Attacks/Breaches
3/9/2011
06:24 PM
Jake Widman
Jake Widman
Slideshows
Connect Directly
RSS
E-Mail
50%
50%

10 Massive Security Breaches

They make the news on a regular basis: incidents in which a company or government agency's security is breached, leading to a loss of information, personal records, or other data. There are many ways to measure the size or cost of a security breach. Some result in the loss of millions of data records, some affect millions of people, and some wind up costing the affected businesses a lot of money. Not to mention, the questions of you calculate the value of personal medical information vs. credit
Previous
9 of 11
Next


Somebody at the Oklahoma Department of Human Services left the office in April 2009 with a laptop containing unencrypted client records. They left the laptop in their car, someone broke into the car, and the names, social security numbers, and other sensitive information on about a million Oklahomans went missing. While the data was unencrypted, the laptop itself was password-protected, so the agency deemed the risk of data loss "low."

See Also

Nasdaq Confirms Servers Breached

Online Dating Site Breached

Two Arrested For AT&T iPad Network Breach

Schwartz On Security: First, Know You've Been Breached

100,000 Credit Cards Compromised By Data Breach

Gawker Details Missteps Behind Security Breach

Previous
9 of 11
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6335
Published: 2014-08-26
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and ...

CVE-2014-0480
Published: 2014-08-26
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL ...

CVE-2014-0481
Published: 2014-08-26
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a d...

CVE-2014-0482
Published: 2014-08-26
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors relate...

CVE-2014-0483
Published: 2014-08-26
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.