Latest Posts
From the Web
School district hiding behind a criminal investigation - parent
August 26, 2009 from: Office of Inadequate Security
On the principle of “no good deed goes unpunished,” some of those who have discovered and reported breaches have been terminated or prosecuted for their actions...
Comments (0)
From the Web
Why some Firefox users choose not to update
August 25, 2009 from: Mozilla Security Blog
The best way for users to stay safe online is to use an updated browser. While most Firefox users get updated quickly, some fall behind for various reasons. We’re looking for ways to increase uptake while still preserving user choice.
Comments (0)
From the Web
Google Safe-Browsing and Chrome Privacy Leak
August 24, 2009 from: Rsnake's blog at ha.ckers.org
Some more advice from Robert "RSnake" Hansen on why you shoulld be careful if using Google's Chrome browser.
Comments (0)
From the Web
Symantec names the 100 “Dirtiest” websites of the summer
August 22, 2009 from: Office of Inadequate Security
In an effort to determine which sites are safe to visit, security, storage and systems management solutions provider Symantec (www.symantec.com) has identified the “Dirtiest websites of Summer 2009,” a list of the 100 most threatening sites that try to deceive visitors, steal their information or crash their computer.
Comments (0)
From the Web
‘One Tree Hill’ actor admits role in ID scam
August 21, 2009 from: Office of Inadequate Security
Actor Antwon Tanner, a regular on the popular teen drama “One Tree Hill,” faces up to 10 years in jail after pleading guilty in Brooklyn federal court today to illegally selling Social Security numbers for $10,000.
Comments (0)
From the Web
Rival used phony emails to snoop, firm says
August 21, 2009 from: Office of Inadequate Security
Affiliated Computer Services, an information technology firm, claims a competitor set up bogus email addresses in the names of dozens of ACS employees to divert mail and accounts to its rival’s computers. It claims Duncan Solutions’ “unauthorized diversion of ACS’ email not only interferes with the operation of ACS’ computer network, but it also gives Duncan access to...
Comments (0)
From the Web
Risky use of real data in application development
August 21, 2009 from: Office of Inadequate Security
Most organizations in the U.S. and U.K. put their sensitive customer and company data at risk during their application development and testing processes, according to a new study. 80% surveryed were hit by at least one breach in the past 12 months.
Comments (0)
From the Web
Lawsuit tries to get at hackers through the banks
August 20, 2009 from: Office of Inadequate Security
A lawsuit filed on Wednesday against some of the most shadowy Internet criminals — gangs based in Eastern Europe that electronically break into business computers, steal banking passwords and transfer themselves money — is being used to pry information from a group that is nearly as reclusive as the hackers: banks whose computers have been compromised.
Comments (0)
From the Web
Gonzalez’s lawyer criticizes federal prosecutors
August 19, 2009 from: Office of Inadequate Security
Albert Gonzalez, a suspect in several hacking cases, was close to reaching a comprehensive plea agreement with federal prosecutors in Massachusetts and New York when federal prosecutors in New Jersey indicted him on Monday on a new raft of computer crimes, said Mr. Gonzalez’s lawyer, Rene Palomino Jr.
Comments (0)
From the Web
Hacking kingpin negotiating plea deal with feds
August 19, 2009 from: Office of Inadequate Security
The former government informant facing three separate indictments for allegedly being behind the largest data breaches in U.S. history is being offered a plea deal, U.S. and defense attorneys confirmed today.
Comments (0)
From the Web
8 indicted in $22m fraud against AT&T Wireless, T-Mobile
August 19, 2009 from: Office of Inadequate Security
An indictment was unsealed in Brooklyn federal court this morning charging Courtney Beckford, Gabe Beizem, Rawl Davis, Lennox Lambert, Marsha Montayne, Saul Serrano, Ron Shealey, and Rohan Stewart, with conspiracy to commit mail fraud and wire fraud. Beizem, Montayne, and Stewart were also charged with wire fraud and aggravated identity theft.
Comments (0)
From the Web
Gonzalez: The Al Capone Of Cyber Thieves?
August 19, 2009 from: Office of Inadequate Security
Evan Schuman and Fred J. Aun have a well-written commentary on the recent indictment of Albert Gonzales and two unnamed co-conspirators that highlights the questions left unanswered by the indictment, and the apparent contradictions between statements made.
Comments (0)
From the Web
Radisson breach affects N. American guests
August 19, 2009 from: Office of Inadequate Security
The Associated Press has an item about Radisson Hotels & Resorts notifying guests of a breach that involved their credit card numbers. And I see that on Radisson’s site, they have posted a letter to guests:
Comments (0)
From the Web
UMass battles hacker attack
August 19, 2009 from: Office of Inadequate Security
Since the University of Massachusetts announced a breach of its computer system earlier this month, there have been a few inquiries but no evidence that hackers actually stole information, according to UMass spokesman Edward F. Blaguszewski.
Comments (0)
From the Web
Finance company identifies 294 recipients of non-payment legal threat
August 18, 2009 from: Office of Inadequate Security
A finance company has disclosed the email addresses of 294 customers that it says are behind in their repayments to the firm. The company emailed the customers but did not hide the addresses of everyone it contacted.
Comments (0)
From the Web
7-Eleven statement regarding 2007 credit card fraud
August 18, 2009 from: Office of Inadequate Security
7-Eleven, Inc. has learned that federal authorities in New Jersey have indicted individuals for the theft of credit and debit card numbers in a computer hacking scheme targeting multiple retailers in a number of separate incidents over the last several years.
Comments (0)
From the Web
Audit of Dept of Energy reveals unaddressed problems
August 18, 2009 from: Office of Inadequate Security
The Department of Energy and its contractors store and process massive quantities of sensitive information to accomplish national security, energy, science, and environmental missions. Sensitive unclassified data, such as personally identifiable information (PII), official use only, and unclassified controlled nuclear information require special handling and protection to prevent misuse of the inf...
Comments (1)
From the Web
Three indicted for hacking Heartland, 7-Eleven, and Hannaford; Over 130 million credit and debit card numbers stolen
August 17, 2009 from: Office of Inadequate Security
An indictment [pdf] was returned today against three individuals who are charged with being responsible for five corporate data breaches, including the single largest reported data breach in U.S. history, announced Acting U.S. Attorney Ralph J. Marra, Jr., along with Assistant Attorney General of the Criminal ...
Comments (0)
From the Web
Overcoming Objections to an Application Security Program
August 17, 2009 from: Jeremiah Grossman's Blog
Today a large percentage of security professionals truly “get” application security. They understand the importance, the best-practices, the value, etc. What inhibits their success the most in building an effective application security program is a lack of buy-in from the business and support from development groups.
Comments (1)
From the Web
Lockheed Martin: hard drive not totally wiped
August 14, 2009 from: Office of Inadequate Security
Lockheed Martin recently notified some former or current employees that a hard drive that formerly belonged to them had been found for sale on eBay by academic researchers participating in a global research project. The researchers turned the drive over to the FBI when they found some employee data still readable on the drive.