Data Loss Database Blog

0 CommentsOpen Security Foundation - Advisory Board - Call for Nominations

2010-02-12 by jkouns

The Open Security Foundation (OSF) is an internationally recognized 501(c)(3) non-profit public organization seeking senior leaders capable of providing broad-based perspective on information security, business management and fundraising to volunteer for an Advisory Board. The Advisory Board will provide insight and guidance when developing future plans, an open forum for reviewing community feedback and a broader view when prioritizing potential new services.

OSF was founded in 2004 and ...

(read more...)

0 CommentsOpen Security Foundation - State of the Union 2010

2010-02-06 by jkouns

The Open Security Foundation (OSF) has grown from a humble beginning in 2004 to an internationally recognized 501(c)(3) non-profit public organization. Through the work of a small team of dedicated information security enthusiasts, the Open Source Vulnerability Database (OSVDB) and DataLossDB projects have provided organizations of all sizes with the knowledge and resources to accurately detect, protect and mitigate information security risks. OSF research is often cited throughout the securi...

(read more...)

4 CommentsWhere did the breach go?

2010-01-07 by d2d

Where on earth did the breach go? We've asked ourselves, we've asked others, and we've been asked by many.

The simple answer is, we don't know! It could be anything, really, that has caused the dramatic decline in reported data loss incidents in 2009. Here are a few ideas:

• The decline is media related. Data breaches are 'passé'.
• Organizations are implementing better security.
• Organizations aren't reporting incidents.
• Solar Flares

None of these, with the exc

...

(read more...)

0 CommentsHappy Holidays, New Year, etc

2009-12-22 by d2d

What does the coffee shop, the mall, the discount super center, the grocery store, the post office, the laundromat, and your favorite local restaurant have in common?

Aside from a fundamental desire to part you from your money, they also are a common stopping point on the way home from work, or while out shopping. This week and next, think about your data while you get that double mocha latte, or run in for a last-minute holiday gift. Leave the laptop someplace safe (not in the back

...

(read more...)

3 CommentsWhen Reporters Go Looking For Data Breaches...

2009-12-15 by d2d

They often find them, and usually get a complimentary legal threat or outright lawsuit to go with it.

Recently, a Minnesota Public Radio reporter went digging, and indeed found records exposed. The records in question were I-9 processing forms held by Texas-based Lookout Services. The undisputed truth seems to end about there. The reporter wrote about the incident, and the attention the incident stirred caused the entire state of Minnesota to stop using Lookout Services for I-9 verificati

...

(read more...)

9 CommentsFederal Data Breach Bill (H.R. 2221) Passes House

2009-12-09 by d2d

Yesterday, for the first time ever, a data breach notification bill actually came to a vote in the United States Congress. The House of Representatives passed by voice vote H.R. 2221, the Data Accountability and Trust Act. This bill and others have been introduced many times over the past several sessions of Congress, but unlike other similar bills and this bills' predecessors, H.R. 2221 not only came out of committee, but was voted on and passed.

This bill is similar in nature to multiple

...

(read more...)

3 CommentsAccording to OSF... nothing. (was re: try asking us first)

2009-11-16 by Lyger

On occasion, we look for news related to things other than data loss events. Press releases veiled as "news" are a frequent treasure chest of (not so) great information, so we often use detailed and complicated techniques to make sure we have as much information as we can gather about... Open Security Foundation and DataLossDB. In other words, YES, WE GOOGLE OURSELVES. Oh, don't be shocked. You "ego surf" yourselves too. Admit it.

The Sixth Annual Gibbs Golden Turkey Awards - "Accordin

...

(read more...)

4 CommentsHas "Data Loss" Jumped The Shark?

2009-10-13 by Lyger

For those who aren't familiar with it, the phrase "jump the shark" originates with an episode of the American TV series "Happy Days", where one of the primary characters, Fonzie, literally (at least in the show) jumps over a shark while on water skis. The episode was designed as a desperate attempt to draw in viewers since the overall content of the show had become rather, well, "bleh". Things were never the same after that episode, and it was generally concluded that once Fonzie "jumped th...

(read more...)

2 CommentsHaving "fun" with the Data Set

2009-09-25 by d2d

We recently had an inquiry regarding whether or not we could store more details about certain breaches, specifically the type of Hack (for hacked breaches) that was used, or the application that ended up being breached. Neat ideas, of course, and we've considered them ourselves on several occasions, given that we have OSVDB as our sister project. We've always wanted to use both, or tie them together, however, we run into some issues in doing so. One big one is that we rarely know the cause

...

(read more...)

0 CommentsResults of Mangle-A-Thon 2009

2009-09-23 by d2d

Mangle-A-Thon 2009 went very well. In addition to some 20 or so primary sources matched, volunteers managed to improve the "complete-ness" of OSVDB by over a tenth of a percent. Doesn't sound like much, but with over 58 thousand vulnerabilities in that database, a tenth of a percent is a huge help.

An enormous "Thank You!" to all those who came and helped out. You did a service to the entire industry by lending your time. Another enormous "Thank You!" to Midnight Research Labs Boston for

...

(read more...)