Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Majority Of South Carolinians' Social Security Numbers Exposed In Hack
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
11/6/2012 | 6:30:12 AM
re: Majority Of South Carolinians' Social Security Numbers Exposed In Hack





If
you are going to keep my personal information such as my social
security number in file because it is required please at the very
least encrypt the data. All these current hacks where individuals
personal information is put at risk due to a breech, I would think
making it harder on the hacker once they get the data to read it
would be helpful. These sort of attacks suck and are really a pain in
the butt to deal with if your information was compromised. I hate to
say it but these attacks are what is going to push the security to
the next level.

Paul
Sprague

InformationWeek
Contributor
-

Cryptodd
50%
50%
Cryptodd,
User Rank: Moderator
10/31/2012 | 11:39:17 PM
re: Majority Of South Carolinians' Social Security Numbers Exposed In Hack
While SQL injection was
a probable method used by the attacker to break into the database, it is
curious that Social Security numbers for 3.6 million residents and credit card
information for 16,000 were in the clear. Under most state data breach laws
including South CarolinaGs, encryption provides businesses with a Gǣsafe harborGǥ
from notification in the event of a breach and is typically deployed. That may
have saved the governor a big public headache. Too bad the state cut corners
and didnGt follow common data security best practices for protecting its
citizenGs information.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15058
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
CVE-2020-15059
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
CVE-2020-15060
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
CVE-2020-15061
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values.
CVE-2020-15062
PUBLISHED: 2020-08-07
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.