jump to navigation

“Bow-Chicka-Bow-Wow!” – Privacy Failure of Photobucket Can Make You a Porn Star! August 13, 2012

Posted by Chris Mark in cybersecurity, Data Breach.
Tags: , , , , , , ,
add a comment

For those who like to use the popular photo sharing site Photobucket to share (ahem)..”private” pictures may want to take action immediately.  According to an article on CNN, a privacy flaw in the way Photobucket allows users to share photos resulted in hackers gaining access to numerous R rated and even explicit photos of users.  Photobucket allows users to share photos using direct links.  This means that even if the user does not intend to share a photo, if a person can deduce the URL then the unencrypted file can be directly accessed.   This is a hack known as “Fuscking” and it has been used to access numerous files.  (more…)

“August 2012 TransactionWorld Magazine” – Chris & Heather Mark’s Articles August 13, 2012

Posted by Chris Mark in cybersecurity, Data Breach, Industry News.
Tags: , , , , , , , ,
add a comment

Chris and Heather Mark both have articles in the August 2012 issue of TransactionWorld Magazine.  Chris’ is titled: “The Impact of the Fortress Mentality  & Today’s Compliance Strategies” while Heather’s is titled: “After the Compromise; Security Incident Response and Mitigating the Damage”

One note.  I apparently forgot to update my bio with the Editor in Chief so the article erroneously references me as the Executive Vice President of Data Security and Compliance for a payment processor.  You can visit Mark Consulting Group at the following: www.MarkConsultingGroup.com

“…our own policies were not followed…”; Apple and Amazon Hacks August 8, 2012

Posted by Chris Mark in Data Breach, InfoSec & Privacy.
Tags: , , , , , , , , , ,
2 comments

This past week, tech writer Matt Honan (of Wired) had his Amazon and Apple accounts hacked and his “…digital life destroyed”.  You can read his first hand account here.  The hacker did not use any special technology rather was able to hack the accounts using a basic social engineering and knowledge of who the systems worked.  Here is a description of the hack from CNN.com:

“At the heart of his story is a dangerous blind spot between the identity verification systems used by Amazon and Apple, two of the tech industry’s most popular vendors.

Like many people, Honan has a variety of email addresses. Several of them can be easily tracked down by anyone hunting around online. The hacker who went after Honan found his @me.com address — a tip-off that Honan had an AppleID account. (more…)

“The Fortress Mentality & Data Compromises” – Chris & Heather Mark in August 2012 TransactionWorld Magazine July 31, 2012

Posted by Chris Mark in cybersecurity, Data Breach.
Tags: , , , , , , , , ,
add a comment

This month’s TransactionWorld magazine includes an article by me (Chris Mark) titled: “The Impact Of the Fortress Mentality and Today’s Compliance Strategies”.  The article discusses, among other things, the Global Payments breach, PCI DSS compliance, and provides an overview and opinion on today’s focus on compliance with static standards as opposed to risk based information security.  One important note. I neglected to send an updated BIO to the editor so it still references my position at ProPay.  I have not worked at ProPay for over a year 😉  You can read more about my company Mark Consulting Group at www.MarkConsultingGroup.com.

Heather Mark is also in this month’s TransactionWorld with an article titled: “After the Compromise: Incident Response Plans and Mitigating the Damage”  Heather speaks about data compromises and provides good insight into strategies companies can employ to minimize the impact of such breaches.

Oil Giants Hacked by Anonymous in “Save the Arctic Phase2” July 16, 2012

Posted by Chris Mark in Data Breach, Industry News.
Tags: , , , , , , , , ,
add a comment

According to CyberWarNews.com Anonymous set its sites on oil giants Shell, BP, Gazprom, and Rosneft in what has been dubbed “Save the Arctic Phase 2”.  This comes on the heels of phase one in which account details including administrator accounts, passwords and other server info was stolen from Exxon and released.

According to the messages posted on pastebin, the account were used to sign the petition on savethearctic.org and, more disturbingly, for phishing attacks.  Hacktivism is a growing concern for all companies.  Whether it be to combat the perceived unfair distribution of wealth of capitalism, support of US defense industry, or environmental issues, hacktivists are increasingly active against corporations.

%d bloggers like this: