Friday, July 13, 2012

At least it's not your bank account. What ever happened to Best Practices?
"Phandroid's has been hacked. The database that powers the site was compromised and more than one million user account details were stolen. If you use the forum, make sure to change your password ASAP. From the article: 'Phandroid has revealed that its Android Forums website was hacked this week using a known exploit. The data that was accessed includes usernames, e-mail addresses, hashed passwords, registration IP addresses, and other less-critical forum-related information. At the time of writing, the forum listed 1,034,235 members.'"

Another “We don't need no stinking Best Practices” breach. Also, the potential to see how much (how little?) security remediation really costs.
Follow-up: Regulators criticize NYSEG for computer security breach
July 12, 2012 by admin
Remember the breach reported by New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E) back in January? Jeff Platsky reports the results of an investigation into the utilities’ security:
A potential data breach at New York State Electric & Gas Corp. not only drew the ire of customers but is now its drawing criticism from regulators who are telling the utility shore up its computer security practices.
In a statement released on Thursday afternoon, New York Public Service Commissioner Garry Brown said the utility “failed to meet industry standards” in protecting the privacy of its customers. The commission has directed the NYSEG and its sister utility, Rochester Gas & Electric Corp., to immediately address potential vulnerabilities in computer billing and records systems.
The statement from the NY Public Service Commission reads:
The New York State Public Service Commission (Commission) today received a report from Department of Public Service staff that both New York State Electric & Gas Corporation (NYSEG) and Rochester Gas & Electric (RG&E) failed to adequately protect confidential customer information from unauthorized access by outside parties.
“Our investigation found that NYSEG and RG&E failed to meet industry standards and best practices to protect personally identifiable information of customers,” said Commission Chairman Garry Brown. “As a result, we are directing the companies to immediately take action to address the vulnerabilities on its computer billing and records systems currently used to take and maintain confidential customer information.”
… In addition to the foregoing recommendations, the Commission raised concerns that the issue of costs that both the companies incur in responding to this security breach. The Commission will require the companies segregate and report all of the costs associated with rectifying the security breach, including the customer care costs identified above as well as any incremental investigation and remediation costs, as part of respective 2012 earnings sharing filings, and that the Commission closely scrutinize any proposal to incorporate these costs in the earnings sharing calculation. In this way, the companies will be put on notice that they will be required to justify fully the inclusion of any such expenses in their earnings sharing calculations.

We have moved beyond “English, as she is spoke”
"Spammers used to depend on email recipients to tie the noose around their own necks by inputing their personal and financial information in credible spoofs of legitimate websites, but with the advent of exploit kits, that technique is slowly getting sidelined. Prompted by the rise in numbers of spam runs leading to pages hosting exploit kits, Trend Micro researchers have recently been investigating a number of high-volume spam runs using the Blackhole exploit kit. According to them, the phishing messages of today have far less urgency and the message is implicit: 'Your statement is available online'; or 'Incoming payment received'; or 'Password reset notification.'"
One thing that's long worried me is that the bulk of spammers and malware writers may hire copywriters with a better grasp of English than most of the ones I see now. "I send you this file in order to have your advice" was funny, because it stuck out.

Long, long ago in a galaxy far, far away....
HP’s Operation ‘Kona’ Private Eyes Get 3 Years Probation
Two private investigators who impersonated reporters, Hewlett Packard board members, and their families have been sentenced to three years probation and six months electronic monitoring in the case.
Joseph DePante and his son Mathew DePante were sentenced Thursday in a San Jose, California, federal court. They had pleaded guilty to the charges in February.
The sentencing closes a final chapter in a corporate spying scandal that dates back to the spring of 2005, when HP’s management decided to clamp down on embarrassing boardroom leaks. HP hired a Boston security company called Security Outsourcing Solutions, which in turn hired the DePantes’ Melbourne, Florida, investigation company — Action Research Group — to identify the leakers.

“ This new tool allows us to claim that we care without actually having to care!”
Twitter and Buddy Media have just announced a partnership which will screen the ages of users who try to follow ‘adult’ brands on Twitter that implement a new ‘age-gate’ system. The system was generated as a service that marketers and brands can use on Twitter to ensure that they’re not peddling their wares to illegally young users.
The brands themselves will have to implement the new age-gate, so it wont work out of the box for every adult brand automatically.
… Here’s the basic process:
First, a user sees a brand they’d like to follow. Say, Skinny Girl. They click the Follow button. The brand immediately Direct Messages a link to the user, asking them to confirm their age by visiting
They’re presented with a message that requires them to enter their age and accept a set of terms.

The future of social? One of the first news aggregators fades away?
"The once popular social news website, which received $45 million in funding, is being sold to to Betaworks for $500,000. From the article: 'Betaworks is acquiring the Digg brand, website, and technology, but not its employees. Digg will be folded into, Betaworks' social news aggregator. This is not the outcome people expected for Digg. In 2008, Google was reportedly set to buy it for $200 million.'"

The world, she is a'changing... Anything you want, instantly!
"A while ago, Amazon caved on paying individual states sales taxes. Now we know why. Amazon is setting up same-day delivery warehouses everywhere. They will put most normal retailers out of business."
If that's a bet, I'll take it.

No comments: