Posts Tagged ‘computer encryption software’

Nokia Developer Network hacked

September 1st, 2011

NDN hacked exposing developer data

Hackers are firing rounds after rounds of data breaches. They are getting better at it and taking advantage of the fact that security systems are not that robust.

Nokia’s developer forum was recently hacked and a database table containing e-mail addresses of developer forum members was accessed. This was done by exploiting vulnerability in the bulletin board software that allowed an SQL injection attack.

As per statement given by Nokia “Initially we believed that only a small number of these forum member records had been accessed, but further investigation has identified that the number is significantly larger,” the statement said.

Apparently the bug was quickly fixed but the developer community website was taken off. The discussion boards are not yet accessible. As per Nokia’s advisory the service should be up and running soon.

Those who visited the site before it was closed were redirected to a website that showed an image of Homer Simpson smacking his head and exclaiming “D’Oh.” Just below his picture were the words “Worlds number 1 mobile company but not spending a dime for server security! FFS patch you security holes otherwise you will be just another antisec victim. No Dumping, No Leaking!”

The site is under further investigation and security assessment. Initially it was assumed that only a small number of email addresses were accessed but later it was found out that a large amount of data was compromised.

The company further adds “We are not aware of any misuses of the accessed data, but we are communicating with affected forum members, though we believe the only potential impact to them may be unsolicited e-mail.” Nokia added that it “apologizes for this incident.”

The attack was claimed by a hacker known as “pr0tect0r AKA mrNRG”, believed to be based in India.

This happened at a bad time for the Finnish company as it is quickly losing market share to Apple’s iPhone and to companies that manufacture smartphones that use Google’s Android OS. Nokia is looking to increase its share of the U.S. market through a partnership with Microsoft. Nokia plans to start a new line of Windows Phone 7-powered phones by end of 2011 or early in 2012.

Security guaranteed with Alertsec Xpress

This incident highlights the need of a data security and data encryption software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Alertsec has offices in the US, UK, Sweden and operates in many other countries around the world through partners.

It’s mission is to continuously improve its products and services in order to deliver the easiest and most cost-effective managed encryption service on the market.

No comments »

Posted in Computer security, Data Protection, Hackers, computer security software, data breach, data encryption

Tags: Android computer encryption software data breach data security data theft prevention Email address Google Homer Simpson ICQ Internet forum IPhone Nokia security SQL injection Table (database) Uniform Resource Locator Windows Phone 7

Unauthorized person breaks into Purdue University’s computer system

August 23rd, 2011

Data of former students accessed illegally

First it was the gaming sites, followed by big corporations like NASA, later it was the healthcare industry and now its time for educational institutes to get their data breached !

Hackers hacked big time into Purdue University’s server which contained the personal information, including Social Security numbers and course records, of more than 7,000 former Purdue University students. These students had enrolled into a Math course.

The breach

The breach took place on April 5, 2010. As soon as the Purdue staff learned about it, they took the server offline. The notification came 16 months after the discovery of the breach.

The server contained 6.6 million nine-digit numbers in the hacked files. It took Purdue six months to analyze those numbers. After analysis Purdue determined that approximately 65,000 of those number combinations could be Social Security numbers. The numbers were further reanalyzed and the University matched 7,093 of those number combinations to Social Security numbers of former students.

The computer showed older course records from 2000 through the summer session of 2005.

Not only ex- students but a few professors, family members and contractors were potentially affected. A letter was sent to those affected stating a toll-free phone number for inquiries at 866-520-0492

Breach investigation

Investigation by Purdue University officials showed that 7,093 Social Security numbers were accessed by the hacker.

According to Laszlo Lempert, head of the Department of Mathematics ”Through our investigation, we found no evidence that the unauthorized user attempted to find or read any files with personal information in our system, but felt informing people who may have been affected was a necessary precaution,” . “We regret the breach occurred, and we’ve taken extensive measures to prevent this from happening again.”

As per Purdue University policy, Social Security numbers are no longer used except where required by law. A Purdue identification number is issued to all students, alumni, faculty and staff.

Security tips by Purdue

Place a fraud alert on your credit file, if you haven’t already done so.
Close accounts that you believe have been tampered with.
File a complaint with the Federal Trade Commission. For step-by-step instructions and contact information, go to: http://www.ftc.gov/bcp/edu/microsites/idtheft/

AlertSec’s security services

Organisations and educational institutes which contain a large amount of data have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Alertsec Xpress’s Check Point Full Disk Encryption is used by over 4 million users worldwide.

To protect information on laptops with encryption is of paramount importance if you want to comply to today’s legislation, not to mention the peace of mind for people managing security for a mobile workforce. We have found Alertsec Xpress to be secure, yet easy to use and implement.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: breach notification Check Point Colleges and Universities computer encryption software Computer security data data breach data security Doctor of Philosophy Education Enter your zip code here Indiana NASA Purdue University Social Security number United States

BART scrambles to inform its customers about its website breach

August 15th, 2011

Anonymous group hacks BART's site

Anonymous targets BART

The hacking group Anonymous is constantly hungry for media attention, needless to say. They recently hacked into the Bay Area Rapid Transit system (BART) and published email and home addresses, as well as phone numbers of more than 2,000 BART customers in response to the transit agency’s decision Thursday to switch off cell phone service at San Francisco’s Civic Center station to head off a planned protest.

“We are Anonymous,” the group’s Twitter biography reads. “We are legion. We never forgive. We never forget. Expect us.”

The group has also been linked to a warned Nov. 5 Cyberattack against the social networking site Facebook. Nov. 5 is Guy Fawkes Night in England.

Significance of Guy Fawkes Night

The night in 1605 in which Fawkes was arrested while guarding explosives beneath London’s House of Lords in an attempt to kill numerous politicians and King James I

Anonymous quotes:

“We apologize to any citizen that has his information published, but you should go to BART and ask them why your information wasn’t secure with them,” the group wrote on the Web site where it posted the leaked information. “Also do not worry; probably the only information that will be abused from this database is that of BART employees.”

What BART Police had to say

According to Linton Johnson, a spokesperson for the BART police department, the group had violated riders’ privacy. He further added that BART has informed the Federal Bureau of Investigation and other law enforcement agencies to probe into the matter.

BART’s history

BART was in the limelight for the fatal shootings of two men over the last two years by its officers. Charles Hill, a 45-year-old homeless man, was fatally shot when he attacked a police officer with a knife. In another gory incident, Oscar Grant was shot in the back during a police encounter.

The Aug 15 protest by Anonymous

The group held a peaceful protest at 5 p.m. Monday at Civic Center Station, near San Francisco’s City Hall. The Bay Area Rapid Transit District police had to close at least four San Francisco subway stations yesterday evening forcing commuters to find an alternate way home.

Protesters carrying signs and one in a Guy Fawkes mask, showed up shortly after 5 p.m. PT in the Civic Center station. “It’s like a media circus down here,” one bystander remarked.

Chants like “No Justice No Peace, Disband the BART police” could be heard and protesters tried to hold the doors open to a train. Soon after BART police cleared out the station and shut it down around 5:30 p.m.

According to Dan Hartwig, deputy chief of police at BART, no one was arrested. He further stated, “We shut down the station because we didn’t want to jeopardize the safety of passengers and BART employees,” he told reporters. “The platform was becoming (crowded and) unsafe… I’m not opposed to them expressing their First Amendment Rights.”

Why use Alertsec’s services?

Alertsec is the leader in the field of hard disk encryption as a fully managed service. It provides protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way.

Alertsec’s mission is to continuously improve its products and services in order to deliver the easiest and most cost-effective managed encryption service on the market.

No comments »

Posted in Computer security, Data Protection, data breach

Tags: breach notification laws computer encryption software data breach data security Enter your zip code here

USB drive found in a pub contained data of 26,000 tenants

August 9th, 2011

Storing data is getting easier by the day. First, it was computers, followed by laptops, net-books and now it is the pen-drive. Just hang it on your shirt or carry it in your pocket. That is movable data. It is a boon but at the same time, a curse if you do not keep it safely guarded.

A serious data breach

There was a recent case of a USB drive found unattended in a pub in South London. The drive contained carried data of around 26,000 social housing tenants and bank details of some 800 tenants

Breach details

Apparently, the USB drive owner worked for housing associations Lewisham Homes and Wandle Housing Association. The data belonged to the tenants of these housing associations. The USB drive was seen lying in the All Inn One pub. The authorities were immediately notified; fortunately, the data was not compromised.

According to Sally-Anne Poole, acting head of Enforcement at the ICO “Saving personal information on to an unencrypted memory stick is as risky as taking hard copy papers out of the office. Luckily, there is no suggestion that the data was misused. But this incident could so easily have been avoided if the information had been properly protected.”

The Lewisham Homes and Wandle Housing Association had breached the 1998 Data Protection Act by not encrypting the information of 26,000 people.

Action taken by the ICO

The ICO gave the housing bodies a stern warning and made them aware that they had clearly breached the Data Protection Act. Had the stick gotten into the hands of a hacker, all hell would have broken loose.

Reactions by security experts

According to Edy Almer, VP of product management at Safend: “It is good to see that data stored on the USB was most likely not compromised and that the immediate response from the breached party was to make things right. It is important to note it was a third party contractor that lost the data and not trained internal staff, thus highlighting the need to selectively block or encrypt all devices connecting to your network in order to protect sensitive data.”

Mark Fullbrook, UK and Ireland director at Cyber-Ark’ reacted: “This is yet another example of the poor data protection policies operating within organisations today. Using a memory stick to transport sensitive information may be convenient, but it’s certainly not secure and whilst in this case the memory stick was returned to its rightful owners, should it have fallen into the wrong hands the repercussions could have been severe”

Action taken by the housing associations

Lewisham Homes has revised its data security procedure and the contractor/owner of the stick has been dismissed.

What can be done to protect data?

Using encrypted software is the need of the hour. Be it an organization or an individual, if you are carrying data, it has to be protected, no matter how what it is.

Use Alertsec

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption

No comments »

Posted in Data Protection, Encryption, Identity and Information loss, Uncategorized, identity theft

Tags: computer encryption software data security Enter your zip code here identity theft USB flash drive

Online political activist, Aaron Schwartz, faces jail time for data theft

July 23rd, 2011

Schwartz arrested for stealing data

Heard of sophisticated hacking? Narrated below is a classic case of one such hack.

Harvard researcher and founder of Reddit, Aaron Schwartz, has been arrested in Boston on charges related to computer hacking. It appears he allegedly downloaded articles that he was entitled to get free.

According to Lawrence Lessig, the Harvard center’s director, where Mr.Schwartz recently completed his fellowship said“Aaron has never done anything in this context for personal gain — this isn’t a hacking case, in the sense of someone trying to steal credit cards,” . “That’s something JSTOR saw, and the government obviously didn’t.”

The indictment

According to the indictment the researcher, Aaron Swartz, broke into the computer networks at the Massachusetts Institute of Technology. He wanted to gain access to JSTOR, a nonprofit online service for distributing scholarly articles online. He allegedly downloaded 4.8 million articles and other documents. It won’t be an exaggeration if we say he downloaded the entire library! To top it all he did this without authorization and distributed the documents through file sharing networks.

Post-Indictment

Demand Progress has set up a web page and petition in support of Swartz. They are questioning the indictment and the legal strategy that makes downloading “so many journal articles” a felony that should be punished with jail time. Demand Progress is the website where Aaron earlier worked as an Executive Director. According to the website “the alleged victim has settles any claims against Aaron, explained they’ve suffered no loss or damage, and asked the government not to prosecute.”

Mr. Schwartz is looking at 35 years in prison and $1 million in fines for charges related to wire fraud, computer fraud and unlawfully obtaining information from a protected computer. He was arraigned in Federal District Court after surrendering to the authorities. Surprisingly he has pleaded not guilty to all counts. He was released on $100,000 unsecured bond

History

Aaron released a “Guerrilla Open Access Manifesto,” in 2008 asking activists to fight against the sequestering of scholarly papers.

“It’s time to come into the light and, in the grand tradition of civil disobedience, declare our opposition to this private theft of public culture,” he wrote. One goal: “We need to download scientific journals and upload them to file-sharing networks.”

Attorney’s statement

A United States attorney, Carmen M. Ortiz, said: “Stealing is stealing, whether you use a computer command or a crowbar, and whether you take documents, data or dollars. It is equally harmful to the victim whether you sell what you have stolen or give it away.”

Was data compromised?

Apparently no personal data was compromised. Around 7,000 institutions are members of JSTOR and pay fees as per their financial position. 14% of subscribers pay no fee at all. The JSTOR archives feature journals focused primarily on the humanities and social sciences.

Alertsec and data security

Organisations and individuals are being trained to deal with their data security in a better way. Companies are required to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is the security service that keeps all your data secure through encryption software.