Following the news of the 000Webhost breach, Tod Beardsley – security engineering manager, at Rapid7 have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Tod Beardsley, Security Engineering Manager, at Rapid7 : “The breach story involving the 13.5 million customers of 000Webhost, a popular free web hosting provider is a by-the-numbers “what not to do” cautionary tale about breach notification handling. While the company appears to have forced a password reset on all its users, there has reportedly been no notification by the parent company, Hostinger, to the affected customers about their disclosed user names and passwords. We know that breaches happen, with some regularity,…
ISBuzz Team
BBC and others are reporting on Touchnote, a popular mobile app, that has informed its customers of a data breach. Security expert from Voltage, Mark Bower have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Mark Bower, Global Director of Product Management, Enterprise Data Security for HP Data Security : “Securing customer data obtained by mobile apps is no different that securing other data – with the available technologies today to easily and quickly protect sensitive data, it’s a proven, reliable way to also protect customer trust and satisfaction. There’s simply no excuse today not to follow best practices of encrypting…
G Data is reporting that they are discovering 12 new malware strands every minute – findings that are in line with a report from PandaLabs. Tim Erlin, director of IT security and risk strategy, Tripwire have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire : “The increase in banking trojans is more concerning than the specific number of malware strains discovered. There’s a big difference between an unwanted, but harmless, application and one designed to steal money from your bank account. The increase in malware is an indicator of the growing cybercrime…
Cyber crime is on the up and with the recent hacking of Talk Talk it’s more prevalent than ever. However, hacking is not a recent phenomenon. The very first example of a computer being used to “hack” was the Enigma Machine created by a certain Alan Turing, the godfather of modern day computer science. The first large scale attacks were first seen in 1989 when $70 million was stolen from the First National Bank of Chicago. This shocked the world and triggered the Computer Misuse Act 1990 to be passed as law in the UK. The act criminalised any unauthorised…
As I researched the security awareness of the top five presidential candidates, Bryan Quigley published a quick list of what every candidate appeared to run on their web site. I took the WordPress and Concrete entries from Quigley’s list, added Trump’s WordPress site, and performed some quick reconnaissance on all of them. The results were pretty bad. In all, I harvested one hundred twenty-seven usernames from thirteen candidates’ WordPress sites; only two sites refused my request! Three of the WordPress sites still had the default “admin” account from their original WordPress installation. Outdated software with known vulnerabilities was running on…
Unveiling of the draft Investigatory Powers Bill in Parliament by Home Secretary, Theresa May, saw a “significant departure” from previous plans, known as the ‘snooper’s charter’ according to May. Pravin Kothari, founder and CEO of cloud security company, CipherCloud, questions this in his comments below. [su_note note_color=”#ffffcc” text_color=”#00000″]Pravin Kothari, Founder and CEO of Cloud Security Company, CipherCloud : “Though the Home Secretary positions the bill as a departure from the ‘snooper’s charter,’ the word ‘disclosure’ appears 182 times. The push to mandate data retention by ISPs and to allow warrantless access for investigators will certainly expand law enforcement’s surveillance capabilities…
Developers of the vBulletin software package for website forums released a security patch, just hours after reports surfaced that a hack on the developers’ site leaked password data and other sensitive information belonging to almost 480,000 subscribers. Security experts from CertiVox and Lieberman software have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Brian Spector, CEO of CertiVox : What happened? “It seems the culprit or perhaps someone pretending to be them defined the attack as a sql injection vulnerability. This means the attacker can upload shell and remote execute.It’s a fact of the password world: use the same password across…
Hundreds of British Gas customers have been warned after customer e-mail addresses and account passwords appeared online. Around 2,200 warning letters have been sent to customers informing them of the incident – but the firm has insisted its systems are secure and no payment details were revealed. The company says it is “confident” the data leak had not come from within the company and said it “someone external” who had possibly targeted customers with phishing attacks. Security Experts from QA and Centrify have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Tom Kemp, CEO at Centrify : “The British Gas breach…
Marks & Spencer was forced to suspend its website after customers were able to see other people’s details when they logged in to their accounts. Customers posted messages on the high street chain’s Facebook page to say they could see other people’s orders and payment details when they logged into their accounts. The firm said no customer’s details were compromised by the “technical difficulties”. [su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire : “Hackers aren’t the only cause of data breaches. Errors in website code can accidently disclose customer data, either as individual details or in bulk. The…
It’s more than Halloween Straddling the divide between autumn and winter Halloween is a time of celebration and superstition. Its origins lie in the period of time when the Celtic nations dominated Europe and people would light bonfires and wear costumes to ward off roaming ghosts. The idea of divide still holds today and perhaps nowhere more prominent than the surface and light world of the everyday internet and the dark, mysterious and sometime malevolent world of the deep web where hackers and cyber criminals have their being and surface to wreak havoc. Halloween; it’s the time for ghouls, spooks…