Attacks/Breaches
7/2/2010
09:48 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Six Messy Database Breaches So Far In 2010

From a National Guardsman's external hard drive faux pas to a financial services firm's slack practice of password-sharing, this year has already had its share of shocking database exposures

4. Virginia Beach Department of Social Services

Breach Details: In April The Department of Social Services in Virginia Beach, Va., announced it had fired or disciplined at least eight employees and supervisors in the past year for abusing their database privileges to access restricted information about former employees, family members, and clients. In one egregious example, a supervisor made her employees access a Virginia database to find information about her husband's child.

Lessons Learned: Insider threats to database information are very real, as this example clearly illustrates. While all of the employees involved in these incidents had legitimate access to departmental databases, their use of credentials was for purposes way outside the bounds of their job duties. Robust database activity monitoring tools are the only reliable way for organizations to ferret out account abuse cases on this plane.

5. Florida International University

Breach Details: Though details are sketchy about the exact nature of this breach, what is clear is that Florida International University found the "existence of a database containing sensitive information that did not reside in a secure computing environment" during a risk assessment following an unrelated security incident, according to notification letters sent to nearly 20,000 students and faculty. The unsecure database contained personal data, such as student data related to state mastery standards, grade tracking, assignments, and Social Security numbers of both students and faculty.

Lessons Learned: Not only do databases themselves need to be secured, but so, too, do the systems on which they run and the networks that they're attached to. This means practicing diligent patch and configuration management on database servers, segregating critical databases onto the most secure network segments, and employing the rule of least privilege for these critical database environments.

6. Lincoln National Corp.

Breach Details: In January this financial services firm revealed that lax password management practices and frequent credential-sharing for access to the company's client portfolio database potentially exposed the records of 1.2 million customers. Some shared passwords were used for as long as seven years. The security lapse was not uncovered until an anonymous whistleblower sent Financial Industry Regulatory Authority (FINRA) a user name and password combo that gave access to the portfolio.

Lessons Learned: Password-sharing is one of the most common and potentially damaging behaviors to affect enterprise database security postures. Not only do organizations need to develop and enforce password management policies, they also need a way to look for account use patterns that indicate illegitimate sharing.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1421
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

CVE-2013-2105
Published: 2014-04-22
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

CVE-2013-2187
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

CVE-2013-4116
Published: 2014-04-22
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

CVE-2013-4472
Published: 2014-04-22
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Best of the Web