I’m not sure what the real intentions are but doesn’t it sound a bit odd that the Telegraph media group CIO will thank the guys at Hackersblog for exposing their SQL injection vulnerabilities?
In 1982 Johnson & Johnson the company making Tylenol had to contend with a major financial and image problem when contaminated Tylenol capsules caused the deaths of 7 people. Investigators discovered that someone had filled Tylenol capsules with solid cyanide compound and replaced the original Tylenol bottles with poisoned ones in some supermarkets and drug stores.
What did the company do and what lessons do we learn from it?
Oh great! Its now my account that has been compromised .. ouch! Interestingly this is the first time any service provider has sent me any such notification. This may be in part because I live in Europe where data breach notification is still being debated therefore many providers may remain silent until exposed.
This is a mail I received from Spotify this evening
The UK Prime Minister’s medical records have been breached in a series of high profile ‘data violations’ involving UK politicians and others, the Sunday mail reports. Last week UK cabinet minister Jack Straw’s hotmail account was pwned by criminals trying to hoodwink the minister’s ‘friends’ into sending them money.
An article by Zdnet’s Zero Day blog discusses the current spread of malware via the Windows Autorun functionality - USB being the main transport agent.Talking about the malware, it notes:
Their functionality varies. It started out with online games password-stealers targeting World of Warcraft, LineAge and others. But over the last months, we’re seeing malware being [...]
TrendMicro reports having found what could be a rootkit in an enterprise infosecurity software. The rootkit-churning vendor is the same one that published Sony MicroVault USM-F fingerprint reader discovered last year. What other products has this vendor shipped?
It’s been reported that WordPress, a popular blogging application is vulnerable to cross-site scripting (XSS). The vulnerability, discovered in the RSS feed generator and complete with a PoC, affects all versions prior to and including version 2.6.3. A week after the vendor (WordPress) was notified, it released a new version (2.6.5).
In its publication titled Technology-Induced Challenges in Privacy and Data Protection in Europe, ENISA (European Network And Information Security Agency) made 13 recommendations aimed at taking personal data protection more seriously than it has been in the past. I’m particularly interested in recommendations 5 and 9.
Secunia, a vulnerability management firm, has given home users an opportunity to improve their security with its release of Personal Software Inspector (PSI) version 1.0. Released for Windows, PSI aims to raise the security bar by checking and updating all the software installed on the home PC with the latest security patches. Download your copy [...]
Symantec has published a survey - Underground Economy - detailing the activities of cyber criminals who through astute business models have managed to rake in hundreds of millions of dollars in a year. The cost to victims of these activities easily runs into billions of dollars. What do they sell?
