This was a “phishing attack” and about 1% of the employees fell for it. Actually pretty good odds. Still leaves a lot of questions about security. Apparently no encryption. Apparently the logs can't tell them what files were accessed.
http://www.pogowasright.org/article.php?story=20071206202409568
Oak Ridge National Lab reports 'sophisticated' cyber attack netted personal data on visitors
Thursday, December 06 2007 @ 08:24 PM EST Contributed by: PrivacyNews News Section: Breaches
The Oak Ridge National Laboratory revealed on Thursday that a "sophisticated cyber attack" over the last few weeks may have allowed personal information about thousands of lab visitors to be stolen.
The assault appeared "to be part of a coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country," lab director Thom Mason said in a memo to the 4,200 employees at the Department of Energy facility.
Oak Ridge officials would not identify the other institutions affected by the breach. But they said hackers may have infiltrated a database of names, Social Security numbers and birth dates of every lab visitor between 1990 and 2004.
Source - International Herald Tribune
Another case of the stupids? Another Monty Python skit? “We thunk it through, and this was the smartest plan what we could come up with.”
http://www.pogowasright.org/article.php?story=20071206210727218
Fasthosts flamed over hack response
Thursday, December 06 2007 @ 09:07 PM EST Contributed by: PrivacyNews News Section: Breaches
One of Britain’s largest web hosting companies is fending off a customer backlash over how it responded to its central database being hacked by criminals.
After it detected a breach to its network, which stores customers’ names, addresses, bank details and plain-text passwords, Fasthosts requested all passwords to be reset.
When customers failed to comply with this “precautionary measure,” the firm went ahead and reset all unchanged FTP and Control Panel passwords automatically.
Internet forums show this has angered customers, while some reports claim it wasn’t only the unchanged passwords that the company updated without notification.
But because of the security breach, Fasthosts couldn’t e-mail the new passwords for fear of them being compromised again, so it resorted to sending them in the post. Some affected customers are still waiting for their new details to be delivered.
Source - Contractor UK
“They only had the documents for a month, so we can assume they didn't have access to a xerox or simply can't read...”
http://www.pogowasright.org/article.php?story=20071206210231842
CO: Police catch thieves who stole car with state documents inside
Thursday, December 06 2007 @ 09:02 PM EST Contributed by: PrivacyNews News Section: Breaches
Police have arrested four alleged car thieves who stole a car with documents inside listing people's names, Social Security numbers and birth dates.
On the morning of November 30, Lone Tree Police say a Saturn sedan was stolen from a shopping center in Lone Tree.
Inside the car were documents related to the Colorado Department of Regulators Office, specifically related to the Board of Dental Examiners, according to police. The paper documents had doctor/patient information, including Social Security numbers and birth dates for about 200 people.
The Department of Dental Registration is currently alerting the people that their personal information may have been compromised.
Source - 9News.com
Rules to live by...
http://www.pogowasright.org/article.php?story=2007120620280610
Mind the GAPP: Accountants bring GAAP-like principles to the privacy sphere
Thursday, December 06 2007 @ 08:28 PM EST Contributed by: PrivacyNews News Section: Other Privacy News
If you haven't heard of the Generally Accepted Privacy Principles (GAPP), take stock: They're likely to become the most important new source of requirements for your IT projects since Y2k and Sarbanes-Oxley. Why is this? The accounting industry has closed ranks around the idea that the GAPP is the best international framework for assessing the privacy health of an organization. So when it comes to IT projects, any system or related business process touching personal data will have new rules to play by.
What is the GAPP? I have to agree with the auditors on this one. It's the best attempt so far to address the main point of pain for global chief privacy officers: the growing complexity of privacy regulations around the world.>
Source - Computerworld
Too cute?
http://www.killerstartups.com/Web-App-Tools/3d-packcom---Make-3D-Boxes-Out-of-Your-Favorite-Images/
3d-pack.com - Make 3D Boxes Out of Your Favorite Images
The site lets you create a 3d box from your favorite images. All you’ve got to do to get your nifty, free box is upload an image, any image, for the cover and sides of your box, and voila, you’ve got a cool image in 3d box form. It couldn’t get any simpler. Check out the gallery for ideas, then get your own box for free.
“Hey, we see you are a Liberal Arts major! Want a job after graduation?”
McDonald's Advertises On Elementary School Report Cards
Health advocates are setting their outrage phasers on kill over a McDonald's ad appearing on the report cards of Seminole County, Florida elementary schools. The ad promises free Happy Meals to kids with good grades, despite promises by McDonald's that they would " ban advertising to children under 12 or limit them to food and snacks that meet certain nutritional guidelines."
No comments:
Post a Comment