What you need to know for your personal cyber security life…
Sixth in a series of semi-regular daily current and topical computer threats that may affect your online, or even offline, digital and real life. Why cybersecurity on SurvivalRing? Because EVERYTHING you do in your life everyday is a part of the cyber world…even your offline plans. So, be aware, and pay attention. The bad guys WILL eventually get around to YOU…personally.
# # #
After Target, Neiman Marcus breaches, does PCI compliance mean anything?
By Jaikumar Vijayan
January 24, 2014
The recent data breaches at Target and Neiman Marcus have once again shown that compliance with the Payment Card Industry Data Security Standard (PCI DSS) is no guarantee against an intrusion.
What’s unclear is whether the problem lies in the standard itself, or the manner in which it is implemented and assessed.
Neiman Marcus on Thursday became the latest company to suggest that PCI compliance had brought it little security against a major intrusion.
In a letter to U.S. Sen. Richard Blumenthal (D-Conn.) explaining the recent breach that exposed 1.1 million payment cards, Neiman Marcus CIO Michael Kingston claimed the intrusion happened even though the company had security measures that exceeded PCI standards.
# # #
Cops cuff alleged email hackers in GLOBAL bust
By Phil Muncaster
28th January 2014
The FBI is claiming a major success after co-ordinating the arrest of alleged email hackers-for-hire in the US, Romania, India and China.
Those behind bars are alleged to have been responsible for compromising nearly 9,000 email accounts between them in cases dating back to 2011.
The Feds said they cuffed Mark Anthony Townsend, 45, of Cedarville, Arkansas; and Joshua Alan Tabor, 29, of Prairie Grove, Arkansas last week.
The two ran the needapassword.com site, where they would allegedly obtain the passwords to email accounts provided by customers, with nearly 6,000 accounts affected, according to the FBI.
Three others were arrested for hiring hackers, including John Ross Jesensky, 30, of Northridge, California, who allegedly paid $21,675 to a Chinese site to get e-mail passwords.
# # #
No second chance for Stephen Glass: The long, strange downfall of a journalist
By Adam L. Penenberg
January 27, 2014
The California Supreme Court has denied disgraced former journalist Stephen Glass a license to practice law.
Pointing out in its ruling that “Glass’s journalistic dishonesty was not a single lapse of judgment” but “involved significant deceit sustained unremittingly for a period of years” – made the more reprehensible because it took place “while he was pursuing a law degree and license to practice law, when the importance of honesty should have gained new meaning and significance for him” — the court found that Glass had not adequately redeemed himself.
For all of Glass’ past history — and I’ll get to that, at length, in a moment — the judgment is remarkable. The last time California barred a lawyer before he’d even practiced his first case, it involved a man named Eben Gossage, who served three years for killing his sister then returned to prison for possession of heroin.
If you recall, Glass was The New Republic associate editor who in the late 1990s fabricated in whole or part dozens of articles, mostly published in The New Republic but also for Harpers, Rolling Stone, and the now defunct George magazine. At the time, it was the journalism scandal to end all journalism scandals. Glass vanished for a while, heading off to law school (and a brief stint as an improv comedian) before finally passing the California bar exam in 2009. The California State Bar promptly banned him from practicing, based on his prior moral turpitude, a decision he successfully appealed. The case wound through the courts, leading to today’s final decision by the state’s Supreme Court.
# # #
Coca-Cola Laptop Breach A Common Failure Of Encryption
, Security Basics
By Robert Westervelt
January 27, 2014
Coca-Cola is notifying employees, contractors and people associated with its suppliers following a data breach at its Atlanta headquarters that resulted in the theft of laptops and information exposure on at least 74,000 people.
The laptops, which have been recovered, were stolen by a former employee, according to the Wall Street Journal, which first reported the security incident Monday. A Coca-Cola spokesperson did not return repeated requests from CRN for a comment on Monday. Coca-Cola told the newspaper that the laptop was not encrypted and contained the names, Social Security numbers and addresses of the individuals and included other details, such as driver’s license numbers, compensation and ethnicity.
The firm said the laptops were stolen by an employee who was assigned to properly dispose of the equipment. The newspaper reported that Coca-Cola is sending out notification letters to 18,000 people whose names and Social Security numbers were found on the laptops as well as 56,000 people who had other personal information potentially exposed.
Coca-Cola said its security policy requires laptop encryption. Lost and stolen laptops containing corporate data is a common occurrence, security experts in the channel told CRN. The latest breach highlights a failure of some basic security policies followed by a lack of security technology that has long been available to enterprises. Laptop encryption and user provisioning policies to remove access privileges from terminated employees may have prevented the issue, they say. Meanwhile, network monitoring may have detected and contained the problem before the data on tens of thousands of people was exposed.
# # #
artin to invest in Israeli cybersecur ity know-how
By David Shamah
The Times of Israel
January 27, 2014
For its first major investment in Israeli technology, Lockheed-Martin is looking for innovative cyber-security ideas and projects — which would seem a bit out of character for a company best known for defense systems, aerospace, and even space systems. “A lot of people do think that, but it happens that we actually do a lot of information technology work, which means we need a lot of cyber-security,” said Chandra McMahon, Senior VP Commercial Markets, Lockheed Martin IS&GS. “We need good cyber technologies to protect our customers, and Israel is a great place for that.”
At a special ceremony Monday, McMahon, along Bob Eastman, Vice President Global Solutions at Lockheed-Martin, Dr. Orna Berry, head of EMC Israel, and Professor Rivka Carmi, President of Ben Gurion University, signed a deal in which the three organizations will work together to ferret out promising Israeli cyber-security start-ups, and help them develop their technology into commercial products. Under the deal, the companies will invest together and fund start-ups, which will work at EMC’s R&D facilities in the Advanced Technologies Park in Beersheva.
LH’s Information Systems & Global Solutions unit (IS&GS), which McMahon helps run, is a large division of Lockheed-Martin that is not typically associated with the company — but as it happens, LH is the number one IT solutions provider to the U.S. federal government. “We have nearly $9 billion in sales annually, supporting our clients in the private sector, government, and defense arena,” said McMahon. “All of them use our systems and need cyber-security solutions, which we help them to find and maintain. And of course, as a leading defense contractor, we ourselves are prime targets for hackers.”