Items Tagged with "breach"
September 07, 2012 Added by:Rafal Los
Why am I calling this a psychological operation? From talking to people who would know - the UDID is just a tracking mechanism to link a device to a person. The fact that this has stirred such a sentiment against the federal government at a time when distrust of is already high is suspect...
September 05, 2012 Added by:Dan Dieterle
Is the information legit? If so, why would an FBI agent have a list of twelve million Apple ID’s which in some cases can be used to access information just as a password would? And how did the hacker group exploit this particular agent’s laptop and recover information from it?
August 28, 2012 Added by:Jeffrey Carr
Iran is at the center of every significant aspect of this attack. It is the only nation with access to the original Wiper virus from which Shamoon was copied. Perhaps Iran has learned something from Russia about the strategy of misdirection via the government's recruitment of patriotic hackers...
August 03, 2012 Added by:Rafal Los
While it's not really OK to have a vulnerable application sitting out on the 'net, at least if it's in "stage" mode it shouldn't have real data... right? Unfortunately this wasn't the case in many of the incidents I experienced. It's time to remind ourselves that anything that is accessible should be well protected...
July 13, 2012 Added by:Marc Quibell
If Yahoo took "security very seriously" this probably may not have happened. This is obviously a fail in their IT Security practices, on many accounts, beginning with the SQL Injection attack used to compromise the server - yes, it only took one server to compromise for this to occur...
July 12, 2012 Added by:Headlines
Just a month after LinkedIn experienced a significant security breach and caught flack for not "salting their hash", the revelation that the Yahoo! credentials were not even stored in an encrypted format should have everyone concerned about how seriously companies are taking the security of their users...
July 11, 2012 Added by:ʞɔopuooq ʇuıɐs
About the twitter ‘takeover’. I have to say that was clever. Even though my account wasn’t actually breached per se. The folks behind this latest attempt found an auto-RSS/Email to tweet script that uses the Twitter API and worked out a way to post to my account without actually having any physical access. Kudos...
June 13, 2012 Added by:Allan Pratt, MBA
Much has been written about the LinkedIn security breach and the millions of passwords at risk. Hopefully by now all users have changed them and made them more complex. When it comes to professional social networking sites though, LinkedIn is not the only game in town. Here are the Top 10 alternatives...
June 13, 2012 Added by:Headlines
"The Company's ongoing investigation recently revealed potential unauthorized access to servers containing personal information collected from a subset of merchant applicants. It is unclear whether the intruders looked at or took any personal information... however, the Company will notify potentially-affected individuals..."
June 12, 2012 Added by:Headlines
Manning is accused of the largest intelligence leak in U.S. history while deployed to Iraq as a military intelligence analyst, including installing unauthorized software onto government computers to extract classified information and transmitting the data to the whistle-blowing group WikiLeaks...
June 11, 2012 Added by:Dan Dieterle
People put a lot of personal information on LinkedIn - their education and job experience, along with the groups that they belong to - treasure trove of information to Social Engineers. Of all the online social sites, LinkedIn users should really choose a long complex password to secure their account...
June 10, 2012 Added by:Infosec Island Admin
LinkedIn and other companies like Sony have shown time and again, they DON’T CARE about YOUR data. Always remember this people. So, you want an account on these places, then you best make a throw away password and limit your data on the sites that host it. Otherwise, your data will be up for the taking...
June 10, 2012 Added by:Jeffrey Carr
LinkedIn doesn't have a CSO or CISO, which for a publicly traded company communicates that security is not a priority. Considering they still don't know how this breach occurred and the minimal attention payed to password security, I can't help but wonder how secure the credit card information is...
June 09, 2012 Added by:Jason Clark
The LinkedIn breach made headlines, but I want to go deeper and provide practical advice for organizations on how they can anticipate DLP consequences and tighten network security. You need a strategy to protect against attack scenarios. Here’s a seven-step check list for mitigating your risk...
June 07, 2012 Added by:Neira Jones
Not impressed with LinkedIn's social media crisis response? Whilst the draft NIST report SP 800-61 gives really good guidelines on fully and effectively communicating important information to the public, there is some mileage to be had by exploring the use of social media when tackling incident response...
June 07, 2012 Added by:Marc Quibell
Poor security practices led to the password database ending up in Russia. We can also say that the best security practices were not applied to the security of our passwords: LinkedIn did not "salt their hash" and therefore the passwords were much more vulnerable to simple brute force attacks...