SSCC 91 - Utah explains data breach, Facebook hacker jailed, FlashBack removal for Leopard, Pentagon expands data sharing

Filed Under: Apple, Data loss, Law & order, Malware, Podcast, Privacy

Sophos Security Chet Chat logoGary Korhonen joined me on this week's Chet Chat as we return to our normal format of covering the most important security news of the week.

We kicked things off by discussing the handling of the recent data breach at the State of Utah where more than 780,000 people's personally identifiable information was stolen from an unsecured internet-facing server.

Last week a Facebook hacker who compromised the account of a single US account was sentenced to one year in prison. Gary and I pondered what possibly could have led the FBI and UK authorities to even investigate such a seemingly small offense. It was later determined that the account in question belonged to Selena Gomez, Justin Bieber's girlfriend.

Apple released a FlashBack malware removal tool for users of OS X 10.5 Leopard last week. It's important to remind users of Leopard that this is not a fix for the vulnerability and if they are unable to upgrade it would be advisable to install our free anti-virus for Mac.

After attempting to pass legislation to enable the US government to more seamlessly share data with the private sector, the Pentagon is expanding a program that does just that. Apparently if the Pentagon and private contractors simply comply with existing law they can share data anyhow.

Lastly, one of the principal criminals involved in Operation Phish Phry several years ago was sentenced to five years in prison last week. Gary and I discuss what can be learned from the operations of these criminals when made public and how we can use that information to better fight other online gangs.

(18 May 2012, duration 17:57 minutes, size 10.8 MBytes)

You can also download this podcast directly in MP3 format: Sophos Security Chet Chat 91, subscribe on iTunes or our RSS feed. You can see all of the Sophos Podcasts by visiting our archive.

, , , , , , , , , ,

You might like

2 Responses to SSCC 91 - Utah explains data breach, Facebook hacker jailed, FlashBack removal for Leopard, Pentagon expands data sharing

  1. Michael Crabtree · 1230 days ago

    The real problem with data sharing by the DoD is that there seems to be a feeling that classification levels are determines about how embarrassed they are about a situation. The CERT at Carnegie Mellon, also going by the US CERT has always

    maintained a close presence. Information diesn't get shared because the organizations at the top are leaderless, hapless in it's efforts, and embarrassed by its own ineffectiveness and inefficiency. The private sector is no better because all they want is a contract, and many will just become yes men to keep a contract. The certification process is completely useless and the methods and tools employed do not keep up with the realities of the threat and the functions of the networks delivering content.

  2. Summer Heat · 1192 days ago

    Look, you should not be using any social networking site. Period, end of discussion.

    They are a complete step backwards with regards to security.
    Facebook, LinkedIn etc. Neither are safe from attacks. It's happened before and it will continue to happen.

    I am just astounded by how much trust people put in these sites. Sheer ignorance for what is essentially a marketing tool of corporations interested in mining as much information from you as possible.
    If it's online, it's not private, end of story.

    We need to go back to snail mail, it really was much safer. Not to mention, people knew how to write a letter back then.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on as Chester, Chester Wisniewski on Google Plus or send him an email at