Inmate Exposes Prison Employee Data Base
There’s an ongoing silent war between inmates and the personnel of the prison holding them. There have been quite a few movies on riots, guards having their families threatened and other such. And now this topic hits the endpoint security arena: a former inmate has hacked into a prison’s network and made the employee’s database available to his imprisonment colleagues.
The 42-year-old Francis G. Janosko accessed the names, addresses, dates of birth, social security numbers and telephone numbers of employees working for the Plymouth County Correctional Facility in Massachusetts, said the US District Court in Boston. Using a thin client connected to a prison server, Janosko exploited a bug in legal research software made available to inmates to gain access to the database.
Janosko then shared the private details with his felllow inmates and also managed access the Internet and to download videos and digital photographs of prison employees, inmates and aerial shots of the prison. The hacking took place between October 2006 and February 2007. He is currently charged with identity theft and intentional damage to a protected computer. If convicted, the maximum sentence is 12 years in prison and a fine of $250,000. He could additionally be forced to pay unspecified restitution.
British party membership list gets posted online
If you are British and have been plotting to stalk a member of the British National Party (BNP) you might just have missed the opportunity. A list with all the party’s members, including names, addresses, and email addresses has recently shown up online. Some of those who just got exposed online are also underage (an extra “benefit” of the family plan BNP offers) and others had mentions of other personal details made public, such as job or hobbies.
As the Register puts it, “That’s how we know that that BNP members include receptionists, district nurses, amateur historians, pagans, line dancers and a male witch.” Members reacted pretty strongly, filing their comments with courses and outrage. As certain professions in the UK are expected to have no political color, they might even lose their job and according to several blog sources, some pretty powerful people in the BNP are to blame for the leak.
BNP spokespersons found out of the leak from the Register, but although completely unaware, they promised to treat whoever is responsible quite harshly!
New Flaws in Wireless Security Exposed
The Wi-Fi Protected Access or WPA is aone of the most popular forms of security used by wireless networks. Yet the potential risk and ease of breaching it might trigger some alarms for a lot of poeple especially if they were at PacSec 2008 confefence in Tokyo.
A week before the conference, the Register announced two German researchers, Martin Beck and Erik Tews, were going to expose a vulnerability exposing WPA protected networds to an attack that could compromise certain communications in less than 15 minutes. If anyone reding our blog attended the conference, we’d love to hear how it all went.
But this is far from being the first vunlerability to go public.
In 2001, three researchers found a way to reliably break the previous wireless security protocol, known as Wired Equivalent Privacy (WEP), in less than two hours. By 2007, the latest refinement in attacks against WEP – found by Tews and two other researchers – reduced the time to recover a WEP key to less than a minute of calculations.
While those discovering how to tear security systems apart, those actually depending on them seem to be learning one thing: you’re never really safe! So if any extra security is at hand, apply it asap!
Self-encrypting laptop from Dell
One of the most common causes of security breaches is stolen hardware. And I’m sure you’ve all heard of the thousands and thousands of laptops stolen in airports, from parking lots and other public places. And as most companies fail to implement a comprehensive endpoint security solution, a stolen laptop means trouble. For the end users, a laptop sometimes stores most of their documents, personal and business, memories from trips and other important events and everything that is private and dear to them. Picturing everything lost to a stranger’s hand is hard to cope it.
Dell states there’s a new way to prevent such bad things from happening: a self-encrypting laptop. Your data is still lost, but at least no one can acess it. The drives with self-encryption features are produced by Seagate and embedded in the new Dell product. And apparently, the Seagate hardware will soon be shipped by IBM and LSI as well. Let’s hope no one breaks the encryption system!
Breach Revealed after Extortion Threat
Express Script, a pharmacy benefits-management firm, has recently revealed a data theft that took place in early October. The information was made public after being threatened the stolen data will be made public if a certain amount of money had not been paid.
The threat was made within a letter from the thieves who claimed they had beached Express Script’s network security and gotten their hands on millions of customer records. According to SecurityFocus, the letter listed personal details on 75 of Express Script’s, including their names, dates of birth, social security numbers, and in some cases, their prescription information. Although it’s only recently been released to the public, the data theft had been reported by Express Scripts to the FBI. The Bureau is currently running a full investigation on the incident.
The company is also notifying all those affected by the breach so that they can take the neccessary precaution to prevent and identity theft. SecurityFocus has not released the sum of money requested by the thieves.
