Sunday, November 04, 2012

I'm of the opinion that trying to keep this quiet was a bad decision... Now they have to explain how they failed to notice that the tax information for 600,000 business was also taken.
South Carolina: 'The mother of all data breaches'
In a nation where hackers steal personal data from computer systems on a near-daily basis, the cyberattack on the South Carolina Department of Revenue stands out as the largest breach against a state tax agency in the nation.
“From a state point of view, this is kind of the mother of all data breaches thus far,” said Larry Ponemon, chairman of The Ponemon Institute, which researches privacy and data protection.
… State officials have repeatedly said such a theft of data could have happened to anyone, and there's little that could have been done, but experts said South Carolina was apparently a soft target.
… Ponemon believes other states are just as vulnerable, because most states have poor data security.
“It shouldn't be viewed that the folks in South Carolina really messed up, because they are not worse than others,” Ponemon said. “My belief is that this could happen in almost any state in the United States today.” [And my view is they are all “really messed up” Bob]
… “I think the big problem was that the data was not encrypted,” he said. “Certainly, it is the responsible thing to do if you want to protect data.”

Is this another “stealth breach?”
Possible MasterCard security breach
First Niagara Bank is warning customers about a possible breach in MasterCard's security system.
First Niagara tells News10NBC it uses MasterCard to service the debit cards.
A bank spokesperson says MasterCard alerted them and to be safe.
… First Niagara is not releasing the number of customers who could be affected or how the system might have been breached.
Anyone with a MasterCard could potentially be impacted by the breach, according to a First Niagara spokesperson.

Who says you can't buy an election?
Your vote costs Obama and Romney about $22
If you're an average online American, you're worth about $22 to the U.S. presidential campaigns, at least in terms of ad cost per vote. That's according to a new vote calculator produced by online privacy startup Abine, which asks seven multiple choice questions to gauge what you cost per ad.
The Obama and Romney campaigns have spent about $5 billion on online advertising so far but people are no longer receptive to traditional text or banner ads, says Abine privacy attorney and privacy advocate Sarah Downey. "A recent Anneberg study said that people dislike the idea that they're being targeted with political ads," she said in a phone conversation today. "86 percent of them disliked it, so instead of just going through Facebook ads, they're also doing apps, and recruiting your friends to do the work for them."

(Related) Remember Ethical Hackers, “Vote early! Vote often!” (I'm sure this plan they put together in a few days is every bit as safe and secure as any other...)
New Jersey to Allow Voting by Email (and Fax) for Residents Displaced by Superstorm Sandy
Less than a week after the storm -- and just three days before Election Day -- New Jersey officials have announced that they will allow those displaced from their homes and first responders to submit their votes by email or fax. A directive issued by Lieutenant Governor Kim Guadagno officially designated displaced New Jersey residents as "overseas voters," thus giving them the electronic voting option already available to New Jersey residents serving in the military. In addition, displaced voters and first responders may also vote by provisional ballot at any New Jersey polling location.

Why would anyone have 'naked pictures' of themselve on the phone? For ease of sharing? Auditioning for a PETA ad?
"El Reg reports that two employees at a Verizon store in Florida are facing charges after making copies of a woman's naked pictures while helping her transfer data from an old phone to a new one. The two employees later offered to show the pictures to another customer, but the customer happened to be the woman's friend. The woman and her friend filed a police report. The police quickly got a warrant to search the store and found copies of the pictures on multiple devices there. One of the employees, Gregory Lampert, was arrested and charged with two felonies and a misdemeanor. The other employee, Joshua Stuart, is no longer in Florida, but will face charges if he comes back."

This is totally petty, but probably part of the Steve Jobs culture...
"Apple today posted its second Samsung apology to its UK website, complying with requests [Perhaps that's the problem. It was an order not a request. Bob] by the UK Court of Appeal to say its original apology was inaccurate and link to a new statement. As users on Hacker News and Reddit point out, however, Apple modified its website recently to ensure the message is never displayed without visitors having to scroll down to the bottom first."

Some interesting findings... And a new (to innocent me) term: E-whoring But remember, this is only what hackers talk about, not the really good stuff...
November 03, 2012
Hacker Intelligence Initiative, Monthly Trend Report #13
Monitoring Hacker Forums ADC Monthly Web Attacks Analysis, October 2012: "Imperva analyzed one of the largest-known hacker forums with roughly 250,000 members, as well as other smaller forums. Using search capabilities, we analyzed conversations by topic using specific keywords. We found:

Could be a useful summary...
November 03, 2012
Juniper Research - Exposing Your Personal Information – There’s An App for That
"Mobile devices and applications are no longer an accessory – they’re central to our daily lives. Gartner predicts the number of mobile apps downloaded will double to 45 billion this year – and they’re only getting smarter. Today’s apps are increasingly essential to accessing critical business applications, connecting with friends on the go and even adopting digital wallets. While these apps make our lives easier, they also give a wider group of application developers and advertising networks the ability to collect information about our activities and leverage the functionality of our devices. At the same time, the companies, consumers and government employees who install these apps often do not understand with who and how they are sharing personal information. Even though a list of permissions is presented when installing an app, most people don’t understand what they are agreeing to or have the proper information needed to make educated decisions about which apps to trust. More concerning is that many apps collect information or require permissions unnecessary for the described functionality of the apps. This is not the first time this issue has surfaced – reports of popular apps collecting irrelevant information or transmitting data when devices are turned off has led to significant backlash. However, less is known about the state of privacy across the entire application ecosystem. To get a sense of the state of application privacy today, Juniper Networks’ Mobile Threat Center (MTC) analyzed over 1.7 million apps on the Google Play market from March 2011 to September 2012."

Not really “Best Practices,” but lots of 'bumper sticker' quotes that might be memorable..
November 03, 2012
nCircle Security Tips eBook
"As part of nCircle's commitment to improving Internet security, we asked some of the brightest minds in security to help us compile a list of security tips and tricks for a wide range of readers. The resulting eBook includes a wide range of topics — from passwords and public Wi-Fi to Java configuration and sandboxing — and includes tips from security experts like Richard Stiennon, Adam Shostack, John Banghart, Brandon Williams and many others. The eBook is formatted to make it easy to share on social media platforms like Twitter and Facebook. Help us make the Internet a safer place. Download the eBook and chime in with a security tip of your own. Get the free eBook by downloading either the eBook version or the PDF version."

I know, it's hard to believe...
"Security firm Kaspersky has released its latest IT Threat Evolution report. There were some interesting findings in the report, as always, but the most interesting thing that stuck out was all the way at the bottom: 'Microsoft products no longer feature among the Top 10 products with vulnerabilities. This is because the automatic updates mechanism has now been well developed in recent versions of Windows OS.'"

For anyone who thinks encryption is too hard.
… ImmediateCrypt Web Demo is a free to use web service that can encrypt pieces of text with a password. You can type in your original text in the first field of the site. Next you type in a password which will act as your encryption key. You will need to remember your password. Copy the encrypted text and send it to the recipient and communicate the encryption key to them. They can then visit the website and repeat the process only to decrypt the text; the bottom field will then show the original text.

No comments: