Around The Web

PC WORLD
University Of Tampa Data Breach: Student Info Exposed For 8 Months
Poor decisions on the part of University of Tampa IT officials lead to an exposure of nearly 7,000 student names, social security numbers, and dates of birth for nearly eight months. The mistake was discovered only after a student project involving advanced search techniques discovered the available information

CNET
Why 'Data Breach' Isn't A Dirty Word Anymore
Just a few years ago, no one could predict how a company suffering a large breach, like Heartland Payment Systems, might eventually fair. The common consensus is, pretty well, so long as the breach is treated candidly and the company communicates effectively

THE WALL STREET JOURNAL
Cost of Data Breaches Continues To Rise
A recent Ponemon Institute study of 36 British companies found that the company's cost per breach rose significantly over the last year. The increase is credited to a greater consumer awareness of the dangers of a data breach, spurring the companies to spend more to protect data

PC WORLD
IBM: Internet Security Better, Exploits Worse
IBM 2011 Trends and Risk Report had a mixture of good and bad news. On the upside, the rate of spam was down, exploits are fewer and SQL injection attacks were down. On the downside, shell command injection vulnerabilities doubled or possibly tripled over the last year

INFOSECURITY MAGAZINE
China Arrests Suspect In Data Breach Affecting Six Million CSDN Subscribers
Five hackers have been arrested by the Chinese government for breaching the security of the China Software Developers Network. User IDs, passwords, and email addresses of six million customers were posted online, with wide repercussions for customers. CSDN itself was given administrative punishment for its lax security

TECHNEWSWORLD
Lulzsec Rears Its Smirking Head In Military Dating Site Attack
While many security professionals breathed a sigh of relief last year after claims that LulzSec had been neutered, it seems as if the celebration might have been premature. The hacker collective claimed responsibility for breaching Militarysingles.com and posting personal information of hundreds of users on Pastebin

PCWORLD
Hacktivism Was The Leading Cause For Compromised Data In 2011, Says Verizon
Verizon analyzed over 800 security breaches from 2011 and found that, while the plurality of cases involved the hope of financial gain, over half of incidents in which data was lost were hacktivist-oriented. Analysts postulate that criminals tend to target the SMB market with focused attacks, while hactivist attacks target large companies and grab whatever they can get their hands on

COMPUTERWORLD
RockYou Settles FTC Charges Related To 2009 Breach
Social gaming company RockYou has settled with the FTC after over two years of investigation. The company was accused of negligently allowing a breach of 30 million passwords and user IDs. Charges also included the allegation that it had violated the Children's Online Privacy Protection Act by collecting the email addresses of over 180,000 minors without parental consent

V3
Hackers Target TicketWeb Customers In Email Database Hack
Ticketmaster's U.K. subsidiary, TicketWeb, had its marketing database stolen last week; the unknown group or individual then mass-mailed TicketWeb customers, asking them to click on a malicious link

COMPUTERWORLD
East African Firms Caught Up In Hacking Spree
African hacking group is under suspicion of launching dozens of attacks against east African government and commercial databases

WIRED
Multitenancy And Cloud Platforms: Four Big Problems
Despite the efficiency and cost benefits of multitenancy, poor implementation can lead to endangering hundreds of customers by being careless with a single point of security

ITWORLD
Rooting Android Phone Bypasses Google Wallet Security; Just One Of Many Remaining Flaws
The Android's SQLite database is easily compromised, leaving the Google Wallet service at the hands of the bad guys.

SUNSHINE STATE NEWS
Jack Latvala, CFO Atwater Battle Over Sale Of Social Security Numbers
Florida is only state that allows the sale of SSNs of residents who are the rightful owners of unclaimed property; licensed private investigators can buy access to the database for a mere $35 per month, but critics say very few subscribers are actually using the database for its intended purpose

VENTUREBEAT
Valve's Gabe Newell Offers Update On Steam Security Breach
Company's co-founder claims the database itself was not compromised, although a backup file with encrypted user information ranging from 2004 to 2008 was probably stolen.

ITWORLD
Microsoft India Store Hacked, User Database Exposed
A little-known Chinese hacking group, EvilShadow Team, has claimed responsibility for what Microsoft is calling a "limited compromise" of its India Store

ITBUSINESSEDGE
Organization Issues Lead Database Security Concerns
According to a new survey by Application Security, failure to properly manage permissions is a greater risk to sensitive data than any sort of malicious attack launched from outside the organization

CIO
Plans To Migrate LAPD To Google's Cloud Apps Dropped
Google and systems integrator Computer Science Corp. were unable to meet the stringent security requirements of the FBI's Criminal Justice Information Systems

HEALTHDATA MANAGEMENT
Laptop Stolen, 1,500 Patients Affected
In another failure of the human-factor of database security, a laptop containing two large databases of patient information was stolen from a clinic at the University of Mississippi

PCWORLD
Dazzlepod Offers Stratfor Customers A Way To Check On Anonymous Hack
Malaysia-based Web development company Dazzlepod has released an online tool designed to check email addresses against a database of compromised addresses so that customers of recently attacked Stratfor can find out if their information was lost

ITPROPORTAL
Rift Developer Trion Worlds Hacked
Trion Worlds, developer of the MMO Rift, has revealed that its entire database, including encrypted passwords, names, dates of birth, and fragmented credit-card data was taken