Another recent large scale breach has been identified as University of North Carolina at Chapel Hill notified around 163,000 women that there is a potential compromise that may result in the leak of personal information as well as their social security numbers.  This potential leak is due to a hacker breaching a system containing this data.

Although the breached server at UNC School of Medicine contained information on 236,000 women, only 163,000 contained social security information.   Matt Mauro, chairman of the university’s Department of Radiology said the breach was originally discovered in July but the intrusion may have taken place as long as two years ago.  Mauro said “We think we found some viruses that date back to 2007″.

The server was taken offline since July when the breach was detected and the sites sending information to UNC have temporarily stopped.  Forensic teams required time to piece together the extent of the damage and potential leaked information and is the main reason given for the delayed annoucement.  They do not believe the information was downloaded or modified in anyway at this point.

Author: Christopher

(1 votes, average: 5.00 out of 5)

 Loading ...

Federal Adviation Administrion (FAA) recently fell victim to another malicious hacker attack.  This time two servers were compromised resulting in the exposure of personal data for 45,0000 employees and retirees.    The second server contained encrypted medical records which are believed to be safe.

FAA spokespersons confirm this attack had no reach to Air Traffic Control systems.

“These government systems should be the best in the world and apparently they are able to be compromised,” said Waters, an FAA contracts attorney.

Author: Christopher

(No Ratings Yet)

 Loading ...

Almost 300,000 web sites hosted with Internet Information Services are infected with a new malicious malware according to PandaLabs. By injecting SQL code in all pages hosted on the same IIS server, this vulnerability allows hackers to inject SQL code and redirect the visitor to a malicious site. The malicious page scans the visitors machine to find ways to compromise the visitors machine. Exploits are then downloaded and used to infected the redirected visitor based on the information found on the scan.

If your site is hosted with Internet Information Services it is highly recommended you check to see if your site is compromised. To check if your site is compromised, search your source code for the following IFRAME reference: “<script src=http://www.nihaorr1.com/1.js>”. If this IFRAME reference is found, remove them immediately and notify your IIS admin right away.

Author: Christopher

(1 votes, average: 5.00 out of 5)

 Loading ...

Lifeblood – Memphis, TN
Over 320,000 blood donor records missing and assumed stolen.

Tenet Healthcare Corporation – Dallas, TX
An ex-employee was confirmed to have stolen 37,000 records with patient names and personal information.

Long Island University – Brookville, NY
30,000 tax records are considered compromised because of defective mailers with missing adhesive on one side.

Source: Privacy Rights Clearinghouse

Author: Christopher

(No Ratings Yet)

 Loading ...

Late in December 2007, something Roger Thompson of Grisoft characterized as “a pretty good mass hack” compromised tens of thousands of websites, including edu and gov domains, with an automated SQL injection. The hack exploited a Microsoft SQL Server vulnerability that was over a year old, one that was patched in early 2006 by the MS06-014 security update. The hack injected into SQL databases an SQL iterative loop with a JavaScript tag that appends itself to every column of text. The script instructs browsers reaching the site to execute another script hosted on a malicious server. From what is known, those hacked appeared to share little in common except a common weak spot in their SQL server databases. Since those hacked are not bragging about it, the identities of the hackers as well as the actual purpose of the hackers was, and is, unclear.

Although the mass hack was cleaned up in record time, quickly relieving many fears of disastrous consequences, the possibilities from the hack may have been broader than what actually took place. One professional web developer responding on Thompson’s blog anxiously noted, “Looks like exploits for Y! Messenger, IE TIFF overflow and RealPlayer are also in there. Yikes.” Symantec and other experts analyzing the JavaScript itself agreed that the malicious script targeted a RealPlayer bug, one much more recent that the server vulnerability. The RealPlayer bug targeted had been found and fixed in October 2007, only a couple of months before the hack.

Those hacked were not simply at-home users or amateur server owners. According to Thompson, who reported the hack on January 5, 2008, “some victims were pretty sophisticated in terms of security smarts, including, apparently, some Computer Associates pages.” While it appears that no seriously harmful damage resulted from this particular hack, its massive size leaves many users troubled about other equally vulnerable bugs that may exist in their own server farms.

Author: Christopher

(No Ratings Yet)

 Loading ...

A recent article on Forbes talks about a Lieutenant Colonel of the Army purchasing Apple Macintosh computers to decrease their risk of exploitation. Primarily in response to the recent security breach of the Pentagon back in June as well as a few other incidents. It is widely discussed that Macintosh computers are more secure than Windows & Linux based computers because fewer vulnerabilities exist for the Mac platform.

What I never hear talked about in these discussions is the alarming fact that Macintosh had five and a half more vulnerabilities per month on average than Windows throughout the year 2007. You can see the details and the numbers in a recent ZDNet article. It is quite common to see Macintosh users without any active Malware (Anti-Virus, Worm, Trojan, Spyware) protection.

Back in April 3Com held a short lived contest that resulted in compromising a fully patched Macintosh laptop for a prize of $10,000 and the MacBook.

Author: Christopher

(No Ratings Yet)

 Loading ...