This week the article "Renault Executives Suspended In Intellectual Property Leak" caught my attention. As I learned earlier through some of the class readings, insider data theft is on the rise. This article continues that theme in that three executives from the car maker have been suspended for industrial espionage.
The three executives have been suspended for the possible theft of the company's technology for electronic vehicles. Renault has a partnership with Nissan. Nissan has invested $5.3 billion dollars in the venture
Renault has suspended the three executives after long investigation that has proven the executives have infringed upon Renault's ethics and endangered company's assets.
I did find it interesting that the identity of the three executives were not disclosed due to labor laws, however Renault is pursuing legal options. I do think that here in the U.S., the identities would have been disclosed and legal actions would have been taken. It is interesting to see how different cultures respond to data theft.
http://www.darkreading.com/insider-threat/167801100/security/security-management/229000271/renault-executives-suspended-in-intellectual-property-leak.html
Saturday, January 15, 2011
Saturday, January 8, 2011
Week 4 CIS608 - Holiday Scam
The article "White House Christmas Card Is Ruse To Steal Data" makes it more than evident that crime does not take a holiday and truly just the opposite in that the holidays present more opportunities for crime.
An email Christmas card from the White House would seem to be a nice gesture spreading holiday joy and remembering those that work hard in the many government agencies. As nice as it sounds, it was quite the card with link to click on that downloaded Zeus malware for stealing password. A second payload was then installed to steal documents. The attack was targeted and limited to small number of groups, but it was successful in getting the recipients to click on the link. Several of the agencies did not have the most current anti-malware software and were infected. The attack did result in several gigabytes of data stolen.
Holidays are a wonderful time to celebrate and enjoy, but not a time to let down your guard even if it seems you have received a Christmas Card from the White House!
http://www.darkreading.com/insider-threat/167801100/security/privacy/229000194/white-house-christmas-card-is-ruse-to-steal-data.html
An email Christmas card from the White House would seem to be a nice gesture spreading holiday joy and remembering those that work hard in the many government agencies. As nice as it sounds, it was quite the card with link to click on that downloaded Zeus malware for stealing password. A second payload was then installed to steal documents. The attack was targeted and limited to small number of groups, but it was successful in getting the recipients to click on the link. Several of the agencies did not have the most current anti-malware software and were infected. The attack did result in several gigabytes of data stolen.
Holidays are a wonderful time to celebrate and enjoy, but not a time to let down your guard even if it seems you have received a Christmas Card from the White House!
http://www.darkreading.com/insider-threat/167801100/security/privacy/229000194/white-house-christmas-card-is-ruse-to-steal-data.html
Sunday, December 19, 2010
Week 3 CIS608 - Identity Theft
This week the article "When Personal Identities Are Stolen, The Bad Guys May Get The Business" caught my eye. In an earlier class, I was asked what was the most devastating data breach. My answer was identity theft due to the difficult task of protecting personal data and the daunting impact that it can have on an individual when identity theft occurs. This article brings to light the connection of personal data with business. Personal data gained from identity theft can be used to hack your place of work. It is not the first thing that one might think of in an identity theft situation, but the connection to your place of business through your personal information could open the doors for a hacker to gain access and knowledge of data that would not be available normally.
Social Networking sites were mentioned in the article as growing trend for identity theft. It is an area that people have become to lax in providing more information than they should to the world about themselves. Hackers are targeted executives of companies through the sites in hopes of gaining that piece of personal information that provides access to business information. My company as well as many others have started enforcing policies around social networking sites and it appears that those policies are going to need to become even more strict in the the information that is shared about a person's place of work.
http://www.darkreading.com/security/privacy/228800807/when-personal-identities-are-stolen-the-bad-guys-may-get-the-business.html
Social Networking sites were mentioned in the article as growing trend for identity theft. It is an area that people have become to lax in providing more information than they should to the world about themselves. Hackers are targeted executives of companies through the sites in hopes of gaining that piece of personal information that provides access to business information. My company as well as many others have started enforcing policies around social networking sites and it appears that those policies are going to need to become even more strict in the the information that is shared about a person's place of work.
http://www.darkreading.com/security/privacy/228800807/when-personal-identities-are-stolen-the-bad-guys-may-get-the-business.html
Sunday, December 12, 2010
Week 2 CIS608 - Walgreens Email Breach
This week I had a personal experience with a data breach. I use Walgreens photo services and online pharmacy services, so I have supplied an email account to receive statuses of orders. On Friday, November 10th, I received an email from Walgreens stating that their email customer list had been accessed by an unauthorized user and to beware of spam email asking for confidential information. Walgreens assured within the email that no pharmacy, account or personal information had been accessed. An 800 number was also included within the correspondence for additional questions.
I do appreciate the notification, but what I find interesting is that I cannot find any information about the breach on the Walgreen.com site. I would like to see additional information posted on this site for all customers to be aware. I was able to find several news articles on the breach, but the Walgreens site itself does not share the news. I understand protecting a reputation, but I think the open honest communication would also be appreciated by posting the notification on the site itself.
http://www.chicagobusiness.com/article/20101210/NEWS07/101219986#axzz17xfauLIU
I do appreciate the notification, but what I find interesting is that I cannot find any information about the breach on the Walgreen.com site. I would like to see additional information posted on this site for all customers to be aware. I was able to find several news articles on the breach, but the Walgreens site itself does not share the news. I understand protecting a reputation, but I think the open honest communication would also be appreciated by posting the notification on the site itself.
http://www.chicagobusiness.com/article/20101210/NEWS07/101219986#axzz17xfauLIU
Sunday, December 5, 2010
Week 1 CIS608 - ProFTPD File Transfer Server Hacked
ProFTPD File Transfer server software compromised by attackers; anyone who downloaded it between Nov. 28 through Dec. 2 most likely at risk.
This is a very disturbing article in that the hackers were able to enter the system through an unpatched security hole in the FTP server daemon. They then replaced the file transfer software with their version of the software that contained a backdoor. This potentially would allow access to thousands of FTP servers using the software if a version had been downloaded and compiled during the window of November 28th through December 2nd.
Once the breach was identified the software was corrected and a link was provided for users to check the integrity of their software. I would also guess that notification went out to all users directing them to the website due to the potential for security issues that this created. This is rare, I am sure a very difficult breach to relay on to users.
http://www.darkreading.com/authentication/167901072/security/application-security/228500217/open-source-project-server-hacked-software-rigged-with-backdoor-trojan.html
This is a very disturbing article in that the hackers were able to enter the system through an unpatched security hole in the FTP server daemon. They then replaced the file transfer software with their version of the software that contained a backdoor. This potentially would allow access to thousands of FTP servers using the software if a version had been downloaded and compiled during the window of November 28th through December 2nd.
Once the breach was identified the software was corrected and a link was provided for users to check the integrity of their software. I would also guess that notification went out to all users directing them to the website due to the potential for security issues that this created. This is rare, I am sure a very difficult breach to relay on to users.
http://www.darkreading.com/authentication/167901072/security/application-security/228500217/open-source-project-server-hacked-software-rigged-with-backdoor-trojan.html
Subscribe to:
Posts (Atom)