309,079 Records Breached in UMD Attack

The University of Maryland has sent out a notice to all faculty and staff alerting them of a recent attack on one of their databases. A total of 309,079 records were stolen as a result, this includes faculty, staff, and students. The records included names,social security numbers, date of births and university id numbers. This affects everyone affiliated with the College Park and Shady Grove campuses given an university ID since 1998. All of this information was stored on a single database which was managed by their IT division. The university is unsure of how the security breach happened. The incident is being investigated by federal and state law enforcement.

Recently the university has doubled the amount of IT security and analysis personnel working for them. Also stating that the doubled the amount of money invested into top-level security tools. Obviously this isn’t enough, or possibly too much? The more people that touch your system, the more people that know your system. I am sure we will find out how this occurs in a few weeks, or possibly never, but I wouldn’t doubt the possibility of an inside job. Credit Application
The University is offering free credit monitoring for a year. Is a year long enough? This data could take over a year to be used. If you look at the image above, this is all the data needed for a credit application, this one specifically for Amazon. With the data that was received from the hack, anyone that has access to it or whoever purchased it on the black market could easily get some free money. This is only one possibility for the data holder to accomplish, there are many others. All of which can be done a year from now.

Source: http://www.umd.edu/datasecurity/

 

Business and Enterprise Security Concerns with Remote Users/Workers

In this new modern age remote users are be becoming more and more popular.  It now only takes a few short clicks and you can be logged into a system anywhere in the world. But with new access and convince for employees comes new access and accessibility for attackers.  Having remote users effectively increases the “attack radius” and probability of being attacked as employees, information, and devices are spread across the globe requiring an increase in security policies, training and reviews to ensure maximum protection against threats.

Full Article:

http://smallbusiness.yahoo.com/advisor/addressing-enterprise-security-concerns-remote-workers-193011960.html

The Cloud: Is it good or bad?

Is the Cloud good or is it bad? In order to answer this question we need to ask ourselves, what exactly is the cloud? What the cloud really is just a network of servers…or in other words, the internet. When you are at home surfing the internet you are on the cloud and the cloud can be used to do a great many things. You can play games on the cloud, watch movies, listen to music, and now everyone is starting to store personal data in the cloud, on the internet.

There are good and bad things about using the cloud. Some of the good things about the cloud are things like access to your personal or work files, even if you forget to bring them around with you. The game distribution program Steam has started using the cloud to sync video game save files so that if you are using more than one computer you still can pick up where you left off. I personally think that game saves are one of the best uses for the cloud so far, mostly because who is going to want to steal you game saves?

Some of the bad things about the cloud is that your files are simply on the internet, whether companies say they are secure or not and as one of the oldest sayings go “Once it is on the internet it is there forever.” Now this is not always the case, because if the files are being shared privately they can just be deleted, but if they get leaked into the public part of the internet they will likely stay there forever.

The article I read referred to the cloud as an “addiction” and I believe this is the right term to use considering all the companies suddenly trying to switch everything over to the cloud. The problem is what you gain from accessibility and reduced cost, you lose in security. This all depends on how each company works, but is also where the article states that the addiction of the cloud kicks in. “This is the slippery slope, data that might inadvertently go to the cloud or fall under the grip of the cloud addiction: ‘The last bit of data we sent to the cloud seems safe enough, so let’s move up the sensitivity pyramid and save even more money.’ “

In the end, there really is no full security on the internet, or the cloud, what could help with the security would be to encrypt any important files that a company puts on the cloud. This would ensure that even if some files were taken that at least they wont be easily accessed, if at all. Is the Cloud good or bad might not be the right question then. It ,instead, might be better to ask how far are you willing to go to protect your files and how much security are you willing to compromise for the sake of accessibility and cost.

Reference:

http://www.scmagazine.com/cloud-addiction-at-what-point-does-the-elastic-snap/article/317413/

Yahoo plans to pay “researchers” to find bugs

Yahoo is currently looking to start rewarding people who find and report bugs and vulnerabilities up to $15,000. This is primarily due to being heavily  criticized  for only paying someone $12.50 for finding and reporting a vulnerability.  Researchers who find a bug must  receive at least $150 for reporting it. Ramses Martinez, the director of Yahoo’s security team, has said that there was no formal process to reward people who reported vulnerabilities and that he would buy and send people t-shirts with his own money.

The article, from SC Magazine, states that he also began buying gift cards as well. Something like this could help the company a lot in security by providing incentives to actively search for bugs. Word about this could also redirect hacking efforts for the good of the company, rather than hacking it for personal information. I know that if I could get $15,000 for finding a big issue, I definitely would try.  What do you think?

Resource:

http://www.scmagazine.com/yahoos-new-bug-bounty-policy-rewards-researchers-up-to-15k-for-high-risk-discoveries/article/314596/

Still Feel Safe Online?

Do you feel safe while surfing the web? Well this article might make you rethink about your safety as you are asked to give away personal information online.

According to authorities a hacker from Pennsylvania has pleaded guilty to selling access to supercomputers for $50,000. He also sold access to RNKTel a telephone company as well as log-in credentials for a company called Tech of Texas and domain access to Domino’s Pizza. They said in the article that:

“According to court documents, the defendant bragged to FBI agents online that he had broken into the corporate servers of American Express, Yahoo, Google, Adobe, WordPress and other companies and universities.”

This was just one man, although he is a member of a group of hackers called Underground Intelligence Agency, and it makes me think about how many people could possibly have my personal information. There really is no guarantee when you talk about internet security, because there will always be some way to get the information.  It will definitely make me more weary when giving away personal information online.

Resources:

http://www.wired.com/threatlevel/2013/08/hacker-super-computer-access/