Latest Posts

7fef78c47060974e0b8392e305f0daf0

Are you running a WordPress Blog? Update it today

August 12, 2009 Added by:Infosec Island Admin

Another security release for Wordpress was released yesterday (version 2.8.4) which patches a rather annoying security flaw discovered with all prior versions. By sending a specially crafted URL as an unauthenticated user to your WP blog, and attacker can essential reset your admin password and lock you out of your blog.

Comments  (0)


From the Web

Hackers strike UC Berkeley again

August 12, 2009 from: Office of Inadequate Security

Hackers have struck again at UC Berkeley computers, this time at the Graduate School of Journalism, nabbing a possible 493 social security numbers.

Comments  (0)


From the Web

Whistleblower lawsuit against Kaiser (updated)

August 10, 2009 from: Office of Inadequate Security

At a time when concerns about the privacy and security of electronic health records are a hot topic and the issue of private vs. public health insurance is making the front pages, a lawsuit filed by a former Kaiser employee alleges that Kaiser knowingly and repeatedly violated HIPAA, exposed millions of members to identity theft, and ripped members off by not keeping track of deductibles and co-pa...

Comments  (2)


From the Web

Password Advice

August 10, 2009 from: hackyourself.net

Some advice and insight from Bruce Schneier on Password Security. Whether you agree or disagree, this is worth checking out.

Comments  (3)


From the Web

Security Religions and Risk Windows

August 09, 2009 from: Jeremiah Grossman's Blog

Information security threats are way up, fraud losses continue to rise, regulatory fines are increasingly common, and budget dollars to solve the myriad of problems are in short supply. Hampered by a sluggish economy, organizations simply cannot afford to hire all the talent they need, implement every best-practice, or buy every blinking light widget out there. Sacrifices are unavoidable, risk mus...

Comments  (0)


From the Web

SMBEnum

August 09, 2009 from: Rsnake's blog at ha.ckers.org

Notes from Robert "Rsnake" Hansen about a talk given at DefCon last week regarding how Internet Explorer can be used to enumerate local system files.

Comments  (0)


From the Web

Data security breach notification law update

August 07, 2009 from: Office of Inadequate Security

This is a brief timeline of the latest in legislative changes surrounding requirements for reporting a security breach.

Comments  (0)


From the Web

Heartland says breach has cost $32 million so far

August 06, 2009 from: Office of Inadequate Security

Heartland Payment Systems on Tuesday (Aug. 4) said it spent $32 million this year paying for costs related to the major data breach it disclosed in January, including $22.1 million to cover fines from key payment card brands and a settlement offer. Heartland did not say how the $22.1 million was split between the fines and the settlement offer, but it did provide clues.

Comments  (1)


From the Web

Mozilla shuts Firefox e-store after security breach

August 05, 2009 from: Office of Inadequate Security

Mozilla shuttered its online store late Tuesday after finding out that the firm it hired to run the backend operations of the company’s e-tailing business had suffered a security breach.

Comments  (1)


From the Web

Employees sacked for ID card data breach

August 04, 2009 from: Office of Inadequate Security

The database in question holds data on 92 million people in the U.K. About 200,000 people have access to it. If they cannot adequately secure the database from misuse by employees, well……. Nine local authority workers have been sacked after illegally accessing personal details of the public held on the government’s national identity database.

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

OWASP Testing Guide Version 3

August 03, 2009

This is an excellent resource on the process of testing web applications for security vulnerabilities/general insecurities...this is by no means exhaustive nor perfect for every envirnment, but a valuable read for anyone who manages or tests web applications

Comments  (2)


From the Web

Personal data mishandled at Commerce Dept.

August 03, 2009 from: Office of Inadequate Security

The names and Social Security numbers of at least 27,000 Commerce Department employees were exposed to a risk of identity theft following an inappropriate transfer of the personal information in mid-July, according to a letter sent to department employees last week.

Comments  (0)


From the Web

TNCC computer tech says access now cut off

August 03, 2009 from: Office of Inadequate Security

Last week, the Daily Press reported that a former part-time computer help desk technician at Thomas Nelson Community College claimed that he had been laid off almost three weeks earlier, but that he still had computer access to the records and Social Security numbers of every student in the Virginia Communit...

Comments  (0)


From the Web

Last conspirator in $5 million fraud ring sentenced

August 01, 2009 from: Office of Inadequate Security

Dana J. Boente, U.S. Attorney for the Eastern District of Virginia, announced that all seven conspirators have now been sentenced for stealing more than $5 million through a fraud scheme involving identity theft and credit card, bank and mortgage fraud.

Comments  (0)


From the Web

SSA employee convicted for unauthorized access to govt computer

August 01, 2009 from: Office of Inadequate Security

Roberto Rodriguez, 54, formerly of Fort Lauderdale, FL, was convicted by a jury on July 29, 2009 of seventeen counts of exceeding his authorized access to a government computer. Rodriguez is scheduled to be sentenced on October 9, 2009, before U.S. District Court Judge William J. Zloch.

Comments  (0)


From the Web

Tax-preparation docs found in dumpster

August 01, 2009 from: Office of Inadequate Security

WOIA in Texas reports that San Antonio police are investigating how boxes full of unredacted personal information including Social Security numbers and financial information were sitting in the in the open in a dumpster.

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Adobe Releases Critical Patches for Flash Player

July 31, 2009 Added by:Infosec Island Admin

Today, Adobe released version 10.0.32.18 of their Flash Player software. This new version fixes multiple critical vulnerabilities, many of this Adobe has not been forthcoming about.

Comments  (4)


From the Web

Clarence employees criticized in audit

July 31, 2009 from: Office of Inadequate Security

The Clarence High School [Buffalo, NY] principal and other district employees repeatedly used district computers for personal use, the state comptroller’s office said.

Comments  (2)


From the Web

McAfee keeps leaked details to itself

July 31, 2009 from: Office of Inadequate Security

McAfee is yet to confirm with delegates to its recent Strategic Security Conference that their details were leaked in a bulk email, as reported on iTnews yesterday.

Comments  (0)


From the Web

Clampi Trojan stealing online bank data

July 31, 2009 from: Office of Inadequate Security

Hundreds of thousands of Windows computers are believed to be infected with a Trojan called “Clampi” that has been stealing banking and other login credentials from compromised PCs since 2007, a security researcher said on the eve of the Black Hat security conference.

Comments  (0)