June 21, 2008
Privacy & Security Watch: Diebold Summer Sale Offers Used Voting Machines
According to this article, Premier Election Solutions, formerly known as Diebold, makers of those easily hackable electronic voting machines, (just do an internet search on "hackable Diebold" if you doubt that statement), is "selling off everything from used touch-screen voting machines ($600/each) to ballot boxes ($1,000/each), voter and poll supervisor smart cards that are used to initiate voting on machines on election day ($2.00/each), and tamper-evident security seals ($0.15/each) that are supposed to protect machines from intruders."
Richard L. Kuper
The Kuper Report
http://TheKuperReport.com
Labels: breach, companies, corporations, data, data security, diebold, election, fraud, government, hack, hackable, kuper report, premier, richard kuper, vote
FindJobsPostJobs.com | CareerHotList.com |
Privacy & Security Watch: TJX Fires Employee for Disclosing Security Problems
and subsequent articles on this subject). Well, it seems they still haven't learned from their mistakes. According to this article, a young employee in a Lawrence, KS T.J. Maxx store tried, but failed to convince management that running their server in administrator mode and giving everyone id's with blank passwords was a very bad and insecure thing to do. So he anonymously posted about this lack of security to an online forum. TJX found out it was him and they fired him. No word on whether they address this serious security breach.
Richard L. Kuper
The Kuper Report
http://TheKuperReport.com
Labels: breach, companies, corporations, data, data security, government, home goods, homegoods, intrusion, kuper report, marshalls, richard kuper, security, tj tjx, tjmaxx, x
FindJobsPostJobs.com | CareerHotList.com |
May 16, 2007
Privacy and Security Watch: IBM loses tapes with personal information on current and former employees
According to this article, "An outside vendor was transporting the tapes from one IBM facility to another on Feb. 23 when the tapes fell out of a contractor's vehicle in Westchester County, N.Y., not far from IBM headquarters in Armonk. IBM representatives went to the scene and couldn't find the tapes."
For some reason, only some of the missing tapes were encrypted.
Richard Kuper
The Kuper Report
http://TheKuperReport.com
Labels: breach, data security, IBM, Kuper, kuper report, lost, personal data, privacy, private, richard kuper
FindJobsPostJobs.com | CareerHotList.com |
May 10, 2007
Privacy and Security Watch: University of Missouri Hacked For Second Time This Year
Back in January, there was a similar breach. In that case, "a hacker obtained the Social Security numbers of 1,220 university researchers, as well as personal passwords of as many as 2,500 people who used an online grant application system."
Richard Kuper
The Kuper Report
http://TheKuperReport.com
Labels: breach, college, data security, hack, Kuper, kuper report, personal data, privacy, richard kuper, school, security
FindJobsPostJobs.com | CareerHotList.com |
May 05, 2007
Transportation Security Administration, a division of Homeland Security, loses hard drive with personal data on 100,000
The privacy and security of personal information is clearly not being addressed by government agencies, as previously reported in The Kuper Report and in various news reports over the years. This breach by a division of the Homeland Security Department is just the latest reported problem. As the Congress perhaps begins to address this problem in the private sector, it needs to also address this problem in the public sector. However, unless there are severe consequences for breaching the privacy, this problem will not end.
Richard Kuper
The Kuper Report
http://TheKuperReport.com
Labels: breach, data security, government, homeland security, Kuper, kuper report, personal data, privacy, richard kuper, security, transportation security administration, tsa
FindJobsPostJobs.com | CareerHotList.com |
April 26, 2007
Privacy and Security Watch: Lawmakers decry continued vulnerability of federal computers
Richard Kuper
The Kuper Report
http://TheKuperReport.com
Labels: breach, data, data security, government, Kuper, kuper report, law, personal data, personal information, richard kuper, security
FindJobsPostJobs.com | CareerHotList.com |
Privacy and Security Watch: Group calls for federal data security breach notification law
Because of this and the many other breaches at other firms, the Cyber Security Industry Alliance (CSIA) is lobbying Congress to pass a law that will require companies that are breached to notify victims. Read all about it here.
Richard Kuper
The Kuper Report
http://TheKuperReport.com
Labels: breach, data, data security, government, Kuper, kuper report, law, personal data, personal information, richard kuper, security
FindJobsPostJobs.com | CareerHotList.com |
April 03, 2007
Privacy and Security Watch: More Security/Identity Breaches and Issues
But in another ComputerWorld article in the same state of Texas, it seems that "Texas Gov. Rick Perry has signed into law a bill that allows the state's county and court clerks to disclose "in the ordinary course of business" Social Security numbers contained in documents held by their offices."
So, at least in Texas, Social Security numbers are no longer considered protected data if they exist in "public records held by clerks in the state" but are protected data if held by anyone else. So if you have public documents containing personal data, such as mortgage records and tax liens in the state of Texas, your private information, already being posted by Texas to the internet and for sale unredacted, is no longer protected.
And now your browser may be used to capture your personal information on your computer and as a hacking tool against others. According to another article in ComputerWorld, javascript code that could be used to turn a Web browser into a hacker's tool is now available on Internet.
Meanwhile, in yet another ComputerWorld article we are told that there is a critical Windows flaw that Microsoft has apparently known about since December 2006 that affects Windows 2000 SP4, XP SP2, Server 2003 (up to SP2), and even Vista (both 32- and 64-bit versions). Microsoft was apparently in no hurry to fix this but the pressure has mounted and they are supposedly rolling out a fix soon. This critical flaw will allow a rogue program to "run malicious code on a victimized PC, infecting it with spyware, stealing identity information or adding it to a botnet of hijacked systems."
To borrow from a tag line in an old TV show (NYPD Blue, if memory serves):
"Be careful out there."
Richard Kuper
The Kuper Report
http://TheKuperReport.com
Labels: breach, data security, identity, kuper report, personal data, personal information, privacy, security, social security
FindJobsPostJobs.com | CareerHotList.com |
March 30, 2007
Privacy and Security Watch: Microsoft warns of zero-day Windows attack
Never open an email attachment that you were not expecting from a known
source without first verifying that it was actually sent by that person.
If you use outlook as your email client, you are especially vulnerable to this attack. In this case, even if you have wisely set your email to only accept/read text email, you still are at risk.
If you use Internet Explorer you are especially vulnerable to this attack. Firefox 2.0 is not vulnerable to this attack.
Be sure you are not visiting rogue internet sites.
From the article:
"An attacker could try to exploit the vulnerability by creating a specially crafted Web page," the Microsoft advisory warned. "An attacker could also create a specially crafted e-mail message and send it to an affected system. Upon viewing a Web page, previewing or reading a specially crafted message, or opening a specially crafted e-mail attachment, the attacker could cause the affected system to execute code."
See the full article here.
There is also an unofficial patch, since Microsoft doesn't seem to be hurrying to fix this. You may or may not want to consider this unofficial patch. You can read about it here.
Richard Kuper
The Kuper Report
http://TheKuperReport.com
Labels: attack, breach, bug, eeye, firefox, ie, internet explorer, microsoft, outlook, virus, worm
FindJobsPostJobs.com | CareerHotList.com |
March 22, 2007
Privacy and Security Watch: Stolen Data from TJX (T.J. Maxx, Marshalls and HomeGoods stores) since 2003 Used in $8M Scheme Before Breach Discovery
This is just the latest story in the ongoing issue of data security. Companies need to get their acts together and ensure that they are protecting the personal and private data of their customers. It may be time for the government to step in and create financial incentives for companies to do this. Of course, the Federal government and many state and local governments are guilty of not protecting the personal and private data of its citizens either, so they would also have to fine themselves (not likely). So this problem will continue to be a major problem until the public starts making its voice heard and making this a priority for government and corporations to take more seriously.
Here are the links to the TJX story:
Stolen TJX Data Used in $8M Scheme Before Breach Discovery
TJX: Data Theft Began in 2005; Data Taken from 2003
Richard Kuper
The Kuper Report
http://TheKuperReport.com
Labels: breach, companies, corporations, data, data security, government, home goods, homegoods, intrusion, kuper report, marshalls, richard kuper, security, tj maxx, tjmaxx, tjx
FindJobsPostJobs.com | CareerHotList.com |
Who links to me?