Friday, November 22, 2013

Reputation.com responds to Adobe breach, bravo!

Reputation.com emailed account holders on November 22nd , saying the following: 

(I apologize, they don't have this on their website or I'd link to it, so you'll just have to take my word for it.)
"We recently learned that a list that potentially contains email addresses, encrypted passwords and answers for security questions for Adobe Systems customer accounts has been published in numerous places on the Internet. Out of an abundance of caution and concern for our customers, we obtained a copy of this list of purported Adobe account information and cross-checked it against our customer account information.
You are receiving this email from us because your email address and possibly other compromising information is on this list. Because many customers use the same user names and passwords for multiple accounts, we wanted to alert you to this issue and remind you to log in and change your Reputation.com password if you believe it is the same as your Adobe account login information."
This is a great move from Reputation.com. They took a problem that wasn't theirs that affected a significant number of people and considered what it meant to their customer base. Based on that they took a risk, but did the right thing. They sent an email with their concern to their customers and made the recommendation to improve security and change passwords. This has the likely affect of reducing Reputation.com's account compromise issues, improving the customer experience and also reducing their overhead to support their customers.

Overall, a great idea, and so trivial to execute.

Bravo.

Tuesday, November 5, 2013

Epic hack on a Limo Service broker(?)

http://krebsonsecurity.com/2013/11/hackers-take-limo-service-firm-for-a-ride/

(I think they're a broker for other local services.)

This is an epic hack, really. A treasure trove of information, from the who's who on the national and international stage. Key facets of the hack:

  1. 241,000 high- or no-limit American Express cards with expiration dates. High value in the underground card number sales markets.
  2. Travel schedules for national/international figures. Very interesting for some.
  3. Sometimes, companion information for national/international figures. Interesting or very interesting for some as well.
  4. Personal details about national/international figures, like Donald Trump wanting/needing a clear front seat (for a bodyguard or what?), or an alias people use when getting picked up.

The credit card numbers are a very impressive haul. Not so great for this company's PCI compliance, or American Express. Wonder if the business will stay afloat. This is a small organization, I'm assuming. One that has entered into the world of online payment processing and application development (with ColdFusion). In this case, making money took precedence over security of the platform, or the data...and they are paying for that decision.