Latest Posts


From the Web

Confirmed: Thousands of Hotmail passwords leaked online

October 05, 2009 from: Office of Inadequate Security

An anonymous user posted details of the accounts on October 1 at pastebin.com, a site commonly used by developers to share code snippets. The details have since been removed but Neowin has seen part of the list posted and can confirm the accounts are genuine and most appear to be based in Europe. The list details over 10,000 accounts starting from A through to B, suggesting there could be addition...

Comments  (0)


From the Web

Royal Bank glitch allowed Visa customers to view others’ transactions

October 03, 2009 from: Office of Inadequate Security

The Royal Bank says it has fixed a computer security glitch that allowed some of its West Coast Visa customers to view transactions made by other cardholders.

Comments  (0)


From the Web

Cloud/SaaS will do for websites what PCI-DSS has not

October 02, 2009 from: Jeremiah Grossman's Blog

If a would-be Cloud/Software-as-a-Service (SaaS) customer is concerned about security, and they should be since their business is on the line, then security should be the vendors concern as well. Unless the Cloud/SaaS vendor is able to meet a customer’s minimum requirements, they risk losing the business to a competitor who can.

Comments  (1)

Ebb72d4bfba370aecb29bc7519c9dac2

Top PCI DSS Compliance and Security Marketing Annoyances

October 02, 2009 Added by:Anton Chuvakin

Anton Chuvakin discusses PCI DSS. "Don’t misspell PCI DSS. It is not “PCI DDS”, and even not “PCIDSS.” BTW, if you want to impress PCI literati, make sure that “PCI DSS” has a space, while “PA-DSS” has a dash.Most definitely, do not pretend that you address ALL PCI DSS requirements for the only reason of wanting to look good."

Comments  (0)

B426b30042abbc15e363cb679bbc937d

Facebook’s Faith: A New Scareware Attack

October 01, 2009 Added by:Daniel Kennedy

On Thursday morning, AVG researcher Roger Thompson, after sourcing some spyware attacks to a series of Facebook profiles, noted that these few hundred profiles were showing up with the same profile image but different profile information. The home video link on these profiles, belonging to Faith / Emily / whoever, points to the a web site that displays scareware dialogs: netmedtest.com/index.php?a...

Comments  (1)

1edd33b030fca4ea748c10bae11a7946

Compliance as a Service

October 01, 2009 Added by:Bob Broda

CaaS would be a value added service that would attract plenty of customers. But how real is the likelihood of this service being offered? There are a number of issues associated the CaaS concept:

Comments  (0)


From the Web

Probe Targets Archives’ Handling of Data on 70 Million Vets

October 01, 2009 from: Office of Inadequate Security

The inspector general of the National Archives and Records Administration is investigating a potential data breach of tens of million of records about U.S. military veterans, after the agency sent a defective hard drive back to its vendor for repair and recycling without first destroying the data.

Comments  (0)


From the Web

Hackers Breach Payroll Giant, Target Customers

October 01, 2009 from: Office of Inadequate Security

Hackers last week apparently used stolen account information from a New Jersey company that provides online payroll services to target the firm’s customers in a scheme to steal passwords and other information.

Comments  (0)


From the Web

UNC security breach less severe than feared

September 30, 2009 from: Office of Inadequate Security

A hacker who wormed into a UNC Chapel Hill computer server may not have gotten access to as much information as officials originally feared.

Comments  (0)


From the Web

A Glimpse Into the Future of Browser Security

September 30, 2009 from: Mozilla Security Blog

As we mentioned earlier we’ve been working for the past few months on turning the Content Security Policy specification into working Firefox code. (You’ll remember that CSP is a framework to protect websites from XSS and related attacks). We are happy to report that the work is nearly finished, and we have some preview builds available for you to try out.

Comments  (0)


From the Web

IT security breaches In Canada more than triples in 2009

September 30, 2009 from: Office of Inadequate Security

IT security breaches cost the average Canadian organization an estimated $834,000 in 2009 – a 97 per cent increase from the $423,000 reported by the study last year. Similarly, the average number of reported IT security breaches also increased 276 per cent to 11.3 per organization in 2009 – compared with an average of three in 2008.

Comments  (0)

2b736f73615495dbfc8c911ef6378747

Find and manage your enterprise desktops with Altiris Client Management Suite from Symantec

September 28, 2009 Added by:David Strom

David Strom's video review of the Altiris Client Management Suite, an enterprise desktop discovery, inventory, remote configuration, deployment, and patch management utility that supports a wide range of client operating systems.

Comments  (0)


From the Web

Hacker hits UNC-Chapel Hill study data

September 25, 2009 from: Office of Inadequate Security

A hacker has infiltrated a computer server housing the personal data of 236,000 women enrolled in a UNC-Chapel Hill research study.

Comments  (0)


From the Web

Study: 600K campus records hacked this year

September 21, 2009 from: Office of Inadequate Security

Computer hackers reportedly have stolen identifying information and credit card numbers from more than half a million — some 600,000 — college students, faculty, and alumni this year. This is prompting some campus IT officials to call for a “total overhaul” of computer security protocol.

Comments  (0)


From the Web

What Star Trek Predicts About The Future of Information Security

September 18, 2009 from: Rsnake's blog at ha.ckers.org

I had a funny thought while talking with some folks from Intel about what the future state of of information security would look like and how that relates to what our favorite nerdy show, Star Trek, has to say on the topic. This is meant to be a funny post, but there may be some truth buried in here somewhere too. Without further ado:

Comments  (2)


From the Web

Commerce Bank replaces cards compromised in Heartland breach

September 18, 2009 from: Office of Inadequate Security

Dan Margolies reports that Commerce Bank in Kansas City is first replacing credit cards after a recent small wave of fraudulent activity was reported. The compromised cards were involved in the Heartland Payment Systems breach disclosed in January 2009.

Comments  (0)


From the Web

ID theft ringleader back in custody after 4 years on the lam

September 17, 2009 from: Office of Inadequate Security

The mastermind of an identify theft ring who fled after being sentenced for his role in the scheme to steal personal and confidential credit report profiles of thousands of customers of Weichert Financial Services, Inc. pleaded guilty today to failure to surrender to federal prison.

Comments  (0)


From the Web

Man sentenced for micro-deposit scam

September 17, 2009 from: Office of Inadequate Security

A 22-year old man was sentenced to 15 months in prison and restitution of $200,073.44 for fraud and related activity in connection with computers. After release from prison, Michael Largent will also face three years of strict restrictions on his use of computers and the Internet.

Comments  (0)


From the Web

Plugin Updating Project: Follow up

September 16, 2009 from: Mozilla Security Blog

I wrote last week about a new project we’ve [Mozilla] started, informing our users when they’re running out of date versions of popular plugins. We focused our initial efforts on the Adobe Flash Player and now, a week after launch, Mozilla’s Numerator, Ken Kovash, has a blog post up looking at the results.

Comments  (0)


From the Web

Auditor: Bullitt lacked proper controls to prevent online theft

September 16, 2009 from: Office of Inadequate Security

Bullitt County [Kentucky] Fiscal Court did not have sufficient online banking controls in place at the time of the June online theft of $415,989, according to a report by the state auditor.

Comments  (0)