Latest Posts


From the Web

Gonzalez: The Al Capone Of Cyber Thieves?

August 19, 2009 from: Office of Inadequate Security

Evan Schuman and Fred J. Aun have a well-written commentary on the recent indictment of Albert Gonzales and two unnamed co-conspirators that highlights the questions left unanswered by the indictment, and the apparent contradictions between statements made.

Comments  (0)


From the Web

Radisson breach affects N. American guests

August 19, 2009 from: Office of Inadequate Security

The Associated Press has an item about Radisson Hotels & Resorts notifying guests of a breach that involved their credit card numbers. And I see that on Radisson’s site, they have posted a letter to guests:

Comments  (0)


From the Web

UMass battles hacker attack

August 19, 2009 from: Office of Inadequate Security

Since the University of Massachusetts announced a breach of its computer system earlier this month, there have been a few inquiries but no evidence that hackers actually stole information, according to UMass spokesman Edward F. Blaguszewski.

Comments  (0)


From the Web

Finance company identifies 294 recipients of non-payment legal threat

August 18, 2009 from: Office of Inadequate Security

A finance company has disclosed the email addresses of 294 customers that it says are behind in their repayments to the firm. The company emailed the customers but did not hide the addresses of everyone it contacted.

Comments  (0)


From the Web

7-Eleven statement regarding 2007 credit card fraud

August 18, 2009 from: Office of Inadequate Security

7-Eleven, Inc. has learned that federal authorities in New Jersey have indicted individuals for the theft of credit and debit card numbers in a computer hacking scheme targeting multiple retailers in a number of separate incidents over the last several years.

Comments  (0)


From the Web

Audit of Dept of Energy reveals unaddressed problems

August 18, 2009 from: Office of Inadequate Security

The Department of Energy and its contractors store and process massive quantities of sensitive information to accomplish national security, energy, science, and environmental missions. Sensitive unclassified data, such as personally identifiable information (PII), official use only, and unclassified controlled nuclear information require special handling and protection to prevent misuse of the inf...

Comments  (1)


From the Web

Three indicted for hacking Heartland, 7-Eleven, and Hannaford; Over 130 million credit and debit card numbers stolen

August 17, 2009 from: Office of Inadequate Security

An indictment [pdf] was returned today against three individuals who are charged with being responsible for five corporate data breaches, including the single largest reported data breach in U.S. history, announced Acting U.S. Attorney Ralph J. Marra, Jr., along with Assistant Attorney General of the Criminal ...

Comments  (0)


From the Web

Overcoming Objections to an Application Security Program

August 17, 2009 from: Jeremiah Grossman's Blog

Today a large percentage of security professionals truly “get” application security. They understand the importance, the best-practices, the value, etc. What inhibits their success the most in building an effective application security program is a lack of buy-in from the business and support from development groups.

Comments  (1)


From the Web

Lockheed Martin: hard drive not totally wiped

August 14, 2009 from: Office of Inadequate Security

Lockheed Martin recently notified some former or current employees that a hard drive that formerly belonged to them had been found for sale on eBay by academic researchers participating in a global research project. The researchers turned the drive over to the FBI when they found some employee data still readable on the drive.

Comments  (1)


From the Web

Stolen NY Life Insurance laptop had customer info

August 14, 2009 from: Office of Inadequate Security

For the second time in as many months, New York Life Insurance is notifying customers of a data breach. In the newest incident, a laptop containing unencrypted customer information was stolen from an employee’s vehicle in a “smash and grab.”

Comments  (0)


From the Web

Opinion: Heartland CEO Must Accept Responsibility

August 13, 2009 from: Office of Inadequate Security

An opinion statement from Mike Rothman on Heartland CEO Bob Carr's recent blame for their breach earlier this year on the PCI QSA firm that performed their PCI Certification. What do you think?

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

Are you running a WordPress Blog? Update it today

August 12, 2009 Added by:Infosec Island Admin

Another security release for Wordpress was released yesterday (version 2.8.4) which patches a rather annoying security flaw discovered with all prior versions. By sending a specially crafted URL as an unauthenticated user to your WP blog, and attacker can essential reset your admin password and lock you out of your blog.

Comments  (0)


From the Web

Hackers strike UC Berkeley again

August 12, 2009 from: Office of Inadequate Security

Hackers have struck again at UC Berkeley computers, this time at the Graduate School of Journalism, nabbing a possible 493 social security numbers.

Comments  (0)


From the Web

Whistleblower lawsuit against Kaiser (updated)

August 10, 2009 from: Office of Inadequate Security

At a time when concerns about the privacy and security of electronic health records are a hot topic and the issue of private vs. public health insurance is making the front pages, a lawsuit filed by a former Kaiser employee alleges that Kaiser knowingly and repeatedly violated HIPAA, exposed millions of members to identity theft, and ripped members off by not keeping track of deductibles and co-pa...

Comments  (2)


From the Web

Password Advice

August 10, 2009 from: hackyourself.net

Some advice and insight from Bruce Schneier on Password Security. Whether you agree or disagree, this is worth checking out.

Comments  (3)


From the Web

Security Religions and Risk Windows

August 09, 2009 from: Jeremiah Grossman's Blog

Information security threats are way up, fraud losses continue to rise, regulatory fines are increasingly common, and budget dollars to solve the myriad of problems are in short supply. Hampered by a sluggish economy, organizations simply cannot afford to hire all the talent they need, implement every best-practice, or buy every blinking light widget out there. Sacrifices are unavoidable, risk mus...

Comments  (0)


From the Web

SMBEnum

August 09, 2009 from: Rsnake's blog at ha.ckers.org

Notes from Robert "Rsnake" Hansen about a talk given at DefCon last week regarding how Internet Explorer can be used to enumerate local system files.

Comments  (0)


From the Web

Data security breach notification law update

August 07, 2009 from: Office of Inadequate Security

This is a brief timeline of the latest in legislative changes surrounding requirements for reporting a security breach.

Comments  (0)


From the Web

Heartland says breach has cost $32 million so far

August 06, 2009 from: Office of Inadequate Security

Heartland Payment Systems on Tuesday (Aug. 4) said it spent $32 million this year paying for costs related to the major data breach it disclosed in January, including $22.1 million to cover fines from key payment card brands and a settlement offer. Heartland did not say how the $22.1 million was split between the fines and the settlement offer, but it did provide clues.

Comments  (1)


From the Web

Mozilla shuts Firefox e-store after security breach

August 05, 2009 from: Office of Inadequate Security

Mozilla shuttered its online store late Tuesday after finding out that the firm it hired to run the backend operations of the company’s e-tailing business had suffered a security breach.

Comments  (1)