Latest Posts


From the Web

NC loan processor sentenced for ID theft

November 17, 2009 from: Office of Inadequate Security

A former loan processor was sentenced Friday to to one year and one day imprisonment for wire fraud and aggravated identity theft charges. Senior United States District Judge James C. Fox also ordered Maria Lorena Croll, 24, of Raleigh, North Carolina, to pay restitution of $2,138.52.

Comments  (0)


From the Web

Update: Stolen BCBS hard drives had data on 2 million insured

November 16, 2009 from: Office of Inadequate Security

One of Tennessee’s largest holders of personal information confirms that an October theft from a Chattanooga office affects about 2 million of its clients. Blue Cross Blue Shield said 68 computer hard drives that contained Social Security numbers and other sensitive information were taken from the office.

Comments  (0)


From the Web

Component Directory Lockdown – New in Firefox 3.6

November 16, 2009 from: Mozilla Security Blog

When Firefox crashes, we try to get you back on your feet as quickly as possible, but we’d much rather you not crash in the first place. In Firefox 3.6, we are changing the way that some third party software hooks into Firefox which should eliminate a good chunk of those crashes without sacrificing our extensibility in any way. In the process, we’ll also be giving you greater control o...

Comments  (0)


From the Web

OWASP Top 10 (2010 release candidate 1)

November 13, 2009 from: Jeremiah Grossman's Blog

The newest version of the OWASP Top 10, the Top 10 Most Critical Web Application Security Risks, has been made available as a release candidate! This project is extraordinarily meaningful to the application security industry as it exercises influence over PCI-DSS, global policy, developer awareness, and product direction. ...

Comments  (0)


From the Web

Federal Data Security Law: ‘Careful What You Wish For’

November 12, 2009 from: Office of Inadequate Security

A federal cybersecurity law edged closer to reality late last week when the Senate Judiciary Committee approved a bill to protect the personal data of Americans. The bill is a bipartisan effort sponsored by Chairman Patrick Leahy, D-Vt., and co-sponsored by former Chairman Orrin Hatch, R-Utah, that would, among other things, force companies and data brokers to institute data privacy and security p...

Comments  (0)

A3e8b5e0becdbfb1b1c706b452b6c388

Road Map for an Application/Software Security Architect (Part 3)

November 11, 2009 Added by:Stephen Primost

Risk assessments for application software is not a matter of a quick penetration test nor a matter of code reviews at a single point in time. It is a process of moving through the application/solution's Software Development Life Cycle (SDLC) and evaluating the results of the controls that are put in place at each phase. Whether it is waterfall, or agile method, waiting for the end of the final del...

Comments  (0)

B426b30042abbc15e363cb679bbc937d

More COFEE Please, on Second Thought…

November 09, 2009 Added by:Daniel Kennedy

The forensics tool provided to law enforcement officials created by Microsoft called COFEE  (Computer Online Forensic Evidence Extractor) has been leaked on torrents last week, and this has caused quite a bit of excitement.  Let’s see if the big deal is warranted.

Comments  (0)


From the Web

Government accused of ‘cover up’ over lost farmer tapes

November 06, 2009 from: Office of Inadequate Security

The Department of Environment Food and Rural Affairs (Defra) has been accused of a “cover up” after two back-up tapes went missing containing the banking details of around 100,000 farmers.

Comments  (0)


From the Web

Senate Panel Clears Data Breach Bills

November 05, 2009 from: Office of Inadequate Security

The Senate Judiciary Committee Thursday approved two companion bills that would require businesses and government agencies to notify individuals of security breaches involving sensitive personally identifiable information. Both bills go to the Senate for consideration.

Comments  (0)


From the Web

MA: Williams College laptop stolen; 750 notified

November 05, 2009 from: Office of Inadequate Security

Williams College in Williamstown reports a recent laptop theft. The laptop, which was stolen when an employee left it in a parked car in Boston on October 3, contained the names and Social Security numbers of 750 individuals from 39 states and several foreign countries.

Comments  (0)


From the Web

Heartland Payment Systems Reports Third Quarter Financial Results

November 03, 2009 from: Office of Inadequate Security

Heartland Payment Systems, Inc. announced a GAAP net loss of $13.6 million or ($0.36) per share for the three months ended September 30, 2009. Results for the quarter are after $35.6 million (pre-tax), or $0.59 per share, of various expenses, accruals and reserves, all of which are attributable to the processing system intrusion, including charges related to settlement offers made by the Company i...

Comments  (0)


From the Web

Man charged with developing and distributing cable network hacking tools

November 02, 2009 from: Office of Inadequate Security

Charges were unsealed in federal court in Massachusetts against an Oregon man and the company he founded, TCNISO, alleging that they developed and distributed products that allowed users to modify their cable modems and obtain internet access without paying for it.

Comments  (0)

A3e8b5e0becdbfb1b1c706b452b6c388

Road Map for an Application/Software Security Architect (Part 2)

November 02, 2009 Added by:Stephen Primost

Vulnerability testing at the acceptance stage of an application's Software Development Life Cycle (SDLC) will not compensate for the lack of an understanding of what is being done during the software development even though you may not have control over the development efforts. You need a plan that puts those controls in place and allows that governance. Ignoring vulnerabilities will not prevent b...

Comments  (0)

70e177868d7bc383ce3ea10b6f976ada

Searching for Return on Security Investments

November 02, 2009 Added by:Andrew Baker

There are several major challenges to the successful implementation of good information security in many organizations today.  It is not because business owners do not think that security is important.  No, the issues exist because they do not grasp the complexities that embody the Information Security profession, and thus make decisions that fail to account for the many nuances of a pro...

Comments  (5)


From the Web

Report: Data Breaches Hike Fraud Risk 400%

November 02, 2009 from: Office of Inadequate Security

Because data breaches have become such commonplace incidents, there is concern that people have become desensitized to the potential harm they face upon receiving a notification letter from an organization informing them that sensitive information has been lost or misappropriated.

Comments  (0)

6f611188ad4a81ffc2edab83b0705d76

A Loss of One of Our Own

October 29, 2009 Added by:Sandra Avery

I am still shocked and saddened by the very sudden loss of David Taylor, founder of PCI knowledgebase.  David passed away on Tuesday after suffering a sudden heart attack. Those of us who have anything to do with PCI compliance either know or know of David Taylor.

Comments  (1)

B32b392ce3a707f05f4838c48c67d9cf

Good enough security?

October 29, 2009 Added by:Christopher Hudel

We have had 802.1x -- CISCO + Active Directory Integration --  in place for over a year know and it is largely a success; windows systems automatically obtain machine certificates (machines automatically receive certificates when they join the domain), supplicants exist for our IP Phones, and those devices (i.e.: printers)  that are currently incapable of 802.1x are split off in a tightl...

Comments  (2)

B038fefd7a19c26505d1f0671609d8ce

IT Security - Defense in Depth Protection using a Data-centric Model

October 29, 2009 Added by:Mike Cuppett

Start aligning your security strategy to better protect your organization's most critical asset - data. While many security proponents lean toward an outside-in strategy - protect every computer in the company from the outside world first - we really need to understand that the data is the asset that must be protected first and foremost.  The outside-in strategy starts at a macro level and ov...

Comments  (5)


From the Web

Judge: FTC Cannot Make Lawyers Comply With Identity Theft Laws

October 29, 2009 from: Office of Inadequate Security

The Federal Trade Commission cannot force practicing lawyers to comply with new regulations aimed at curbing identity theft, a federal judge ruled today at the U.S. District Court for the District of Columbia.

Comments  (1)


From the Web

CalOptima Reports Potential Loss of Patient Claims Information (updated)

October 29, 2009 from: Office of Inadequate Security

ORANGE, Calif. (October 23, 2009) – CalOptima has identified the potential loss of past medical claims information for approximately 68,000 of its members that was stored on electronic media devices.

Comments  (0)