Latest Posts


From the Web

School district hiding behind a criminal investigation - parent

August 26, 2009 from: Office of Inadequate Security

On the principle of “no good deed goes unpunished,” some of those who have discovered and reported breaches have been terminated or prosecuted for their actions...

Comments  (0)


From the Web

Why some Firefox users choose not to update

August 25, 2009 from: Mozilla Security Blog

The best way for users to stay safe online is to use an updated browser. While most Firefox users get updated quickly, some fall behind for various reasons. We’re looking for ways to increase uptake while still preserving user choice.

Comments  (0)


From the Web

Google Safe-Browsing and Chrome Privacy Leak

August 24, 2009 from: Rsnake's blog at ha.ckers.org

Some more advice from Robert "RSnake" Hansen on why you shoulld be careful if using Google's Chrome browser.

Comments  (0)


From the Web

Symantec names the 100 “Dirtiest” websites of the summer

August 22, 2009 from: Office of Inadequate Security

In an effort to determine which sites are safe to visit, security, storage and systems management solutions provider Symantec (www.symantec.com) has identified the “Dirtiest websites of Summer 2009,” a list of the 100 most threatening sites that try to deceive visitors, steal their information or crash their computer.

Comments  (0)


From the Web

‘One Tree Hill’ actor admits role in ID scam

August 21, 2009 from: Office of Inadequate Security

Actor Antwon Tanner, a regular on the popular teen drama “One Tree Hill,” faces up to 10 years in jail after pleading guilty in Brooklyn federal court today to illegally selling Social Security numbers for $10,000.

Comments  (0)


From the Web

Rival used phony emails to snoop, firm says

August 21, 2009 from: Office of Inadequate Security

Affiliated Computer Services, an information technology firm, claims a competitor set up bogus email addresses in the names of dozens of ACS employees to divert mail and accounts to its rival’s computers. It claims Duncan Solutions’ “unauthorized diversion of ACS’ email not only interferes with the operation of ACS’ computer network, but it also gives Duncan access to...

Comments  (0)


From the Web

Risky use of real data in application development

August 21, 2009 from: Office of Inadequate Security

Most organizations in the U.S. and U.K. put their sensitive customer and company data at risk during their application development and testing processes, according to a new study. 80% surveryed were hit by at least one breach in the past 12 months.

Comments  (0)


From the Web

Lawsuit tries to get at hackers through the banks

August 20, 2009 from: Office of Inadequate Security

A lawsuit filed on Wednesday against some of the most shadowy Internet criminals — gangs based in Eastern Europe that electronically break into business computers, steal banking passwords and transfer themselves money — is being used to pry information from a group that is nearly as reclusive as the hackers: banks whose computers have been compromised.

Comments  (0)


From the Web

Gonzalez’s lawyer criticizes federal prosecutors

August 19, 2009 from: Office of Inadequate Security

Albert Gonzalez, a suspect in several hacking cases, was close to reaching a comprehensive plea agreement with federal prosecutors in Massachusetts and New York when federal prosecutors in New Jersey indicted him on Monday on a new raft of computer crimes, said Mr. Gonzalez’s lawyer, Rene Palomino Jr.

Comments  (0)


From the Web

Hacking kingpin negotiating plea deal with feds

August 19, 2009 from: Office of Inadequate Security

The former government informant facing three separate indictments for allegedly being behind the largest data breaches in U.S. history is being offered a plea deal, U.S. and defense attorneys confirmed today.

Comments  (0)


From the Web

8 indicted in $22m fraud against AT&T Wireless, T-Mobile

August 19, 2009 from: Office of Inadequate Security

An indictment was unsealed in Brooklyn federal court this morning charging Courtney Beckford, Gabe Beizem, Rawl Davis, Lennox Lambert, Marsha Montayne, Saul Serrano, Ron Shealey, and Rohan Stewart, with conspiracy to commit mail fraud and wire fraud. Beizem, Montayne, and Stewart were also charged with wire fraud and aggravated identity theft.

Comments  (0)


From the Web

Gonzalez: The Al Capone Of Cyber Thieves?

August 19, 2009 from: Office of Inadequate Security

Evan Schuman and Fred J. Aun have a well-written commentary on the recent indictment of Albert Gonzales and two unnamed co-conspirators that highlights the questions left unanswered by the indictment, and the apparent contradictions between statements made.

Comments  (0)


From the Web

Radisson breach affects N. American guests

August 19, 2009 from: Office of Inadequate Security

The Associated Press has an item about Radisson Hotels & Resorts notifying guests of a breach that involved their credit card numbers. And I see that on Radisson’s site, they have posted a letter to guests:

Comments  (0)


From the Web

UMass battles hacker attack

August 19, 2009 from: Office of Inadequate Security

Since the University of Massachusetts announced a breach of its computer system earlier this month, there have been a few inquiries but no evidence that hackers actually stole information, according to UMass spokesman Edward F. Blaguszewski.

Comments  (0)


From the Web

Finance company identifies 294 recipients of non-payment legal threat

August 18, 2009 from: Office of Inadequate Security

A finance company has disclosed the email addresses of 294 customers that it says are behind in their repayments to the firm. The company emailed the customers but did not hide the addresses of everyone it contacted.

Comments  (0)


From the Web

7-Eleven statement regarding 2007 credit card fraud

August 18, 2009 from: Office of Inadequate Security

7-Eleven, Inc. has learned that federal authorities in New Jersey have indicted individuals for the theft of credit and debit card numbers in a computer hacking scheme targeting multiple retailers in a number of separate incidents over the last several years.

Comments  (0)


From the Web

Audit of Dept of Energy reveals unaddressed problems

August 18, 2009 from: Office of Inadequate Security

The Department of Energy and its contractors store and process massive quantities of sensitive information to accomplish national security, energy, science, and environmental missions. Sensitive unclassified data, such as personally identifiable information (PII), official use only, and unclassified controlled nuclear information require special handling and protection to prevent misuse of the inf...

Comments  (1)


From the Web

Three indicted for hacking Heartland, 7-Eleven, and Hannaford; Over 130 million credit and debit card numbers stolen

August 17, 2009 from: Office of Inadequate Security

An indictment [pdf] was returned today against three individuals who are charged with being responsible for five corporate data breaches, including the single largest reported data breach in U.S. history, announced Acting U.S. Attorney Ralph J. Marra, Jr., along with Assistant Attorney General of the Criminal ...

Comments  (0)


From the Web

Overcoming Objections to an Application Security Program

August 17, 2009 from: Jeremiah Grossman's Blog

Today a large percentage of security professionals truly “get” application security. They understand the importance, the best-practices, the value, etc. What inhibits their success the most in building an effective application security program is a lack of buy-in from the business and support from development groups.

Comments  (1)


From the Web

Lockheed Martin: hard drive not totally wiped

August 14, 2009 from: Office of Inadequate Security

Lockheed Martin recently notified some former or current employees that a hard drive that formerly belonged to them had been found for sale on eBay by academic researchers participating in a global research project. The researchers turned the drive over to the FBI when they found some employee data still readable on the drive.

Comments  (1)