1 CommentsOpen Security Foundation Launches New Cloud Security Project
The Open Security Foundation, providing independent, accurate, detailed, current, and unbiased security information to professionals around the world, announced today that it has launched Cloutage (cloutage.org) that will bring enhanced visibility and transparency to Cloud security. The name Cloutage comes from a play on two words, Cloud and Outage, that combine to describe what the new website offers: a destination for organizations to learn about cloud security issues as well as a complete ...3 CommentsJCPenney has dodged a huge bullet... until now.
Now being reported in the mainstream media, JCPenney was "Company A" in the recently infamous Albert Gonzalez trial. In court filings, we found some attachments that seem to have been a convincing factor in the judges decision to unseal the identity of "Company A", a.k.a JCPenney. JCP fought hard to keep its identity concealed, but ultimately it would seem that these attachments, as well as some reporting by Evan Schuman made the difference.
Attachment A, filed in document 14 of the case (f
...5 CommentsCourt Says Posting PII Online is Cool -- First Amendment Cool
I'm going to have to apologize in advance for the extreme use of ellipses here. I'm frankly confused as can be over this blog post, and the result is aggressive punctuation.
In what seems to be one of the most ridiculous situations we've read about recently, the Richmond Times reports that a U.S. District Court judge has ruled that a woman posting Social Security numbers of government workers online was, well... *cough*... *pains me to type this*...protected by the First Amendment. Yes... p
...0 CommentsFringe Incidents
Since the database's inception, we have added incidents based on specific criteria and omitted incidents that didn't quite fit that criteria. The criteria has traditionally been:
0 CommentsOpen Security Foundation - Advisory Board - Call for Nominations
The Open Security Foundation (OSF) is an internationally recognized 501(c)(3) non-profit public organization seeking senior leaders capable of providing broad-based perspective on information security, business management and fundraising to volunteer for an Advisory Board. The Advisory Board will provide insight and guidance when developing future plans, an open forum for reviewing community feedback and a broader view when prioritizing potential new services.0 CommentsOpen Security Foundation - State of the Union 2010
The Open Security Foundation (OSF) has grown from a humble beginning in 2004 to an internationally recognized 501(c)(3) non-profit public organization. Through the work of a small team of dedicated information security enthusiasts, the Open Source Vulnerability Database (OSVDB) and DataLossDB projects have provided organizations of all sizes with the knowledge and resources to accurately detect, protect and mitigate information security risks. OSF research is often cited throughout the securi...4 CommentsWhere did the breach go?
Where on earth did the breach go? We've asked ourselves, we've asked others, and we've been asked by many.
The simple answer is, we don't know! It could be anything, really, that has caused the dramatic decline in reported data loss incidents in 2009. Here are a few ideas:
None of these, with the exc
...0 CommentsHappy Holidays, New Year, etc
What does the coffee shop, the mall, the discount super center, the grocery store, the post office, the laundromat, and your favorite local restaurant have in common?
Aside from a fundamental desire to part you from your money, they also are a common stopping point on the way home from work, or while out shopping. This week and next, think about your data while you get that double mocha latte, or run in for a last-minute holiday gift. Leave the laptop someplace safe (not in the back
...3 CommentsWhen Reporters Go Looking For Data Breaches...
They often find them, and usually get a complimentary legal threat or outright lawsuit to go with it.
Recently, a Minnesota Public Radio reporter went digging, and indeed found records exposed. The records in question were I-9 processing forms held by Texas-based Lookout Services. The undisputed truth seems to end about there. The reporter wrote about the incident, and the attention the incident stirred caused the entire state of Minnesota to stop using Lookout Services for I-9 verificati
...9 CommentsFederal Data Breach Bill (H.R. 2221) Passes House
Yesterday, for the first time ever, a data breach notification bill actually came to a vote in the United States Congress. The House of Representatives passed by voice vote H.R. 2221, the Data Accountability and Trust Act. This bill and others have been introduced many times over the past several sessions of Congress, but unlike other similar bills and this bills' predecessors, H.R. 2221 not only came out of committee, but was voted on and passed.
This bill is similar in nature to multiple
...