http://www.databreaches.net/?p=3999
Deja vu all over again: Amway Corp. reports second security breach
May 13, 2009 by admin Filed under: Business Sector, U.S.
In a breach report that is eerily reminiscent of an incident last year, Amway Corp. has reported a web site breach that has enabled fraudsters to obtain some Amway independent business owners (IBOs)’ personal information and attempt to divert bonus payments by altering their banking information.
In a notification to the New Hampshire Attorney General’s Office dated May 6, Thomas Curran, Associate General Counsel for Amway reported (pdf) that on April 28, the company discovered unauthorized access to some user accounts. In some cases, user IDs and passwords had been changed, as had banking deposit information for bonus payments.
According to Curran, Amway’s investigation indicated that the breach did not originate with the AmwayGlobal.com web site, also known as Quixtar.com. The company does not know where the breach originated, how many individuals were affected, or even when the breach occurred. [“We don't know” syndrome. Bob]
In response to the incident, Amway has scrambled affected users’ passwords and password hints, and is requiring them to call in to re-establish access. The company is also offering those whose Social Security numbers were accessed free credit monitoring services and has modified the web site to remove access to Social Security numbers. [“Barn door” syndrome. Bob]
In all major respects, this newest incident is seemingly identical to an incident reported by Quixtar in May 2008, [“Failure to learn from your mistakes” syndrome. Bob] except in that incident, no Social Security numbers were reportedly involved. Quixtar North America became Amway Global.
Amway Global’s web site says:
Protecting Your Information
We acknowledge your trust and are committed to take reasonable steps to protect Personally Identifiable Information you provide online from loss, misuse, and unauthorized access. We employ physical, electronic, and managerial processes to safeguard and secure your information.
It is your responsibility to safeguard the password you use to access our Site, and to promptly advise Amway or your IBO if you ever suspect that your password has been compromised. We strongly encourage you to change your password regularly to prevent unauthorized access. Because your identification number and password are specific to you, you acknowledge sole responsibility for any and all use of our Site conducted with your identification number and password.
Amway Global did not return a phone call requesting a statement about the two breaches, leaving unanswered questions as to whether Quixtar erred in concluding that its breach did not originate with its site last year, and whether Quixtar/Amway failed to adequately secure their site before and after the first breach.
Does anyone else run a “certification” program on whim?
http://www.databreaches.net/?p=4053
RBS Gets an OK on PCI, But Is It Back in Visa’s Good Graces?
May 13, 2009 by admin Filed under: Financial Sector, Hack, Malware, U.S.
Digital Transactions reports:
RBS WorldPay Inc., the other big merchant acquirer besides Heartland Payment Systems Inc. to report a major data breach in recent months, this week announced that it has attained validated compliance with the Payment Card Industry data-security standard, or PCI.
[From the article:
After their breaches, Visa declared RBS and Heartland out of compliance with PCI and removed them from its list of validated processors. The network, however, allowed them to continue submitting Visa card transactions into the VisaNet network (Digital Transactions News, March 14).
It was probably the NSA demonstrating why they should be in charge of Computer Security
http://www.databreaches.net/?p=4019
DHS: Information-sharing platform hacked
May 13, 2009 by admin Filed under: Government Sector, Hack, U.S.
Ben Bain of FederalComputerWeek reports:
The Homeland Security Department’s platform for sharing sensitive but unclassified data with state and local authorities was hacked recently, a DHS official has confirmed.
The intrusion into the Homeland Security Information Network (HSIN) was confirmed to Federal Computer Week by Harry McDavid, the chief information officer for DHS’ Office of Operations Coordination and Planning. McDavid said the U.S. Computer Emergency Readiness Team reported an intrusion into the system in late March. The initial hack was brief and limited, and it was followed by a more extensive hack in early April, McDavid said.
[...]
The files that were accessed contained administrative data such as telephone numbers and e-mail addresses of state and federal employees. However, an investigation into the incidents has found that no Social Security numbers, driver’s license numbers or financial data were obtained, McDavid said.
Always a great source of Privacy guidance...
http://www.pogowasright.org/article.php?story=20090513081415686
Ca: Commissioner Cavoukian lays out path for increased privacy protection & accountability – doing battle with Victoria University
Wednesday, May 13 2009 @ 08:14 AM EDT Contributed by: PrivacyNews
Commissioner Ann Cavoukian released her 2008 Annual Report - Access and Privacy: The Challenges and Opportunities - this morning, along with a news release and an online adjunct publication, A More Detailed Look at Compliance Rates and other 2008 Access and Compliance Statistics.
Source - Information and Privacy Commissioner of Ontario
We can, therefore we must.
http://www.pogowasright.org/article.php?story=20090513203423720
Ca: ICBC admits snooping into jurors' private files
Thursday, May 14 2009 @ 05:15 AM EDT Contributed by: PrivacyNews
A B.C. Supreme Court judge has chastised the Insurance Corporation of B.C. for checking the accident claims histories of jurors in a recent civil court case.
The checks, which breached the province’s freedom of information and privacy laws, prompted Justice Malcolm Macaulay to schedule a hearing next Tuesday with ICBC’s corporate lawyer and the defence lawyer who requested the information.
Source - Vancouver Sun
[From the article:
Jan Vrem said the corporation has an internal audit system in place, but the violation was detected by a manager who questioned why the files were being pulled. [...and that's exactly how it is supposed to work! Bob]
This is management indifferent to what is happening on their systems. Was this three separate hacks or simply the hackers coming back for more data?
http://www.databreaches.net/?p=4006
Newton Manufacturing discovers hackers acquired customer data in repeated intrusions
May 13, 2009 by admin Filed under: Breach Reports, Business Sector, Hack, U.S
In what was likely a nasty shock for Iowa-based Newton Manufacturing, Jnc., a recent security audit revealed that the company’s databases had been breached in September 2008, October 2008, and February 2009. Hackers apparently accessed and acquired customers’ personal information including names, addresses, and Social Security numbers.
According to a notification (pdf) filed by the firm’s lawyers with the New Hampshire Attorney General’s Office, the company’s initial investigation has traced the attacks to Canada.
The company has referred the matter to the FBI as well as local enforcement, and is advising affected customers to place fraud alerts on their credit files. The total number of customers affected was not reported in the notification.
Failure to convert “We need access” into a plan for secure access?
http://www.pogowasright.org/article.php?story=20090513182654231
Financial districts a wireless hacker's paradise
Wednesday, May 13 2009 @ 06:26 PM EDT Contributed by: PrivacyNews
The majority of wireless access points located in seven metropolitan financial centers have easy-to-break or nonexistent security, according to a survey conducted by security firm AirTight Networks and published on Wednesday.
The survey, which summarized more than 30 scans in six U.S. cities and London, found that 57 percent of the access points had no security or used Wired Equivalent Privacy (WEP), an older and easy-to-hack form of encryption.
Source - Security Focus
[From the article:
Almost 40 percent of the insecure wireless networks used enterprise-grade hardware from major vendors, suggesting that they were deployed by companies, not consumers, said Mike Baglietto, director of product marketing for AirTight Networks.
… Surprisingly, the distribution of security technologies varied tremendously by city. New York's financial district had the largest proportion of open and WEP-enabled access points — about 60 percent — while insecure wireless networks in London's financial district only accounted for 25 percent of the total.
I can't wait to see how this will be hacked.
http://www.bespacific.com/mt/archives/021357.html
May 13, 2009
Secretary Clinton Launches the Virtual Student Foreign Service Initiative
"Virtual Student Foreign Service (VSFS) Internships, announced by Secretary Clinton at the 2009 New York University commencement speech, are part of a growing effort by the State Department to harness technology and a commitment to global service among young people to facilitate new forms of diplomatic engagement. The VSFS Internships will be developed over the next year and will seek to harness the energy of a rising generation of citizen diplomats."
Something for the Swiss Army folder
http://www.makeuseof.com/tag/searchmyfiles-lets-you-search-windows-without-leaving-traces/
SearchMyFiles lets you Search Windows without Leaving Traces
May. 13th, 2009 By Karl L. Gechlik
I recently had to perform a search on a computer that is not connected to our network and I was not allowed to leave any trace behind that I was there, installed any applications or ran any searches on the machine. I had to search the machine for all files created in the last 5 days and save my results.
I accepted my James Bond-esque task equipped only with a memory stick and a very small application called SearchMyFiles from my favorite handy dandy developer NirSoft.
… You can download the application from here.
Related. A whole list of Swiss Army websites?
13 Useful And Free Websites To Make Your Lives Easier
Posted by AN Jay May 13, 2009
[Example:
OpenWith.org provides detailed information about most file extension and links to free programs that can open and create each type of file.
No comments:
Post a Comment