Commentaries and Analyses – Page 829

Hundreds of College and Government websites still redirecting to fake stores

Posted on April 14, 2011 by Dissent

In January, I talked about high-profile websites, which had been hacked to redirect users to fake online stores. One unique aspect of the hack was the fact that the attackers had set up additional web servers on non-standard ports. Most of the domains I listed in the post were cleaned up pretty quickly. Three months…

Aussie data breaches doubled in 2011

Posted on April 13, 2011 by Dissent

Darren Pauli reports: The number of Australian data breaches reported to forensic investigators has already doubled those experienced in 2010, even though it’s only April. Some of the worst breaches have cost businesses many hundreds of thousands of dollars, and involved significant loss of credit card information and customer information. Yet it seems that none…

Data breach notification fatigue: Do consumers (eventually) tune out?

Posted on April 12, 2011 by Dissent

George V. Hulme writes: Earlier this month more than 50 companies were involved in a massive heist of names and email addresses from Epsilon Interactive. With millions of customers of companies such as Best Buy, Brookestone, Dell, Marriott and many others affected, the question is being raised: are so many breach notifications from so many…

The Epsilon Hack Attack: Time For “SOX For Consumers”?

Posted on April 8, 2011 by Dissent

Matt Pauker of Voltage Security discusses the Epsilon breach and where we go from here. He writes, in part: What about requiring every third-party service provider to protect personal customer data through encryption, tokenization or another advanced security technology, through clauses written into and enforced as part of standard service level agreements? This is something…

Epsilon a Victim of Spear-Phishing Attack, Says Report (update/correction)

Posted on April 7, 2011 by Dissent

Jaikumar Vijayan follows up on the news story by iTnews, mentioned earlier today, which reported that the Epsilon attack was a spear-phishing attack that resulted in the downloading of malware. Jai makes a point of noting, however, that there’s no proof or confirmation yet from Epsilon that this was a spear-phishing attack. As I commented earlier today,…

Epsilon breach used four-month-old attack

Posted on April 7, 2011 by Dissent

Brett Winterford writes: … Today iTnews can reveal that Epsilon has been aware of the vulnerability behind this attack for some months. In late November, Epsilon partner ReturnPath – which provides monitoring and authentication services to email service providers – warned customers about a series of coordinated phishing and hacking attacks levelled at the mailing…