Personal Cybersecurity #28: Daily news

What you need to know for your personal cyber security life… 

Number twenty-eight in a series of semi-regular daily current and topical computer threats that may affect your online, or even offline, digital and real life. Why cyber-security on SurvivalRing? Because EVERYTHING you do in your life everyday now is a part of the cyber world…even your offline plans. So, be aware, and pay attention. The bad guys WILL eventually get around to YOU…personally…so be prepared for it, by staying in the informational loop.  

evil inside

# # #

HEADLINES…for this issue…

  • Probe finds KT website hacked 12 million times
  • Chicago’s Trustwave sued over Target data breach
  • E-commerce security startup Forter lands $3M in funding from Sequoia Capital

  • Full Disclosure Mailing List: A Fresh Start
  • Why Cyber War Will Not and Should Not Have Its Grand Strategist

Probe finds KT website hacked 12 million times

  • JoongAng Ilbo
  • March 26, 2014

The Ministry of Science, ICT and Future Planning said yesterday it confirmed that hackers accessed KT’s website more than 12 million times over the past three months.

The ministry announced the results of a public-private task force investigation into KT’s massive personal information leak.

The investigation found similar vulnerabilities at nine other KT websites, in addition to the main site, and discovered KT had not detected that hackers were accessing the site as many as 341,000 times a day.

Hackers collected personal information by adjusting customer account numbers using an ID and password from the Paros hacking program.

In order to gather as much personal information as quickly as possible, hackers were found to have created an automated program, which uses random numbers to search for customer service contract numbers.


# # #

Chicago’s Trustwave sued over Target data breach

  • By John Pletz
  • On Technology
  • Crains Chicago Business
  • March 25, 2014

Trustwave Holdings Inc., a Chicago-based credit card security company, was sued alongside Target Corp. by banks who say they suffered financial damages when the retailer was hacked during the holiday shopping season.

Although the most serious allegations are leveled at Target, the suit alleges that Trustwave failed to identify deficiencies in the retailer’s IT systems. Trustwave’s software audits companies’ IT systems to make sure they comply with credit card security regulations.

The lawsuit is a blow to Trustwave, which according to the complaint says it has “performed more Payment Card Industry Data Security Standard (PCI DSS) Certifications than all other companies combined.”

It’s also the first time the company, which keeps a low profile and is loath to discuss its customers, has been publicly connected to the Target breach.


# # #

E-commerce security startup Forter lands $3M in funding from Sequoia Capital

# # #

Full Disclosure Mailing List: A Fresh Start

  • March 25, 2014

Like many of us in the security community, I (Fyodor) was shocked last week by John Cartwright’s abrupt termination of the Full Disclosure list which he and Len Rose created way back in July 2002. It was a great 12-year run, with more than 91,500 posts during John’s tenure. During that time he fought off numerous trolls, DoS attacks, spammers, and legal threats from angry vendors and researchers alike. John truly deserves our appreciation and thanks for sticking with it so long!

Some have argued that we no longer need a Full Disclosure list, or even that mailing lists as a concept are obsolete. They say researchers should just Tweet out links to advisories that can be hosted on Pastebin or company sites. I disagree. Mailing lists create a much more permanent record and their decentralized nature makes them harder to censor or quietly alter in the future. Jericho from OSVDB and Attrition elaborates further in this great post.

Upon hearing the bad news, I immediately wrote to John offering help. He said he was through with the list, but suggested: “you don’t need me. If you want to start a replacement, go for it.” After some soul searching about how much I personally miss the list (despite all its flaws), I’ve decided to do so! I’m already quite familiar with handling legal threats and removal demands (usually by ignoring them) since I run, which has long been the most popular archive for Full Disclosure and many other great security lists. I already maintain mail servers and Mailman software because I run various other large lists including Nmap Dev and Nmap Announce.


 # # #

Why Cyber War Will Not and Should Not Have Its Grand Strategist

  • Strategic Studies Quarterly (SSQ)
  • The Strategic Journal of the United States Air Force
  • Volume 8, Issue 1 – Spring 2014
  • By Martin C. Libick


p>Even assuming the cyber domain has yet to stop evolving, it is not clear a classic strategic treatment of cyber war is possible, or, if it were, it would be particularly beneficial. The salutary effects of such classics are limited, the basic facts of cyberspace and cyber war do not suggest it would be as revolutionary as airpower has been, and if there were a classic on cyber war, it would likely be pernicious.


 # # #

Updated: March 28, 2014 — 8:02 pm

The Author

Rich Fleetwood

Rich is the founder of SurvivalRing, now in it's 24th year, author of multimedia CDs and DVDs, loves the outdoors, his family, his geeky skill-set, and lives in rural southern Wyoming, just below the continental divide (long story, that...). Always ready to help others, he shares what he learns on multiple blogs, many social sites, and more. With a background in preparedness and survival skills, training with county, state, and national organizations, and skills in all areas of media and on air experience in live radio and television, Rich is always thinking about the "big picture", when it comes to helping individuals and families prepare for life's little surprises.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.