Latest Posts

2b736f73615495dbfc8c911ef6378747

Painless offsite online backups using 3X Backup

October 07, 2009 Added by:David Strom

David Strom's video review of 3X Systems painless backup system. The 3X Systems Backup appliance is a great way to automatically backup a collection of PCs and servers across the Internet at reasonable cost.

Comments  (0)


From the Web

Operation Phish Phry reels in 100 in U.S. and Egypt

October 07, 2009 from: Office of Inadequate Security

The largest number of defendants ever charged in a cyber crime case have been indicted in a multinational investigation conducted in the United States and Egypt that uncovered a sophisticated “phishing” operation that fraudulently collected personal information from thousands of victims that was used to defraud American banks.

Comments  (0)


From the Web

Researcher refutes phishing account of hijacked Hotmail passwords

October 07, 2009 from: Office of Inadequate Security

One researcher isn’t buying Microsoft’s and Google’s explanation that hijacked Hotmail and Gmail passwords were obtained in a massive phishing attack.

Comments  (0)


From the Web

All about Website Password Policies

October 07, 2009 from: Jeremiah Grossman's Blog

Passwords are the most common way for people to prove to a website that they are who they say they are, as they should be the only ones who know what it is. That is of course unless they share it with someone else, somebody steals it, or even possibly guesses it. This identity verification process is more commonly know as “authentication.”

Comments  (0)


From the Web

City admits lapse in data release

October 07, 2009 from: Office of Inadequate Security

On Tuesday, New York City rolled out the next phase of its NYC BigApps competition, an initiative that will supply local programmers and developers with a stockpile of raw municipal data sets to build applications for the Web and mobile phones.

Comments  (0)

Abceedf5017915685f379075f00a5ccd

The Business of Blogging

October 07, 2009 Added by:Sudha Nagaraj

Bloggers beware! You can no longer go berserk promoting this gizmo over that, vouching for X software over Y or push traffic on to a website through social marketing tools like tweets and Facebook posts.

Comments  (0)


From the Web

Highmark changes it procedures in wake of BCBS breach

October 07, 2009 from: Office of Inadequate Security

that their Social Security numbers or tax ID numbers were on the stolen laptop containing their unencrypted data. A BCBS employee had reportedly breached policy by downloading the unencrypted database to a personal computer that was later stolen from the employee’s vehicle.

Comments  (0)


From the Web

Gmail, AOL and Yahoo logins posted online; weak passwords

October 07, 2009 from: Office of Inadequate Security

More than a quarter of a million email accounts on the biggest webmail services are believed to be at risk from online criminals after thousands of passwords belonging to users of the Yahoo, AOL and Gmail services were posted online.

Comments  (0)

6f611188ad4a81ffc2edab83b0705d76

The Threat from Within

October 06, 2009 Added by:Sandra Avery

Times are tough.  Now, more than ever, organizations need to be extra vigilant about protecting the data on their networks.  With identity theft  at an all time high, and data breaches disclosed almost daily, the stakes are incredibly high.  

Comments  (0)


From the Web

850,000 doctors could be hit by potential data breach

October 06, 2009 from: Office of Inadequate Security

A file containing identifying information for every physician in the country contracted with a Blues-affiliated insurance plan was on a laptop computer stolen from a BlueCross BlueShield Assn. employee. It is not yet known whether any identity theft has resulted from the data breach.

Comments  (0)


From the Web

Scam hits more e-mail accounts, MS blocks accounts

October 06, 2009 from: Office of Inadequate Security

The scale of a phishing attack originally thought to be directed at Hotmail may be larger than previously thought. BBC News has seen a list of more than 20,000 more names and passwords that have been posted online.

Comments  (0)

14a516a8718c6b0a09598ac4f2777124

Why Infosec Languishes, Part 1

October 05, 2009 Added by:Jim Anderson

This subject has been simmering for a long time but the events of the unfolding economic crisis and so many colleagues and acquaintances in the industry who have suffered substantially in their efforts to advance information security within their organizations have prompted me to organize my thoughts in this area.

Comments  (1)


From the Web

Confirmed: Thousands of Hotmail passwords leaked online

October 05, 2009 from: Office of Inadequate Security

An anonymous user posted details of the accounts on October 1 at pastebin.com, a site commonly used by developers to share code snippets. The details have since been removed but Neowin has seen part of the list posted and can confirm the accounts are genuine and most appear to be based in Europe. The list details over 10,000 accounts starting from A through to B, suggesting there could be addition...

Comments  (0)


From the Web

Royal Bank glitch allowed Visa customers to view others’ transactions

October 03, 2009 from: Office of Inadequate Security

The Royal Bank says it has fixed a computer security glitch that allowed some of its West Coast Visa customers to view transactions made by other cardholders.

Comments  (0)


From the Web

Cloud/SaaS will do for websites what PCI-DSS has not

October 02, 2009 from: Jeremiah Grossman's Blog

If a would-be Cloud/Software-as-a-Service (SaaS) customer is concerned about security, and they should be since their business is on the line, then security should be the vendors concern as well. Unless the Cloud/SaaS vendor is able to meet a customer’s minimum requirements, they risk losing the business to a competitor who can.

Comments  (1)

Ebb72d4bfba370aecb29bc7519c9dac2

Top PCI DSS Compliance and Security Marketing Annoyances

October 02, 2009 Added by:Anton Chuvakin

Anton Chuvakin discusses PCI DSS. "Don’t misspell PCI DSS. It is not “PCI DDS”, and even not “PCIDSS.” BTW, if you want to impress PCI literati, make sure that “PCI DSS” has a space, while “PA-DSS” has a dash.Most definitely, do not pretend that you address ALL PCI DSS requirements for the only reason of wanting to look good."

Comments  (0)

B426b30042abbc15e363cb679bbc937d

Facebook’s Faith: A New Scareware Attack

October 01, 2009 Added by:Daniel Kennedy

On Thursday morning, AVG researcher Roger Thompson, after sourcing some spyware attacks to a series of Facebook profiles, noted that these few hundred profiles were showing up with the same profile image but different profile information. The home video link on these profiles, belonging to Faith / Emily / whoever, points to the a web site that displays scareware dialogs: netmedtest.com/index.php?a...

Comments  (1)

1edd33b030fca4ea748c10bae11a7946

Compliance as a Service

October 01, 2009 Added by:Bob Broda

CaaS would be a value added service that would attract plenty of customers. But how real is the likelihood of this service being offered? There are a number of issues associated the CaaS concept:

Comments  (0)


From the Web

Probe Targets Archives’ Handling of Data on 70 Million Vets

October 01, 2009 from: Office of Inadequate Security

The inspector general of the National Archives and Records Administration is investigating a potential data breach of tens of million of records about U.S. military veterans, after the agency sent a defective hard drive back to its vendor for repair and recycling without first destroying the data.

Comments  (0)


From the Web

Hackers Breach Payroll Giant, Target Customers

October 01, 2009 from: Office of Inadequate Security

Hackers last week apparently used stolen account information from a New Jersey company that provides online payroll services to target the firm’s customers in a scheme to steal passwords and other information.

Comments  (0)