Data loss

(get it in RSS or Atom)

Scribd, "world's largest online library," admits to network intrusion, password breach

by Paul Ducklin on April 5, 2013 | 2 Comments
scribd-250

San Francisco-based document sharing site Scribd has admitted to a network intrusion.

Details are scant, but fortunately a notification published by the company suggests that no more than 1% of users are at risk...

Mobile device security in the US military comes under fire

by Beth Jones on April 2, 2013 | 7 Comments
Mobile device security in the US military comes under fire

A recent report by the US Inspector General revealed staggering flaws in the US military's management of mobile devices, and a severe lack of basic IT security protection in place for such devices.

Monday review - the hot 13 stories of the week

by Anna Brading on April 1, 2013 | Leave a comment
Monday review - the hot stories of the week

Catch up with everything we've written in the last seven days with this handy weekly roundup

Many Amazon S3 cloud storage users are exposing sensitive company secrets, claims report

by Lisa Vaas on March 29, 2013 | 1 Comment
Amazon S3 buckets full of holes

A security researcher tested a slew of (probably inappropriately misconfigured) storage buckets and found about one in six were open to the public, exposing content we think companies would probably have preferred remain private.

Lisa Vaas explores what has happened.

The 'What's Worse Security Championships'

by Naked Security writer on March 27, 2013 | Leave a comment
Worse image

With March Madness Basketball in full swing in America, we thought it might be fun to try and adapt the concept of sport championships to the land of IT security.

Monday review - the hot 21 stories of the week

by Anna Brading on March 25, 2013 | Leave a comment
Monday review - the hot stories of the week

It's weekly roundup time. Here's all the great stuff we've written in the past seven days.

Apple password reset website - gaping hole found, fixed

by Paul Ducklin on March 23, 2013 | 6 Comments
apple-env-250

Apple has had a good-bad-good-bad week of it in the computer security environment.

Its announcement of two-step verification for some users was quickly followed by a report of a password recovery exploit for everyone else...

Apple introduces two-factor verification for Apple IDs

by Paul Ducklin on March 22, 2013 | 13 Comments
apple-id-icons-250

After celebrity Web 2.0 journalist Mat Honan had all his iDevices remote-wiped by a cybercrook last year, Apple's login security has been under scrutiny.

Good news! Apple has finally bitten the bullet and started offering two-factor verification for Apple ID users...

IT admin pleads guilty to hacking into and spying on New Jersey mayor's email

by Lisa Vaas on March 22, 2013 | 9 Comments
IT admin pleads guilty to hacking into and spying on New Jersey mayor's email

Patrick Ricciardi configured computer systems to collect all emails sent to the mayor and two high-ranking city employees.

He did it, he said, to see if his job was secure. We can say with reasonable certainty now that it is not.

AT&T hacker "Weev" sentenced to 41 months in prison, after obtaining the email addresses of 100,000+ iPad users

by Lisa Vaas on March 19, 2013 | 5 Comments
AT&T hacker "Weev" sentenced to 41 months in prison

Andrew Auernheimer has been sentenced for the federal crimes of obtaining the personal data of over 100,000 iPad owners from AT&T's publicly accessible website.

Besides his prison sentence, he's facing 3 years of probation and, together with another convicted hacker, paying restitution of $73,000.

Bring your own: More practical advice for handling smartphones in the workplace

by Ross McKerchar on March 18, 2013 | 4 Comments
Bring your own: Practical advice for handling smartphones in the workplace (part 2)

Your workforce wants anytime, anyplace access to applications, but you have a network to protect. Here are a few ideas to make life harder for the bad guys, while making you the good guy.

American retailer Genesco sues Visa, demands $13m in PCI-DSS data breach fines paid back

by Paul Ducklin on March 14, 2013 | 2 Comments

Genesco, a massive American retailer, suffered an intrusion by cybercrooks in 2010. It was subsequently "fined" over $10m by the payment card industry.

Now it wants its money back...

$5 million class action lawsuit over LinkedIn data breach dismissed

by Lisa Vaas on March 8, 2013 | 12 Comments
LinkedIn let off the hook in $5M class action lawsuit over data breach

No real damage was done, a judge ruled, and besides, paying for premium membership isn't a guarantee that you'll get premium security.

Ouch! So much for promises made in privacy policies.

Monday review - the hot 22 stories of the week

by Anna Brading on March 4, 2013 | Leave a comment
dow-250

In case you missed anything, here's everything we wrote in the past seven days.

Evernote shoots itself in foot over "never click on 'reset password' requests" advice

by Graham Cluley on March 3, 2013 | 19 Comments
Evernote shoots itself in foot over "never click on 'reset password' requests" advice

Have you taken a close look at the email that Evernote has sent out, with the subject line "Evernote Security Notice: Service-wide Password Reset"?

It looks like the hacked company has made a blunder.

Evernote hacked - almost 50 million passwords reset after security breach

by Graham Cluley on March 2, 2013 | 23 Comments
Evernote hacked - almost 50 million passwords reset after security breach

Evernote, the online note-taking service, has says that it has suffered a serious security breach which saw hackers steal usernames, associated email addresses and encrypted passwords.

Webhosting management company cPanel suffers break-in, lets slip customers' root passwords

by Paul Ducklin on March 1, 2013 | 4 Comments
cpanel-demo-250

Webhosting management company cPanel recently announced a worrying sort of compromise: the possible theft of its customers' root passwords.

Paul Ducklin looks at what happened, and what's being done to avoid a repeat of this worrying situation...

Lessons to learn from the UGNazi hacking attacks against Mat Honan and Cloudflare

by Graham Cluley on February 27, 2013 | 1 Comment
"You do have to worry about your computer security, but you also need to worry about everybody else's"

Technology journalist Mat Honan and Cloudflare CEO Matthew Prince have something in common - they've both been hacked by the UGNazi hacktivist group.

And what they told the RSA Conference spells bad news for those of us who love to use the internet and embrace cloud-based technologies in our personal and work lives.

Traveling to a conference? 8 security tips to keep top of mind

by Kimberly Truong on February 26, 2013 | 6 Comments
conference250

Conference season 2013 is on. While events like these can be great for networking and mindsharing, there can be computer security dangers lurking about. We've pulled together 8 IT security tips to help you stay ahead of the game.

China blamed for EADS and ThyssenKrupp hack attacks

by Graham Cluley on February 25, 2013 | 8 Comments
China blamed for EADS and ThyssenKrupp hack attacks

EADS, maker of the Eurofighter, says that Chinese hackers attacked its computer network last year.

Is your company prepared reducing the likelihood of a successful targeted attack?