Latest Posts
From the Web
Stolen NY Life Insurance laptop had customer info
August 14, 2009 from: Office of Inadequate Security
For the second time in as many months, New York Life Insurance is notifying customers of a data breach. In the newest incident, a laptop containing unencrypted customer information was stolen from an employee’s vehicle in a “smash and grab.”
Comments (0)
From the Web
Opinion: Heartland CEO Must Accept Responsibility
August 13, 2009 from: Office of Inadequate Security
An opinion statement from Mike Rothman on Heartland CEO Bob Carr's recent blame for their breach earlier this year on the PCI QSA firm that performed their PCI Certification. What do you think?
Comments (1)
Are you running a WordPress Blog? Update it today
August 12, 2009 Added by:Infosec Island Admin
Another security release for Wordpress was released yesterday (version 2.8.4) which patches a rather annoying security flaw discovered with all prior versions. By sending a specially crafted URL as an unauthenticated user to your WP blog, and attacker can essential reset your admin password and lock you out of your blog.
Comments (0)
From the Web
Hackers strike UC Berkeley again
August 12, 2009 from: Office of Inadequate Security
Hackers have struck again at UC Berkeley computers, this time at the Graduate School of Journalism, nabbing a possible 493 social security numbers.
Comments (0)
From the Web
Whistleblower lawsuit against Kaiser (updated)
August 10, 2009 from: Office of Inadequate Security
At a time when concerns about the privacy and security of electronic health records are a hot topic and the issue of private vs. public health insurance is making the front pages, a lawsuit filed by a former Kaiser employee alleges that Kaiser knowingly and repeatedly violated HIPAA, exposed millions of members to identity theft, and ripped members off by not keeping track of deductibles and co-pa...
Comments (2)
From the Web
Password Advice
August 10, 2009 from: hackyourself.net
Some advice and insight from Bruce Schneier on Password Security. Whether you agree or disagree, this is worth checking out.
Comments (3)
From the Web
Security Religions and Risk Windows
August 09, 2009 from: Jeremiah Grossman's Blog
Information security threats are way up, fraud losses continue to rise, regulatory fines are increasingly common, and budget dollars to solve the myriad of problems are in short supply. Hampered by a sluggish economy, organizations simply cannot afford to hire all the talent they need, implement every best-practice, or buy every blinking light widget out there. Sacrifices are unavoidable, risk mus...
Comments (0)
From the Web
SMBEnum
August 09, 2009 from: Rsnake's blog at ha.ckers.org
Notes from Robert "Rsnake" Hansen about a talk given at DefCon last week regarding how Internet Explorer can be used to enumerate local system files.
Comments (0)
From the Web
Data security breach notification law update
August 07, 2009 from: Office of Inadequate Security
This is a brief timeline of the latest in legislative changes surrounding requirements for reporting a security breach.
Comments (0)
From the Web
Heartland says breach has cost $32 million so far
August 06, 2009 from: Office of Inadequate Security
Heartland Payment Systems on Tuesday (Aug. 4) said it spent $32 million this year paying for costs related to the major data breach it disclosed in January, including $22.1 million to cover fines from key payment card brands and a settlement offer. Heartland did not say how the $22.1 million was split between the fines and the settlement offer, but it did provide clues.
Comments (1)
From the Web
Mozilla shuts Firefox e-store after security breach
August 05, 2009 from: Office of Inadequate Security
Mozilla shuttered its online store late Tuesday after finding out that the firm it hired to run the backend operations of the company’s e-tailing business had suffered a security breach.
Comments (1)
From the Web
Employees sacked for ID card data breach
August 04, 2009 from: Office of Inadequate Security
The database in question holds data on 92 million people in the U.K. About 200,000 people have access to it. If they cannot adequately secure the database from misuse by employees, well……. Nine local authority workers have been sacked after illegally accessing personal details of the public held on the government’s national identity database.
Comments (0)
OWASP Testing Guide Version 3
August 03, 2009
This is an excellent resource on the process of testing web applications for security vulnerabilities/general insecurities...this is by no means exhaustive nor perfect for every envirnment, but a valuable read for anyone who manages or tests web applications
Comments (2)
From the Web
Personal data mishandled at Commerce Dept.
August 03, 2009 from: Office of Inadequate Security
The names and Social Security numbers of at least 27,000 Commerce Department employees were exposed to a risk of identity theft following an inappropriate transfer of the personal information in mid-July, according to a letter sent to department employees last week.
Comments (0)
From the Web
TNCC computer tech says access now cut off
August 03, 2009 from: Office of Inadequate Security
Last week, the Daily Press reported that a former part-time computer help desk technician at Thomas Nelson Community College claimed that he had been laid off almost three weeks earlier, but that he still had computer access to the records and Social Security numbers of every student in the Virginia Communit...
Comments (0)
From the Web
Last conspirator in $5 million fraud ring sentenced
August 01, 2009 from: Office of Inadequate Security
Dana J. Boente, U.S. Attorney for the Eastern District of Virginia, announced that all seven conspirators have now been sentenced for stealing more than $5 million through a fraud scheme involving identity theft and credit card, bank and mortgage fraud.
Comments (0)
From the Web
SSA employee convicted for unauthorized access to govt computer
August 01, 2009 from: Office of Inadequate Security
Roberto Rodriguez, 54, formerly of Fort Lauderdale, FL, was convicted by a jury on July 29, 2009 of seventeen counts of exceeding his authorized access to a government computer. Rodriguez is scheduled to be sentenced on October 9, 2009, before U.S. District Court Judge William J. Zloch.
Comments (0)
From the Web
Tax-preparation docs found in dumpster
August 01, 2009 from: Office of Inadequate Security
WOIA in Texas reports that San Antonio police are investigating how boxes full of unredacted personal information including Social Security numbers and financial information were sitting in the in the open in a dumpster.
Comments (0)
Adobe Releases Critical Patches for Flash Player
July 31, 2009 Added by:Infosec Island Admin
Today, Adobe released version 10.0.32.18 of their Flash Player software. This new version fixes multiple critical vulnerabilities, many of this Adobe has not been forthcoming about.
Comments (4)
From the Web
Clarence employees criticized in audit
July 31, 2009 from: Office of Inadequate Security
The Clarence High School [Buffalo, NY] principal and other district employees repeatedly used district computers for personal use, the state comptroller’s office said.