Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The worst security snafus of 2012 – so far

Ellen Messmer | July 16, 2012
Could things really be this bad? From the embarrassing hack of a conversation between the FBI and Scotland Yard to a plethora of data breaches, security snafus have ruled the first half of 2012. Here's a look at some of the worst snafus month-by-month.

" Automotive manufacturer Nissan admitted a data breach involving employee user account credentials had occurred, and that it had to spend some time cleaning its network of the malware apparently responsible for that before disclosing the breach.

" The hacker who stole Facebook's source code, Glenn Mangham of York, England, offered an explanation of why he did it, saying, "I was working under the premise it is sometimes better to seek forgiveness than to ask permission." He said he did little to hide his actions and that even if he got caught, Facebook would let him off the hook. But that didn't happen, and Mangham was sentenced to eight months in prison in February, though the sentence was reduced to four months by an appeals court in April. He said he only had the source code for three weeks, but never had any intention of selling it to anyone who might exploit it for scams, for example. Mangham even made the grandiose claim that his basic good intentions saved Facebook from "potential annihilation."

" Payments processing services company Global Payments acknowledged a data breach of up to 1.5 million card numbers had been stolen in a data breach, and in June also said it was investigating whether a server containing merchant applicants' information had also been breached. Global Payments said its PCI compliance status had been revoked by some of the card brands because of the breach and it was working to regain it.

May

Hackers claimed to have breached the systems of the Belgian credit provider Elantis and threatened to publish confidential customer information if the bank did not make an extortion payment of $197,000. Elantis confirmed the data breach but said the bank will not give in to extortion threats.

Meanwhile, Anonymous claimed it hacked a U.S. Department of Justice website server tied to the U.S. Bureau of Justice Statistics and claimed to release 1.7GB of stolen data from it, with the statement, "We are releasing it to end the corruption that exists, and truly make those who are being oppressed free." The data was offered on The Pirate Bay.

And then Yahoo accidentally leaked the private key that was used to digitally sign its new Axis extension for Google Chrome. Axis is a new search and browsing tool from Yahoo. Security blogger Nik Cubrilovic discovered the package included the private crypto key used by Yahoo to sign the extension, noting it offered a malicious attacker the ability "to create a forged extension that Chrome will authenticate as being from Yahoo." Yahoo was forced to release a new version of its Axis extension for Google Chrome after that.

June

 

Previous Page  1  2  3  4  5  6  Next Page 

Sign up for CIO Asia eNewsletters.