Latest Posts


From the Web

Highmark changes it procedures in wake of BCBS breach

October 07, 2009 from: Office of Inadequate Security

that their Social Security numbers or tax ID numbers were on the stolen laptop containing their unencrypted data. A BCBS employee had reportedly breached policy by downloading the unencrypted database to a personal computer that was later stolen from the employee’s vehicle.

Comments  (0)


From the Web

Gmail, AOL and Yahoo logins posted online; weak passwords

October 07, 2009 from: Office of Inadequate Security

More than a quarter of a million email accounts on the biggest webmail services are believed to be at risk from online criminals after thousands of passwords belonging to users of the Yahoo, AOL and Gmail services were posted online.

Comments  (0)

6f611188ad4a81ffc2edab83b0705d76

The Threat from Within

October 06, 2009 Added by:Sandra Avery

Times are tough.  Now, more than ever, organizations need to be extra vigilant about protecting the data on their networks.  With identity theft  at an all time high, and data breaches disclosed almost daily, the stakes are incredibly high.  

Comments  (0)


From the Web

850,000 doctors could be hit by potential data breach

October 06, 2009 from: Office of Inadequate Security

A file containing identifying information for every physician in the country contracted with a Blues-affiliated insurance plan was on a laptop computer stolen from a BlueCross BlueShield Assn. employee. It is not yet known whether any identity theft has resulted from the data breach.

Comments  (0)


From the Web

Scam hits more e-mail accounts, MS blocks accounts

October 06, 2009 from: Office of Inadequate Security

The scale of a phishing attack originally thought to be directed at Hotmail may be larger than previously thought. BBC News has seen a list of more than 20,000 more names and passwords that have been posted online.

Comments  (0)

14a516a8718c6b0a09598ac4f2777124

Why Infosec Languishes, Part 1

October 05, 2009 Added by:Jim Anderson

This subject has been simmering for a long time but the events of the unfolding economic crisis and so many colleagues and acquaintances in the industry who have suffered substantially in their efforts to advance information security within their organizations have prompted me to organize my thoughts in this area.

Comments  (1)


From the Web

Confirmed: Thousands of Hotmail passwords leaked online

October 05, 2009 from: Office of Inadequate Security

An anonymous user posted details of the accounts on October 1 at pastebin.com, a site commonly used by developers to share code snippets. The details have since been removed but Neowin has seen part of the list posted and can confirm the accounts are genuine and most appear to be based in Europe. The list details over 10,000 accounts starting from A through to B, suggesting there could be addition...

Comments  (0)


From the Web

Royal Bank glitch allowed Visa customers to view others’ transactions

October 03, 2009 from: Office of Inadequate Security

The Royal Bank says it has fixed a computer security glitch that allowed some of its West Coast Visa customers to view transactions made by other cardholders.

Comments  (0)


From the Web

Cloud/SaaS will do for websites what PCI-DSS has not

October 02, 2009 from: Jeremiah Grossman's Blog

If a would-be Cloud/Software-as-a-Service (SaaS) customer is concerned about security, and they should be since their business is on the line, then security should be the vendors concern as well. Unless the Cloud/SaaS vendor is able to meet a customer’s minimum requirements, they risk losing the business to a competitor who can.

Comments  (1)

Ebb72d4bfba370aecb29bc7519c9dac2

Top PCI DSS Compliance and Security Marketing Annoyances

October 02, 2009 Added by:Anton Chuvakin

Anton Chuvakin discusses PCI DSS. "Don’t misspell PCI DSS. It is not “PCI DDS”, and even not “PCIDSS.” BTW, if you want to impress PCI literati, make sure that “PCI DSS” has a space, while “PA-DSS” has a dash.Most definitely, do not pretend that you address ALL PCI DSS requirements for the only reason of wanting to look good."

Comments  (0)

B426b30042abbc15e363cb679bbc937d

Facebook’s Faith: A New Scareware Attack

October 01, 2009 Added by:Daniel Kennedy

On Thursday morning, AVG researcher Roger Thompson, after sourcing some spyware attacks to a series of Facebook profiles, noted that these few hundred profiles were showing up with the same profile image but different profile information. The home video link on these profiles, belonging to Faith / Emily / whoever, points to the a web site that displays scareware dialogs: netmedtest.com/index.php?a...

Comments  (1)

1edd33b030fca4ea748c10bae11a7946

Compliance as a Service

October 01, 2009 Added by:Bob Broda

CaaS would be a value added service that would attract plenty of customers. But how real is the likelihood of this service being offered? There are a number of issues associated the CaaS concept:

Comments  (0)


From the Web

Probe Targets Archives’ Handling of Data on 70 Million Vets

October 01, 2009 from: Office of Inadequate Security

The inspector general of the National Archives and Records Administration is investigating a potential data breach of tens of million of records about U.S. military veterans, after the agency sent a defective hard drive back to its vendor for repair and recycling without first destroying the data.

Comments  (0)


From the Web

Hackers Breach Payroll Giant, Target Customers

October 01, 2009 from: Office of Inadequate Security

Hackers last week apparently used stolen account information from a New Jersey company that provides online payroll services to target the firm’s customers in a scheme to steal passwords and other information.

Comments  (0)


From the Web

UNC security breach less severe than feared

September 30, 2009 from: Office of Inadequate Security

A hacker who wormed into a UNC Chapel Hill computer server may not have gotten access to as much information as officials originally feared.

Comments  (0)


From the Web

A Glimpse Into the Future of Browser Security

September 30, 2009 from: Mozilla Security Blog

As we mentioned earlier we’ve been working for the past few months on turning the Content Security Policy specification into working Firefox code. (You’ll remember that CSP is a framework to protect websites from XSS and related attacks). We are happy to report that the work is nearly finished, and we have some preview builds available for you to try out.

Comments  (0)


From the Web

IT security breaches In Canada more than triples in 2009

September 30, 2009 from: Office of Inadequate Security

IT security breaches cost the average Canadian organization an estimated $834,000 in 2009 – a 97 per cent increase from the $423,000 reported by the study last year. Similarly, the average number of reported IT security breaches also increased 276 per cent to 11.3 per organization in 2009 – compared with an average of three in 2008.

Comments  (0)

2b736f73615495dbfc8c911ef6378747

Find and manage your enterprise desktops with Altiris Client Management Suite from Symantec

September 28, 2009 Added by:David Strom

David Strom's video review of the Altiris Client Management Suite, an enterprise desktop discovery, inventory, remote configuration, deployment, and patch management utility that supports a wide range of client operating systems.

Comments  (0)


From the Web

Hacker hits UNC-Chapel Hill study data

September 25, 2009 from: Office of Inadequate Security

A hacker has infiltrated a computer server housing the personal data of 236,000 women enrolled in a UNC-Chapel Hill research study.

Comments  (0)


From the Web

Study: 600K campus records hacked this year

September 21, 2009 from: Office of Inadequate Security

Computer hackers reportedly have stolen identifying information and credit card numbers from more than half a million — some 600,000 — college students, faculty, and alumni this year. This is prompting some campus IT officials to call for a “total overhaul” of computer security protocol.

Comments  (0)