BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

SEC left stocks data vulnerable to hackers: Report

From: security curmudgeon <jericho () attrition org>
Date: Sat, 10 Nov 2012 22:11:55 -0600 (CST)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.cbsnews.com/8301-205_162-57547502/sec-left-stocks-data-vulnerable-to-hackers-report/

CBS News
November 9, 2012

WASHINGTON -- Securities and Exchange Commission staffers left 
highly-sensitive information from stock exchanges open to hacking and 
cyber-attacks because they didn't adequately protect the security of some 
computers and other electronic devices, according to Reuters, citing 
people familiar with what happened.

The new agency's sources added that there were no signs that any hacking 
or spying occurred.

The devices "belonged to a handful of employees in an office within the 
SEC's Trading and Markets Division. That office is responsible for making 
sure exchanges follow certain guidelines to protect the markets from 
potential cyber threats and systems problems," Reuters says.

Some of them even brought the devices to a Black Hat conference, where 
experts get together to talk about the latest trends in hacking. It wasn't 
clear why the staffers did that, Reuters says.

The lapses are spelled out in a report that SEC Interim Inspector General 
Jon Rymer hasn't released yet, Reuters reports.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: