Latest Posts

From the Web
Cloud/SaaS will do for websites what PCI-DSS has not
October 02, 2009 from: Jeremiah Grossman's Blog
If a would-be Cloud/Software-as-a-Service (SaaS) customer is concerned about security, and they should be since their business is on the line, then security should be the vendors concern as well. Unless the Cloud/SaaS vendor is able to meet a customer’s minimum requirements, they risk losing the business to a competitor who can.
Comments (1)
Top PCI DSS Compliance and Security Marketing Annoyances
October 02, 2009 Added by:Anton Chuvakin
Anton Chuvakin discusses PCI DSS. "Don’t misspell PCI DSS. It is not “PCI DDS”, and even not “PCIDSS.” BTW, if you want to impress PCI literati, make sure that “PCI DSS” has a space, while “PA-DSS” has a dash.Most definitely, do not pretend that you address ALL PCI DSS requirements for the only reason of wanting to look good."
Comments (0)
Facebook’s Faith: A New Scareware Attack
October 01, 2009 Added by:Daniel Kennedy
On Thursday morning, AVG researcher Roger Thompson, after sourcing some spyware attacks to a series of Facebook profiles, noted that these few hundred profiles were showing up with the same profile image but different profile information. The home video link on these profiles, belonging to Faith / Emily / whoever, points to the a web site that displays scareware dialogs: netmedtest.com/index.php?a...
Comments (1)
Compliance as a Service
October 01, 2009 Added by:Bob Broda
CaaS would be a value added service that would attract plenty of customers. But how real is the likelihood of this service being offered? There are a number of issues associated the CaaS concept:
Comments (0)

From the Web
Probe Targets Archives’ Handling of Data on 70 Million Vets
October 01, 2009 from: Office of Inadequate Security
The inspector general of the National Archives and Records Administration is investigating a potential data breach of tens of million of records about U.S. military veterans, after the agency sent a defective hard drive back to its vendor for repair and recycling without first destroying the data.
Comments (0)

From the Web
Hackers Breach Payroll Giant, Target Customers
October 01, 2009 from: Office of Inadequate Security
Hackers last week apparently used stolen account information from a New Jersey company that provides online payroll services to target the firm’s customers in a scheme to steal passwords and other information.
Comments (0)

From the Web
UNC security breach less severe than feared
September 30, 2009 from: Office of Inadequate Security
A hacker who wormed into a UNC Chapel Hill computer server may not have gotten access to as much information as officials originally feared.
Comments (0)

From the Web
A Glimpse Into the Future of Browser Security
September 30, 2009 from: Mozilla Security Blog
As we mentioned earlier we’ve been working for the past few months on turning the Content Security Policy specification into working Firefox code. (You’ll remember that CSP is a framework to protect websites from XSS and related attacks). We are happy to report that the work is nearly finished, and we have some preview builds available for you to try out.
Comments (0)

From the Web
IT security breaches In Canada more than triples in 2009
September 30, 2009 from: Office of Inadequate Security
IT security breaches cost the average Canadian organization an estimated $834,000 in 2009 – a 97 per cent increase from the $423,000 reported by the study last year. Similarly, the average number of reported IT security breaches also increased 276 per cent to 11.3 per organization in 2009 – compared with an average of three in 2008.
Comments (0)
Find and manage your enterprise desktops with Altiris Client Management Suite from Symantec
September 28, 2009 Added by:David Strom
David Strom's video review of the Altiris Client Management Suite, an enterprise desktop discovery, inventory, remote configuration, deployment, and patch management utility that supports a wide range of client operating systems.
Comments (0)

From the Web
Hacker hits UNC-Chapel Hill study data
September 25, 2009 from: Office of Inadequate Security
A hacker has infiltrated a computer server housing the personal data of 236,000 women enrolled in a UNC-Chapel Hill research study.
Comments (0)

From the Web
Study: 600K campus records hacked this year
September 21, 2009 from: Office of Inadequate Security
Computer hackers reportedly have stolen identifying information and credit card numbers from more than half a million — some 600,000 — college students, faculty, and alumni this year. This is prompting some campus IT officials to call for a “total overhaul” of computer security protocol.
Comments (0)

From the Web
What Star Trek Predicts About The Future of Information Security
September 18, 2009 from: Rsnake's blog at ha.ckers.org
I had a funny thought while talking with some folks from Intel about what the future state of of information security would look like and how that relates to what our favorite nerdy show, Star Trek, has to say on the topic. This is meant to be a funny post, but there may be some truth buried in here somewhere too. Without further ado:
Comments (2)

From the Web
Commerce Bank replaces cards compromised in Heartland breach
September 18, 2009 from: Office of Inadequate Security
Dan Margolies reports that Commerce Bank in Kansas City is first replacing credit cards after a recent small wave of fraudulent activity was reported. The compromised cards were involved in the Heartland Payment Systems breach disclosed in January 2009.
Comments (0)

From the Web
ID theft ringleader back in custody after 4 years on the lam
September 17, 2009 from: Office of Inadequate Security
The mastermind of an identify theft ring who fled after being sentenced for his role in the scheme to steal personal and confidential credit report profiles of thousands of customers of Weichert Financial Services, Inc. pleaded guilty today to failure to surrender to federal prison.
Comments (0)

From the Web
Man sentenced for micro-deposit scam
September 17, 2009 from: Office of Inadequate Security
A 22-year old man was sentenced to 15 months in prison and restitution of $200,073.44 for fraud and related activity in connection with computers. After release from prison, Michael Largent will also face three years of strict restrictions on his use of computers and the Internet.
Comments (0)

From the Web
Plugin Updating Project: Follow up
September 16, 2009 from: Mozilla Security Blog
I wrote last week about a new project we’ve [Mozilla] started, informing our users when they’re running out of date versions of popular plugins. We focused our initial efforts on the Adobe Flash Player and now, a week after launch, Mozilla’s Numerator, Ken Kovash, has a blog post up looking at the results.
Comments (0)

From the Web
Auditor: Bullitt lacked proper controls to prevent online theft
September 16, 2009 from: Office of Inadequate Security
Bullitt County [Kentucky] Fiscal Court did not have sufficient online banking controls in place at the time of the June online theft of $415,989, according to a report by the state auditor.
Comments (0)

From the Web
Houston police bust large ID theft ring
September 15, 2009 from: Office of Inadequate Security
Police have busted a Houston-based identity theft ring that victimized 457 people and 83 businesses scattered across 25 states, investigators announced today.
Comments (0)

From the Web
Postal inspectors uncover MassMutual customer data during ID theft investigation
September 15, 2009 from: Office of Inadequate Security
Massachusetts Mutual Life Insurance Company (”MassMutual”) recently discovered that an insider had printouts of customer data that might have been used for fraudulent purposes.