BreachExchange mailing list archives
Re: usajobs.gov Compromised (due to Monster)
From: Catalin Ghercoias <catalin.ghercoias () gmail com>
Date: Tue, 17 Feb 2009 22:01:30 -0500
I apologize upfront for being blunt, but I've been reading these emails for quite some time yet I have to see some action taken. I have not heard or seen major action law suits or any other type of action taken against the real people who are to be blamed for all these issues. You know who I am talking about -- I am referring to all those incompetent IT directors, sloppy IT Managers, good for nothing IT Operations Managers/Directors, CIO/CTO politicians and last but not least system administrators, programmers, coders, etc. who do not care about the security of their applications. I am talking about those who decided at some point in time not to encrypt the customer data, not to secure comunications with their credit processor/bank, not to establish site to site or point to point connections with their most sensitive sites and offices that carry sensitive and confidential data, not to obey HIPAA, PCI, SOX, etcetera or ... you fill in the blanks here...... These days there are so many solutions (free or not free) to secure and encrypt the data to protect it from attackers -- be it inside or outside -- to block access to people that do not have a need to access sensitive data or simply block a freakin' USB port, that I don't even need to mention here. I would like to hear and see some names made public and some action taken against those people and I'm sure there are others as well that would like to see this. I am saying this because I believe there are still smart people on this list and elsewhere who can take charge and get things straight in this country. I don't want to blame those people who do their jobs right, just I really don't believe that these companies that got hacked recently and in the past (like TJX) have changed anything in their systems (or very little) and the same directors and managers are still in place getting big bonuses and enjoying their vacation houses and boats, while average Joe and Jane has to fight to clean his/her credit report because some hacker stole his identity and they lost pretty much all they've had. Let's get some justice done here people! -- Regards, ___________________________ Catalin Ghercoias, catalin.ghercoias () gmail com On Tue, Feb 17, 2009 at 8:08 PM, security curmudgeon <jericho () attrition org>wrote:
http://www.usajobs.gov/securityNotice.asp Attention USAJOBS Users As is the case with many companies that maintain large databases of information, our technology provider (Monster), often is the target of illegal attempts to access and extract information from its database. We recently learned that the Monster database was illegally accessed and certain contact and account data were taken, including user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. The information accessed does not include resumes. The accessed information does not include - sensitive data such as social security numbers or personal financial data. As a further precaution, we want to remind you that an email address could be used to target "phishing" emails. USAJOBS will never send an unsolicited email asking you to confirm your username and password, nor will Monster ask you to download any software, "tool" or "access agreement" in order to use your USAJOBS account. In order to help assure the security of your information, you may soon be required to change your USAJOBS password upon logging onto the site. Please follow the instructions on the site. We would also recommend you proactively change your password yourself as an added precaution. We regret any inconvenience this may cause you, but feel it is important that you take these preventative measures. We continue to devote significant resources to ensure USAJOBS (Monster) has security controls in place to protect our infrastructure and stakeholders information. We hope that these efforts are helpful, and continue to allow users to defend themselves against similar attacks. Mary Volz-Peacock Program Director USAJOBS _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss
Current thread:
- usajobs.gov Compromised (due to Monster) security curmudgeon (Feb 17)
- Re: usajobs.gov Compromised (due to Monster) Catalin Ghercoias (Feb 17)