Tuesday, August 26, 2008

Best Western fights back! (Reputation is everything.)

http://breachblog.com/2008/08/25/bestwestern.aspx

What really happened at Best Western?

Posted by Evan Francen at 8/25/2008 1:37 PM and is filed under Best Western,Malware

BEST WESTERN REBUTTAL: PHOENIX, Aug 24, 2008 (BUSINESS WIRE) -- The story printed in the Sunday, August 24, 2008, Glasgow Sunday Herald claiming a security breach of Best Western guest information is grossly unsubstantiated.

Reference URL: Sunday Herald (Scotland) Best Western Response vnunet.com The Daily Mail Business Wire via MarketWatch

... Most importantly, whereas the reporter asserted the recent compromise of data for past guests from as far back as 2007, Best Western purges all online reservations promptly upon guest departure. [This makes much more sense. Why keep obsolete data online? Bob]

... Commentary:

Obviously, we have conflicting information. One source is the news media (Sunday Herald) and the other source is the corporation itself. Both sources have vastly different motivations. Who to believe?

I could see how the Sunday Herald's story could happen, but I have a little doubt due to how sensational the report seems to be. I also question the one independent source and wonder if Prevx actually reported the story to the Sunday Herald as a way to draw attention to their company.

I can also see how Best Western would suffer some serious consequences if the Sunday Herald's report were true. It would definitely be in Best Western's best interests to minimize the impact of the report. We do know that something happened at Best Western by their own admission, but details are seriously lacking. The questions seem to surround details and impact. This breach (or non-breach) demonstrates the importance of a detailed incident response plan that includes all types of breaches (or non-breaches/hoaxes).

At the end of the day, I haven't a clue as to what happened in this incident.



The Hack du jour...

http://techdirt.com/articles/20080822/1726232072.shtml

Voice Is Data: Tech Won't Be Able To Stop VoIP In The Air

from the of-course-not dept

With increasing attempts to turn internet access on in the sky, there's been some concern about people making VoIP calls from airplanes, just as there is a concern over mobile phone use in the sky being too "annoying." Some of the companies providing internet-in-the-sky have claimed that they would block VoIP calls, but that's going to be pretty difficult. As we've pointed out in the past voice is just data and you can always find a way to disguise the data, such that it won't be blocked. And, indeed, that seems to be exactly what's happening. Andy Abramson talks about how he got around AirCell's VoIP blocking when talking to a friend who was on one of these wired airplanes. There's always going to be away around those things, so unless Congress really decides to ban all voice calls on phones, why not wait and see if people chatting really is a problem?



Sticks & stones may break my bones but words (IM, Facebook, MySpace, etc) can never hurt me. “Johnny, I want you to text 1000 times: 'I will not be an Internet Bully.'”

http://www.bespacific.com/mt/archives/019141.html

August 25, 2008

Electronic Media and Youth Violence: A CDC Issue Brief for Educators and Caregivers

Electronic Media and Youth Violence: A CDC Issue Brief for Educators and Caregivers "focuses on the phenomena of electronic aggression. Electronic aggression is defined as any kind of harassment or bullying that occurs through email, chat rooms, instant messaging, websites, blogs, or text messaging. The brief summarizes what is known about young people and electronic aggression, provides strategies for addressing the issue with young people, and discusses the implications for school staff, education policy makers, and parents and caregivers."


Related?

http://news.cnet.com/8301-13577_3-10025811-36.html?part=rss&subj=news&tag=2547-1_3-0-5

Facebook hits 100 million users

Posted by Caroline McCarthy August 26, 2008 4:40 AM PDT

Facebook has hit 100 million active users.

... At least one of them referred to the number being "active users," the statistic that Facebook prefers to use, rather than registered accounts overall.

... U.S. Recently released statistics for July from traffic firm ComScore say that out of the approximately 145 million unique visitors coming to Facebook's domain, under 40 million of them were from its home country.



Firewalling your database. The concept is ancient, but I see few products available.

http://digg.com/linux_unix/How_To_Protect_MySQL_Database_From_SQL_Injection_Attacks

How To Protect MySQL Database From SQL Injection Attacks

linux.com — SQL injection attacks can allow hackers to execute arbitrary SQL commands on your database through your Web site. To avoid these attacks, every piece of data supplied by a user on a Web form, through HTTP Post or CGI parameters, or other means, must be validated to not contain information that is not expected, GreenSQL is a firewall for SQL.

http://www.linux.com/feature/145341

No comments: