Defense Offense
There is a new, potentially more troubling break-in related to EMC Corp.'s RSA security keys, which thousands of banks use to secure their networks,
In March, hackers accessed important details about RSA's security devices.
The defense contractor Lockheed Martin Corp. of Bethesda, Md., reportedly experienced a major disruption to its internal network starting around May 21.
In a
The break-in was reportedly caused using compromised SecureID tokens from RSA, which Lockheed's 126,000 employees can use outside the firewall to access internal information. The tokens generate a onetime passcode that quickly expires.
"The company's information security team detected the attack almost immediately and took aggressive actions to protect all systems and data. As a result of the swift and deliberate actions taken to protect the network and increase IT security, our systems remain secure," said Lockheed Martin, one of the largest suppliers of weapons and weapons systems to the Department of Defense.
Social Insecurity
The Department of Health and Human Services website
In many cases the exposures happen because health care companies do not encrypt data on their computers, or stem from human error, such as employees who leave data drives in unlocked vehicles or on public transportation. (Health care providers are required by law to inform their patients when information has been stolen.)
In many cases consumers' Social Security numbers are stolen along with personal information about their health. Social Security numbers can be used fraudulently to open bank accounts and obtain loans.
Milkin' Cookies
A security researcher in Italy has
The researcher discovered an exploit in all versions of the browser that run on Windows. The researcher chose to target social media site Facebook Inc., designing a page that required users to drag and drop items as a security challenge to enter the site.
In the process, the dummy site captured user credentials, which in turn allowed the researcher to log in to Facebook accounts.
Microsoft, of Redmond, Wash., told CNet it did not see much real-world threat from the discovered exploit because, it said, it requires too much user interaction.
"In order to possibly be impacted a user must visit a malicious website, be convinced to click and drag items around the page, and the attacker would need to target a cookie from the website that the user was already logged into," Microsoft said.
Phone Tree
A security flaw exists in electronics retailer Best Buy Co. Inc.'s mobile phone upgrade software, though the problem only applies to Sprint Nextel Corp.'s customers, according to a May 26
When Sprint's phone customers log on to check their phone upgrade options, the software prompts them to plug in their cell phone number and ZIP code. With just that information, the software displays all other telephone numbers associated with the account.
That could be a problem for banks, since hackers could use the tool to determine alternate phone numbers for bank customers they are targeting.
The article pointed out that Verizon Communication Inc., AT&T Inc. and T-Mobile USA Inc. require further security before other numbers associated with their accounts are displayed through the upgrade tool.
Pot E-Trained
Makers of an open-source, virtual currency called Bitcoin have gotten some unwanted attention from the police, according to a May 24
It turns out that the production of the currency, referred to as "mining," requires racks of computers that devour massive amounts of electricity.
To the police, who sometimes monitor electrical usage, this pattern of power consumption mimics what happens with pot growers, who use an abnormally high amount of electricity to grow their wares.
Gizmodo reports that more than one Bitcoin mining facility has been visited by police seeking to investigate further.
Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any
