The Glider

There have been an alarming number of breaches of late. Not to be outdone, TripAdvisor announced today that they were breached as well and that email addresses (at least) had been compromised.

From C|Net

If you use TripAdvisor you may soon be getting more spam. The travel site told customers in an e-mail today that someone had breached its network and stolen e-mail addresses for an undisclosed number of its members.
“This past weekend we discovered that an unauthorized third party had stolen part of TripAdvisor’s member email list,” Steve Kaufer, co-founder and chief executive, wrote in the e-mail.

I would imagine that it will be a while before we hear that full story as undoubtedly law enforcement is involved.

Article Link

(Image used under CC from virtualphotographystudio)

Plentyoffish CEO: We Were Hacked, Almost Extorted – So I Emailed The Hacker’s Mom
http://techcrunch.com/2011/01/31/plentyoffish-ceo-we-were-hacked-almost-extorted-so-i-emailed-the-hackers-mom/

Security researcher Chris Russo who disclosed the issue to the Plenty of Fish staff made a video of himself doing the “hacking” and posted it to YouTube. This is what nasty SQL Injection looks in the wild:

http://www.youtube.com/watch?v=7RBYkk5Vq4M

Meanwhile, Russo, who describes himself as a bona fide security researcher, says he and his team only discovered a security vulnerability in the online dating site, that hackers were already exploiting the hole, and that he merely reported it to Frind and co in good faith … Frind says Russo and his team were attempting to extort him.

More Reading Here

It appears that Vodafone had a rough go of things over the weekend. Apparently a ne’er do well breached their ‘secure’ customer database. No news as to the extent of the damage as a result.

From Australian Broadcasting Corp:

Vodafone chief executive, Nigel Dews, says he became aware the password to the online portal had been shared when the company was tipped-off on Saturday by a newspaper reporter.

He says an internal investigation is underway to work out who breached the system and how.

Passwords will also be reset.

Mr Dews says a full report will be delivered to him on Monday, but at this stage, he does not believe it is a widespread problem.

What I find interesting is the amount of effort that the company says that it will dedicate to changing passwords as opposed to tackling the root of the issue.

The details are reportedly accessible from any computer because they are kept on an internet site rather than Vodafone’s internal system.

Um, whut? It will be interesting to see if the report, due today, will ever be shared with the media. To be entirely honest I really doubt that it will see daylight.

Article Link

(Image used under CC from ktpupp)

I have ranted about people placing blind trust in social networking sites and SaaS providers that host email et cetera. Here is a lesson in what can happen when things go wrong…and creepy.

From Gawker:

David Barksdale, a 27-year-old former Google engineer, repeatedly took advantage of his position as a member of an elite technical group at the company to access users’ accounts, violating the privacy of at least four minors during his employment, we’ve learned. Barksdale met the kids through a technology group in the Seattle area while working as a Site Reliability Engineer at Google’s Kirkland, Wash. office. He was fired in July 2010 after his actions were reported to the company.

Google did the right thing in canning this guy but, why was no one minding the store?

Read on for the full article.

Article Link

(Image used under CC Philipp Lenssen)