BreachExchange mailing list archives
Security software firm Omniquad reported for data breach
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Tue, 12 Oct 2010 23:56:42 -0400
http://www.techeye.net/security/security-software-firm-omniquad-reported-for-data-breach Security software firm Omniquad has been criticised and reported for a serious data breach that saw the publication of customer details online. The company, which makes anti-malware and firewall software and is the "NetworkWorld ClearChoice Award winner" for its AntiSpy software, said a glitch in its helpdesk software resulted in the details of its customers broadcasted on the net. Omniquad was keen to point out that the vulnerability was in a third-party software which Omniquad uses to manage helpdesk calls. The exploit published customer log-in details online, but Omniquad said that the information was taken down and the system put offline as soon as the situation was discovered. “This is not a case of negligence on our part. We have acted quickly to fix the situation and notify any customers who may have been put at risk,” said Daniel Sobstel, managing director of Omniquad. “The software has been in place for a few years and this is the first time we have had any kind of problem like this with it.” While Omniquad may not have been negligent, a security company facing a problem like this doesn't instil much faith. If one piece of software has a vulnerability like this, then what potential problems are hidden within the other software? Security software should make customers feel more safe, not risk having their details put online. They're always on about being on the safe side and best practice. Sobstel tried to reassure customers that the majority of them would be unaffected. He said that it would take days to exploit the published data, meaning it was only really a problem for a small number of people. That will be little comfort to those affected. Privacy International was strongly condemnatory of the affair. It reported the company to the Information Commissioner over the incident, while a spokesperson said: “Security and privacy should be at the core of everything they do and that includes carrying out security audits of all third-party software and services they offer.” _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Take CREDANT Technologies short survey on cloud usage and security. Take the survey: http://www.surveymonkey.com/s/TXDR7WT Respond by October 12, 2010. Enter to win a $500(US) Amazon Gift Card.
Current thread:
- Security software firm Omniquad reported for data breach Jake Kouns (Oct 13)