Posts

Showing posts from June, 2014

Huge Data Breach in Montana!

Holy smokes, I just read a post from SC Magazine, that describe a pretty substantial data breach at the Montana Department of Public Health and Human Services (DPHHS) where DPHHS is notifying 1.3 million clients and employees of a year long data breach. The information stolen from clients include SSNs, phone numbers, birth dates, addresses and dates of service. Data belonging to employees and contractors includes SSNs, names, numbers and bank information.

And of course, they are claiming that, after investigation, that there is no knowledge of any inappropriate use of the information that was taken. I assume that they notified the individuals and offered them the generic "credit monitoring" free for a year. Hopefully this want happen in the future, but my fingers are crossed.

Source: http://www.scmagazine.com/montana-dphhs-notifies-13-million-clients-and-staffers-of-nearly-year-long-breach/article/357655/

Common DDoS Response Mistakes

I found and interesting article on darkreading.com, which discussed some of the common mistakes that organizations make when they are under a DDoS attack. The unfortunate thing about these types of attacks is that there is no real cure, and DDoS attacks are going to remain a pain our sides for some time to come. Below is a list of some of the common mistakes that organizations make when responding to a DDoS.

* Not having a plan to prevent DDoS attacks in the first place.

Security firms say that it is much more difficult to remediate a DDoS attack after it has started. It is much easier and more effective to put a shield in place that can prevent this type of crippling traffic from starting in the first place. Senior director of security strategy at SolarWinds, Gretchen Hellman, says, 
"Such a plan should include evaluation of current DDoS protections, defined roles and responsibilities between the network and security teams, and a clear process of communication both internally and …

AT&T Data Breach Warning

Image
AT&T has notified some of its customer base that their personal information (PII) may have been accessed between April 9 and April 21, 2014 by the employees of one of AT&T's contractors. Some of the information accessed includes: Social Security Numbers, birth dates, and other data. They believe that this information was accessed in a effort to create a passcode that would allow them to unlock AT&T based phones to be sold on secondary or "black" markets.

They claim that no financial information was stolen, and the employees of the company have been terminated. However, AT&T is urging their customers to change their account passwords as a precaution. One thing that some of you may find interesting is that ATT has not released the number of people affected by this breach. They are only saying that some customer accounts were affected. I do not know you, but this does not make me feel very safe, being that I am an ATT customer myself.

Security experts say th…

Mitigating BYOD Mistakes with Two-Factor Auth

Duo Security has come out with a rebuttal to The Wall Street Journal's Tech Blog article entitled "5 ways attackers exploit our bad BYOD habits" which listed 5 different ways that BYOD can introduce cyber security issues into an organization.
Open wifi networks can be set up by attackers in places such as coffee houses and other public areas and then invite others to join. The main risk to this threat is the  stealing of usernames and passwords. Duo Security says that the use of a modern, out-of-band 2-factor authentication solution prevents this from happening by using a separate channel to verify a user's identity.With 2-factor authentication, you can prevent a Man-in-the-Middle attack because the attacker is unable to intercept a push notification sent directly to your cell phone, which would keep you in control of your account. From there, you can change your password and take other precautions to insure that your account is protected. As many people have used the…

Helping to Reclaim Our Personal Digital Life

Image
Overview:

OPI is an information security appliance that you can use as your digital information safe. You can store and back up all information and it is encrypted! You can completely control who is able to access your information and you can control where that information is stored, primarily in your home. The super cool thing about this appliance is that it is running Ubuntu Linux! How cool is that!

The creaters want to offer an alternative to other cloud services such as Google drive or Dropbox for those of use that want to take back control of what is already ours, our data.

How It Works:

This is really awesome because you can back up all of your information while staying in complete control of where that information lives. Also, you can access that data anywhere and every where that there is an internet connects or I assume a data connection. The appliance sits at your home and is connected to your router, just as you would plug a computer or other networked appliance on your inte…