0 CommentsOpen Security Foundation - Advisory Board - Call for Nominations
The Open Security Foundation (OSF) is an internationally recognized 501(c)(3) non-profit public organization seeking senior leaders capable of providing broad-based perspective on information security, business management and fundraising to volunteer for an Advisory Board. The Advisory Board will provide insight and guidance when developing future plans, an open forum for reviewing community feedback and a broader view when prioritizing potential new services.0 CommentsOpen Security Foundation - State of the Union 2010
The Open Security Foundation (OSF) has grown from a humble beginning in 2004 to an internationally recognized 501(c)(3) non-profit public organization. Through the work of a small team of dedicated information security enthusiasts, the Open Source Vulnerability Database (OSVDB) and DataLossDB projects have provided organizations of all sizes with the knowledge and resources to accurately detect, protect and mitigate information security risks. OSF research is often cited throughout the securi...4 CommentsWhere did the breach go?
Where on earth did the breach go? We've asked ourselves, we've asked others, and we've been asked by many.
The simple answer is, we don't know! It could be anything, really, that has caused the dramatic decline in reported data loss incidents in 2009. Here are a few ideas:
None of these, with the exc
...0 CommentsHappy Holidays, New Year, etc
What does the coffee shop, the mall, the discount super center, the grocery store, the post office, the laundromat, and your favorite local restaurant have in common?
Aside from a fundamental desire to part you from your money, they also are a common stopping point on the way home from work, or while out shopping. This week and next, think about your data while you get that double mocha latte, or run in for a last-minute holiday gift. Leave the laptop someplace safe (not in the back
...3 CommentsWhen Reporters Go Looking For Data Breaches...
They often find them, and usually get a complimentary legal threat or outright lawsuit to go with it.
Recently, a Minnesota Public Radio reporter went digging, and indeed found records exposed. The records in question were I-9 processing forms held by Texas-based Lookout Services. The undisputed truth seems to end about there. The reporter wrote about the incident, and the attention the incident stirred caused the entire state of Minnesota to stop using Lookout Services for I-9 verificati
...9 CommentsFederal Data Breach Bill (H.R. 2221) Passes House
Yesterday, for the first time ever, a data breach notification bill actually came to a vote in the United States Congress. The House of Representatives passed by voice vote H.R. 2221, the Data Accountability and Trust Act. This bill and others have been introduced many times over the past several sessions of Congress, but unlike other similar bills and this bills' predecessors, H.R. 2221 not only came out of committee, but was voted on and passed.
This bill is similar in nature to multiple
...3 CommentsAccording to OSF... nothing. (was re: try asking us first)
On occasion, we look for news related to things other than data loss events. Press releases veiled as "news" are a frequent treasure chest of (not so) great information, so we often use detailed and complicated techniques to make sure we have as much information as we can gather about... Open Security Foundation and DataLossDB. In other words, YES, WE GOOGLE OURSELVES. Oh, don't be shocked. You "ego surf" yourselves too. Admit it.The Sixth Annual Gibbs Golden Turkey Awards - "Accordin
...4 CommentsHas "Data Loss" Jumped The Shark?
For those who aren't familiar with it, the phrase "jump the shark" originates with an episode of the American TV series "Happy Days", where one of the primary characters, Fonzie, literally (at least in the show) jumps over a shark while on water skis. The episode was designed as a desperate attempt to draw in viewers since the overall content of the show had become rather, well, "bleh". Things were never the same after that episode, and it was generally concluded that once Fonzie "jumped th...2 CommentsHaving "fun" with the Data Set
We recently had an inquiry regarding whether or not we could store more details about certain breaches, specifically the type of Hack (for hacked breaches) that was used, or the application that ended up being breached. Neat ideas, of course, and we've considered them ourselves on several occasions, given that we have OSVDB as our sister project. We've always wanted to use both, or tie them together, however, we run into some issues in doing so. One big one is that we rarely know the cause
...0 CommentsResults of Mangle-A-Thon 2009
Mangle-A-Thon 2009 went very well. In addition to some 20 or so primary sources matched, volunteers managed to improve the "complete-ness" of OSVDB by over a tenth of a percent. Doesn't sound like much, but with over 58 thousand vulnerabilities in that database, a tenth of a percent is a huge help.
An enormous "Thank You!" to all those who came and helped out. You did a service to the entire industry by lending your time. Another enormous "Thank You!" to Midnight Research Labs Boston for
...