Epsilon Data Management is a legit email marketing service provider that was hacked back around March 24th.

The attacker made off with their database of thousands of email addresses of target customers.  That feat is more alarming given that Epsilon has some very big clients, many of whom you would at least heard of, if you are not already doing business with them.

As of now, it only appears the email addresses were compromised, not any passwords or other PIV.  If true, it may mean if you have an account with one of the companies listed below, the worst that might happen is a little more spam than usual in your inbox.  These companies should, however, be sending data breach notifications to their customers just the same.

The following companies have had their email lists breached by this attack:

1-800-FLOWERS

AbeBooks

Air Miles of Canada

Ameriprise Financial

Barclay's Bank of Delaware (includes several Visa credit card labels including L.L. Bean)

Beachbody

Bebe Stores

Best Buy

Benefit Cosmetics

Brookstone

Capital One

Chase

Citigroup

City Market

College Board

Dillons

Disney Destinations

Eddie Bauer

Eileen Fisher

Ethan Allen

Eurosport (Soccer.com)

Food 4 Less

Fred Meyer

Fry's Electronics

Hilton Honors program

Home Depot Credit Card

Home Shopping Network

JPMorgan Chase

Kroger

Marks and Spencer

Marriott

McKinsey Quarterly

MoneyGram

New York & Co.

QFC

Ralph's

Red Roof Inns

Ritz-Carlton

Robert Half International

Scottrade

Smith Brands

Target

TD Ameritrade

TiVo

US Bank

Walgreen's

For more information on the breach itself, see this Threatpost article.

Recently, the security world was rocked by allegations the FBI had software developers install "back doors" into a suite of software designed to encrypt and secure network communications.

An email was posted by Theo de Raadt, one of the founding developers of the OpenBSD operating system, stating that back in 2000-2001, co-workers were approached by the FBI to deliberately implant defects into the IPSEC VPN security software in order to make it easier for the agency to eavesdrop on otherwise secure communications.  Read the original posting here.

IPSEC VPN is a standard for creating secure encrypted connections, or "tunnels", across the internet between to locations.  OpenBSD is an open source unix operating system.  Being open source, the IPSEC software is openly, freely available to all to examine and copy. Like other open projects, such as Wikipedia, the work is contributed to it on an ad-hoc basis from many developers, rather than from a structured corporate environment.  Open source advocates say this case is a win for open source, since the software is available for all to analyze and modify, and if any such back doors or flaws are discovered, they are seen and dealt with in the open.  It can be alleged that since close projects, such as Microsoft Windows, are kept secret, there could also be such vulnerabilities in those products, but the world has no way to confirm this.  See this Tech Republic article on this discussion here.

It is unclear at this time whether this affects any other implementations of IPSEC on any other operating systems, and the allegations have not yet been proven by examination of the affected code.

http://blogs.techrepublic.com.com/security/?p=4857 -- Tech Republic article

http://permalink.gmane.org/gmane.os.openbsd.tech/22557 -- original posting

Zocalo Data Systems has just completed an installation for the Center For Simulation Excellence in Muskegon, MI.

The CSE trains doctors, nurses and EMTs how to deal with casualties in a variety of situations.  Each of its nine simulation rooms presents students with different situations and environments, such as an ambulance, nursery, ICU or outdoors.  The Center uses state-of-the-art simulation mannequins for the patients.  These mannequins have very lifelike qualities.  They breathe, make vocal sounds, have a heartbeat & pulse, and even a blood pressure.  They are capable of producing a variety of symptoms including respiratory and cardiac arrest, pupils that dilate, convulse, and even sweat.  The mannequins and the classroom environment are all monitored and controlled by instructors working from a control room.  Cameras in each simulation room record the students' reactions, and can be reviewed later in a classroom.

Zocalo Data Systems installed the computers, cameras, phones and audio/video systems for the CSE.  ZDS also installed an expandable storage system for the recorded simulations, since CSE needed to keep simulations archived in order to support studies in trauma care and medical training.

More information about the CSE can be found here.  http://mercy-healthpartners.org/services/simlab.shtml

See the WZZM News story here.  http://www.wzzm13.com/news/story.aspx?storyid=135908&catid=14

The CSE is a joint project between the Muskegon County Health Authority, Mercy Health Partners and the Region 6 Biodefense Network.

In an article published last month by Computer Economics (link here) more than half of midsize and large organizations and over 35% of small organizations experienced unauthorized disclosure of confidential information at least once in the 2009-10 timeframe.  This disclosure was due to malicious insiders accessing unauthorized company information (as opposed to users who did so with no ill intent).

Not only was there a high percentage of these incidents, but among CIOs that had not yet suffered such an incident, a majority did not rate such events as requiring high level of concern. 

This data was based upon a survey performed by CSO Magazine, and co-sponsored by the Secret Service, Deloitte, and Carnegie-Mellon (link here).

The Lansing chapter of the Information Systems Security Association (ISSA) is hosting its first Netwars workshop the afternoon of May 22nd on the campus of Michigan State.  Sessions will show how to work with the Metasploit penetration testing framework as well as network penetration exercises.

See event details and register here.

Security researchers Don Bailey and Nick DePetrillo presented a paper on a cell phone exploit at the SOURCE conference in Boston this April that exposes serious fundamental weaknesses in the architecture of mobile phones. Bailey and DePetrillo have found ways to discover information that most cell users assume is private and known only to the cell provider. DePetrillo said. "If you go through entire number ranges and blocks, you'll get numbers for celebrities, executives, anyone. You can then track them easily using the geolocation information." At the heart of the work is the ability to access the caller ID database mobile providers use to match the names of subscribers to mobile numbers. This is the same database that contains the subscriber information for landlines, but most mobile users don't realize that their data is entered into this repository, Bailey said. Furthermore, these vulnerabilities are design flaws, and thus cannot be simply patched or mitigated with workarounds. Read more here.

 

FOR IMMEDIATE RELEASE

Contact :

David Stycos
1610 Timberlane Ln. NE 
Grand Rapids, MI 49505
Phone : 888-321-9337
http://www.zocalodata.com
dstycos@zocalodata.com

Local Security Expert to discuss Cryptographic Applications in Data Security

David Stycos of Zocalo Data Systems will be speaking to Dornerworks employees on April 7th, 2010 at the Dornerworks building beginning at 12:00 p.m. 

He will look at how cryptography is applied to some of the problems of data security. He will show how good cryptography can be implemented poorly, dispelling the myth that just because something is encrypted it's secure. He will also explore how cryptography systems work to protect us, and how our actions often hinder them. 

David Stycos has been a software developer for over 25 years in many different fields, including developing cryptographic systems for hand-held encryption devices. In 2004 he started Zocalo Data Systems as a vehicle to develop and sell data security products and services of his own design, and to help businesses strengthen their security risk profiles. 

 

 

FOR IMMEDIATE RELEASE

Contact :

David Stycos
1610 Timberlane Ln. NE 
Grand Rapids, MI 49505
Phone : 888-321-9337
http://www.zocalodata.com
dstycos@zocalodata.com

Local Security Expert to discuss Cryptographic Applications in Data Security

David Stycos of Zocalo Data Systems will be speaking at the Grand Rapids chapter of the Information Systems Security Association (ISSA) on April 16th, 2010 at the Steelcase HQ beginning at 2:30 p.m. 

He will look at how cryptography is applied to some of the problems of data security. He will show how good cryptography can be implemented poorly, dispelling the myth that just because something is encrypted it's secure. He will also explore how cryptography systems work to protect us, and how our actions often hinder them. 

David Stycos has been a software developer for over 25 years in many different fields, including developing cryptographic systems for hand-held encryption devices. In 2004 he started Zocalo Data Systems as a vehicle to develop and sell data security products and services of his own design, and to help businesses strengthen their security risk profiles. 

Please contact David for further information.

 

AT&T claims fastest 3G and most reliable voice for Rhode Island : http://ow.ly/1qKus

Virtual Computer Ships NxTop 2.0 :http://ow.ly/1qKsp