Security News

Since my April Newsletter the following major security breaches have occurred:

Epsilon

Covered in my special May Update, Epsilon is the world's largest permission based email marketer. It is used by over 2,000 major companies including: JPMorgan Chase, Capital One, Marriott Rewards, US Bank, Citigroup, Brookstone, Walgreens, The College Board, and the Home Shopping Network (HSN). Their Email addresses and full names were taken. This will enable malware vendors to send emails that appear to come from companies you use and addressed specifically to you. More than ever before, don't click on email links unless they are something you are expecting coming from an individual you know. For example, a link from me to my Newsletter.

Oak Ridge National Laboratory

This major lab funded by the Department of Energy does work on our Nuclear facilities and computer security. They were also hacked a few years ago. They lost a significant amount of data, but aren't telling us what. This came when an employee clicked on a link in an email purportedly from the human resources department describing employee benefits. The link exploited a vulnerability in Internet Explorer allowing them to install malicious software.

530 employees received the email directed specifically to attack Oak Ridge Labs. 57 clicked on the link. Two were infected (the others were probably using Firefox or Chrome).

RSA Security

RSA is one of the leading security firms in the world. Among other things, they make most of those keyfobs used to provide dual authentication for secure logins SecurID. These provide additional authentication by adding a 6 digit number that changes every 30 seconds to a password. They provide this authentication to over 25,000 corporations and government entities. RSA is not being forthcoming on how they were hacked, but is working with customers after they sign non-disclosure agreements.

DSL Reports

Lost more than 100,000 usernames and passwords. People using the same passwords on multiple accounts can expect them to be tried at Paypal and Amazon.

State of Texas

In March, the State of Texas Comptroller's Office exposed Names, Social security numbers, driver's license numbers, date of birth and addresses for 3.5 million people. The data was on a publicly accessible server and was stored unencrypted.

Sony Playstation

77-100 million Sony Playstation user accounts (depending on your news source) were lost, possibly including 10 million credit card numbers. These apparently include the CVV codes from the back of the cards. What they say is that data from as many as 10 million cards "were involved", but don't know they were taken. Sony executives apologized for any inconvenience or problems their failure caused. Sony said account information, including names, birth dates, email addresses and log-in information, was compromised for players using its PlayStation Network. They asked all users to change their passwords.

Sony Online Entertainment

Another Sony breach was at their Online Entertainment Network where over 12,000 credit card numbers may have been stolen, and nearly 25 million people were affected.

According to a statement from Sony, "personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.”

Sony Ericson of Canada

2,000 customer accounts at Sony Ericson of Canada. Sony Corp. spokesman Atsuo Omagari said Wednesday, May 25th, that names, e-mail and encrypted passwords may have been stolen from the Sony Ericsson Canada website, but no credit card information was taken.

News Links:http:⁄⁄www.pcworld.com⁄article⁄226908⁄sony_hack_caps_recent_string_of_security_horror_shows.html

http:⁄⁄www.wired.com⁄threatlevel⁄2011⁄03⁄rsa-hacked⁄

http:⁄⁄news.idg.no⁄cw⁄art.cfm?id=63114886-1A64-67EA-E4F4635CBC887496

Oak Ridge: http:⁄⁄www.wired.com⁄threatlevel⁄2011⁄04⁄oak-ridge-lab-hack⁄

Date: June 2011

This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		Security News Since my April Newsletter the following major security breaches have occurred: Epsilon Covered in my special May Update, Epsilon is the world's largest permission based email marketer. It is used by over 2,000 major companies including: JPMorgan Chase, Capital One, Marriott Rewards, US Bank, Citigroup, Brookstone, Walgreens, The College Board, and the Home Shopping Network (HSN). Their Email addresses and full names were taken. This will enable malware vendors to send emails that appear to come from companies you use and addressed specifically to you. More than ever before, don't click on email links unless they are something you are expecting coming from an individual you know. For example, a link from me to my Newsletter. Oak Ridge National Laboratory This major lab funded by the Department of Energy does work on our Nuclear facilities and computer security. They were also hacked a few years ago. They lost a significant amount of data, but aren't telling us what. This came when an employee clicked on a link in an email purportedly from the human resources department describing employee benefits. The link exploited a vulnerability in Internet Explorer allowing them to install malicious software. 530 employees received the email directed specifically to attack Oak Ridge Labs. 57 clicked on the link. Two were infected (the others were probably using Firefox or Chrome). RSA Security RSA is one of the leading security firms in the world. Among other things, they make most of those keyfobs used to provide dual authentication for secure logins SecurID. These provide additional authentication by adding a 6 digit number that changes every 30 seconds to a password. They provide this authentication to over 25,000 corporations and government entities. RSA is not being forthcoming on how they were hacked, but is working with customers after they sign non-disclosure agreements. DSL Reports Lost more than 100,000 usernames and passwords. People using the same passwords on multiple accounts can expect them to be tried at Paypal and Amazon. State of Texas In March, the State of Texas Comptroller's Office exposed Names, Social security numbers, driver's license numbers, date of birth and addresses for 3.5 million people. The data was on a publicly accessible server and was stored unencrypted. Sony Playstation 77-100 million Sony Playstation user accounts (depending on your news source) were lost, possibly including 10 million credit card numbers. These apparently include the CVV codes from the back of the cards. What they say is that data from as many as 10 million cards "were involved", but don't know they were taken. Sony executives apologized for any inconvenience or problems their failure caused. Sony said account information, including names, birth dates, email addresses and log-in information, was compromised for players using its PlayStation Network. They asked all users to change their passwords. Sony Online Entertainment Another Sony breach was at their Online Entertainment Network where over 12,000 credit card numbers may have been stolen, and nearly 25 million people were affected. According to a statement from Sony, "personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.” Sony Ericson of Canada 2,000 customer accounts at Sony Ericson of Canada. Sony Corp. spokesman Atsuo Omagari said Wednesday, May 25th, that names, e-mail and encrypted passwords may have been stolen from the Sony Ericsson Canada website, but no credit card information was taken. News Links:http:⁄⁄www.pcworld.com⁄article⁄226908⁄sony_hack_caps_recent_string_of_security_horror_shows.html http:⁄⁄www.wired.com⁄threatlevel⁄2011⁄03⁄rsa-hacked⁄ http:⁄⁄news.idg.no⁄cw⁄art.cfm?id=63114886-1A64-67EA-E4F4635CBC887496 Oak Ridge: http:⁄⁄www.wired.com⁄threatlevel⁄2011⁄04⁄oak-ridge-lab-hack⁄ Date: June 2011 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk