What makes a ‘worst’ data breach? Is it the number of people effected, the severity of the effects, or the importance of the system that is breached?

Whatever the case, we’ve chosen Data Privacy Day (Jan 28) as the perfect time to remind you of ten of the most serious examples of breached security in network history. Whether its national governments, international finances, or simply millions of account details exposed, any of these qualify for the unauthorized access Hall of Fame.

1.  Albert Gonzales and TJX (2005 – 2007) — During an 18-month period, 45.6 million credit and debit card numbers were stolen from TJX systems in Miami, hacking into wireless networks at TJ Maxx, Sports Authority, Barnes & Noble, Office Max, Marshalls, and other merchants. During this time, Gonzales was working with the US Secret Service, providing information about a previous credit card scam in order to avoid jail time.

2.  AOL (2006) — Security breaches aren’t all caused by hackers. In 2006, an in-house team at AOL publicly posted data about 20 million Web searches, from over 600,000 users. AOL was trying to aid academic research on Internet traffic, but the data was found to contain personal information, such as Social Security numbers — and the New York Times quickly showed how individuals could be quickly and easily traced from the supposedly ‘anonymous’ data.

3.  Monster.com (2007) — Hackers used a Trojan to make off with names, phone numbers, email addresses and Social Security numbers of job-seekers on Monster.com — many of which were then used for a further phishing scam. The numbers still haven’t been nailed down; anywhere from 46,000 to 1.6 million people may have been compromised, including Federal applicants on USAJobs.gov.

4.  Alberto Gonzales and 7-Eleven (2007) — yes, him again. Along with ‘unnamed Russian conspirators’, Gonzales managed to get into the Heartland Payment Systems/ Citibank ATM network via SQL injection at a 7-Eleven — and make off with 130 million credit and debit cards (about a year later, authorities finally arrested Gonzales — concerning yet another major breach, of Dave & Buster’s).

5.  Operation Aurora/ Operation Shady RAT (2009 – 2011) — Although taking place at distinctly different times (with distinct snappy code names), both Operations are the epitome of 21st Century cyberwarfare — originating in China (probably, maybe?), these Operations use a combination of spear phishing and RAT (“remote access tool”) attacks versus some people you may have heard of — such as Gmail, Yahoo, Adobe, Morgan Stanley, Dow Chemical, the US government, US military, US defense contractors, the United Nations, the International Olympic Committee..

6.  Sony (2011) — Between April and June of 2011, Sony suffered what could be the largest security breach ever. Over 77 million accounts on the PlayStation Network, another 24.6 million on Sony Online Entertainment, and an indeterminate number of Sony Pictures accounts were compromised. Before it was over, we saw credit card fraud, the involvement of the US and Japanese governments, and wideapread criticism of Sony’s security and response to the crisis.

7.  TriCare/SAIC (2011) — 5.1 million people (mainly current and retired members of the armed services, as well as their families) had personal medical and financial data exposed when unencrypted backup tapes containing data were stolen from a Tricare employee’s car. But wait — back in 2007, SAIC suffered a breach where unencrypted data for more than 800,000 U.S. service members and their families was access. And still that wasn’t the first — in 2005, thieves had broken into SAIC offices and stolen unencrypted personal data. What does it take to teach SAIC to encrypt their data?

8.  HBGary Federal (2011) — This Federal contractor and hacker-taunting security firm was left red-faced when members of Anonymous accessed the web site, phone system, and 68,000+ emails — via some very simple exploits. Among the files exposed by the hacktivists: PowerPoint proposals and presentations to prospective clients by HBGary and other security firms, and a long-term strategy of intimidation and disinformation against the WikiLeaks organization.

9.  RSA Security /SecureID (2011) — It’s bad enough when you’re a respected security firm that gets breached by hackers, but then to have your flagship encryption software stolen? 25,000 SecureID clients (including top-secret defense contractors Northrop Grumman, L-3 Communications, and Lockheed Martin) had some extremely nervous days over the spring and summer of 2011, thanks to a successful phishing-based attack. In all, over 40 million “tokens” (encrypted user accounts) were made accessible in the breach.

10.  Epsilon (2011) — This Dallas-based marketing service was breached, exposing customer data (chiefly email addresses — Epsilon sends around 40 billion emails each year!) from over 2,200 Epsilon clients such as Best Buy, Target, Marriott, Hilton Hotels, JPMorgan Chase, Citigroup, Capital One, Walgreens, TiVo, and HSN. Epsilon’s parent company, Alliance Data, had also acquired Heartland Systems at about the same time that Albert Gonzales was arrested).

About the Author: Greg Buckskin is a tech guru and writer at CableTV.com.

The below Infographic will can say more stories about Hackers. There are 7 types of hackers and they differ according to their type of activity. The Infographic really has got some interesting information also you will find some tips for protecting yourself from getting hacked! So let’s check it out.

Source ZoneAlarm.com

Hard Disk encryption is something different than all the above said security measures. It encrypts the whole hard disk data so if someone try to access the data by connecting the hard disk to another computer he will see some random data instead of the actual files. TrueCrypt uses AES (Advanced Encryption Standard) with 14 rounds and a 256 bit key. So decryption is hopeless for this! AES protection is used by US Federal departments and agencies to protect their sensitive data. The data encrypted with TrueCrypt will not drop any trace about TrueCrypt thus a hacker will never get information of the tool used for encryption.

TrueCrypt’s Features:

• A virtual encrypted disk can be created and mounted as a real disk within a file.
• Can used to encrypt the entire partition or an external storage device such as an external hard drive or a flash drive.
• Supports a pre-boot authentication and encrypts complete operating system files.
• On modern systems the encryption is hardware accelerated.
• Using encryption a volume can be made hidden (Operating system volume can be made hidden)
• It supports Windows desktop operating systems and server operating systems.
• Support for Mac OSX and Linux flavors.
• It’s absolutely free.

Try TrueCrypt from this link

CloudFlare securely protects and speed up website as web traffic is routed through global network.  CloudFlare also block threats and limit abusive spam bots and zombie crawlers from wasting your bandwidth and server resources. The result is a that you experience  a significant improvement in performance and a decrease in spam and other attacks. And the best thing is that the whole service is free with Pro settings available for a small monthly fee.

CloudFlare can be used by anyone with a website and their own domain and it takes less 5 minutes to make your site secure and fast.  Adding your website calls for only a simple change in the domain’s DNS settings. There is no hardware or software to install or maintain and you do not need to change any of your site’s existing code.

Advantages of the CloudFlare system:

• Site Performance Improvement: CloudFlare has proxy servers located throughout the world. Proxy servers are located closer to your visitors, which means they will likely see page load speed improvements as the cached content is delivered from the closest caching box instead of directly off our server. There is a lot of research that shows that a faster a site, the longer a visitor stays.
• Bot and Threat Protection: CloudFlare uses data from Project Honey Pot and other third party sources, as well as the data from its community, to identify malicious threats online and stop the attacks before they even get to your site.
• Spam Comments Protection: CloudFlare leverages data from third party resources to reduce the number of spam comments on your site
• Alerting Visitors of Infected Computers: CloudFlare alerts human visitors that have an infected computer that they need to take action to clean up the malware or virus on their machine. The visitor can enter a CAPTCHA to gain access to your site.
• Offline Browsing Mode: In the event that our server is unavailable, visitors should still be able to access your site since CloudFlare serves the visitor a page from its cache.
• Lower CPU Usage: As fewer requests hit our server, this lowers the overall CPU usage of your account.
• New Site Stats: You have good tools to evaluate human traffic coming to your site, but no insight into search engine crawlers and threats. With CloudFlare, now you do.

Some limitations of the CloudFlare system:

• Currently, requests must be directed to www.$domain instead of $domain (which means you may need to make some configuration changes).
• CloudFlare may affect internal statistic programs that read directly from Apache logs. (CloudFlare will not affect web-based analytic programs that use JavaScript like Google Analytics.) While your logs will reflect fewer requests to your server and therefore lower load, the experience to your visitors should be unaffected.
• CloudFlare caches static content from your site. While this reduces the load on your server, it means that if you make a change to an existing static file, like an image, there may be a delay before the change appears. While you are updating your site, you can put CloudFlare in Development Mode so changes appear immediately.
• CloudFlare’s basic mode cannot handle SSL certificates. If you need to use an SSL certificate, that part of your site needs to be on a subdomain that is not protected.

CloudFlare is a service that makes any website faster, safer, smarter…better. Take a tour to find out more about how it works and what you get.

Symantec says the spelling mistakes in the email are intentional, so that the massage can evade content-based antispam filters. But, in this case, they can also lend a certain amount of credibility to the sender, since the name of the “hack project” sounds Slavic in origin. Perfect knowledge of the English language would, in this case, probably raise more suspicion.

23 year old Mariposa Malware author arrested in Slovenia .He developed the Malware code that allowed the three alleged Spanish Mariposa Botnet herders to infect some 13 million personal, corporate, bank and government computers in more than 190 countries. The arrest is the result of a massive investigation that included the FBI, Spanish authorities, the Slovenian Criminal police, and the Mariposa working group (comprising the Georgia Tech Information Security Center, Defense Intelligence, Panda Security, and other international security experts).

According to Npr, the hacker was arrested in Maribor, Slovenia, some ten days ago and has since been released on bail. His real name and the exact charges that have been brought against him haven’t been released by the authorities.

Jeffrey Troy, the FBI’s deputy assistant director for the cyber division, says that more arrests will likely follow – those of other operators that bought the software package from the hacker. He considers Iserdo’s arrest a major break in the investigation, since it will prevent further updating of the code and/or organizing another Botnet that will take control of the still infected computers, i.e “orphaned” bots.

The authorities are also keeping mum on the price that Iserdo was asking for the malware, but Internet sources say that the basic package was some $500, and that advanced versions have been known to reach the price of $1,300.

Another shocking news on air!

Personal Information and Facebook pages of 100 million users are there for download on torrent site, courtesy of hacker Ron Bowes of Skull Security.

These are result of Facebooks privacy scrutinized when we create pages with as open access directory and which can be viewed by simple search on search engines. But, there is no doubt that having them all in one place will be a godsend to anyone bent on data mining.

User names and profile page URLs are available in the torrent, and by following them personal information (address, birth date, phone numbers, etc.), friends and their picture can be be viewed. What’s more, friends of all those users that have opted to be non-searchable – can now be found by clicking through the profiles on the list.

To harvest all those pages, Bowes wrote a Ruby script that functions as a web crawler, and set it loose on the directory.

Hackers fashioned a torrent that contains the URL of every searchable Facebook user’s profile, the name of every such user, some processed lists and the programs he used to generate everything, and leaked it on a torrent site.
A quick glance at the comments beneath the post will tell you immediately that there are quite a few ways of misusing this information. “Looks great as a dictionary for driving brute-force SSH/website attacks or similar. What’s the betting that there’s at least 10,000 users in that list whose password is some variation on their date of birth which, of course, they’ll publish too?” says in one, and I’m guessing he’s not the only one who thought of that.