BreachBytes

Yesterday we reported on a breach involving 4.2 million credit card numbers at an unnamed retailer. Turns out the retailer is Hannaford Bros. grocery stores. The AP is reporting on the story but has little detail beyond what was available yesterday. Although this is not a breach at the TJX level, the compromise of 4.2 million customer credit card numbers is nothing to take lightly.

Just when it started to seem that 2008 was going to be a better year than 2007 for data breaches, the Massachusetts Banking Association is notifying its members of a major data breach at an unnamed retailer. Boston Business Journal is reporting on the breach. According to the article, between 60 and 70 banks have been contacted by Visa and Mastercard. As of this time the retailer involved has not been named , although this is sure to change very soon. This smells of last year’s well-documented TJX breach and subsequent fallout. It remains to be seen if this story will pick up steam like TJX did, but if the retailer is a well-known company it could well be TJX2. From the article:

“The MBA estimates that hundreds of thousands of credit and debit cards owned by consumers in Massachusetts and northern New England states could be affected, and it is urging consumers to monitor their accounts,” the statement said.

We will follow up on this story as more details emerge.

According to SC Magazine Australia, MTV experienced a breach compromising the confidential information of over 5,000 employees.

…it appears an employee may have fallen victim to a social engineering trick that allowed a trojan to be installed on his or her machine.”

Interestingly, more and more breaches are as a result of tactics to dupe unsuspecting employees with access to corporate credentials as is the case with this latest breach.

Incident response (IR) is a critical responsibility for network security analysts and system administrators. Anyone operating a network should have an incident response plan in place so that when a network breach occurs everyone involved knows their roles and responsibilities. If a plan is not in place (or nearly as bad, the employees have not been trained to execute the plan) a simple incident can quickly be blown out of proportion and cause damage to the reputation of the organization and its employees.

To most people, IR means a call to action when a new threat emerges or the network is breached (broken in to). Most people think of IR solely in this capacity but responding to an event or incident is too complex to lump into a single category. This article extends the IR concept by breaking the traditional “response” component into three separate areas:

1. Response: the initial set of actions taken by system administrators and security analysts to asses the situation and stop the incident from spreading.
2. Recovery: this step involves getting effected machines back online and returning to regular operations.
3. (Public) Relations: even after the incident is contained and corrected, there may be PR fallout from the incident. This step is overlooked almost universally.

Read the rest of this entry »

Our company Packet Analytics will be exhibiting at the 2008 InfoSec World Conference & Expo. You can see live demonstrations of the Net/FSE software and there will be a drawing for an iPod Touch. If you will be attending the conference be sure to stop by booth 414 and say ‘Hi’ and enter the drawing!