http://www.databreaches.net/?p=3473
Update: Virginia Health Data Potentially Held Hostage
May 4, 2009 by admin Filed under: Breach Reports, Government Sector, Hack, U.S.
Thomas Claburn of InformationWeek reports:
An extortion demand posted on WikiLeaks seeks $10 million to return over 8 million patient records and 35 million prescriptions allegedly stolen from Virginia Department of Health Professions.
The note reads: “ATTENTION VIRGINIA I have your sh**! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(”
Read more on InformationWeek.
[From the article:
Extortion demands of this sort have become relatively common in data breach cases. Last October, for instance, Express Scripts, a prescription drug management company based in St. Louis, received a letter that threatened the release of millions of patient records. A month earlier, a man from Solana Beach, Calif., was arrested for allegedly hacking into a Maserati dealership Web site, accessing customer data, and then threatening to release the information unless the company paid him.
The attack technique -- capturing data, encrypting it, then selling access to the former owner -- has become popular enough to earn its own name: cryptoviral extortion.
The crime that keeps on taking? I would love to see the decision tree these banks use to determine when cards (they know are compromised) should be replaced.
http://www.databreaches.net/?p=3468
Ohio Heritage Bank replaces cards due to HPY breach (updated)
May 4, 2009 by admin Filed under: Breach Types, Financial Sector, Government Sector, Hack, Healthcare Sector, ID Theft, Lost or Missing, Malware, Non-U.S., U.S.
Heartland Payment Systems may be back in VISA’s good graces as PCI-Compliant, but the impact of the breach continues to emerge.
Leonard Hayhurst of Coshocton Tribune reports that Ohio Heritage Bank was alerted over the weekend that 800 debit cards were compromised due to the breach. Of the 800 cards, 15 showed fraudulent charges.
VISA gave banks and credit unions until May 19 to file claims for reimbursement for part of any losses. It is not clear whether VISA is still notifying financial institutions of compromised card numbers. An inquiry to VISA has not yet been answered.
Update: According to a source close to VISA, Visa completed notifying financial institutions about card numbers at risk “a while ago.” It would seem then, that financial institutions claiming that they were “recently” or “just” notified are not referring to notification by VISA. These may be cases where financial institutions were monitoring numbers for signs of misuse and then either decided to replace cards before the May 19 deadline for submitting claims, or have only recently detected evidence of actual misuse of cards.
One excuse (any government makes) is that the process of protecting data is huge, expensive, and requires a highly trained staff. See the next article and judge for yourself.
http://www.pogowasright.org/article.php?story=20090505053654452
NZ: Kiwis' personal details exposed
Tuesday, May 05 2009 @ 05:36 AM EDT Contributed by: PrivacyNews
The personal details of thousands of New Zealanders are at risk because Government departments have poor controls on how staff use portable storage devices, the Privacy Commissioner says.
A survey of the 42 main government agencies, undertaken by the Office of the Privacy Commissioner, shows 'portable storage devices' (PSDs) - such as USB memory sticks - are widely used but that there are "real gaps" in security procedures and practices, Privacy Commissioner Marie Shroff says.
Source - Stuff
Related - Press Release from the Privacy Commissioner and Results of the Survey (.doc).
Read the article. How difficult does this seem to you?
http://www.makeuseof.com/tag/how-to-hide-files-like-a-super-villain/
How To Hide Files Like a Super Villain
May. 4th, 2009 By Tim Watson
Got something to hide? The Colonel’s secret recipe? An advance screener DVD of Watchmen? Top-secret plans for world domination? If this sounds like you, and you want to hide something on your computer, really well, then please continue reading. Time for some magic; I’m gonna make your files disappear.
The potential of botnets. What is the average password worth? Pennies or pounds?
http://www.pogowasright.org/article.php?story=20090504152754619
Researchers hijack botnet, score 56,000 passwords in an hour
Monday, May 04 2009 @ 03:27 PM EDT Contributed by: PrivacyNews
The Torpig botnet was hijacked by the good guys for ten days earlier this year before its controllers issued an update and took the botnet back. During that time, however, researchers were able to gain a glimpse into the kind of information the botnet gathers as well as the behavior of Internet users who are prone to malware infections.
Source - Ars Technica
[From the article:
Almost 300,000 unique login credentials were gathered over the time the researchers controlled the botnet, including 56,000 passwords gathered in a single hour using "simple replacement rules" and a password cracker. They found that 28 percent of victims reused their credentials for accessing 368,501 websites, making it an easy task for scammers to gather further personal information.
… Of course, the primary goal of Torpig is to steal financial information like credit card numbers and bank logins. In just ten days, Torpig apparently obtained credentials of 8,310 accounts at 410 financial institutions, including PayPal, Capital One, E*Trade, and Chase. The researchers noted, too, that nearly 40 percent of the credentials stolen by Torpig were from browser password managers, and not actual login sessions, and that the Torpig controllers may have exploited these credentials for between $83,000 and $8.3 million during that time period.
Too expensive to book a flight just to steal data, perhaps something at the airport or as the planes fly over? (Note this is how many home systems are set up and how TJX lost 95 million card numbers – no one ever learns.) .
http://www.pogowasright.org/article.php?story=20090504182909568
Personal Computer Information Can Be Easily Hacked While in Flight
Monday, May 04 2009 @ 06:29 PM EDT Contributed by: PrivacyNews
Recently Netragard, LLC, The Specialist in Anti-Hacking, found that airline passangers' personal computer information can be easily hacked while in flight. The wireless inflight airline internet access service, GoGo Inflight Internet ("GoGo"), which enables travelers to access the internet while in flight does not encrypt communications between users (passengers )and the Wireless Access Points on the aircraft.
Source - News Blaze
Victim analysis continues...'
http://www.pogowasright.org/article.php?story=20090504183112889
Consumer Reports Survey: One in Five Online Consumers Have Been Victims of Cybercrime
Monday, May 04 2009 @ 06:31 PM EDT Contributed by: PrivacyNews
It continues to be a boom time for cybercrime according to the latest Consumer Reports National Research Center "State of the Net" survey. Consumer Reports found that one in five online consumers have been victims of cybercrime in the last two years to the tune of an estimated $8 billion. And the overall rate of the crime has remained consistent over the five years that Consumer Reports has been tracking.
Source - News Blaze
[From the article:
Additionally, Consumer Reports estimates that 1.2 million consumers have had to replace their computers over the past two years due to software infections and an estimated 3.7 million households with broadband Internet access did not use a firewall to protect against hackers.
Why statistics matter when developing a security plan.
http://www.atthebreach.com/blog/would-your-employees-sell-out/
May 04, 2009
Would your employees sell out?
According to a new survey of 600 people, one third of employees would sell company secrets for compensation. The amount of compensation needed varied based on who was spoken to. This survey was done by the same people who famously got usernames and passwords from people in exchange for a chocolate bar last year.
… The vast majority (about two thirds) said it would be “easy” to get this information out of the organization. Eighty eight percent of them think that the information they have access to is valuable.
The respondents said they felt less secure in their jobs and had less loyalty to the employers than they did a year ago.
For those that had access to customer information such as credit or debit card information, most said they were less likely to sell that, and 4 out of 5 flat out refused at any price. For the 20 percent that were willing to do it, the price was far higher than other types of data.
Q: What will replace tax incentives for foreign investment? A: Foreign aid Q: Why? A: Because Government spending is good, business or individual investment is bad. Q: How can you tell that Bob is upset? A: Check his blood pressure.
http://www.bespacific.com/mt/archives/021278.html
May 04, 2009
Treasury: Leveling the Playing Field: Curbing Tax Havens and Removing Tax Incentives for Shifting Jobs Overseas
News release: "Today, President Obama and Secretary Geithner are unveiling two components [Fact Sheet and Backgrounder] of the Administration's plan to reform our international tax laws and improve their enforcement. First, they are calling for reforms to ensure that our tax code does not stack the deck against job creation here on our shores. Second, they seek to reduce the amount of taxes lost to tax havens – either through unintended loopholes that allow companies to legally avoid paying billions in taxes, or through the illegal use of hidden accounts by well-off individuals. Combined with further international tax reforms that will be unveiled in the Administration's full budget later in May, these initiatives would raise $210 billion over the next 10 years. The Obama Administration hopes to build on proposals by Senate Finance Committee Chairman Max Baucus and House Ways and Means Chairman Charles Rangel – as well as other leaders on this issue like Senator Carl Levin and Congressman Lloyd Doggett – to pass bipartisan legislation over the coming months."
For my Data Mining classes. Might be useful in e-discovery too. It's an overview, but contains many techniques for thinking a problem through.
http://www.bespacific.com/mt/archives/021279.html
May 04, 2009
CIA - A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis
A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis, Prepared by the US Government, March 2009
"Using the analytic techniques contained in this primer will assist analysts in dealing with the perennial problems of intelligence: the complexity of international developments, incomplete and ambiguous information, and the inherent limitations of the human mind. Understanding the intentions and capabilities of adversaries and other foreign actors is challenging, especially when either or both are concealed. Moreover, transnational threats today pose even greater complexity, in that they involve multiple actor —including nonstate entities—that can adapt and transform themselves faster than those who seek to monitor and contain them. Finally, globalization has increased the diversity of outcomes when complex, interactive systems such as financial flows, regional economies or the international system as a whole are in flux."
Got 3G?
http://www.wired.com/gadgetlab/2009/05/3gstudy/
Battle of the Carriers: Take Wired.com’s 3G Smartphone Speed Test
By Brian X. Chen Email Author May 4, 2009 9:13 am
… Just which cellphone network is the best? Or better yet, which carrier is best for you in your particular area? In August, Wired.com conducted a global study to investigate the iPhone 3G’s network issues, which concluded that connection problems were tied to AT&T rather than the handset itself. Following up on that survey, Wired.com is inviting every 3G smartphone user in the United States to participate in a study to determine which carrier is the best overall in the country.
The process involves running a data speed test on your browser-equipped smartphone, followed by plotting your results on an interactive map with your computer. Ultimately, consumers will be able to view the results on the map to see how well each carrier performs in different parts of the country.
Because my Computer Security students must give two presentations on security software... And because it pays to have tools like these in your Swiss Army folder.
http://www.makeuseof.com/dir/passpub-online-password-generator/
PassPub : Online Password Generator
http://www.makeuseof.com/dir/password-chart-create-strong-passwords/
Password Chart : Secure Password Creator
5 more
http://lifehacker.com/5237503/five-best-free-data-recovery-tools
Five Best Free Data Recovery Tools
By Jason Fitzpatrick, 9:00 AM on Sun May 3 2009, 84,267 views
No comments:
Post a Comment