This week the article "When Personal Identities Are Stolen, The Bad Guys May Get The Business" caught my eye. In an earlier class, I was asked what was the most devastating data breach. My answer was identity theft due to the difficult task of protecting personal data and the daunting impact that it can have on an individual when identity theft occurs. This article brings to light the connection of personal data with business. Personal data gained from identity theft can be used to hack your place of work. It is not the first thing that one might think of in an identity theft situation, but the connection to your place of business through your personal information could open the doors for a hacker to gain access and knowledge of data that would not be available normally.
Social Networking sites were mentioned in the article as growing trend for identity theft. It is an area that people have become to lax in providing more information than they should to the world about themselves. Hackers are targeted executives of companies through the sites in hopes of gaining that piece of personal information that provides access to business information. My company as well as many others have started enforcing policies around social networking sites and it appears that those policies are going to need to become even more strict in the the information that is shared about a person's place of work.
http://www.darkreading.com/security/privacy/228800807/when-personal-identities-are-stolen-the-bad-guys-may-get-the-business.html
Sunday, December 19, 2010
Sunday, December 12, 2010
Week 2 CIS608 - Walgreens Email Breach
This week I had a personal experience with a data breach. I use Walgreens photo services and online pharmacy services, so I have supplied an email account to receive statuses of orders. On Friday, November 10th, I received an email from Walgreens stating that their email customer list had been accessed by an unauthorized user and to beware of spam email asking for confidential information. Walgreens assured within the email that no pharmacy, account or personal information had been accessed. An 800 number was also included within the correspondence for additional questions.
I do appreciate the notification, but what I find interesting is that I cannot find any information about the breach on the Walgreen.com site. I would like to see additional information posted on this site for all customers to be aware. I was able to find several news articles on the breach, but the Walgreens site itself does not share the news. I understand protecting a reputation, but I think the open honest communication would also be appreciated by posting the notification on the site itself.
http://www.chicagobusiness.com/article/20101210/NEWS07/101219986#axzz17xfauLIU
I do appreciate the notification, but what I find interesting is that I cannot find any information about the breach on the Walgreen.com site. I would like to see additional information posted on this site for all customers to be aware. I was able to find several news articles on the breach, but the Walgreens site itself does not share the news. I understand protecting a reputation, but I think the open honest communication would also be appreciated by posting the notification on the site itself.
http://www.chicagobusiness.com/article/20101210/NEWS07/101219986#axzz17xfauLIU
Sunday, December 5, 2010
Week 1 CIS608 - ProFTPD File Transfer Server Hacked
ProFTPD File Transfer server software compromised by attackers; anyone who downloaded it between Nov. 28 through Dec. 2 most likely at risk.
This is a very disturbing article in that the hackers were able to enter the system through an unpatched security hole in the FTP server daemon. They then replaced the file transfer software with their version of the software that contained a backdoor. This potentially would allow access to thousands of FTP servers using the software if a version had been downloaded and compiled during the window of November 28th through December 2nd.
Once the breach was identified the software was corrected and a link was provided for users to check the integrity of their software. I would also guess that notification went out to all users directing them to the website due to the potential for security issues that this created. This is rare, I am sure a very difficult breach to relay on to users.
http://www.darkreading.com/authentication/167901072/security/application-security/228500217/open-source-project-server-hacked-software-rigged-with-backdoor-trojan.html
This is a very disturbing article in that the hackers were able to enter the system through an unpatched security hole in the FTP server daemon. They then replaced the file transfer software with their version of the software that contained a backdoor. This potentially would allow access to thousands of FTP servers using the software if a version had been downloaded and compiled during the window of November 28th through December 2nd.
Once the breach was identified the software was corrected and a link was provided for users to check the integrity of their software. I would also guess that notification went out to all users directing them to the website due to the potential for security issues that this created. This is rare, I am sure a very difficult breach to relay on to users.
http://www.darkreading.com/authentication/167901072/security/application-security/228500217/open-source-project-server-hacked-software-rigged-with-backdoor-trojan.html
Subscribe to:
Posts (Atom)