Gary Korhonen joined me on this week’s Chet Chat as we return to our normal format of covering the most important security news of the week.
We kicked things off by discussing the handling of the recent data breach at the State of Utah where more than 780,000 people’s personally identifiable information was stolen from an unsecured internet-facing server.
Last week a Facebook hacker who compromised the account of a single US account was sentenced to one year in prison. Gary and I pondered what possibly could have led the FBI and UK authorities to even investigate such a seemingly small offense. It was later determined that the account in question belonged to Selena Gomez, Justin Bieber’s girlfriend.
Apple released a FlashBack malware removal tool for users of OS X 10.5 Leopard last week. It’s important to remind users of Leopard that this is not a fix for the vulnerability and if they are unable to upgrade it would be advisable to install our free anti-virus for Mac.
After attempting to pass legislation to enable the US government to more seamlessly share data with the private sector, the Pentagon is expanding a program that does just that. Apparently if the Pentagon and private contractors simply comply with existing law they can share data anyhow.
Lastly, one of the principal criminals involved in Operation Phish Phry several years ago was sentenced to five years in prison last week. Gary and I discuss what can be learned from the operations of these criminals when made public and how we can use that information to better fight other online gangs.
(18 May 2012, duration 17:57 minutes, size 10.8 MBytes)
You can also download this podcast directly in MP3 format: Sophos Security Chet Chat 91, subscribe on iTunes or our RSS feed. You can see all of the Sophos Podcasts by visiting our archive.
The real problem with data sharing by the DoD is that there seems to be a feeling that classification levels are determines about how embarrassed they are about a situation. The CERT at Carnegie Mellon, also going by the US CERT has always
maintained a close presence. Information diesn’t get shared because the organizations at the top are leaderless, hapless in it’s efforts, and embarrassed by its own ineffectiveness and inefficiency. The private sector is no better because all they want is a contract, and many will just become yes men to keep a contract. The certification process is completely useless and the methods and tools employed do not keep up with the realities of the threat and the functions of the networks delivering content.
Look, you should not be using any social networking site. Period, end of discussion.
They are a complete step backwards with regards to security.
Facebook, LinkedIn etc. Neither are safe from attacks. It's happened before and it will continue to happen.
I am just astounded by how much trust people put in these sites. Sheer ignorance for what is essentially a marketing tool of corporations interested in mining as much information from you as possible.
If it's online, it's not private, end of story.
We need to go back to snail mail, it really was much safer. Not to mention, people knew how to write a letter back then.