Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking
    • Storage

    SSL Security, Botnets, Health Care Data Breach Topped Week’s Security News

    By
    Fahmida Y. Rashid
    -
    September 11, 2011
    Share
    Facebook
    Twitter
    Linkedin

      The week’s biggest data breach news had nothing to do with Anonymous or any other online group. Instead, Stanford University’s hospital confirmed that a spreadsheet containing 20,000 patient records had been posted onto a commercial Website.

      In this incident, an employee of a third-party service provider to the hospital posted the entire patient information spreadsheet to a Website in search of help on creating bar graphs. This is a remarkable, yet telling example of what can go wrong if employees are not trained to be privacy conscious.

      As organizations increasingly share sensitive data with partners and contractors, it’s critical that IT administrators implement strong security controls internally and demand their third-party providers to do the same.

      Meanwhile, the fallout from the hacking of Dutch certificate authority DigiNotar continues, as major browser makers revoked the compromised company’s root certificates. Microsoft removed the root certificates from all supported versions of Windows so that Internet Explorer and other programs won’t allow users to access sites with an SSL certificate signed by DigiNotar.

      Mozilla followed suit, but went one step further by demanding that all other CAs audit their systems, especially after reports that other certificate authorities may also have been compromised.

      Google moved quickly to update Chrome, and Opera Software has followed suit. Apple on Sept. 9 finally released its Mac OS X update to protect Safari users. Adobe also removed DigiNotar’s Qualified CA certificate from the Adobe Approved Trust List, protecting Adobe Reader and Adobe Acrobat versions 9 and X.

      Highlighting the fragility of the infrastructure powering the Internet, Turkish attackers breached a European DNS provider and modified the Domain Name System records for several major Websites, including the United Kingdom newspapers The Register and the Daily Telegraph.

      Even though there’s been a lot of talk by domain owners and DNS providers about the necessity of deploying the security protocol DNSSEC to protect domains, researchers pointed out that this wouldn’t have stopped the attackers, since the orders to redirect the sites came from the actual DNS provider. It underscores the importance of securing Websites from basic issues such as SQL injection because attackers will always go after the lowest hanging fruit instead of sophisticated exploits.

      Microsoft announced a small Patch Tuesday release for September, with only five bulletins, none of which was rated “critical.” The company accidentally released the final bulletins detailing the vulnerabilities fixed on Sept. 9, four days too early, but managed to keep the links to the patches inactive.

      The bulletins have been yanked, but researchers at SANS Institute are concerned that some of the bugs are misclassified and should have been ranked “critical.” The actual Patch Tuesday updates are expected to be released on Sept. 13.

      Cyber-criminals continue to rely on botnets to push out their malicious operations, and SpyEye was the most dominant in the first half of 2011, according to a report released Sept. 7. The researchers speculated that SpyEye’s dominance could be the result of the merger with the Zeus Trojan, and speculated even bigger activity now that a version of the toolkit is readily available online.

      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×