SEARCH RESULTS
 
Showing 1-10 of 29 records
 
Expand article

BJs Wholesale Club's noble intentions

The Article has images
2008-02-10 23:07:10 by Evan Francen in The Breach Blog
...zip drive" or "thumb drive"), on December 31, 2007 Evan] I assume that this was a thumb drive (or flash drive), not a zip drive. They are not one in the same. Thumb drives are not good back-up devices for confidential information without encryption, and even then they are a little "iffy" in my opinion On January 3,2008, the Team Member...
 
Tags: breach description, breach, bjs wholesale club, security breach, wholesale club, sensitive personal information, personal information, security, security practices
 
 
 
 
Expand article

Social engineering at Macys

2008-04-08 02:21:08 by HASH0x8b3ae68 in StillSecure, After All These Years
 
...zip code and they charged my whole purchase! I am sure that somewhere PCI or not, this is not kosher. Anyone with the account number and zip code could have done this Now, maybe they liked my story and I have an honest face. Frankly, I am glad they did as it helped me get my clothes. However, it just doesn't feel right and shows you that even...
 
Tags: macys, macys charge card, card, charge card, macys account, account, zip code, clearance rack, clearance
 
 
 
 
Expand article

Security Between Virtual Machines?

The Article has images
2008-06-22 15:30:57 by John Peterson in Security In The Virtual World
...Zip code to find store locations in your area. Instead of putting in the zip code you could put in "95123 'UNION SELECT * FROM credit card table--". The hacker is injecting via the UNION command (which means join one SQL statement with another one) a command that says grab all (via the asterisk) information out the credit card table Lastly,...
 
Tags: web, web page, web site sends, server, file server, database backend server, web front, vulnerable web site, database server
 
 
 
 
Expand article

Security Between Virtual Machines?

The Article has images
2008-06-22 15:30:57 by John Peterson in Security In The Virtual World
...Zip code to find store locations in your area. Instead of putting in the zip code you could put in "95123 'UNION SELECT * FROM credit card table--". The hacker is injecting via the UNION command (which means join one SQL statement with another one) a command that says grab all (via the asterisk) information out the credit card table Lastly,...
 
Tags: web, web page, web site sends, server, file server, database backend server, web front, vulnerable web site, database server
 
 
 
 
Expand article

Learning From Sarah Palins Yahoo Mail Compromise

2008-09-18 13:31:56 by Chris Wysopal in Zero in a bit
 
...zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service the second was somewhat harder, the question was where did you meet your spouse? did some research, and apparently she had eloped with mister palin after college, if youll look on some of the screenshits that I took and other fellow anon...
 
Tags: password reset email, reset, password reset functionality, service, online postal service, password reset, online, online service, password
 
 
 
 
Expand article

A Diverse Portfolio of Fake Security Software - Part Fourteen

The Article has images
2008-11-27 07:47:55 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...ZIP: 11000 Country: CZ Phone: +420.2224811382 virus-labs2009 .com (66.232.113.62 virus-trigger .com virusresponse2009 .com virusresplab .com virus-response .com Roman Spitsikov Uus-Sadama 12 Tallinn, Tallinn 10120 Estonia Roman.Spitsikov@gmail.com virusremover2008plus .com (77.245.61.80; 93.190.139.229 Sagent Group ( sergbelo@gmail.com...
 
Tags: fake security software, diverse portfolio, sawert alliance, road town, martti seodancergmail, upper flat, city, road, sl3270 lasko
 
 
 
 
Expand article

Cracking passwords on a PlayStation

2007-12-03 16:37:00 by Keith Brown in Security Briefs
 
...ZIP file with a password, clearly the password is being used to derive a key. Let's say this resulted in a 256-bit AES key. Don't fool yourself - your keyspace is not 256 bits! If you used a 12 character password, it's only a 79-bit keyspace. And that's the best case, assuming you included numbers, punctuation characters, as well as upper and...
 
Tags: password, character password, key, password database, keyspace, 256-bit aes key, 40-bit keyspace, passwords, encryption
 
 
 
 
Expand article

Another Wisconsin mailing exposes Social Security numbers

The Article has images
2008-01-15 13:32:24 by Evan Francen in The Breach Blog
...zip codes were impacted, and which taxpayers social security numbers were potentially viewable through the window envelope DOR contacted the taxpayers potentially affected and offered instructions on how to apply for one year of free credit monitoring Evan] One year of free credit monitoring is better than nothing, but hardly adequate....
 
Tags: security, taxpayers, taxpayers social security, social security, wisconsin, credit bureau, credit, breach description, breach
 
 
 
 
Expand article

Catch not-so-smart hackers to send message to smart hackers

2007-05-10 07:00:33 by RaviC in Musings on Information Security
 
...zip files to tunnel thro' filters demonstrates the brilliance of smart hackers. It is well known truth that HTTP is known as UFBP (Universal Firewall Bypass Protocol). What if a hacker tunnels encrypted data thro' a SOAP container which uses HTTP? It would be extremely hard to catch those extreme cases with technical controls Jeremiah's...
 
Tags: not-so-smart hackers, hackers, not-so-smart, smart, smart hackers, employee, smart-deviant employee, hackers interact, smart hacker
 
 
 
 
Expand article

Terror on the Internet - Conflict of Interest

The Article has images