Latest Posts

From the Web
Heartland CEO: Credit Card Encryption Needed
September 15, 2009 from: Office of Inadequate Security
Grant Gross of IDG News Service reports that in testimony before the Senate Homeland Security and Governmental Affairs Committee yesterday, Heartland Payment Systems CEO Robert Carr was hit with a question about how the payment processor could have been breached for over one year and yet not detected it:
Comments (0)

From the Web
Website exposes sensitive details on military personnel
September 08, 2009 from: Office of Inadequate Security
Programming errors on a website that helps commuters carpool to work are exposing sensitive information of workers for hundreds of employers in Southern California, including at least one military installation.
Comments (1)

From the Web
Email Obfuscation and Spam Robots
September 08, 2009 from: Rsnake's blog at ha.ckers.org
I’ve long been interested in spam and robots that scrape for email addresses. I’ve done tons of work in the space, although I’ve never published any of it. Call it more of a side hobby than anything I really want to go public with - as it is with a lot of my research
Comments (0)

From the Web
Digital Direct reports breach
September 05, 2009 from: Office of Inadequate Security
Chris Cooper of Bloomberg.com reports that Digital Direct, Inc., a unit of Mitsubishi Corp., had a breach of their e-commerce web site that resulted in the compromise of 52,000 customers’ credit card numbers.
Comments (0)

From the Web
Helping users keep plugins updated
September 04, 2009 from: Mozilla Security Blog
Starting with the upcoming releases of Firefox 3.5.3 and Firefox 3.0.14, Mozilla will warn users if their version of the popular Adobe Flash Player plugin is out of date. Old versions of plugins can cause crashes and other stability problems, and can also be a significant security risk.
Comments (0)

From the Web
Best of Application Security (Friday, Sep. 4)
September 04, 2009 from: Jeremiah Grossman's Blog
Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected!
Comments (0)

From the Web
Announcement Regarding The October 2009 Critical Patch Update
September 03, 2009 from: The Oracle Global Product Security Blog
Because many Oracle customers with responsibility for deploying the Critical Patch Update within their respective organizations will be attending Oracle OpenWorld on October 11-15, 2009; the October 2009 Critical Patch Update originally scheduled to be published on Tuesday, October 13th 2009, will be released on October 20th 2009.
Comments (0)

From the Web
Lifelock loses another round in court
September 03, 2009 from: Office of Inadequate Security
Experian has issued a press release indicating that a federal court in California has denied LifeLock’s request to reconsider a ruling which found that LifeLock’s practice of setting 90-day fraud alerts on Experian and other credit bureaus was unlawful:
Comments (0)

From the Web
Wigan Council improves security after details on most school children are stolen
September 03, 2009 from: Office of Inadequate Security
Wigan Council has agreed to take action to comply with the Data Protection Act after the theft of a laptop computer containing personal information relating to approximately 43,000 children and young people. The laptop included personal details on most children and young people in Wigan’s schools
Comments (0)

From the Web
U. Vermont announces credit card breach
September 02, 2009 from: Office of Inadequate Security
Unversity of Vermont recently discovered that the security of up to 242 university-funded credit cards has been compromised. Ann Naylor of UVM Procurement services said in a statement that UVM is unaware of how the breach occured.
Comments (0)

From the Web
TJX settles banks’ lawsuit
September 02, 2009 from: Office of Inadequate Security
The Associated Press reports that TJX has settled TJX said it has paid $525,000 to settle claims by some banks about costs they incurred as a result of the retailer’s massive data breach. Other banks — AmeriFirst Bank, HarborOne Credit Union, SELCO Community Cre...
Comments (0)

From the Web
5 men named in racket that netted $4m in stolen card data
September 02, 2009 from: Office of Inadequate Security
Prosecutors in Manhattan have named five additional men from Eastern Europe in an alleged scheme that pilfered $4m using more than 95,000 stolen credit cards.
Comments (0)

From the Web
Two to plead guilty to fraud, HIPAA violations
August 31, 2009 from: Office of Inadequate Security
United States Attorney Joyce White Vance announced that Isaac Earl Smith, 38, and Annetra Poole-Moore, 37, have agreed to plead guilty to federal crimes involving health care fraud, disclosures prohibited by the Health Insurance Portability and Accountability Act (HIPAA), and aggravated identify theft.
Comments (0)

From the Web
Biggest Breaches of 2009
August 28, 2009 from: Office of Inadequate Security
Linda McGlasson of BankInfoSecurity.com provides an analysis and commentary, based on ITRC’s statistics for this year.
Comments (0)

From the Web
Gonzalez pleads guilty, sentenced to 15-25 years
August 28, 2009 from: Office of Inadequate Security
Under a plea agreement with federal prosecutors filed in Boston on Friday, Albert Gonzalez would serve a sentence of 15 to 25 years after pleading guilty to a 19-count indictment. He would also forfeit some $2.8 million in cash, a Miami condo, a car and expensive frakelry.
Comments (0)

From the Web
Security test prompts federal fraud alert
August 28, 2009 from: Office of Inadequate Security
A sanctioned security test of a bank’s computer systems had some unexpected consequences this week, leading the federal agency that oversees U.S. credit unions to issue a fraud alert.
Comments (0)

From the Web
School district hiding behind a criminal investigation - parent
August 26, 2009 from: Office of Inadequate Security
On the principle of “no good deed goes unpunished,” some of those who have discovered and reported breaches have been terminated or prosecuted for their actions...
Comments (0)

From the Web
Why some Firefox users choose not to update
August 25, 2009 from: Mozilla Security Blog
The best way for users to stay safe online is to use an updated browser. While most Firefox users get updated quickly, some fall behind for various reasons. We’re looking for ways to increase uptake while still preserving user choice.
Comments (0)

From the Web
Google Safe-Browsing and Chrome Privacy Leak
August 24, 2009 from: Rsnake's blog at ha.ckers.org
Some more advice from Robert "RSnake" Hansen on why you shoulld be careful if using Google's Chrome browser.
Comments (0)

From the Web
Symantec names the 100 “Dirtiest” websites of the summer
August 22, 2009 from: Office of Inadequate Security
In an effort to determine which sites are safe to visit, security, storage and systems management solutions provider Symantec (www.symantec.com) has identified the “Dirtiest websites of Summer 2009,” a list of the 100 most threatening sites that try to deceive visitors, steal their information or crash their computer.