We have been including blog posts related to security breaches throughout the year and I wanted to share with you a great resource from SCMagazine called The Data Breach Blog. This is a blog dedicated to reporting on various data breaches which have occurred and providing information such as how many victims, what happened, what type of personal data, what was the response, and details about issues which allowed the data breach to happen.
One example is this recent data breach of a database containing personal information from 235,000 students, former students, parents, faculty, staff and individuals who sent their SAT scores to Western Connecticut State University. This included names, social security numbers, emails, addresses, phone numbers and even grades. Check out the rest of the blog post to see how they handled the attack….
The PortalGuard software is an authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing, and compliance for your web and desktop authentication requirements. PortalGuard provides capabilities including multi-factor authentication, transparent user authentication, self-service password management, two-factor authentication, password synchronization and single sign-on which can be seamlessly configured by user, group, or application.
PayPal for Mobile: How Secure is Your PayPal Account?
Mon, Jul 21st 2014 4:12p Liana Lichtenwalner How secure is PayPal? Secure until you start using your mobile device. According to Kelly Higgin’s article, PayPal Two-Factor Authentication Broken, Dan Saltman, an independent researcher, “reported to PayPal that he had discovered a way to bypass two-factor authentication in Apple iOS, but after getting no response from PayPal, Saltman in April went to friends at mobile security firm Duo Security.” From there, Duo Security confirmed Saltman’s finding and helped him reach PayPal. Duo Sec [read] Keywords: apple
More Compromised Students and Faculty
Thu, Jul 17th 2014 7:12a Liana Lichtenwalner Recently, there was yet another security breach at a college campus. This time the victim was Butler University, where a hacker accessed over 160,000 records for current, past students and faculty. The information stolen was the typical pertinent information that is stolen in this type of breach.
Names, Social Security numbers, date of birth, and bank account information.
The announcement of this breach comes due to an identity theft investigation that came from California law enforcement. The p [read] Keywords: database
Violated Database: Montana Department of Public Health and Human Services
Wed, Jul 16th 2014 2:11p Liana Lichtenwalner Your car has been broken into, yet nothing was stolen. Nothing was stolen, so no big deal, right? WRONG! You would still feel violated, creeped out, and concerned about it happening again. The Montana Health Department has experienced a similar data breach.
On May 15th, Montana’s Department of Public Health and Human Services (DPHHS) officials noticed out of the ordinary activity. After further investigation, DPHHS confirmed that a server had been breached by hackers, and according to Alison [read] Keywords: database
Young Hacker Infiltrates High School Database
Wed, Jul 2nd 2014 11:12a Liana Lichtenwalner We live in a world with multiple cyber threats, many coming from alias names from countries we have never been to. Within the United States, we have our fair share of hackers that cause major problems and confiscate sensitive data. It is sad and eye opening when it happens on the high school level.
Recently, a 16-year-old boy gained access to a school database that held personal information like grades and attendance. By gaining access to this database, the student was able to change multiple [read] Keywords: database
From Hacktivist to Cybersleuth
Fri, Jun 20th 2014 8:11a Liana Lichtenwalner It’s just like something from out of the movies: criminal mastermind gets caught, turns from his wicked ways, and eventual unveils a piece of the criminal mastermind world to help out the good guys. There is something intriguing in being able to see into the criminal mastermind and get a behind the scenes look at the secret life of these hacktivist. In the hacktivists’ world, there is a network of secret groups and ominous aliases that threaten to breach and expose a multitude of private and [read] Keywords: network
Press Release: Strengthening Web Authentication, Without Overcorrecting
Thu, Jun 5th 2014 3:11p Liana Lichtenwalner CLICK to View Video
BEDFORD, NH–(Marketwired – Jun 3, 2014) – Today, PistolStar, Inc. announced immediate availability of PortalGuard’s newest solution, PassiveKey. PortalGuard’s PassiveKey is a customer driven response to deliver the latest in innovative identity solutions. PassiveKey transparently enables two-factor authentication while allowing the user to login with the familiar username/password approach. This simultaneously strengthens authentication and elimi [read] Keywords: password
Honesty is the Best Policy: Passwords, IT Security Professionals, and Llamas!
Tue, Jun 3rd 2014 8:14a Liana Lichtenwalner Well, the truth is that many organizations are just not enforcing the basics of Password Best Policies (PBP), never mind investing and enforcing stronger identity security. With much emphasis on ROI, the truth is IT Security Professionals make the dangerous decision to purchase the minimal authentication solution just to have “something” in place. And the truth about Llamas is never tick-off a Llama; they spit when provoked or threatened!
Passwords are precious things and have lost their i [read] Keywords: policies