At least it's not your bank account.
What ever happened to Best Practices?
"Phandroid's AndroidForums.com
has been hacked. The database that powers the site was compromised
and more
than one million user account details were stolen. If you use
the forum, make sure to change your password ASAP. From the article:
'Phandroid has revealed that its Android Forums website was hacked
this week using a known exploit.
The data that was accessed includes usernames, e-mail addresses,
hashed passwords, registration IP addresses, and other less-critical
forum-related information. At the time of writing, the forum listed
1,034,235 members.'"
Another “We don't need no stinking
Best Practices” breach. Also, the potential to see how much (how
little?) security remediation really costs.
Follow-up:
Regulators criticize NYSEG for computer security breach
July 12, 2012 by admin
Remember the breach reported by New
York State Electric & Gas (NYSEG) and Rochester Gas and Electric
(RG&E) back in January? Jeff Platsky reports the results of
an investigation into the utilities’ security:
A potential data
breach at New York State Electric & Gas Corp. not only drew the
ire of customers but is now its drawing criticism from regulators who
are telling the utility shore up its computer security practices.
In a statement
released on Thursday afternoon, New York Public Service Commissioner
Garry Brown said the utility “failed to meet industry standards”
in protecting the privacy of its customers. The commission has
directed the NYSEG and its sister utility, Rochester Gas &
Electric Corp., to immediately address potential vulnerabilities in
computer billing and records systems.
Read more on PressConnects.com.
The statement from the NY Public
Service Commission reads:
The New York State
Public Service Commission (Commission) today received a report from
Department of Public Service staff that both New York State Electric
& Gas Corporation (NYSEG) and Rochester Gas & Electric (RG&E)
failed to adequately protect confidential customer information from
unauthorized access by outside parties.
“Our
investigation found that NYSEG and RG&E failed to
meet industry standards and best practices to protect personally
identifiable information of customers,” said Commission
Chairman Garry Brown. “As a result, we are directing the companies
to immediately take action to address the vulnerabilities on its
computer billing and records systems currently used to take and
maintain confidential customer information.”
… In addition
to the foregoing recommendations, the Commission raised concerns that
the issue of costs that both the companies incur in responding to
this security breach. The Commission will require
the companies segregate and report all of the costs associated with
rectifying the security breach, including the customer
care costs identified above as well as any incremental investigation
and remediation costs, as part of respective 2012 earnings sharing
filings, and that the Commission closely scrutinize any proposal to
incorporate these costs in the earnings sharing calculation. In this
way, the companies will be put on notice that they will be required
to justify fully the inclusion of any such expenses in their earnings
sharing calculations.
We have moved beyond “English, as she
is spoke”
"Spammers
used to depend on email recipients to tie the noose around their own
necks by inputing their personal and financial information in
credible spoofs of legitimate websites, but with the advent of
exploit kits, that technique is slowly getting sidelined. Prompted
by the rise in numbers of spam runs leading to pages hosting exploit
kits, Trend Micro researchers have recently been investigating
a number of high-volume spam runs using the Blackhole exploit kit.
According to them, the phishing messages of
today have far
less urgency and the message is implicit: 'Your statement is
available online'; or 'Incoming payment received'; or 'Password reset
notification.'"
One thing that's long worried me is
that the bulk of spammers and malware writers may hire copywriters
with a better grasp of English than most of the ones I see now. "I
send you this file in order to have your advice" was funny,
because it stuck out.
Long, long ago in a galaxy far, far
away....
HP’s
Operation ‘Kona’ Private Eyes Get 3 Years Probation
Two private investigators who
impersonated reporters, Hewlett Packard board members, and their
families have been sentenced to three years probation and six months
electronic monitoring in the case.
Joseph DePante and his son Mathew
DePante were sentenced Thursday in a San Jose, California, federal
court. They had pleaded guilty to the charges in February.
The sentencing closes a final chapter
in a corporate spying scandal that dates back to the spring of 2005,
when HP’s management decided to clamp down on embarrassing
boardroom leaks. HP hired a Boston security company called Security
Outsourcing Solutions, which in turn hired the DePantes’ Melbourne,
Florida, investigation company — Action Research Group — to
identify the leakers.
“ This new tool allows us to claim
that we care without actually having to care!”
Twitter and Buddy Media have just
announced
a partnership which will screen the ages of users who try to follow
‘adult’ brands on Twitter that implement a new ‘age-gate’
system. The system was generated as a service that marketers and
brands can use on Twitter to ensure that they’re not peddling their
wares to illegally young users.
The brands themselves will have to
implement the new age-gate, so it wont work out of the box for every
adult brand automatically.
… Here’s the basic process:
First, a user sees a brand they’d
like to follow. Say, Skinny Girl. They click the Follow button.
The brand immediately Direct Messages a link to the user, asking
them to confirm their age by visiting age.twitter.com.
They’re presented with a message that
requires them to enter their age and accept a set of terms.
The future of social? One of the first
news aggregators fades away?
"The once popular social news
website Digg.com, which received
$45 million in funding, is being sold
to to Betaworks for $500,000. From the article: 'Betaworks is
acquiring the Digg brand, website, and technology, but not its
employees. Digg will be folded into News.me, Betaworks' social news
aggregator. This is not
the outcome people expected for Digg. In 2008, Google was
reportedly set to buy it for $200 million.'"
The world, she is a'changing...
Anything you want, instantly!
"A while ago, Amazon caved on
paying individual states sales taxes. Now we know why. Amazon is
setting up same-day
delivery warehouses everywhere.
They will put most normal retailers out of business."
If that's a bet, I'll take it.
No comments:
Post a Comment