The Security Eunoia

Blogging about Security Auditing, IdM & Access Mgmt, Web App Security etc

Entries Tagged ‘Security Breach’

Telegraph CIO thanks folks at Hackersblog

Mar.10, 2009 in Disclosure, Security Management, Vulnerabilities, Web Application

I’m not sure what the real intentions are but doesn’t it sound a bit odd that the Telegraph media group CIO will thank the guys at Hackersblog for exposing their SQL injection vulnerabilities?

Leave a Comment

Companies can learn from the Tylenol-Cyanide case

Mar.05, 2009 in Cryptography, Disclosure, Privacy, Security Management

In 1982 Johnson & Johnson the company making Tylenol had to contend with a major financial and image problem when contaminated Tylenol capsules caused the deaths of 7 people. Investigators discovered that someone had filled Tylenol capsules with solid cyanide compound and replaced the original Tylenol bottles with poisoned ones in some supermarkets and drug stores.
What did the company do and what lessons do we learn from it?

Leave a Comment

Spotify hacked! - My account compromised

Mar.04, 2009 in Cryptography, Disclosure, Music, Privacy, Vulnerabilities

Oh great! Its now my account that has been compromised .. ouch! Interestingly this is the first time any service provider has sent me any such notification. This may be in part because I live in Europe where data breach notification is still being debated therefore many providers may remain silent until exposed.

This is a mail I received from Spotify this evening

Leave a Comment

UK Prime Minister’s medical records breached

Mar.02, 2009 in Data Loss Prevention, Disclosure, Vulnerabilities

The UK Prime Minister’s medical records have been breached in a series of high profile ‘data violations’ involving UK politicians and others, the Sunday mail reports. Last week UK cabinet minister Jack Straw’s hotmail account was pwned by criminals trying to hoodwink the minister’s ‘friends’ into sending them money.

Comments (1)

Do you have rootkit in your security software?

Nov.28, 2008 in Corporate Espionage, Cyber-Crime, Digital Forensics, Disclosure, Security Monitoring, Security Tools, Vulnerabilities

TrendMicro reports having found what could be a rootkit in an enterprise infosecurity software. The rootkit-churning vendor is the same one that published Sony MicroVault USM-F fingerprint reader discovered last year. What other products has this vendor shipped?

Leave a Comment

Data Breach Disclosure - EU to Carry Carrot and Stick

Nov.25, 2008 in Compliance, Disclosure, IT Law, Identity Management, Privacy, Security Management, Security Monitoring, Vulnerabilities

In its publication titled Technology-Induced Challenges in Privacy and Data Protection in Europe, ENISA (European Network And Information Security Agency) made 13 recommendations aimed at taking personal data protection more seriously than it has been in the past. I’m particularly interested in recommendations 5 and 9.

Comments (2)

Breach! Breach! Breach! - Now its Obama’s phone records

Nov.21, 2008 in Cyber-Crime, Data Loss Prevention, Disclosure, Privacy, Security Management, Security Monitoring, Vulnerabilities

After many reported vulnerabilities and poor security practices on Obama’s web sites such as change.gov and barackobama.com, CNN reports that Obama’s phone records have also been improperly accessed by Verizon employees NOT authorised to do so.
The report quotes the President of Verizon Wireless saying “the personal wireless account of President-elect Barack Obama had been accessed [...]

Leave a Comment

  

Welcome

This blog is about Security Monitoring & Auditing, Identity and Access Management, Web Application Security & Pentesting, Cyber Crime, Digital Forensics and everything in between - Too many? Are you kidding?!