FTC Warns 100 Organizations of Data Breaches

[JMcEntegart]

The FTC yesterday said that it had notified just under 100 organizations thought to be affected by a widespread data breach.

FTC Warns 100 Organizations of Data Breaches : Read more

 

[JohnnyLucky]

Does a week go by without news of some sort of security breach or hacking? It starting to sound as if it is business as usual. is there nothing that can be done to stop it?

 

[enderwiggen]

Get people to stop using 12345 or password as their password would be a nice start.

 

[redplanet_returns]

[citation][nom]enderwiggen[/nom]Get people to stop using 12345 or password as their password would be a nice start.[/citation]

and password as a password is not a password!

 

[batkerson]

The first thing anyone should do is remove the "admin" or "administrator" user name and replace it with something difficult that is unrelated to the business or to the word "administrator". (e.g., "boss" is not a good replacement). I'm constantly amazed how many companies, not to mention people, leave the "admin" user as "admin". That's getting the would-be hacker half way to breaching your security.
My 2 cents. . .

 

[muffins]

12345? thats amazing, I've got the same combination on my luggage!

 

[dmoney_07]

What's with all the comments about username/password complexity. Security breaches are usually the result of a software exploit. Even with complex credentials, anit-virus software, host intrusion protection, network intrusion protection, or any other security solutions there will still be breaches. The reason for the increase in security breaches is just a reflection of the times. Criminals have found that stealing protected confidential information is a nice way to make a profit.

 

[babybeluga]

[citation][nom]redplanet_returns[/nom]and password as a password is not a password![/citation]

password12345, noob. You have to combine letters and numbers now!

 

[Shadow703793]

lol, now call me paranoid eh? My passwords consist of 5 numbers 5 symbols and 7 letters (not a real word ). And has password attempt limitations . And I never use the same password for everything either.

 

[CoderDunn]

[citation][nom]muffins[/nom]12345? thats amazing, I've got the same combination on my luggage![/citation]

lmao Mel Brook's Space Balls, I love that movie

"They've gone plaid!"

 

[neiroatopelcc]

[citation][nom]JohnnyLucky[/nom]Does a week go by without news of some sort of security breach or hacking? It starting to sound as if it is business as usual. is there nothing that can be done to stop it?[/citation]
Sure. Educate the users would be a start. But it's not that simple in reality. It costs money to create security, and it costs more to maintain it. On top of that it requires some amount of attention from the users, which at worst won't even want to know anything about it.
So there are two major obstacles with security. 1) people can't be bothered (it is a complex subject and even more so to untrained personnel) and 2) it costs money and doesn't generate any. My boss (IT boss in a company with approx 450 employees and a bit over 20.000 people passing thru the oracle database every year) has the stance that security must not cost more than it does not to have it. In other words we don't want data redundancy if it costs more than downtime would, and we don't need more network security than the estimated worth of what's accessible. And in fact most of our security systems are focused on keeping our own users out of the system where possible, but not nessecarily stop virus outbreaks or outside interference.

Anyhow, these letters here are sent to companies running p2p software right? that means companies where the users have installed and are running such software knowingly. You can't protect against that except by designing your internal policies so or remove the users who do it. No matter the firewall and protocol inspectors you cannot block people from using p2p. They could essentially just run their p2p trafic thru an encrypted proxy like internet cloaker. You can never protect against employees or customers who knowingly and willingly attempt to circumvent or disregard security. You can only be reactive to those events.