What makes a ‘worst’ data breach? Is it the number of people effected, the severity of the effects, or the importance of the system that is breached?

Whatever the case, we’ve chosen Data Privacy Day (Jan 28) as the perfect time to remind you of ten of the most serious examples of breached security in network history. Whether its national governments, international finances, or simply millions of account details exposed, any of these qualify for the unauthorized access Hall of Fame.

1.  Albert Gonzales and TJX (2005 – 2007) — During an 18-month period, 45.6 million credit and debit card numbers were stolen from TJX systems in Miami, hacking into wireless networks at TJ Maxx, Sports Authority, Barnes & Noble, Office Max, Marshalls, and other merchants. During this time, Gonzales was working with the US Secret Service, providing information about a previous credit card scam in order to avoid jail time.

2.  AOL (2006) — Security breaches aren’t all caused by hackers. In 2006, an in-house team at AOL publicly posted data about 20 million Web searches, from over 600,000 users. AOL was trying to aid academic research on Internet traffic, but the data was found to contain personal information, such as Social Security numbers — and the New York Times quickly showed how individuals could be quickly and easily traced from the supposedly ‘anonymous’ data.

3.  Monster.com (2007) — Hackers used a Trojan to make off with names, phone numbers, email addresses and Social Security numbers of job-seekers on Monster.com — many of which were then used for a further phishing scam. The numbers still haven’t been nailed down; anywhere from 46,000 to 1.6 million people may have been compromised, including Federal applicants on USAJobs.gov.

4.  Alberto Gonzales and 7-Eleven (2007) — yes, him again. Along with ‘unnamed Russian conspirators’, Gonzales managed to get into the Heartland Payment Systems/ Citibank ATM network via SQL injection at a 7-Eleven — and make off with 130 million credit and debit cards (about a year later, authorities finally arrested Gonzales — concerning yet another major breach, of Dave & Buster’s).

5.  Operation Aurora/ Operation Shady RAT (2009 – 2011) — Although taking place at distinctly different times (with distinct snappy code names), both Operations are the epitome of 21st Century cyberwarfare — originating in China (probably, maybe?), these Operations use a combination of spear phishing and RAT (“remote access tool”) attacks versus some people you may have heard of — such as Gmail, Yahoo, Adobe, Morgan Stanley, Dow Chemical, the US government, US military, US defense contractors, the United Nations, the International Olympic Committee..

6.  Sony (2011) — Between April and June of 2011, Sony suffered what could be the largest security breach ever. Over 77 million accounts on the PlayStation Network, another 24.6 million on Sony Online Entertainment, and an indeterminate number of Sony Pictures accounts were compromised. Before it was over, we saw credit card fraud, the involvement of the US and Japanese governments, and wideapread criticism of Sony’s security and response to the crisis.

7.  TriCare/SAIC (2011) — 5.1 million people (mainly current and retired members of the armed services, as well as their families) had personal medical and financial data exposed when unencrypted backup tapes containing data were stolen from a Tricare employee’s car. But wait — back in 2007, SAIC suffered a breach where unencrypted data for more than 800,000 U.S. service members and their families was access. And still that wasn’t the first — in 2005, thieves had broken into SAIC offices and stolen unencrypted personal data. What does it take to teach SAIC to encrypt their data?

8.  HBGary Federal (2011) — This Federal contractor and hacker-taunting security firm was left red-faced when members of Anonymous accessed the web site, phone system, and 68,000+ emails — via some very simple exploits. Among the files exposed by the hacktivists: PowerPoint proposals and presentations to prospective clients by HBGary and other security firms, and a long-term strategy of intimidation and disinformation against the WikiLeaks organization.

9.  RSA Security /SecureID (2011) — It’s bad enough when you’re a respected security firm that gets breached by hackers, but then to have your flagship encryption software stolen? 25,000 SecureID clients (including top-secret defense contractors Northrop Grumman, L-3 Communications, and Lockheed Martin) had some extremely nervous days over the spring and summer of 2011, thanks to a successful phishing-based attack. In all, over 40 million “tokens” (encrypted user accounts) were made accessible in the breach.

10.  Epsilon (2011) — This Dallas-based marketing service was breached, exposing customer data (chiefly email addresses — Epsilon sends around 40 billion emails each year!) from over 2,200 Epsilon clients such as Best Buy, Target, Marriott, Hilton Hotels, JPMorgan Chase, Citigroup, Capital One, Walgreens, TiVo, and HSN. Epsilon’s parent company, Alliance Data, had also acquired Heartland Systems at about the same time that Albert Gonzales was arrested).

About the Author: Greg Buckskin is a tech guru and writer at CableTV.com.

The man died because of blood clot after sitting for long playing the Xbox and with all the sorrow his father sends out a request to all the parents for protecting their children from gaming. Kids will never realize the harm of playing computer games for long hours, it’s the parent’s duty to make them understand the harm and then cease them from sitting in front of it.

Microsoft releases a Healthy Gaming Guide for the Xbox users to do a healthy gaming. This guide is for the parents to guide their children appropriately. The guide has the complete information as how to use each gaming devices, positioning yourself better while gaming to avoid any body aches and it is also telling the importance of taking breaks in-between.

Visit the Xbox Gaming Guide page

Receiving a spam mail is a usual thing on webmail but there will be only 10 % of the internet user will be acting wisely against such emails. It will not be easy to understand such emails for a normal user as they might get attracted or panicked when they receive a mail with the subject saying “You have Won 10 million Dollars” Or “Update your missing Bank account information”. eMail ID will notify you the authenticity of one email id with a ‘Trueicon’ so it’s easy for everyone to understand which is good/bad.

Image Courtesy Trend Micro

In order to get the Trend Micro eMail you should be either using Internet Explorer or Mozilla Firefox web browsers. Also it supports all major web mails and Microsoft Outlook and Outlook Express applications.

Download it from here

The Hacker will first make legitimate websites vulnerable by injecting their scripts which redirects the images. WordPress based websites are mostly selected to compromise for this type of attack.

Google is suggesting the users to use the https://encrypted.google.com page for browsing since it helps to protect you from such re direction the help of SSL security. SSL is more resource intensive so the browsing with SSL enabled will not faster when compared to the regular way of browsing.

If you are a Mozilla Firefox user an Add-on called No Script can be used to see warning while browsing such images. The images with such iframe scripts will show in red border.

]]> http://www.hackstacks.com/google-adds-ssl-security-for-image-searching/3659/feed 0 http://www.hackstacks.com/wot-add-on-will-make-your-web-browser-a-safe-surfing-tool/3599 http://www.hackstacks.com/wot-add-on-will-make-your-web-browser-a-safe-surfing-tool/3599#comments Mon, 16 May 2011 16:58:03 +0000 Renjith http://www.hackstacks.com/?p=3599 more »]]>

WOT (Web Of Trust) is a community powered security add-on tool for major web browsers. WOT helps and suggests you which sites/links you can trust for safe browsing. Like I mentioned it’s a community powered tool the suggestions about a link is a data provided by millions of user who has WOT in their browser. By one’s experience if they find a link is vulnerable they can mark the link as bad and that will affect that particular link’s reputation. A user can rate the website’s reputation by saying bad customer experience, inappropriate content and Trustworthiness etc WOT then calculates a particular website’s reputation and then display it on your web browser.

WOT add-on are available for Firefox, Internet Explorer, Safari, Google Chrome and Opera. Also it support Windows, Mac and Linux operating systems. Once the add-on is loaded on your web browser you are supposed to create an account on WOT. This account will help you to rate a link. Keep in mind that rating a link will help others in identifying a good website.

Here is a search results from Google and Wot icon is showing green color icon for trusted links

I would suggest you use this Add-on on your browser. This can help you if you are unsure about certain website especially when you do lot of online transactions.

Download Add-on for your browser from here

Here I am talking about the web mail such as Gmail, Yahoo mail or Hotmail. A recent finding from Trend Micro Labs says that the new email is spreading all over the mail system and once the mail previewed the malicious scripts will get prompt to download once it’s downloaded the script will begin to inject the script in to the mail page itself and start capturing the contacts and email messages. Then it will start to transmit these data by email to a different email account.

So if an employee is opening their personal web mail and previewing their emails at work can possibly put the data at risk. Sensitive emails and company contacts can reach in to attacker’s hand. Trend Micro has already detected the malicious script and classified in to JS_AGENT.SMJ and blocks the URL immediately. (You are supposed to have any Trend Micro Security to get protected from this attack)

As per Trend Micro the Subject and Content of the message will read as below.

Subject: Have you ever logged in Facebook from unknown location?
Content:
Dear Facebook User,
Your Facebook account is accessed from a computer or device or from a location that you have never used before. For protecting your account security, before you have confirm your account is not hacked, we temporarily locked down your account.
Have you ever logged in Facebook from other place?
If this is not your name, please use your personal computer to login Facebook and follow the instructions to manage your account information.
If this is not your account, please do not worry. Relogin can lead your back to your own account.
For more information, visit our Help Center here: … {link}
Thanks,
Facebook Security Team

We recommend that never click on such link to sign in to your account. If you feel that your account must have compromised then manually type in the Facebook URL on the web browser and begin the rest of account recovery. Using any web browser security tool (Trend Micro Browser Guard is such tool) will also block such malicious tool from automatically executing

So today we are going to look at various virus removal tools sources available from these major companies.

Symantec http://www.symantec.com/business/security_response/removaltools
Kaspersky http://www.kaspersky.com/virus-removal-tools
McAfee http://home.mcafee.com/VirusInfo/VirusRemovalTools
Trend Micro http://free.antivirus.com/clean-up-tools
Bitdefender http://www.bitdefender.com/site/Downloads/browseFreeRemovalTool
Eset http://www.eset.com/us/download/free-antivirus-utilities

Comment here and help us to update the free tool list.