The risk of being security professionals...I find it shocking and entertaining at the same time that a merchant takes a PCI certification as an excuse for lack of security and responsibility.
Breached clothing retailer Forever 21, which last week said it has been Payment Card Industry (PCI) compliant since 2007, apparently should have never been certified.
The Los Angeles-based company told a retail blog this week that its PCI Data Security Standard assessor failed to unearth tens of thousands of credit card files that it was unknowingly storing despite being unauthorized to do so.
Read the full article: http://www.scmagazineus.com/Was-Forever-21-wrongly-certified-PCI-compliant/article/118739/
1SSA - Security consulting, training and products: http://www.1ssa.net
Monday, October 06, 2008
Researcher finds server with stolen FTP credentials
An Israeli researcher has uncovered a criminal server containing the FTP account credentials for nearly 100,000 legitimate websites across 86 countries, including the U.S. Postal Service and several universities here.
Of the 200,000 credentials the criminals were storing, the criminals deemed 107,000 to be valid and some 80,000 led to web content, he said. More than 60 percent were associated with web servers in Europe, but many U.S. organizations were victimized, including the University of Pennsylvania's Wharton School and the University of Southern California.
Read the full article: http://www.scmagazineus.com/Researcher-finds-server-with-stolen-FTP-credentials/article/118756/
1SSA - Security consulting, training and products: http://www.1ssa.net
Of the 200,000 credentials the criminals were storing, the criminals deemed 107,000 to be valid and some 80,000 led to web content, he said. More than 60 percent were associated with web servers in Europe, but many U.S. organizations were victimized, including the University of Pennsylvania's Wharton School and the University of Southern California.
Read the full article: http://www.scmagazineus.com/Researcher-finds-server-with-stolen-FTP-credentials/article/118756/
1SSA - Security consulting, training and products: http://www.1ssa.net
Data Breaches Expose About 30M Records in '08
U.S. corporations, governments and universities reported a record 516 consumer data breaches in the first nine months of this year, incidents prompted chiefly by hackers and employee theft, according to a report released today by a nonprofit group that works to prevent fraud.
Read the full article at: http://voices.washingtonpost.com/securityfix/2008/10/516_data_breaches_in_2008_expo.html
1SSA - Security consulting, training and products: http://www.1ssa.net
Read the full article at: http://voices.washingtonpost.com/securityfix/2008/10/516_data_breaches_in_2008_expo.html
1SSA - Security consulting, training and products: http://www.1ssa.net
Friday, October 03, 2008
Nevada mandates encrypted personal data communication
On one hand I applaud Nevada to step up to protect personal information on the other hand it is just another step in the direction of slicing up security even smaller, overloading the already very busy security professionals. Not only that we need to worry about international privacy and security standards (if we happen to work for a company operating internationally) but now the US becomes by itself a major challenge. What happens if my company has a branch in Nevada but the rest is all over the US? Don't get me wrong, we need stronger privacy and security laws but on a federal level!
Read the full article: http://www.scmagazineus.com/Nevada-mandates-encrypted-personal-data-communication/article/118630/
1SSA - Security consulting, training and products: http://www.1ssa.net
Read the full article: http://www.scmagazineus.com/Nevada-mandates-encrypted-personal-data-communication/article/118630/
1SSA - Security consulting, training and products: http://www.1ssa.net
Hackers penetrate South Korean missile manufacturer
According to news reports some hackers were able to steal information from a South Korean missile manufacturer. They planted some malicious code on the computer systems that eventually allowed them to gain access to secret data about missiles.
Read the full article at: http://www.theregister.co.uk/2008/10/01/missile_manufacturer_hacked/
1SSA - Security consulting, training and products: http://www.1ssa.net
Read the full article at: http://www.theregister.co.uk/2008/10/01/missile_manufacturer_hacked/
1SSA - Security consulting, training and products: http://www.1ssa.net
Thursday, October 02, 2008
TCP weakness could potential result in new DoS attacks
Two researches (supposedly) discovered a new weakness in the TCP implementation that allows even with a relatively small up-link to run DoS attacks with high bandwidth web servers (e.g. Google, Ebay, etc.). So far no independent verification has been done but it would not surprise me if this is just another major flaw that we have to deal with.
Read Robert Graham's blog post: http://erratasec.blogspot.com/2008/10/tcp-dos-probably-real.html
1SSA - Security consulting, training and products: http://www.1ssa.net
Read Robert Graham's blog post: http://erratasec.blogspot.com/2008/10/tcp-dos-probably-real.html
1SSA - Security consulting, training and products: http://www.1ssa.net
Wednesday, October 01, 2008
Phorm becomes Webwise
Back in 2006 British Telecom (BT) and Phorm tested the idea of personalized advertisement by secretly collecting information about surf habits and targets of 18,000 of its customers. Since 09/30/08 BT offers 10,000 of it's online customers a program which is now called "Webwise". All this is nothing new just the label that BT puts on this is quite concerning. It is sold as an online protection/security service. In reality it tracks all of the users online transactions from URLs visited up to searches done on search-engines to inject targeted advertisement into the data streams to the user.
Read the full article at: http://blog.wired.com/business/2008/09/phorm-trials-be.html
1SSA - Security consulting, training and products: http://www.1ssa.net
Read the full article at: http://blog.wired.com/business/2008/09/phorm-trials-be.html
1SSA - Security consulting, training and products: http://www.1ssa.net
Subscribe to:
Posts (Atom)
Posts
