Sunday, January 23, 2011

Should it still surprise people that customers take these breaches personally?

http://www.databreaches.net/?p=16480

(update) Lush Looks For Answers In Security Breach That Could Cost Customers Thousands

January 22, 2011 by admin

Popular cosmetics chain Lush has been attacked by hackers, with consumer credit card information and personal details having been used for fraudulent purchases. It appears as though the hackers may have been stealing sensitive data for up to four months, and Lush has advised consumers to contact their banks if they thought their details had been used by the hackers.

On January 21st, a message on the Lush home page explained the situation and the online shop were shut down. Based on what people are saying on Lush’s Facebook fan page, people are far from happy. People complained about having to cancel their credit cards from fear of exploitation and many claimed to have lost money as well. The biggest complaint seems to be that Lush took so long in noticing the breach in security.

Read more on Reviews of Electronics.



I find this interesting because Southwest One provides technical support to schools. The list of passwords likely provide Administrator level access to the school system networks.

http://www.databreaches.net/?p=16484

UK: Somerset schools’ website security ‘breached’ by Southwest One

January 22, 2011 by admin

Rory McKeown reports:

Claims have been made that Southwest One published security passwords for every school website in the county online.

An unnamed source contacted this website claiming someone from the venture allegedly performed the “massive security breach” while updating the website itsc.co. uk.

They allege security passwords for every school in Somerset and other websites were apparently published online in a document called ‘Password List’ – but said the site has since been taken offline after a Somerset County Councillor made the discovery.

[....]

Although a spokesman for Southwest One initially said the organisation does not comment on anonymous allegations, they said later today: “We have become aware of an IT security issue within a Southwest One department responsible for maintenance of educational establishment systems.

“Actions have already been taken to remedy the situation.

“Southwest One is looking into the matter and will liaise closely with Southwest One Partners about its findings.”

Read more on The West Country.



The difference in time and effort is trivial.

http://yro.slashdot.org/story/11/01/23/0055257/Norwegian-Police-Seeking-Info-On-2-Bloggers-Take-Data-From-7000-Accounts?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Norwegian Police, Seeking Info On 2 Bloggers, Take Data From 7,000 Accounts

"Norwegian police were asked by officials in Italy to get personal information about two bloggers who were using a server in Oslo. The police decided the best thing to do would be to take the server's hard drive, along with personal information from about 7,000 other users (Google translation of Norwegian original). Other ISPs say this is standard operating procedure in Norway these days."


(Related) On the other hand, if you are looking for indications of (for example) money laundering, how would you find any without looking at transaction?

http://www.databreaches.net/?p=16478

Criminal finance database security worries peers

January 22, 2011 by admin

Alex Stevenson reports:

A database monitoring 1.5 million suspicious criminal transactions may be insecure, a committee of peers has warned.

The House of Lords’ EU committee backed the view of the information commissioner that access to the Serious Organised Crime Agency’s Elmer database may be too wide.

The database is Soca’s main tool in identifying suspicious activity which may involve funds gained from criminal activity.

It contains detailed personal records of transactions for which there is only a relatively low level of suspicion, prompting the concern from peers.

Read more on Politics.co.uk



e-Discovery in 10 minutes...

http://e-discoveryteam.com/2011/01/21/cutsie-yet-cool-video-explains-e-discovery-and-why-businesses-should-care-about-information-management-and-e-discovery-readiness/

Cutsie, Yet Cool Video Explains e-Discovery and Why Businesses Should Care About Information Management and e-Discovery Readiness



How much money could Facebook save if they thought about customer reactions before they did something that changed Privacy?

http://www.pogowasright.org/?p=19765

Facebook’s January hat-trick on privacy concessions

January 22, 2011 by Dissent

Facebook seems to be getting a lot of exercise in backpedalling and concession-making this month. Not only did the company put its plans to share contact details with application developers on hold and make concessions to the South Korean government, but now it’s made concessions to the German data protection agency:

Data protection officials in Germany have won a stage victory over the Internet giant Facebook and its head Mark Zuckerberg. Responding to official complaints, the company has agreed to make far-reaching changes to its controversial “Friend Finder” service.

Until now, people have received e-mails inviting them to join Facebook, even if they had never before had anything to do with the social network. Particularly disturbing for many of the recipients of such invitations, the mails often included images of people they knew.

Read more on Der Spiegel. Monsters & Critics also covers the development.

Do you think all of these privacy concerns have contributed to renewed debate about online privacy in the Senate?



For my Ethical Hackers. I still think attacks using “new” technologies require an “old” technology response. Like Hannibal, send in the elephants!

http://tech.slashdot.org/story/11/01/22/224249/Is-Retaliation-the-Answer-To-Cyber-Attacks?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Is Retaliation the Answer To Cyber Attacks?

"Should revenge assaults be just another security tool large IT shops use to counter cyber attacks? It's a controversial idea, and the law generally frowns on cyber attacks in general, but at the Black Hat DC conference last week, some speakers took up the issue of whether and how organizations should counterattack against adversaries clearly using attack tools to break into and subvert corporate data security."



Petroleum farming? Will the oil companies find a way to ban this technology?

http://news.slashdot.org/story/11/01/22/1645241/Biotech-Company-Making-Fossil-Fuels-With-a-Library-of-Bacteria?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Biotech Company Making Fossil Fuels With a 'Library' of Bacteria

"In September, a privately held and highly secretive US biotech company named Joule Unlimited received a patent for 'a proprietary organism' – a genetically engineered cyanobacterium that produces liquid hydrocarbons: diesel fuel, jet fuel and gasoline. This breakthrough technology, the company says, will deliver renewable supplies of liquid fossil fuel almost anywhere on Earth, in essentially unlimited quantity and at an energy-cost equivalent of $30 (US) a barrel of crude oil. It will deliver, the company says, 'fossil fuels on demand.' ... Joule says it now has 'a library' of fossil-fuel organisms at work in its Massachusetts labs, each engineered to produce a different fuel. It has 'proven the process,' has produced ethanol (for example) at a rate equivalent to 10,000 US gallons an acre a year. It anticipates that this yield could hit 25,000 gallons an acre a year when scaled for commercial production, equivalent to roughly 800 barrels of crude an acre a year."


No comments: