Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Majority Of South Carolinians' Social Security Numbers Exposed In Hack
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
11/6/2012 | 6:30:12 AM
re: Majority Of South Carolinians' Social Security Numbers Exposed In Hack





If
you are going to keep my personal information such as my social
security number in file because it is required please at the very
least encrypt the data. All these current hacks where individuals
personal information is put at risk due to a breech, I would think
making it harder on the hacker once they get the data to read it
would be helpful. These sort of attacks suck and are really a pain in
the butt to deal with if your information was compromised. I hate to
say it but these attacks are what is going to push the security to
the next level.

Paul
Sprague

InformationWeek
Contributor
-

Cryptodd
50%
50%
Cryptodd,
User Rank: Moderator
10/31/2012 | 11:39:17 PM
re: Majority Of South Carolinians' Social Security Numbers Exposed In Hack
While SQL injection was
a probable method used by the attacker to break into the database, it is
curious that Social Security numbers for 3.6 million residents and credit card
information for 16,000 were in the clear. Under most state data breach laws
including South CarolinaGs, encryption provides businesses with a Gǣsafe harborGǥ
from notification in the event of a breach and is typically deployed. That may
have saved the governor a big public headache. Too bad the state cut corners
and didnGt follow common data security best practices for protecting its
citizenGs information.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13897
PUBLISHED: 2020-06-07
HESK before 3.1.10 allows reflected XSS.
CVE-2020-13894
PUBLISHED: 2020-06-07
handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field.
CVE-2020-13895
PUBLISHED: 2020-06-07
Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes...
CVE-2020-13890
PUBLISHED: 2020-06-06
The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard.
CVE-2020-13889
PUBLISHED: 2020-06-06
showAlert() in the administration panel in Bludit 3.12.0 allows XSS.