Data loss

(get it in RSS or Atom)

Sophos Techknow - Firewalls Demystified [PODCAST]

techknow-logo-250-150

The word firewall has a lot more shades of meaning in 2014 than it did in 1994.

So...who better to help us to demystify the modern firewall than Sophos security expert Chester Wisniewski?

SSCC 159 - What can we learn from the "honeybot"? [PODCAST]

chet-chat-logo-featured-250

For your listening pleasure!

Here's this week's episode of the Sophos Security Chet Chat podcast...

1.2 billion logins scooped up by CyberVor hacking crew - what you need to do

sql-billions-250x250

Hackers have amassed a vast collection of stolen data, including 1.2 billion unique username/password pairs, by compromising over 420,000 websites using SQL injection techniques. This data haul may yet turn out to be a 'Heartbleed' moment for website owners who assume their sites are too small to be of interest to hackers.

HP finds that "Internet of Things" gadgets are sitting ducks

70% of internet gadgets are sitting ducks for attackers

TVs, webcams, thermostats, remote power outlets, sprinkler controllers, door locks, home alarms, scales and garage door openers: they're all flunking Security 101, with issues as bad as "Sure, go ahead, we consider '1234' to be a perfectly acceptable password."

Apple faces class action suit for tracking users without consent

Apple faces class action suit over location tracking

A Californian plaintiff says that nobody at Apple ever told her about tracking her whereabouts, nor did anybody ever ask for her permission. She says she only found out about it by watching a recent Chinese state TV report about iPhone being a security risk to the state.

Mozilla database leaks 76,000 email addresses, 4,000 passwords

Mozilla database leaks 76,000 email addresses, 4,000 passwords

Email addresses and encrypted passwords of thousands of Mozilla developers were accidentally exposed for a month - and there are no guarantees that they were not snaffled up by those with ill intent.

Monday review - the hot 22 stories of the week

dow-250

Make sure you're up to date with everything we wrote in the last seven days - it's weekly roundup time.

Bad passwords on PoS terminals lead to card stealing Backoff malware

MS-RDP250

This time the crooks are distributing their point-of-sale malware through remote control applications like Microsoft's RDP. No exploits, no social engineering, just good, old-fashioned password guessing.

Security must come first! 60 Sec Security [VIDEO]

60ss-video-250

Here's this week's 60 Second Security.

News you can learn from, in just one minute...

Tor attack may have unmasked anonymous users

Freedom Hosting arrest and takedown linked to Tor privacy compromise

Two Carnegie-Mellon researchers had planned a highly anticipated talk at next week's Black Hat security conference - a talk that was cancelled when the university's lawyers freaked out - about how easy it is to break Tor anonymity. They're innocent until proved guilty, but The Tor Project says it was likely the two researchers are behind the attack.

SSCC 158 - What do you mean, "Don't knit your own remote authentication"? [PODCAST]

chet-chat-logo-featured-250

Here's this week's Chet Chat security podcast for your listening pleasure.

Chester Wisniewski and Paul Ducklin of Sophos dissect the week's security news to see what we can learn from other people's mistakes...

1,000,000 lost credit cards = £150,000 fine

p-pii-250

A UK travel company has been fined £150,000 for putting an "internal only" parking database system on the internet without securing it first.

The vulnerable system was used as a stepping stone for a crook to steal more than 1M e-commerce records.

Hacker claims breach of Wall Street Journal and Vice

Malicious hacker claims breach of Wall Street Journal, Vice

W0rm's been quite busy and has already pulled this on CNET, and likewise is again offering to sell user data and server credentials for one Bitcoin.

eBay's StubHub ransacked for over $1 million, international crime ring arrested

StubHub logo

US police have indicted six people across four countries on charges of defrauding eBay's StubHub for over $1 million in pilfered tickets for things like Jay-Z and Justin Timberlake concerts. eBay says its servers weren't broken into; rather, password reuse and account holders' PCs being riddled with malware are to blame.

SSCC 157 - Routers, Browsers, Zombies and Sysadmins [PODCAST]

chet-chat-logo-featured-250

Here it is...this week's Chet Chat security podcast.

In this episode: fixing routers, trusting browsers, killing zombies and showing TLC to sysadmins.

Your Gmail account is fair game for cops or feds, says US judge

US judge: your Gmail account is fair game for cops or feds

A New York court on Thursday opened up our entire Gmail accounts to feds or cops with warrants, in spite of two recent decisions that went against similar requests.

New search engine Indexeus unmasks malicious hackers

New search engine Indexeus unmasks malicious hackers

Indexeus is a database of stolen names and passwords, many doxed from the hackers who've themselves doxed others' data. Is it poetic justice, exploitation of a lucrative market, a prototype of an educational tool, or all of the above?

Shopping site reports 3-year-old data breach

Australian shopping site reports 3-year-old data breach

Australian shopping website CatchOfTheDay has warned customers of a data breach dating back to 7 May 2011, urging anyone who has kept the same password at the site since that date to change it.

Jailed Apple phishing duo also imported pickpockets and cloned credit cards

Constanta Agrigoroaie and Radu Savoae. Images courtesy of Metropolitan Police.

How's this for irony? A pair of fraudsters phished bank account details out of over 150 Apple users by sending them hairy-scary messages about their accounts having been compromised.

'Hidden from Google' site remembers the pages Google's forced to forget

'Hidden from Google" site remembers the pages Google's forced to forget

The newly launched site is archiving the pages Google was forced to de-index in the name of opening up to the internet as a whole the discussion regarding what should or should not be "forgotten."