tag:blogger.com,1999:blog-233042752009-09-02T19:53:10.438-07:00Information Security News, Developments, and RantsWebprozehttp://www.blogger.com/profile/12580189478906190736noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-23304275.post-10903275860912817652009-09-02T19:53:00.000-07:002009-09-02T19:53:10.456-07:00<div class="separator" style="clear: both; text-align: center;"><a href="http://www.webproze.com/uploaded_images/dogsitting-781845.jpeg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="http://www.webproze.com/uploaded_images/dogsitting-781844.jpeg" /></a></div>Is it wrong that I named my fantasy football team "Vick's Dog-sitting Service"?<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/23304275-1090327586091281765?l=www.webproze.com%2Fdefault.html'/></div>Webprozehttp://www.blogger.com/profile/12580189478906190736noreply@blogger.com0tag:blogger.com,1999:blog-23304275.post-46820573238062041492008-03-04T07:21:00.001-08:002008-03-04T07:21:46.205-08:00<object width="425" height="355"><param name="movie" value="http://www.youtube.com/v/1LLTsSnGWMI"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/1LLTsSnGWMI" type="application/x-shockwave-flash" wmode="transparent" width="425" height="355"></embed></object><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/23304275-4682057323806204149?l=www.webproze.com%2Fdefault.html'/></div>Webprozehttp://www.blogger.com/profile/12580189478906190736noreply@blogger.com0tag:blogger.com,1999:blog-23304275.post-52043097697248350212008-01-09T05:42:00.000-08:002008-01-09T05:47:39.879-08:00In the first announced of what I'm sure will be many more, a site experienced a data compromise despite the fact that they subscribe to ScanAlert, a service where the site is scanned daily for vulnerabilities. BTW, in October, McAfee announced that they would be purchasing ScanAlert. Coincidence? I think not.<br /><br />You can read more <a href="http://www.networkworld.com/news/2008/010708-hacker-safe-web-site-gets.html">information here</a>, but if you're a customer of Geeks.com, you may want to start checking your snail mail for a notification from them about your data being compromised. You may also want to check your credit card statement on a daily basis. <br /><br />Just throwin that out there.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/23304275-5204309769724835021?l=www.webproze.com%2Fdefault.html'/></div>Webprozehttp://www.blogger.com/profile/12580189478906190736noreply@blogger.com0tag:blogger.com,1999:blog-23304275.post-1141746780410062912006-03-07T07:52:00.000-08:002006-03-07T07:53:00.420-08:00Think <a href="http://www.zdnet.com.au/news/security/soa/Mac_OS_X_hacked_in_less_than_30_minutes/0,2000061744,39241748,00.htm">again</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/23304275-114174678041006291?l=www.webproze.com%2Fdefault.html'/></div>Webprozehttp://www.blogger.com/profile/12580189478906190736noreply@blogger.com0tag:blogger.com,1999:blog-23304275.post-1141326653099418002006-03-02T11:10:00.000-08:002006-03-04T07:39:41.743-08:00<a href="http://www.infoworld.com/article/06/02/24/75877_HNmcafeedata_1.html">Deloitte and Touche</a> suffered a bit of an image hit when one of their auditors left a CD that held the stock holding information for thousands of <a href="http://software.silicon.com/security/0,39024655,39156741,00.htm">McAfee</a> current and former employees. The data was not encrypted. Staffers were offered a two-year membership to a credit monitoring program offered by <a href="http://www.experian.com/">Experian</a>.<br />A <a href="http://www.chron.com/disp/story.mpl/headline/metro/3679070.html">PriceWaterhouseCoopers employee </a>had a laptop with data from 4000 patients of University of Texas M.D. Anderson Cancer Center. PWC says that the data was encrypted using a 'sophisticated encryption software'. (*Probably an Excel spreadsheet with a password on it-jj)<br /><br />From personal experience, after having worked for a CPA firm, it's regular practice to have gigabytes of client information on a laptop and not have that data encrypted. This isn't just something that's happened at the firm I worked, but at several firms that I had interaction with during my tenure there. Data was frequently shared between the internal auditors and external auditors, and when I would send it encrypted, was told on a regular basis by clients and other auditors as well "Why do you encrypt it, no one else at your firm, outside of your security group does?", or "We don't encrypt stuff we send to you, just send it to me unencrypted (other firms)".<br /><br />If you look over the news in the last several years, there are a multitude of cases where data has been stolen from CPA firms or lost by them, thanks to their poor security practices. If hackers were smart, they'd start targeting the REAL sources of information storage. You hack one company, you get their data. You hack a CPA firm, you get hundreds or thousands of companies data. And no amount of compliance with PCAOB will change that. Talk about your inmates running the asylum.....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/23304275-114132665309941800?l=www.webproze.com%2Fdefault.html'/></div>Webprozehttp://www.blogger.com/profile/12580189478906190736noreply@blogger.com0