I'm of the opinion that trying to keep
this quiet was a bad decision... Now they have to explain how they
failed to notice that the tax information for 600,000 business was
also taken.
South
Carolina: 'The mother of all data breaches'
In a nation where hackers steal
personal data from computer systems on a near-daily basis, the
cyberattack on the South Carolina Department of Revenue stands out as
the largest breach against a state tax agency in the
nation.
“From a state point of view, this is
kind of the mother of all data breaches thus far,” said Larry
Ponemon, chairman of The Ponemon
Institute, which researches privacy and data protection.
… State officials have repeatedly
said such a theft of data could have happened to anyone, and there's
little that could have been done, but experts said South Carolina was
apparently a soft target.
… Ponemon believes other states are
just as vulnerable, because most states have poor data security.
“It shouldn't be viewed that the
folks in South Carolina really messed up, because they are not worse
than others,” Ponemon said. “My belief is that this could happen
in almost any state in the United States today.” [And
my view is they are all “really messed up” Bob]
… “I think the big problem was
that the data was not encrypted,” he said. “Certainly, it is the
responsible thing to do if you want to protect data.”
Is this another “stealth breach?”
Possible
MasterCard security breach
First Niagara Bank is warning customers
about a possible breach in MasterCard's security system.
First Niagara tells News10NBC it uses
MasterCard to service the debit cards.
A bank spokesperson says MasterCard
alerted them and to be safe.
… First Niagara is not releasing
the number of customers who could be affected or how the system might
have been breached.
Anyone with a
MasterCard could potentially be impacted by the breach,
according to a First Niagara spokesperson.
Who says you can't buy an election?
Your
vote costs Obama and Romney about $22
If you're an average online American,
you're worth about $22 to the U.S. presidential campaigns, at least
in terms of ad cost per vote. That's according to a new
vote calculator produced by online privacy startup Abine, which
asks seven multiple choice questions to gauge what you cost per ad.
The Obama and Romney campaigns have
spent about $5 billion on online advertising so far
but people are no longer receptive to traditional text or banner ads,
says Abine privacy attorney and privacy advocate Sarah Downey. "A
recent Anneberg study said that people dislike the idea that they're
being targeted with political ads," she said in a phone
conversation today. "86 percent of them disliked it, so instead
of just going through Facebook ads, they're also doing apps, and
recruiting your friends to do the work for them."
(Related) Remember Ethical Hackers,
“Vote early! Vote often!” (I'm sure this plan they put together
in a few days is every bit as safe and secure as any other...)
New
Jersey to Allow Voting by Email (and Fax) for Residents Displaced by
Superstorm Sandy
Less than a week after the storm -- and
just three days before Election Day -- New
Jersey officials have announced that they will allow those
displaced from their homes and first responders to submit their votes
by email or fax. A directive issued by Lieutenant Governor Kim
Guadagno officially
designated displaced New Jersey residents as "overseas
voters," thus giving them the electronic voting option already
available to New Jersey residents serving in the military. In
addition, displaced voters and first responders may also vote by
provisional ballot at any New Jersey polling location.
Why would anyone have 'naked pictures'
of themselve on the phone? For ease of sharing? Auditioning for a
PETA ad?
"El Reg reports that two
employees at a Verizon store in Florida are facing charges after
making copies of a woman's naked pictures while helping her transfer
data from an old phone to a new one. The two employees later offered
to show the pictures to another customer, but the customer happened
to be the woman's friend. The woman and her friend filed
a police report. The police quickly got a warrant to search the
store and found copies of the pictures on multiple devices there.
One of the employees, Gregory Lampert, was arrested and charged with
two felonies and a misdemeanor. The other employee, Joshua Stuart,
is no longer in Florida, but will face charges if he comes back."
This is totally petty, but probably
part of the Steve Jobs culture...
"Apple today posted its second
Samsung apology to its UK website, complying
with requests [Perhaps
that's the problem. It was an order not a request. Bob]
by the UK Court of Appeal to say its original apology was inaccurate
and link to a new statement. As users on Hacker News and Reddit
point out, however, Apple modified
its website recently to ensure the message is never
displayed without
visitors having to scroll down to the bottom first."
Some interesting findings... And a new
(to innocent me) term: E-whoring
But remember, this is only what hackers talk about, not the really
good stuff...
November
03, 2012
Hacker
Intelligence Initiative, Monthly Trend Report #13
Monitoring
Hacker Forums ADC Monthly Web Attacks Analysis, October 2012:
"Imperva analyzed one of the largest-known hacker forums with
roughly 250,000 members, as well as other smaller forums. Using
search capabilities, we analyzed conversations by topic using
specific keywords. We found:
- SQL injection is now tied with DDoS as the most discussed topic. Both topics got 19% of discussion volume. Last year, SQL injection was second with 19%, and DDoS came in first place with 22%. Ironically, of the $25 billion spent on software security, and we believe this means less than 5 percent of security budgets is allocated to products that cannot even recognize SQL injection attacks – let alone stop them. We believe this imbalance encourages hackers to continue to learn and deploy this attack method.
- Social networks today pose a major interest for hackers. They are becoming a prominent source of information, pictures, and potential monetary gain. Facebook was the most discussed social media platform, commanding 39% of discussions with Twitter a close second at 37%..."
Could
be a useful summary...
November 03, 2012
Juniper
Research - Exposing Your Personal Information – There’s An App
for That
"Mobile devices and applications
are no longer an accessory – they’re central to our daily lives.
Gartner predicts the number of mobile apps downloaded will double to
45 billion this year – and they’re only getting smarter. Today’s
apps are increasingly essential to accessing critical business
applications, connecting with friends on the go and even adopting
digital wallets. While these apps make our lives easier, they also
give a wider group of application developers and advertising networks
the ability to collect information about our activities and leverage
the functionality of our devices. At the same time, the
companies, consumers and government employees who install these apps
often do not understand with who and how they are sharing personal
information. Even though a list of permissions is
presented when installing an app, most people don’t
understand what they are agreeing to or have the proper information
needed to make educated decisions about which apps to trust.
More concerning is that many apps collect information or require
permissions unnecessary for the described functionality of the apps.
This is not the first time this issue has surfaced – reports of
popular apps collecting irrelevant information or transmitting data
when devices are turned off has led to significant backlash.
However, less is known about the state of privacy across the entire
application ecosystem. To get a sense of the state of application
privacy today, Juniper Networks’
Mobile Threat Center (MTC) analyzed over 1.7 million apps on the
Google Play market from March 2011 to September 2012."
Not really “Best Practices,” but
lots of 'bumper sticker' quotes that might be memorable..
November 03, 2012
nCircle
Security Tips eBook
"As part of nCircle's commitment
to improving Internet security, we asked some of the brightest minds
in security to help us compile a list of security tips
and tricks for a wide range of readers. The resulting
eBook includes a wide range of topics — from passwords and public
Wi-Fi to Java configuration and sandboxing — and includes tips from
security experts like Richard Stiennon, Adam Shostack, John Banghart,
Brandon Williams and many others. The eBook is formatted to make it
easy to share on social media platforms like Twitter and Facebook.
Help us make the Internet a safer place. Download the eBook and chime
in with a security tip of your own. Get the free
eBook by downloading either the eBook
version or the PDF
version."
I know, it's hard to believe...
"Security firm Kaspersky has
released its latest IT Threat Evolution report. There were some
interesting findings in the report, as always, but the most
interesting thing that stuck out was all the way at the bottom:
'Microsoft
products no longer feature among the Top 10 products with
vulnerabilities. This is because the
automatic updates mechanism has now been well developed
in recent versions of Windows OS.'"
For anyone who thinks encryption is too
hard.
… ImmediateCrypt Web Demo is a free
to use web service that can encrypt pieces of text with a password.
You can type in your original text in the first field of the site.
Next you type in a password which will act as your encryption key.
You will need to remember your password. Copy the encrypted text and
send it to the recipient and communicate the encryption key to them.
They can then visit the website and repeat the process only to
decrypt the text; the bottom field will then show the original text.
- Also read related article: Five
Online Encryption Tools to Protect Your Privacy.
No comments:
Post a Comment