Welcome!

News Feed Item

Jeff Ifrah Promotes Security Awareness for Website and Mobile App Developers

WASHINGTON, DC -- (Marketwired) -- 04/15/14 -- Last month the two mobile apps, Fandango and Credit Karma, settled with the Federal Trade Commission (FTC) over charges that both companies had falsely represented the security of their mobile apps, leading to an insecure transmission of sensitive personal data of millions of customers. The FTC argued that the credit monitoring company, Credit Karma, and the movie ticketing service, Fandango, both failed to take appropriate measures to guarantee secure transmission of customers' sensitive personal data, allowing attackers to intercept and access email addresses, names, passwords, social security numbers, credit card information and credit report information. Now, the FTC ordered the two companies to put comprehensive security measures in place to minimize security risks during the use of their mobile apps. On top of that, Fandango and Credit Karma agreed to undergo security assessments every other year for the next 20 years. After the settlement, Edith Ramirez, FTC Chairwoman, said: "Our cases against Fandango and Credit Karma should remind app developers of the need to make data security central to how they design their apps."

Fandango and Credit Karma both could have avoided the charges by the FTC if they had enabled SSL certificate validation. SSL, short for Secure Sockets Layer, is an industry standard that ensures that no attacker can intercept the transmission of sensitive data and secures the communications of an app. Applications that use the SSL protocol verify certificates presented by online services to guarantee a safe and encrypted transmission. If the SSL certificate validation enabled, as in the case of Fandango and Credit Karma, the mobile app becomes vulnerable to man-in-the-middle attacks. While the FTC demonstrated an existing vulnerability, no consumer information was compromised by Fandango's nor Credit Karma's failure to put security measures in place, which could explain why the FTC agreed to a settlement without monetary penalties. In an article regarding the recent development of FTC case against Fandango and Credit Karma, Sarah Coffey of Ifrah Law, a Washington-based law firm founded by attorney Jeff Ifrah, points out the importance for companies to take necessary security steps before launching a new mobile app.

Jeff Ifrah and his team of attorneys are experienced in advising companies that are approached by the Federal Trade Commission or other state agencies. Jeff helps his clients to put appropriate policies and procedures in place and develops a sound legal strategy in case a company gets involved in potential security or data breach accusations. With the growing representation of companies on the Internet, collecting, using and protecting consumer information plays an increasingly important role. As a result, consumer advocacy groups and government regulators are keeping a watchful eye on companies to ensure they adhere to all rules and regulations. Jeff helps clients from various industries as well as website operators to draft their privacy policies to avoid legal issues with regards to data protection.

Attorney and Ifrah Law's founder, Jeff Ifrah, specializes in the defense of federal investigations and litigation. Clients come from many regulated industries and involve primarily e-commerce, e-business, and government contracts. He started his career as a trial lawyer and officer in the U.S. Army's Judge Advocate General's Corps, followed by an appointment as trial counsel to the U.S. Army Communications-Electronics Command at Fort Monmouth. Jeff then gained experience as a special assistant U.S. Attorney in New Jersey. Jeff's legal excellence is widely recognized -- Chambers USA has recognized him for three years in a row as one of the leading lawyers in the United States for litigation in the fields of White Collar Crime and Government Investigations.

Jeff Ifrah Law: http://www.jeffifrahlaw.com

Facebook: http://www.facebook.com/jeff.ifrah

Twitter: http://www.twitter.com/jifrah

Embedded Video Available

Image Available: http://www2.marketwire.com/mw/frame_mw?attachid=2568252
Embedded Video Available: http://www2.marketwire.com/mw/frame_mw?attachid=2568257

Add to Digg Bookmark with del.icio.us Add to Newsvine

Contact Information
PR Agency Contact:
ICMediaDirect.com
TEL: 1.800.595.0821
www.ICMediaDirect.com

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
WebRTC is about the data channel as much as about video and audio conferencing. However, basically all commercial WebRTC applications have been built with a focus on audio and video. The handling of “data” has been limited to text chat and file download – all other data sharing seems to end with screensharing. What is holding back a more intensive use of peer-to-peer data? In her session at @ThingsExpo, Dr Silvia Pfeiffer, WebRTC Applications Team Lead at National ICT Australia, looked at differ...
Without a clear strategy for cost control and an architecture designed with cloud services in mind, costs and operational performance can quickly get out of control. To avoid multiple architectural redesigns requires extensive thought and planning. Boundary (now part of BMC) launched a new public-facing multi-tenant high resolution monitoring service on Amazon AWS two years ago, facing challenges and learning best practices in the early days of the new service. In his session at 19th Cloud Exp...
For basic one-to-one voice or video calling solutions, WebRTC has proven to be a very powerful technology. Although WebRTC’s core functionality is to provide secure, real-time p2p media streaming, leveraging native platform features and server-side components brings up new communication capabilities for web and native mobile applications, allowing for advanced multi-user use cases such as video broadcasting, conferencing, and media recording.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
"Plutora provides release and testing environment capabilities to the enterprise," explained Dalibor Siroky, Director and Co-founder of Plutora, in this SYS-CON.tv interview at @DevOpsSummit, held June 9-11, 2015, at the Javits Center in New York City.
Security, data privacy, reliability and regulatory compliance are critical factors when evaluating whether to move business applications from in-house client hosted environments to a cloud platform. In her session at 18th Cloud Expo, Vandana Viswanathan, Associate Director at Cognizant, In this session, will provide an orientation to the five stages required to implement a cloud hosted solution validation strategy.
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, New York, and 21st International Cloud Expo, which will take place in November in Silicon Valley, California.
The security needs of IoT environments require a strong, proven approach to maintain security, trust and privacy in their ecosystem. Assurance and protection of device identity, secure data encryption and authentication are the key security challenges organizations are trying to address when integrating IoT devices. This holds true for IoT applications in a wide range of industries, for example, healthcare, consumer devices, and manufacturing. In his session at @ThingsExpo, Lancen LaChance, vic...
Wooed by the promise of faster innovation, lower TCO, and greater agility, businesses of every shape and size have embraced the cloud at every layer of the IT stack – from apps to file sharing to infrastructure. The typical organization currently uses more than a dozen sanctioned cloud apps and will shift more than half of all workloads to the cloud by 2018. Such cloud investments have delivered measurable benefits. But they’ve also resulted in some unintended side-effects: complexity and risk. ...
SYS-CON Events announced today that delaPlex will exhibit at SYS-CON's @CloudExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. delaPlex pioneered Software Development as a Service (SDaaS), which provides scalable resources to build, test, and deploy software. It’s a fast and more reliable way to develop a new product or expand your in-house team.
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smart...
When you focus on a journey from up-close, you look at your own technical and cultural history and how you changed it for the benefit of the customer. This was our starting point: too many integration issues, 13 SWP days and very long cycles. It was evident that in this fast-paced industry we could no longer afford this reality. We needed something that would take us beyond reducing the development lifecycles, CI and Agile methodologies. We made a fundamental difference, even changed our culture...
The Internet of Things can drive efficiency for airlines and airports. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Sudip Majumder, senior director of development at Oracle, discussed the technical details of the connected airline baggage and related social media solutions. These IoT applications will enhance travelers' journey experience and drive efficiency for the airlines and the airports.
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).