Home How it works Free Services About Blog
Ultrasaur / Blog / attacks
Ultrasaur Blog

Keeping track of exciting new threats to your digital records.

Posts Tagged ‘attacks’

Physical Locks Break Too

Friday, June 19th, 2009

We don’t regularly follow physical security, but I enjoyed the article (thanks Bruce Schneier). It’s interesting to note that “high security” locks mean that they can stand up for 10 minutes — and according to Marc Weber Tobias, none last more than a few seconds reliably.

But the parallel that I find most interesting is how, as I’m prepping our next demo (where I hack a SharePoint server), is how little original work I had to do. Smarter people than me had already done the legwork, just like regular crooks who use Tobias’ work to bump the lock on your bike. You don’t have to protect your doors & servers against what you can do, but what the sum of the smartest hackers can do.

Side note, I want to buy this laptop just to have the big guy’s computer :)

Tags: , ,
Posted in hackers | No Comments »

Threat distribution by industry

Thursday, June 11th, 2009

Not entirely counter-intuitive, but there’s a new study out showing that different industires suffer data breaches in different proportions (but still suffer them).

The Health Care and Social Assistance sector reported a larger than average proportion of lost and stolen computing hardware, but reported an unusually low proportion of compromised hosts. Educational Services reported a disproportionally large number of compromised hosts, while insider conduct and lost and stolen hardware were well below the proportion common to the set as a whole. Public Administration’s proportion of compromised host reports was below average, but their proportion of processing errors was well above the norm. The Finance and Insurance sector experienced the smallest overall proportion of processing errors, but the highest proportion of insider misconduct. Other sectors showed no statistically significant difference from the average, either due to a true lack of variance, or due to an insignificant number of samples for the statistical tests being used.

Source: Interhack (Full study as a PDF)

Tags: , , ,
Posted in hackers | No Comments »

“I have your s**t! In my possession”

Wednesday, May 6th, 2009

According to a claim at WikiLeaks, a hacker has taken “8,257,378 patient records and a total of 35,548,087 prescriptions” from the Virginia Health Professions Database (website is down).

Any intrusion should call the current records into question (we often talk about what could happen if a hacker changes your financial documents, but a bad prescription can kill).

The hacker claims:

Also, I made an encrypted backup and deleted the original.

However, according to the Washington Post:

Sandra Whitley Ryals, director of the Department of Health Professions, said in a statement Wednesday that the program’s computer system has been shut down since last Thursday’s breach, but all data was backed up and those files have been secured.

Tags: , ,
Posted in events, hackers | 1 Comment »