Log in

Archive for the ‘Computer security’ category

Beware of posting on Twitter: It has been hacked!

May 10th, 2012

American Television Personalities also victims of Twitter hack

Did you get a message saying that your Twitter account has been hacked? Well, you better believe it because it is true. According to Twitter most of these are ’spam accounts. Well, go figure..

The story that’s making the rounds

On Tuesday, users of the micro blogging site, Twitter, found out that thousands of user names and passwords of the site were leaked by a hacker. The good news is that most of these leaked accounts are supposedly spam.

News and activist hub Airdemon posted an update stating that 55,000 accounts had been compromised. It linked to Pastebin pages containing the allegedly compromised user names and passwords. The investigation is under way. The company is apparently downplaying the episode.

What is Twitter spokesman Robert Weeks saying about it?

“It’s worth noting that, so far, we’ve discovered that the list of alleged accounts and passwords found on Pastebin consists of more than 20,000 duplicates, many spam accounts that have already been suspended and many login credentials that do not appear to be linked (that is, the password and username are not actually associated with each other),” said. “We are currently looking into the situation. In the meantime, we have pushed out password resets to accounts that may have been affected,” Weeks said.

Twitter has been hacked before

There was pair of data breaches in 2009 where the hackers had gained control of Twitter accounts. The FTC had managed to get a settlement with Twitter.

Couple of months ago, Twitter had to temporarily suspend the Web version of its TweetDeck software after a bug allowed some users to access other users’ accounts. The bug was fixed the day after it was publicly exposed.

Recent Update

Some crazy tweets by American Television Personality, Kris Jenner, made the rounds yesterday night. And they were like super-gross! It was something about the way she “sharted”. The tweets read “This is real bad”, “Holly shit stains”. Well, keeping her usual personality and show in mind, the tweet world did not think much about it. But when the ‘real’ Kris logged in, she realized someone had hacked into her accout and had posted all those trashy tweets.

The next in line of popular personality to get hacked was ‘Hulk’ aka Mark Ruffalo. A hacker took over his identity @MRuff221 and changed it to @Mark_Ruffalo, and put on some nasty posts: “The women of Hollywood sure have some great boobs. Here are the top 15!” Once Ruffalo actually logged in, he realized his account was hacked and he immediately informed his fans about the same. “Okay, I’m back up. The existential battle raged on my keyboard between me and my silly hacker has ended and it seems I lost @Mruff221,” he said, but eventually wrote, “Guess what. I am one and the same!! I am both identities. @mruff221 and @Mark_Ruffalo. So everyone wins.”

Alertsec comes to the rescue

80% of data loss is due to lost or stolen equipment. 50% of network breaches take place by using passwords from lost or stolen equipment. Laptop encryption is the solution to laptop theft problem. Small and big companies are now realizing the importance of tracking software. Alertsec offers laptop encryption service to secure your data.

Organizations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Computer security, Data Protection, Encryption, Encryption Chip, Hackers, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: disk encryption Hacker Hackers Hollywood Kris Jenner Mark Ruffalo Microblogging Password Pastebin Spam Tuesday TweetDeck Twitter User (computing)

Pentagon-run TRICARE admits to breach bigger than initially reported

May 7th, 2012

WASHINGTON, DC - FEBRUARY 03: U.S. Rep. Ed Markey (D-MA) demands data security from Pentagon

Carol Keller’s nightmare started last December when she was informed that her personal and medical information had been stolen almost four months earlier, thanks to a Pentagon contractor who had left 25 computer tapes in the back seat of a Honda Civic in Texas. Keller finally knew what had caused the fraudulent purchases from her debit account.

Pentagon Health Insurance Program – Tricare

Keller is among the 70,000 military personnel, retirees, and their families across New England who are victims of one of the largest-ever breaches of medical data. Approx. 4.7 million people may be in deep trouble because of this breach. These military families are dependent on Tricare for their insurance.

Victims such as Keller have filed a class-action lawsuit seeking unspecified damages. It is frustrating that Pentagon relies on contractors and outdated computer storage technologies to house and transport personal information.

Representative Edward J. Markey comments:

“The bottom line is that people in charge of safeguarding our service members’ personal data need to transition from the 20th century to the era of iPads,’’ said Representative Edward J. Markey, who is demanding more answers from the Pentagon on its medical privacy policies. “TRICARE had given me no assurance that it is moving toward such a modern system.’’

The contractor – Science Applications International Corp

The contractor receives about $20 billion a year in Pentagon contracts.

Apparently the contractor “has experienced no fewer than six security failures’’ since 2005. These failures include privacy data, the suit alleges, including a break-in at a company facility in California in 2005 in which the Social Security numbers and financial transactions of 45,000 top military and intelligence officials were stolen.

What the Spokesman for Science Applications International Corp had to say?

“We don’t know what specific instances that they are talking about, whether they are SAIC, whether they might be a vendor of some kind to us, and we don’t want to get into a dialogue about pending litigation,’’.

“Reading the data on the tapes would require knowledge of and access to specific hardware and software, which is commercially available, but would also require knowledge of the system and data structure on the tapes,’’.

He further added that the company has no evidence that the information on the computer tapes stolen last year from a San Antonio parking garage was accessed by outsiders and that it would be difficult to decipher the tapes.

The Plaintiffs

Plaintiffs in this case are Ms Keller, the spouse of a decorated war veteran, the 5-year-old daughter of an Air Force officer, and a retired major. According to them their credit cards were canceled without their knowledge for suspicious transactions; unauthorized withdrawals were made from their bank accounts; and telemarketers hound them.

Data security with Alertsec

Alertsec Xpress is used in all organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to large multinational companies with offices around the globe.

No comments »

Posted in Computer security, Data Protection, Encryption, Hackers, Hard Disk, Identity and Information loss, Lawsuits and settlements, computer security software, data breach, data encryption, identity theft, laptop encryption

Tags: Carol Keller December Ed Markey Enter your zip code here Honda Civic IPad Keller New England Pentagon Social Security number Texas TRICARE United States Department of Defense

Global Payments Inc. may have been breached months earlier than initially reported.

May 5th, 2012

Global Payments breach much higher than initially reported

We have an update on our last past about Global Payments Inc. Let us quickly referesh your memory and then get on to the update.

Previous post: A massive data breach at Global Payments has exposed 1.5 million credit card accounts. Visa, MasterCard and American Express firms process their payments through Global Payments. Thieves managed to access credit card numbers, security codes and expiration data. This breach has led Visa to think twice about Global Payment being its vendor.

Present: Global Payments Inc’s situation has gone from bad to worse. The talk in the town is that Global Payments may have been breached a lot earlier than reported. Two of the aggrieved card members said that the window for compromise dates back to June 2011. The issuers names have been kept anonymous.

As per Visa’s alerts the breach occured between Jan 2012 and mid February. According to Global it communicated this to the affected people on March 30. The possibility that a much higher number of credit cards had been affected (approximately 10 million) by the breach cannot be ruled out. Hackers had managed to steal customer names, credit card numbers, expiration dates and the security number.

Looking at the current picture, the fact cannot be denied that they were aware of the scheme since June 2011, eight months ago. The new investigation leads confirm this. It further confirms that not 1.5 million but 7 million records were breached!

According to Global Payments CEO Paul Garcia the company found out about the breach internally on March 8 and immediately alerted the card associations. Garcia further added that their initial disclosure was “forced by wild speculation in the press regarding this matter and our company.”

Global Payments spokeswoman Amy Korn’s comment

Ms Korn declined to comment but said the company would be releasing additional information about the breach in a statement on its Web site soon.

Statement by Global

“We have not publicly communicated any time periods and there is a full investigation underway. It would be premature and inappropriate for us to speak to or confirm any timeframes until the investigation is complete,. “The company sincerely apologizes for any concern this has caused, and please know that we continue to work with industry third parties, regulators and law enforcement to assist in all efforts to minimize cardholder and customer impact,” it said.

Shareholder Lawsuit

There is a strong possibility that Global Payments may face a shareholder lawsuit. Law firm, Robbins Umeda, specializing in securities litigation, released a statement saying that it was “investigating possible breaches of fiduciary duty and other violations of the law by certain officers and directors at Global Payments.”

Alertsec offers measures to combat data security issues

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on laptops.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Alertsec Xpress provides:

Fully managed service for your convenience.
Very cost effective service.
Market leading laptop protection service.
Quick and easy implementation.
Easy to use protection.
Transparent solution.
Global 24/7 helpdesk.
100% secure and reliable encryption

No comments »

Posted in Computer security, Data Protection, Encryption, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: Access (credit card) AlertSec Xpress American Express Bundled payment Check Point Credit card data breach Enter your zip code here Global Payment Mastercard Visa

Google employees were aware of Street View data breach

May 2nd, 2012

Google Street View Car - Is it snooping around collecting personal data?

These days ‘googling around’ or have you ‘googled’ has become a part of English vocabulary although the word does not really have any meaning! But google is synonymous with search and we have almost stopped using the word search and easily use the word ‘google’ ! Such is the power of this search engine and the company that has coined this term – Google Inc. It is clear that we just can’t do without Google and consider it to be perfect and flawless! Well, Google just recently made a mistake and is under scrutiny. Let us read how.

Google’s Street View cars were collecting personal data

According to the FCC report, one of Google’s engineers, Marius Milner, informed colleagues and a Senior Manager about collecting unencrypted Wi-Fi data.

The history

In May 2010, the ICO found out that Google had not collected any personal data. However, later in 2010, ICO claimed that Google had in fact collected personal details and thus had broken the law. Nevertheless, at that time ICO decided not to fine Google.

Present

The FCC report says that personal data was very much collected by Google and that Google was fully aware of it.

ICO’s statement

“We will study the Federal Communication Commission’s report and consider what further action, if any, needs to be taken,” said the statement.

“Google provided us with a formal undertaking in November 2010 about their future conduct, following their failure in relation to the collection of Wi-Fi data by their Street View cars. This included a provision for the ICO to audit Google’s privacy practices. The audit was published in August 2011 and we will be following up on it in June to ensure our recommendations have been put in place.”

What does Google have to say about this?

Google spokeswoman Jill Hazelbaker, informed that the company was willing to make the entire document available but withhold the names of individuals.

“While we disagree with some of the statements made in the document, we agree with the FCC’s conclusion that we did not break the law,”Hazelbaker said.

“We hope that we can now put this matter behind us.”

FCC’s investigation

The engineer, Milner, invoked his Fifth Amendment right against self-incrimination and declined to testify.

What personal data did Google collect?

Google’s Street View cars collected names, addresses, telephone numbers, URLs, passwords, e-mail, text messages, medical records, video and audio files, and other information from Internet users in the US.

Public reactions to the scandal

Some people think that the engineer who collected this data, should be sent to jail as this was a grave error. A few think FCC should be fined big time as it failed to report this in time to the ICO. The agency should have immediately reported this issue to the public, the media and the Congress.

Adding to the public’s confusion

The above is a raging debate. Some feel a mountain has been made out of a molehill as Google has always been ’snooping’ on people’s data. It does it with Gmail, so what’s the big deal now?

Alertsec understands privacy and protects it

Whatever the matter, privacy breach and collecting personal data without informing the individual, amounts to breaking the law. Let us try to protect our personal data. Alertsec protects data via data encryption. It also encrypts business laptops. Why wait?

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, computer security software, data breach, data encryption

Tags: Enter your zip code here FCC Federal Communication Commission Google Google Street View ICO Jill Hazelbaker Marius Milner New York Times Personally identifiable information Search Engines Searching Street View Wi-Fi

Update – Catholic priest, Father McVeigh, releases statement regarding porn images

April 30th, 2012

Cardinal Sean Baptist Brady approves Father McVeigh's sabbatical leave. Father McVeigh releases statement in the light of the laptop theft

We did a post last week about a laptop being stolen from a Priest’s house. Here is an excerpt: Northern Ireland’s police force was investigating the case of a Catholic priest who had managed to project pornographic gay images to a room of primary school parents instead of a presentation on Holy Communion. These were 26 parents of pupils of St Mary’s school in Pomeroy.

Father Martin McVeigh had maintained that he destroyed the memory stick containing offensive material.

Update on this news item

The catholic priest, Father Martin McVeigh, released a statement in his church bulletin.

He said the last month had been “the most difficult of my life”.

“I deeply regret my failure to check, in advance, my presentation,” he added.

The priest explained how he had immediately removed the memory stick from the laptop.

“In my shock and upset and in my concern to ensure that the images would never be shown again, I destroyed it later that evening,” he added.

Fr McVeigh reiterated his innocence and said he recognized the incident “was very serious in nature” and had “caused much anxiety and distress”.

“I apologize unreservedly for the hurt caused,” he said.

“I want to assure you however, that I was not responsible for the presence of the offending images and in this respect I ask you to accept my innocence.”

Cardinal Sean Brady approves Father McVeigh’s leave

Father McVeigh had requested Cardinal Sean Brady to allow him to leave the parish of Pomeroy and to take sabbatical leave. Cardinal Brady had agreed to the request for leave on the understanding that Fr McVeigh would return to the diocese.

According to the Cardinal the diocese would now work to make sure that procedures and policies were put in place for the proper monitoring and use of computers in parishes.

Cardinal Brady further added that there had been an investigation into the computers used by Fr McVeigh.

“These have been forensically examined by an independent technical expert and no inappropriate imagery has been found,” he said.

“However an additional laptop, which was located in the sacristy, was stolen in the period following the 26 March meeting with parents.

“This stolen laptop did not form part the technical examination and its theft was reported to the PSNI.”

Learning from the scandal

Moving ahead, it is important to learn a lesson from this scandal. Laptops and mobile devices need to be well secured and protected from thefts and hacking. Tight security policies need to be put in place, be it for a church, a small business unit or a giant organization like Sony.

Alertsec offers data encryption option

80% of data loss is due to lost or stolen equipment. 50% of network breaches take place by using passwords from lost or stolen equipment. Laptop encryption is the solution to laptop theft problem. Small and big companies are now realizing the importance of tracking software. Alertsec offers laptop encryption service to secure your data.

Organizations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.