SEARCH RESULTS
 
Showing 1-10 of 26 records
 
Expand article

Password Expiration: Like Margarine and Water?

2008-05-27 00:00:00 by Dr. Ari Juels in Speaking of Security, the RSA Blog and Podcast
 
We often swallow ideas that we needn't or shouldn't. Take the onetime urging of nutritionists to substitute margarine for butter in the cause of cardiovascular health. When this advice was first circulating, most margarines contained high quantities of trans fats, concoctions that have turned out to be so harmful - to the heart, among other...
 
Tags: water, margarine, password expiration, 8x8 water doctrine, cardiovascular health, advice, substitute margarine, similar dogma applies, health
 
 
 
 
Expand article

WordPress 2.5 Cookie Forging Explained

2008-04-25 21:46:49 by Chris Eng in Zero in a bit
 
...expiration in epoch time, and an MD5 hash (the %7Cs are the URL-encoded form of the | character). The wp generate auth cookie() function generates the cookie as follows key = wp hash($user->user login . $expiration); $hash = hash hmac('md5', $user->user login . $expiration, $key); $cookie = $user->user login . '|' . $expiration . '|' . $hash...
 
Tags: cookie, wordpress authentication cookie, authentication cookie, cookie integrity bug, hash, hash hmac, user, user identity, maintain cookie uniqueness
 
 
 
 
Expand article

Password policies. Once again.

2007-09-04 22:14:00 by Steve Riley in Steve Riley on Security
 
...expiration is troublesome. Here's my response; figured that it would make for a useful blog post, too. Account lockouts Account lockout is a poor substitute for good passwords -- and is one of the most expensive security features you can use. Let's think about this by considering the threat. What threat does account lockout (attempt to)...
 
Tags: account, enable account lockout, password, account lockouts, disable account lockout, 42-day default expiration, default, expiration, password expires
 
 
 
 
Expand article

Hannaford Supermarkets

The Article has images
2008-03-22 12:27:00 by Random InfoSec Guy in Security Coin
...expiration dates, and was illegally accessed from our computer systems during transmission of card authorization Huh No personal information such as names or addresses was accessed If that is the case, the authorizations should fail for most transactions of medium to high value when those numbers are reused since they don't have the name...
 
Tags: card, debit card, pci, track data, pci dss, data, hannaford supermarkets, hannaford, pci compliant
 
 
 
 
Expand article

S&K Menswear two-phased attack

The Article has images
2008-01-03 10:40:36 by Evan Francen in The Breach Blog
...expiration dates Breach Description According to the breach notification letter sent to the New Hampshire Attorney General, on or about October 24th, 2007 personal information belonging to S&K online customers was accessed without proper authorization. S&K became aware of the unauthorized access after reports of fictitious spear phishing...
 
Tags: information, personal information, information security practices, notification, information security, breach notification letter, sample customer letter, credit card, credit card data
 
 
 
 
Expand article

Geeks.com customer credit card data compromised

The Article has images
2008-01-07 21:34:58 by Evan Francen in The Breach Blog
...expiration dates, and card verification numbers Breach Description An undisclosed number of Geeks.com customers have been affected by an apparent breach of the company's online security. Geeks.com reportedly noticed the breach on December 5th, 2007 and began sending letters to customers on January 4th, 2008 Reference URL The Consumerist...
 
Tags: credit, credit card, card, geeks, credit reports, report credit, breach description, breach, apparent breach
 
 
 
 
Expand article

Canadian Standards Association Learning Centre compromised

The Article has images
2008-02-10 19:14:30 by Evan Francen in The Breach Blog
...expiration dates Breach Description Unauthorized online access was obtained by intruders to the Canadian Standards Association ("CSA") Learning Centre online store web site server, possibly exposing sensitive customer information Reference URL The New Hampshire State Attorney General breach notification Report Credit The New Hampshire...
 
Tags: breach description, breach, credit card, credit card issuer, security breach, encryption, secret key encryption, credit card company, security
 
 
 
 
Expand article

Hannaford and Sweetbay supermarkets announce compromise of 4.2 million credit and debit cards

The Article has images
2008-03-18 00:07:06 by Evan Francen in The Breach Blog
...expiration dates, and was illegally accessed from our computer systems during transmission of card authorization Evan] Their information security is "among the strongest in the industry"? Here is a hint as to how the information was illegally obtained, "during transmission of card authorization The intrusion affected Hannaford stores,...
 
Tags: credit, hannaford, breach description, breach, credit-card data breach, carry hannaford products, information, personal information, information security
 
 
 
 
Expand article

Intrusion at Stedmans.com exposes credit card information

The Article has images
2008-03-23 00:37:57 by Evan Francen in The Breach Blog
...expiration dates, and card verification numbers Breach Description On February 27, 2008, Lippincott Williams & Wilkins, a Wolters Kluwer business was informed by the company that hosts one of our websites, www.stedmans.com, that personal information collected from consumers through the website may have been compromised through an...
 
Tags: credit, information, credit card, credit cards, equifax credit, report credit, stedmans, information security professionals, personal information
 
 
 
 
Expand article

Intrusion at Okemo Mountain Resort exposes customers

The Article has images
2008-04-01 20:44:59 by Evan Francen in The Breach Blog
...expiration dates Breach Description Okemo Mountain Resort said Monday that hackers broke into its computer network and potentially gained access to credit card data from 28,168 transactions between Feb. 7 and Feb. 22 and 18,401 credit cards between January and March 2006 Reference URL Okemo Mountain Resort News Release Barre-Montpelier...
 
Tags: okemo, okemo mountain resort, okemo leadership, okemo ridge road, evan okemo, okemo promptly, evan, data, credit data