payout will also be deducted from the fund itself.
After all that, people affected will be able to fill out the necessary forms to claim a share of the settlement, including coverage of out-of-pocket expenses they have incurred from the breach (but only up to $15m – beyond that no more out-of-pocket claims will be accepted).
Source: Anthem to shell out $115m in largest-ever data theft settlement
The amount of money going to the lawyers and experian beggars belief! There is no way this can have been possible within an in any way sane hourly fee. The fact that almost none goes to the 78.8 million victims shows you the law is self serving and has nothing to do with justice.
The Password Reset Man in the Middle (PRMITM) attack exploits the similarity of the registration and password reset processes.
To launch such an attack, the attacker only needs to control a website. To entice victims to make an account on the malicious website, the attacker can offer free access to a wanted resource (e.g. free software). Once the user initiates the account registration process by entering their email address, the attacker can use that information to initiate a password reset process on another website that uses that piece of information as the username (e.g. Google, YouTube, Amazon, Twitter, LinkedIn, PayPal, and so on).
Every request for input from that site is forwarded to the potential victim, and then his or her answers forwarded back to that particular site.
Source: Password Reset MITM: Exposing the need for better security choices – Help Net Security
That this works is down to some serious cognitive laziness during the registration process!