Password sharing is so often a common practice for accounts when there is constant turnover in the workforce, so one generic account is created. As the executives at Vodafone, an Australian based cell phone provider, have found out, this is not a practice to follow, especially when sensitive customer data can be accessed through this account.
A journalist shared the news with the Vodafone executive management of her ability to access their most sensitive data, with legitimate credentials. Vodafone has since taken action to remove employees and update security, but they are not able to quantify the amount of data that was breached or could have been breached. They are looking into legal action as well toward the former employees.
When sensitive data is available, security has to be enforced. The sharing of passwords may be taken lightly, but as more and more companies are finding out, there are legal ramifications to the practice.
http://www.darkreading.com/authentication/167901072/security/security-management/229100384/a-glaring-lesson-in-shared-passwords.html
Sunday, January 30, 2011
Sunday, January 23, 2011
Week 6 CIS608 - Food and Beverage Industry Top 2010 Data Breaches
Throughout the information security classes that I have taken, the trends for the industry or category in which data breaches occur has been studied. The article, "Report: Food And Beverage Industry Hit Most By Breaches In 2010" was the topic this week which caught my attention. The food and beverage industry has seen a growing trend with data breaches, but appears that 2010 is the year that this industry was hit the hardest.
It is interesting that the data breaches appear to have been the work of a single organized crime group out of the Russian Federation. The crime group used malware to which was continuously tweaked for the attacks. The group targeted a business such as a coffee shop and then searched out other businesses using the same operating systems to continue their attacks.
The majority of breaches were due to the insecure code or poor security in managing third-party applications and involved data stolen in transit, rather than stored data.
It is interesting to see that an industry that seems to be more on the small change side has become a target.
http://www.darkreading.com/database-security/167901020/security/attacks-breaches/229000957/report-food-and-beverage-industry-hit-most-by-breaches-in-2010.html
It is interesting that the data breaches appear to have been the work of a single organized crime group out of the Russian Federation. The crime group used malware to which was continuously tweaked for the attacks. The group targeted a business such as a coffee shop and then searched out other businesses using the same operating systems to continue their attacks.
The majority of breaches were due to the insecure code or poor security in managing third-party applications and involved data stolen in transit, rather than stored data.
It is interesting to see that an industry that seems to be more on the small change side has become a target.
http://www.darkreading.com/database-security/167901020/security/attacks-breaches/229000957/report-food-and-beverage-industry-hit-most-by-breaches-in-2010.html
Saturday, January 15, 2011
Week 5 CIS608 - Insider Technology Breach
This week the article "Renault Executives Suspended In Intellectual Property Leak" caught my attention. As I learned earlier through some of the class readings, insider data theft is on the rise. This article continues that theme in that three executives from the car maker have been suspended for industrial espionage.
The three executives have been suspended for the possible theft of the company's technology for electronic vehicles. Renault has a partnership with Nissan. Nissan has invested $5.3 billion dollars in the venture
Renault has suspended the three executives after long investigation that has proven the executives have infringed upon Renault's ethics and endangered company's assets.
I did find it interesting that the identity of the three executives were not disclosed due to labor laws, however Renault is pursuing legal options. I do think that here in the U.S., the identities would have been disclosed and legal actions would have been taken. It is interesting to see how different cultures respond to data theft.
http://www.darkreading.com/insider-threat/167801100/security/security-management/229000271/renault-executives-suspended-in-intellectual-property-leak.html
The three executives have been suspended for the possible theft of the company's technology for electronic vehicles. Renault has a partnership with Nissan. Nissan has invested $5.3 billion dollars in the venture
Renault has suspended the three executives after long investigation that has proven the executives have infringed upon Renault's ethics and endangered company's assets.
I did find it interesting that the identity of the three executives were not disclosed due to labor laws, however Renault is pursuing legal options. I do think that here in the U.S., the identities would have been disclosed and legal actions would have been taken. It is interesting to see how different cultures respond to data theft.
http://www.darkreading.com/insider-threat/167801100/security/security-management/229000271/renault-executives-suspended-in-intellectual-property-leak.html
Saturday, January 8, 2011
Week 4 CIS608 - Holiday Scam
The article "White House Christmas Card Is Ruse To Steal Data" makes it more than evident that crime does not take a holiday and truly just the opposite in that the holidays present more opportunities for crime.
An email Christmas card from the White House would seem to be a nice gesture spreading holiday joy and remembering those that work hard in the many government agencies. As nice as it sounds, it was quite the card with link to click on that downloaded Zeus malware for stealing password. A second payload was then installed to steal documents. The attack was targeted and limited to small number of groups, but it was successful in getting the recipients to click on the link. Several of the agencies did not have the most current anti-malware software and were infected. The attack did result in several gigabytes of data stolen.
Holidays are a wonderful time to celebrate and enjoy, but not a time to let down your guard even if it seems you have received a Christmas Card from the White House!
http://www.darkreading.com/insider-threat/167801100/security/privacy/229000194/white-house-christmas-card-is-ruse-to-steal-data.html
An email Christmas card from the White House would seem to be a nice gesture spreading holiday joy and remembering those that work hard in the many government agencies. As nice as it sounds, it was quite the card with link to click on that downloaded Zeus malware for stealing password. A second payload was then installed to steal documents. The attack was targeted and limited to small number of groups, but it was successful in getting the recipients to click on the link. Several of the agencies did not have the most current anti-malware software and were infected. The attack did result in several gigabytes of data stolen.
Holidays are a wonderful time to celebrate and enjoy, but not a time to let down your guard even if it seems you have received a Christmas Card from the White House!
http://www.darkreading.com/insider-threat/167801100/security/privacy/229000194/white-house-christmas-card-is-ruse-to-steal-data.html
Subscribe to:
Posts (Atom)