How long has SQL injection bugs in computer code been around…a long time and there’s still tons of holes out there with this long time identified weakness.  Now we have a contractor data base that may imagehave been exploited and the security experts are on the case to find out what exactly happened.  A patch has now since be added to plug the vulnerability.  Also, security people do run a SQL injection as a test as well to ensure everything is secure.  Now if someone is smart enough the article says here and had the talent to use a SQL injection, they could have had access to a lot of proprietary information.  US CIO, Steven VanRoekel originally from Microsoft certainly has his hands full with putting out fires and securing government networks. 

White House Names Former Microsoft Executive as Next US CIO

The comments in the article are from a security company that is also registered in the data base and of course they are concerned as to what information could have been leaked about them.  They are SQL injection experts and test networks themselves as a line of business. Back in 2008 I posted about Harvard Medical and  what service they use to scan for security leaks.  We are being hacked today one way or another and it was even in the news this week that Bill Gates was hacked and it was relative to information obtained from a credit agency, nothing to do with Microsoft but as you know the credit agencies sell a lot of data, replicate it and so forth so they are with creating data for sale making the number of places to hack a lot more plentiful for sure

Harvard Medical School Deploys Third Brigade For PCI Security

That’s why I think they should all be licensed and excise taxed so we have a federal site that would give consumers a simplified listing as to who sells what kind of data to who.

Start Licensing and Taxing the Data Sellers of the Internet Making Billions of Profit Dollars Mining “Free Taxpayer Data”–Attack of the Killer Algorithms Chapter 17 - “Occupy Algorithms”– Help Stop Inequality in the US

If we had half the focus on security that we have on crappy little phone apps we would be miles ahead.  I know everyone has a couple of those and I probably have a couple on my phone that could be considered “crappy” too but we are overrun with them and again security is out there just screaming for help.

Here’s a great example of data for sale and you should know that health insurance companies buy and sell a lot of data so the banks sell your credit and debit card information to them.  How much data do the insurers need?  The cost of all of this certainly is part of why health insurance is so expensive today. 

Insurance Companies Are Buying Up Consumer Spending Data-Time is Here to License and Tax the Data Sellers-As Insurers Sell Tons of Data, Gets Flawed Data When Data Buyers Uses Out of Context Too

This is a good time to use this very entertaining video again about SQLimage injections and what happens.  If you can watch James Bond movies and understand, you will get most of this and again very well done.  This is a fictional story as could happen in Las Vegas if appropriate holes and security problems existed.  This video is five years old so time to get a hold of those SQL holes for sure.  Below is the link to my post from 2011 with the same video.  You will need Silverlight in your browser to watch.

Health IT Security and Why It Matters-What Is a SQL Injection Flaw and It Still Keeps Happening Today (Video/Fictional Story)

Back on track, those estimated 600,000 companies currently registered will now get free credit monitoring that are registered at GSA…hardly sounds like it’s going to put a dent in here does it if in fact someone did get all the information as they may be looking for more than just credit information.  Oh well, enjoy the free from the government I guess due to this latest hack if you are one of the companies registered in the data base.  All those who use social security numbers appear to be given first priority on the free credit services. BD 

“What kind of relief/correction actions will you take?
GSA will be providing the most vulnerable users (those that use a Social Security Numbers as a Taxpayer Identification Number and that "opted in" to public search) access to credit monitoring services.”


The GSA notice states, "The security of this information is a top priority for this agency and we will continue to ensure the system remains secure."

Johnson's company, which is registered on the SAM database, was notified of the incident by email shortly after 2:00 a.m.image on Saturday morning. He said the delay likely is due to the high volume of messages being sent. 

GSA applied a software patch to block the exposure and the agency has no evidence that any company's data was improperly used, altered or lost, government officials stated. A full review is ongoing, the officials added. 

If there was an intruder, Johnson said the hacker likely could have been seeking the proprietary information of a competitor. Identity fraud was another possibility, he said. 

An FAQ posted on the GSA website Friday night states, “Registrants using their Social Security numbers instead of a [Taxpayer Identification Number] for purposes of doing business with the federal government may be at greater risk for potential identity theft." Free credit monitoring services will be made available to those registrants, agency officials added.

http://www.nextgov.com/cybersecurity/2013/03/gsa-database-may-have-leaked-contractor-banking-and-proprietary-information/61921/

0 comments :

Post a Comment

 
Top
Google Analytics Alternative