In what has the hallmarks of being the largest recorded data breach in South Korea ever, 20 million+ individuals have had their data exposed. As a result of this an investigation has begun.

From AFP:

South Korea said Friday it would launch a probe into security systems of major retailer Shinsegae and 24 other companies after private data on some 20 million customers was leaked.

The move came a day after police arrested three South Koreans for selling private information, including IDs, passwords and addresses, of more than 20 million compatriots online.

The three suspects bought the data from Chinese hackers who are still at large, police said.

Ah, the spectre of the ever present Chinese hacker. The Korea legal structure is definitely taking this problem seriously. Just last month the heads of four ISPs were each sentenced to a month in jail for facilitating illegal online activity. Hmm. Now there’s a concept.

Article Link

(Image used under CC from US Army Korea – IMCOM)

This week it appears that the data breaches are falling from the trees. In this particular case a physicians assistant was alleged to have been collecting data on patients. It was apparently for some unsanctioned study. To make matters worse the data was being stored on an unencrypted laptop.

Now a criminal investigation has begun into the allegations.

From Atlanta Journal Constitution:

The inspector general is investigating a report that a physician assistant stored unauthorized clinical information on her personal laptop regarding veterans who were seen at one of the VA specialty clinics, according to the document.

The document said there are reportedly two sets of patient information involved — one that includes more than 18 years of data, and another that includes up to three years of data.

The agency has yet to determine how many veterans are affected or the degree to which the data contained personal and medical information.

From the article it seems unclear as to whether or not any of the data was compromised beyond this particular individual. These are points that will no doubt be addressed as a part of the investigation.

Article Link

(Image used under CC from Garrulus)

Sometimes it appears that the influence of the 1983 film “War Games” continues to hold sway with people.

Sometimes, it doesn’t end so well.

From My Fox Houston:

A 17-year-old Cy-Fair ISD student is facing a felony charge after he allegedly hacked into the district’s computer security network and caused more than $10,000 in damage.

Cy-Fair High School student Richard Alan Urban is scheduled to appear in court April 13 on a charge of computer security breach, a state jail felony.

The odd thing that I found with this article, about this apparently hapless student from Houston, was that at the end of the article it says that “The breach only slowed down the servers.” However earlier in this passage, “By the next day, more users had been deleted from the network, so the school district’s technical team began searching for a possible hacker.”

I have the distinct impression that they do not in fact have a clear grasp on what this person was allegedly able to access. I’m imagining that this will come out in the wash later.

For more on the story, read on.

Article Link

Time and again I read stories about products that come pre-pwned with malicious software. Recently a few people were ruminating about pulling together a list of these battery chargers, digital frames and the like.

Low and behold one already exists. Something tells me I should have assumed that it would be found here at attrition.org.

From Attrition.org:

For reasons unknown, vendors occasionally fail to maintain quality control over the media they ship. Whether it is CD-ROM, DVD, USB or some other form of media, it may contain viruses, trojans or even drug-runner music. When this happens, the software you receive obviously can’t be trusted in any fashion, and installing software from already compromised media immediately puts your system’s integrity in question.

For more on this be sure to check out their page.

Article Link

(Image used under CC from msmail)

Well, being buried in meetings this week I missed this announcement from Wednesday. And so ends another the life of another website in the security space. Securityfocus has announced that it has come to the end of its run. The content from SecurityFocus will ultimately be assimilated folded up into the Symantec Connect site.

From SecurityFocus:

…the time is right for SecurityFocus to focus more on its core components. Beginning March 15, 2010 SecurityFocus will begin a transition of its content to Symantec Connect. As part of its continued commitment to the community, all of SecurityFocus’ mailing lists including Bugtraq and its Vulnerability Database will remain online at www.securityfocus.com There will not be any changes to any of the list charters or policies and the same teams who have moderated list traffic will continue to do so. The vulnerability database will continue to be updated and made available as it is currently. DeepSight and other security intelligence related offerings will remain unchanged while Infocus articles, whitepapers, and other SecurityFocus content will be available off of the main Symantec website in the coming months.

Fair thee well.

For more on this read the full posting.

Article Link

Through the magic of my forgetting to schedule posts, it appears that I missed a couple news posts. My bad.

Have a good day everyone!

cheers,
Dave

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

1. The Beginning of the End of Data Retention | EFF
2. Thrivent Financial Suffers Breach Of Security | Life and Health Insurance
3. Staying in a Hotel? Watch Your Credit Cards | Credit Card Guide
4. All-American ‘Jihad Jane’ arrested in terror plot | The Gazette
5. Cryptome: PayPal a ‘liar, cheat and a thug’ | The Register
6. Nose scanning techniques could sniff out criminals | BBC (WTF?)
7. Man charged over bid to damage US security database | Reuters
8. Russian hacker scams free flights and flowers | The Moscow News
9. Police detain 23 PKK hackers in 13 provinces | Hurriyet Daily News
10. VA investigating security breach of veterans’ medical data | Next Gov
11. Breach hits hundreds of employees | Brown Daily Herald

Tags: News, Daily Links, Security Blog, Information Security, Security News

Sometimes you find yet another reason why people should be made to pass an intelligence test before they’re permitted to engage in social media.

Just saying.

(Thanks to attrition.org for pointing that one out)

How stupid is this? Last week Robert Maley was the CISO for the Commonwealth of Pennsylvania giving a presentation at the RSA conference. He was speaking about a hacking incident at PennDOT from last year.

This week? He’s on the pavement. It would appear that someone in PA overreacted.

From Patriot News/Penn Live:

Danielle Klinger, a spokeswoman for the state Department of Transportation, said the agency is not aware of any hacking or breach that occurred involving scheduling system for its driving test. However, she said that a few weeks ago, “we did discover an anomaly and we have actually turned that over to [the state police] for further investigation. We’re not sure what that anomaly is, but it is being investigated. Unfortunately, I can’t provide any more details on it.”

Maybe Maley didn’t have leave to speak publicly about this incident in question. Which is something that PennDOT appears to have developed an Ostrich complex over. Some myopic nitwit thought it merited removing Maley from his post? They claim however that his talk had nothing to do with his dismissal. I’m not sure I believe that. Timing seems rather odd.

So, what of the alleged hacking incident?

Maley is reported to have said the hacker was later found to be someone with a driving school in Philadelphia who exploited a vulnerability in PennDOT’s system to schedule more driving tests than there were allotted slots.

This situation seems muddy at best. For more on this story read the article at Penn Live from this morning.

Article Link

(Image used under CC from Olivander)

With the rising tide of threats it has become apparent to the powers that be in Ottawa that they need some help. Now, they’ve turned to private industry for help. If film is any indication that isn’t always the best route.

Sorry, couldn’t resist.

From The Globe and Mail:

CSIS’s corporate-outreach program, which started in the 1990s, largely fell by the wayside during the years after the Sept. 11 attacks in the United States, when fighting terrorism absorbed nearly all the spy service’s energies.

But emerging threats – including shadowy-but-powerful hacker networks based in China – are sparking a renewed federal interest in forging partnerships between the corporate and intelligence worlds.

“CSIS has and continues to speak with various corporations in Canada on potential security threats, which may have an impact on national security interests,” CSIS spokeswoman Isabelle Scott said in an e-mailed response to questions from The Globe and Mail. “CSIS alerts firms to common covert methods used by those who may target them.”

The real harm here is that organization such as CSIS don’t have the resources to hire and retain the talent required to handle emerging threats.

For more on this, read on.

Article Link

(Image used under CC from romulusnr)

There was a new vulnerability announced today in Apache webserver. This affects all versions of the popular webserver software platform running on Windows operating systems.

From ZDNet Australia:

“The vulnerability means that you can take complete control of the web server remotely with system privileges — which is the highest privilege on Windows,” Edelstein told ZDNet.com.au. “An attacker could gain access to, modify and take away data.”

Edelstein advised users running Apache on Windows platforms to upgrade immediately as users have no way of knowing if their web servers have been compromised. The company’s security advisory can be accessed here.

“Whilst in the past it was more overt and attackers would deface website pages, they’re more likely now to conceal their access to maintain their foothold,” said Edelstein, giving examples of attackers potentially exploiting the vulnerability by placing hidden pieces of code to capture credit card details from online transactions and install root kits on compromised websites.

Although, I do find it odd that people would be running Apache on Windows for anything other than a lab instance. But, that’s just me.

Article Link

(Image used under CC from Hans Gerwitz)