Skip to main content

The WiKID Blog

Viewing posts from January, 2009

healthcare-consultant-shuts-down-due-to-insecure

From Dark reading via Slashdot.

While reports of the breaches have been issued in dribs and drabs, all of the data losses can now be attributed to a single incident, in which Verus employees left a firewall down following the transfer of data from one server to another, according to David Levin, vice president of marketing at MedSeek.
MedSeek is picking up a lot of business from Verus Inc., which shut down after investors pulled the plug when affected hospitals terminated their contracts.
While reports of the breaches have been issued in dribs and drabs, all of the data losses can now be attributed to a single incident, in which Verus employees left a firewall down following the transfer of data from one server to another, according to David Levin, vice president of marketing at MedSeek.
This seems hard to believe, since the reported breaches run from June 4th through today. Perhaps Versus didn't notify all their customers at the same time? But they shut down "eight to 10 weeks ago".

how-information-security-creates-value

Today I read a blog at NCircle (found via the prolific Adam Shostack) about security as a business enabler. It's an interesting post, but to me it shows that information security people often fail to understand how value it created.

higher-quality-info-will-cost-you-black-market

Check out the McAfee Avert blog for look at the black market for banking information. Accounts with high balances cost more, but have guarantees:

For such prices, the seller offers some guaranties. For example, the purchase is covered by replacement, if you are unable - within the 24 hours - to log into the account using the provided details.
So now the banks know how long they have to spot a compromised account to drive the profits out of the black market.

highly-highly-targeted-attacks-against

I've blogged in the past about targeted phishing attacks and Alex Eckelberry has analyzed a particularly nasty example.. According to the Register the scam is highly targeted:

the BBB scam is narrowly targeted and is aimed at those who are likely to have the most sensitive information to lose. No more than one executive of a company is targeted, and the email goes to great lengths to get the names of the exec and the exec's company correct.
What's not clear is whether the attackers are trying to get corporate information from an executive's PC or just personal information from high-value targets. More than likely the answer is both

how-about-stop-using-social-security-numbers-as

Today I read on Martin McKay's blog that you should change your default passwords and Adam Shostack has pointed out that colleges should usen't use SSNs to track students.

Recent Posts

Archive

2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom