Government
From the Web
Website exposes sensitive details on military personnel
September 08, 2009 from: Office of Inadequate Security
Programming errors on a website that helps commuters carpool to work are exposing sensitive information of workers for hundreds of employers in Southern California, including at least one military installation.
Comments (1)
From the Web
Email Obfuscation and Spam Robots
September 08, 2009 from: Rsnake's blog at ha.ckers.org
I’ve long been interested in spam and robots that scrape for email addresses. I’ve done tons of work in the space, although I’ve never published any of it. Call it more of a side hobby than anything I really want to go public with - as it is with a lot of my research
Comments (0)
From the Web
Digital Direct reports breach
September 05, 2009 from: Office of Inadequate Security
Chris Cooper of Bloomberg.com reports that Digital Direct, Inc., a unit of Mitsubishi Corp., had a breach of their e-commerce web site that resulted in the compromise of 52,000 customers’ credit card numbers.
Comments (0)
From the Web
Helping users keep plugins updated
September 04, 2009 from: Mozilla Security Blog
Starting with the upcoming releases of Firefox 3.5.3 and Firefox 3.0.14, Mozilla will warn users if their version of the popular Adobe Flash Player plugin is out of date. Old versions of plugins can cause crashes and other stability problems, and can also be a significant security risk.
Comments (0)
From the Web
Best of Application Security (Friday, Sep. 4)
September 04, 2009 from: Jeremiah Grossman's Blog
Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected!
Comments (0)
From the Web
Announcement Regarding The October 2009 Critical Patch Update
September 03, 2009 from: The Oracle Global Product Security Blog
Because many Oracle customers with responsibility for deploying the Critical Patch Update within their respective organizations will be attending Oracle OpenWorld on October 11-15, 2009; the October 2009 Critical Patch Update originally scheduled to be published on Tuesday, October 13th 2009, will be released on October 20th 2009.
Comments (0)
From the Web
Google Safe-Browsing and Chrome Privacy Leak
August 24, 2009 from: Rsnake's blog at ha.ckers.org
Some more advice from Robert "RSnake" Hansen on why you shoulld be careful if using Google's Chrome browser.
Comments (0)
From the Web
Hacking kingpin negotiating plea deal with feds
August 19, 2009 from: Office of Inadequate Security
The former government informant facing three separate indictments for allegedly being behind the largest data breaches in U.S. history is being offered a plea deal, U.S. and defense attorneys confirmed today.
Comments (0)
From the Web
Audit of Dept of Energy reveals unaddressed problems
August 18, 2009 from: Office of Inadequate Security
The Department of Energy and its contractors store and process massive quantities of sensitive information to accomplish national security, energy, science, and environmental missions. Sensitive unclassified data, such as personally identifiable information (PII), official use only, and unclassified controlled nuclear information require special handling and protection to prevent misuse of the inf...
Comments (1)
From the Web
Lockheed Martin: hard drive not totally wiped
August 14, 2009 from: Office of Inadequate Security
Lockheed Martin recently notified some former or current employees that a hard drive that formerly belonged to them had been found for sale on eBay by academic researchers participating in a global research project. The researchers turned the drive over to the FBI when they found some employee data still readable on the drive.
Comments (1)
From the Web
Employees sacked for ID card data breach
August 04, 2009 from: Office of Inadequate Security
The database in question holds data on 92 million people in the U.K. About 200,000 people have access to it. If they cannot adequately secure the database from misuse by employees, well……. Nine local authority workers have been sacked after illegally accessing personal details of the public held on the government’s national identity database.
Comments (0)
OWASP Testing Guide Version 3
August 03, 2009
This is an excellent resource on the process of testing web applications for security vulnerabilities/general insecurities...this is by no means exhaustive nor perfect for every envirnment, but a valuable read for anyone who manages or tests web applications
Comments (2)
From the Web
Personal data mishandled at Commerce Dept.
August 03, 2009 from: Office of Inadequate Security
The names and Social Security numbers of at least 27,000 Commerce Department employees were exposed to a risk of identity theft following an inappropriate transfer of the personal information in mid-July, according to a letter sent to department employees last week.
Comments (0)
From the Web
SSA employee convicted for unauthorized access to govt computer
August 01, 2009 from: Office of Inadequate Security
Roberto Rodriguez, 54, formerly of Fort Lauderdale, FL, was convicted by a jury on July 29, 2009 of seventeen counts of exceeding his authorized access to a government computer. Rodriguez is scheduled to be sentenced on October 9, 2009, before U.S. District Court Judge William J. Zloch.
Comments (0)
From the Web
Tax-preparation docs found in dumpster
August 01, 2009 from: Office of Inadequate Security
WOIA in Texas reports that San Antonio police are investigating how boxes full of unredacted personal information including Social Security numbers and financial information were sitting in the in the open in a dumpster.
Comments (0)
Extremely Sensitive US Secrets Found on P2P Networks
July 29, 2009 Added by:Michael Menefee
According to an article released by the Washington Post today, private firm, Tiversa, Inc, discovered extremely sensitive information on global P2P Networks.
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox