SecurityRatty: tag: poorly

Sensitive Columbia University student information exposed for 16 months

2008-06-15 23:32:25 by Evan Francen in The Breach Blog

...poorly trained, part-time student-employee posted confidential information online and probably gave little thought to any potential security implications. Poorly trained, part-time employees will probably make more mistakes than well trained, full-time employees. Makes sense. It's probably not a good idea to allow poorly trained, part-time...

Tags: columbia, information, university, evan columbia university, evan, security, protect social security, personal information, columbia university

Stolen account firm laptop contained personal information

2008-04-28 09:50:55 by Evan Francen in The Breach Blog

...poorly secured laptop is an unnecessary and unacceptable risk We informed them of the actions they and their employees needed to take. Due to the nature of our work and our internal policies, no client information other than audit data is ever stored on a laptop, so there is no concern that any other client information might be on the stolen...

Tags: information, clients personal information, clients, personal information, specific information, store confidential information, client information, confidential information, personal information inside

SCSU web server becomes spam server and exposes personal information

2008-05-02 11:12:47 by Evan Francen in The Breach Blog

...poorly secured (and probably poorly monitored) public web server The hackers were using our Web server as a host for their own Web site," he said Pages on the university's site contained ads for diamond rings, Viagra and Cialis After noticing the ads on April 9th, IT staff discovered the file containing the sensitive information. "When we...

Tags: personal information, information, evan personal information, web server, personal information storage, university, university system, personal, university immediately

Wee-Fi: TJX Data Theft Arrests; Junxion Sold

2008-08-05 16:10:41 by Glennf in Wi-Fi Networking News

...poorly designed back-end systems. (Okay, I'm saying "improperly secured" and "poorly designed," since that's self-evident, and was thoroughly documented in the case of TJ Maxx's parent TJX.) Total cost of this break in is in the billions, although it's clear that the companies whose systems were penetrated are culpable in their lack of data...

Tags: theft, 40m credit card, card, tjx, junxion, data theft operation, wi-fi, railroad wi-fi, adapters

Risky by association

2007-12-26 16:14:25 by Chris McClean in Security & Risk Management

...poorly. In reality however, Mattel has received praise in the past for its responsible supply chain management this is not an epiphany Still, the company is taking steps to demonstrate its ongoing commitment with a new quality checking system and a responsibility organization to oversee product quality, labor standards, and...

Tags: responsibility, responsibility organization, oversee product quality, information security issues, security, quality, supply chain partners, social responsibility, epiphany

TRICARE breach affects 4,700 households

2007-12-20 12:15:59 by Evan Francen in The Breach Blog

...poorly written code? (check out OWASP Was it a mis-configuration of the web server Was encryption not required, i.e. a user could use http or https to access the application Was it a combination of factors? I will assume it was a combination of factors On the one hand, I commend EDS for disclosing the breach to TRICARE, but on the other hand...

Tags: tricare, information, personal information, code review, by-line code review, information security, tricare beneficiaries, beneficiaries, breach

Duke School of Law breach affects 3,200

2007-12-06 11:37:20 by Evan Francen in The Breach Blog

...poorly, was someone surfing the web on the server and downloaded malicious code, etc.? I am also curious about whether or not the University conducts regular audits of these systems and runs intrusion detection. Even after such a wonderful announcement by the school, so many questions still remain Past Breaches Unknown

Tags: school, duke school, breach, security, comfyllama social security, complete, breach description, complete security scan, security breach

The Type of Lock Needed Has Changed

2007-01-22 00:00:00 by Chris Parkerson in Speaking of Security, the RSA Blog and Podcast

...poorly-trained customer service employees -- all of which render perimeter-based security approaches practically useless

Tags: employees, customer service employees, perimeter vulnerable, perimeter, internal processes, focus, security approaches, proper precautions, breaches

42,000 West Penn Allegheny Health System Patients

2007-12-28 17:06:00 by Evan Francen in The Breach Blog

...Poorly trained, 4. Not good at getting leadership buy-in, or 5. All of the above As a first step, the West Penn Allegheny Health System should obtain the guidance of a reputable information security consultant to assess their entire information security program Past Breaches Unknown

Tags: sensitive personal information, personal information, information, nurse, home care nurse, patients, home, information warrants, computer

Month Of MySpace Bugs

2007-03-20 22:46:00 by Eric Marvets in The Security Samurai

...poorly crafted social networking sites) because they are trying to get attention, MySpace is extremely popular to get them even more attention, and that MySpace is notoriously dickish in response to security issues Starting on April 1, they will release one MySpace hack a day. Most will center on XSS attacks and they invite anyone to send in...

Tags: myspace bugs, myspace, myspace hack, hack, sounds pretty light, month, half goof, half public, notoriously dickish

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo