Latest Posts


From the Web

Mozilla shuts Firefox e-store after security breach

August 05, 2009 from: Office of Inadequate Security

Mozilla shuttered its online store late Tuesday after finding out that the firm it hired to run the backend operations of the company’s e-tailing business had suffered a security breach.

Comments  (1)


From the Web

Employees sacked for ID card data breach

August 04, 2009 from: Office of Inadequate Security

The database in question holds data on 92 million people in the U.K. About 200,000 people have access to it. If they cannot adequately secure the database from misuse by employees, well……. Nine local authority workers have been sacked after illegally accessing personal details of the public held on the government’s national identity database.

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

OWASP Testing Guide Version 3

August 03, 2009

This is an excellent resource on the process of testing web applications for security vulnerabilities/general insecurities...this is by no means exhaustive nor perfect for every envirnment, but a valuable read for anyone who manages or tests web applications

Comments  (2)


From the Web

Personal data mishandled at Commerce Dept.

August 03, 2009 from: Office of Inadequate Security

The names and Social Security numbers of at least 27,000 Commerce Department employees were exposed to a risk of identity theft following an inappropriate transfer of the personal information in mid-July, according to a letter sent to department employees last week.

Comments  (0)


From the Web

TNCC computer tech says access now cut off

August 03, 2009 from: Office of Inadequate Security

Last week, the Daily Press reported that a former part-time computer help desk technician at Thomas Nelson Community College claimed that he had been laid off almost three weeks earlier, but that he still had computer access to the records and Social Security numbers of every student in the Virginia Communit...

Comments  (0)


From the Web

Last conspirator in $5 million fraud ring sentenced

August 01, 2009 from: Office of Inadequate Security

Dana J. Boente, U.S. Attorney for the Eastern District of Virginia, announced that all seven conspirators have now been sentenced for stealing more than $5 million through a fraud scheme involving identity theft and credit card, bank and mortgage fraud.

Comments  (0)


From the Web

SSA employee convicted for unauthorized access to govt computer

August 01, 2009 from: Office of Inadequate Security

Roberto Rodriguez, 54, formerly of Fort Lauderdale, FL, was convicted by a jury on July 29, 2009 of seventeen counts of exceeding his authorized access to a government computer. Rodriguez is scheduled to be sentenced on October 9, 2009, before U.S. District Court Judge William J. Zloch.

Comments  (0)


From the Web

Tax-preparation docs found in dumpster

August 01, 2009 from: Office of Inadequate Security

WOIA in Texas reports that San Antonio police are investigating how boxes full of unredacted personal information including Social Security numbers and financial information were sitting in the in the open in a dumpster.

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Adobe Releases Critical Patches for Flash Player

July 31, 2009 Added by:Infosec Island Admin

Today, Adobe released version 10.0.32.18 of their Flash Player software. This new version fixes multiple critical vulnerabilities, many of this Adobe has not been forthcoming about.

Comments  (4)


From the Web

Clarence employees criticized in audit

July 31, 2009 from: Office of Inadequate Security

The Clarence High School [Buffalo, NY] principal and other district employees repeatedly used district computers for personal use, the state comptroller’s office said.

Comments  (2)


From the Web

McAfee keeps leaked details to itself

July 31, 2009 from: Office of Inadequate Security

McAfee is yet to confirm with delegates to its recent Strategic Security Conference that their details were leaked in a bulk email, as reported on iTnews yesterday.

Comments  (0)


From the Web

Clampi Trojan stealing online bank data

July 31, 2009 from: Office of Inadequate Security

Hundreds of thousands of Windows computers are believed to be infected with a Trojan called “Clampi” that has been stealing banking and other login credentials from compromised PCs since 2007, a security researcher said on the eve of the Black Hat security conference.

Comments  (0)


From the Web

Carrell Clinic guard indicted

July 31, 2009 from: Office of Inadequate Security

A federal grand jury in Dallas has returned an indictment charging an Arlington, Texas, man, who worked as a contract security guard at the Carrell Clinic on North Central Expressway in Dallas, with felony offenses related to his compromising and damaging the hospital’s computer system, announced Acting U.S. Attorney James T. Jacks of the Northern District of Texas. Jesse William McGraw, a/k...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Extremely Sensitive US Secrets Found on P2P Networks

July 29, 2009 Added by:Infosec Island Admin

According to an article released by the Washington Post today, private firm, Tiversa, Inc, discovered extremely sensitive information on global P2P Networks.

Comments  (0)


From the Web

URL bar spoofing vulnerability

July 28, 2009 from: Mozilla Security Blog

Firefox - The URL in the address bar can be spoofed when a new window or tab is opened by a malicious web page.

Comments  (0)


From the Web

Locking up the valuables: Opt-in security with ForceTLS

July 28, 2009 from: Mozilla Security Blog

Computers are increasingly mobile and, to serve them, more and more public spaces (cafes, airports, libraries, etc.) offer their customers WiFi access. When a web browser on such a network requests a resource, it is implicitly trusting the hotspot not to interfere with the communication.  A malicious computer hooked up to the network could alter the traffic, however, and this can have some un...

Comments  (1)


From the Web

Network Solutions suffers crippling data breach

July 27, 2009 from: Office of Inadequate Security

Over half a million credit card holders may have had their account details captured by hackers, after web hosting firm Network Solutions revealed that more than 4,000 of the e-commerce sites it hosts could have been breached.

Comments  (1)


From the Web

Credit industry slow to protect customers from CreditMaster scam

July 25, 2009 from: Office of Inadequate Security

Recent cases in which people have been charged with online fraud for allegedly making purchases with illegally obtained credit card numbers have shed light on the lack of effective measures taken to frustrate the CreditMaster scam used in these incidents, even though the credit card industry was already aware of its existence.

Comments  (0)


From the Web

Network Solutions hacked

July 24, 2009 from: Office of Inadequate Security

Hackers have broken into Web servers owned by domain registrar and hosting provider Network Solutions, planting rogue code that resulted in the compromise of more than 573,000 debit and credit card accounts over the past three months, Security Fix has learned.

Comments  (1)


From the Web

Ensuring Critical Patch Update Quality

July 24, 2009 from: The Oracle Global Product Security Blog

A commentary about Oracle's Critical Patch Update (CPU) program  works from Eric Maurice of Oracle

Comments  (0)