Editor's News

Rumours circulated last night that the 145 million eBay records were available for sale for around £450.   A pastebin statement claimed to have the “full eBay database dump with 145, 312, 663 unique records” and asked for 1.453 in Bitcoin. The seller did not respond to an email sent by IT Security Guru.   Analysis by Kenn White, Rapid7 and Per Thorsheim determined the database to be fake, and eBay also confirmed that it...

The next challenge for eBay could be the California Online Privacy Protection Act (OPPA).   The San Jose headquarted company could face the wrath of the California privacy enforcer over the massive hacking and potential data breach, which has seen 145 million user records potentially breached.   The 2003 California act, approved under the governance of Arnold Schwarznegger, details of the duty of Attorney General require that they “work with companies on privacy trends and offers...

99 per cent of companies have employees who use eBay, and therefore their companies could be at risk.   According to research from Skyhigh Networks, the average Fortune 2000 Company has approximately 15,800 employees using eBay and as employees access the website from work, this could have significant security consequences for business.   Charlie Howe, Skyhigh Networks EMEA director, said that a breach which affects 145 million people has to have an impact on businesses,...

Around 145 million user records were affected in the eBay breach in what could be the second biggest breach in history at a US company.   According to Reuters, the attackers copied ‘a large part’ of that database and this is the second biggest breach for a US company since the Adobe breach of around 152 million user accounts last October.   While eBay spokesperson Amanda Miller told Reuters that passwords were encrypted claimed that...

ProofPoint is to acquire NetCitadel to add incident response capabilities to its product and service offering.   With a figure of $24 million (£14 million) reported by ProofPoint, the deal will extend the reach and capabilities of Proofpoint’s existing advanced threat solutions, adding additional threat verification and containment capabilities via an open platform that unifies products from Proofpoint and other vendors.   Steele, chief executive officer of Proofpoint, said: “Loss of customer records and other...

Businesses should open their own vulnerability research centres, according to Microsoft.   According to The Register, Microsoft's Jeremy Brown said that the opening of the Microsoft Vulnerability Research (MSVR) team and centre in 2008 allowed Microsoft security researchers to safely report bugs and vulnerabilities they found in third-party software in a bid to shore up the security ecosystem of the wider internet and by extension, the company's infrastructure.   Brown recommended businesses open their own...

Internet auction website eBay has instructed users to change their passwords after it admitted to suffering an attack in February.   According to a statement published on its corporate website, company said it has no evidence of the compromise “after conducting extensive tests on its networks”, but there was no evidence that financial or credit card information had been accessed as this “is stored separately in encrypted formats”.   However, eBay’s 112 million users will...

As most code is derived from code bases, if you only test your own code, you are missing a large part of the attack surface.   Speaking to IT Security Guru, Chris Eng, vice president of security research at Veracode, suggested that most software is not written entirely from scratch; only ten per cent of code is, and 90 per cent comes from other libraries and products, such as OpenSSL for example.   Eng said...

There is a global distrust of passwords, as 97 per cent of IT professionals think they make their systems vulnerable to attack.   The research of 300 attendees at Infosecurity Europe found that 97 per cent said that they know that passwords make their systems vulnerable and pose a serious risk when accessing web applications, and yet we still use weak, static passwords for business critical applications, despite 66 per cent of IT professionals saying that...

Almost 90 per cent of businesses believe that the threat of privileged users will increase in the next two years.   According to a Ponemon Institute report, 88 per cent of 693 respondents believed that the risk of privileged user abuse will increase or stay the same in the next 12-24 months, while 69 per cent of respondents do not believe their organisations have the ability to identify an insider threat before it’s too late.  ...