LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	PaaS provider hacked; 100000 web sites wiiped out (Sarcastic humor at best)
From:	Hugh Smith <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Thu, 25 Jun 2009 01:14:55 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (111 lines)

On Jun 25, 2009, at 12:00 AM, RECMGMT-L automatic digest system wrote:

> From: Larry Medina <[log in to unmask]>
> Date: June 24, 2009 5:05:18 PM EDT
> Subject: RAINdrip: PaaS provider hacked; 100000 web sites wiiped out
>
>
> Wow, surprised this one skated under the radar!
>
> Peter may have picked it up in RAIN, but if so, I must have missed it.
>
> http://shrinkster.com/17f0
>
> This organization was managing a cloud, and they essentially got  
> wiped clean
> by a hack.  Less than 50% of the clients utilizing the services had  
> managed
> accounts, so no backups

>> The perpetrators then proceeded to delete data from tens of UK and  
>> US servers. Company staff were alerted by the suspicious activity  
>> and intervened, but the damage was already done. They have since  
>> been working 24/7 to restore what they can, but it's likely that  
>> some of the data has been lost forever.

Where is the tape stored offsite back up???  Wait, the Cloud and  
Virtual Storage seem to think this is unnecessary!!

Larry and I both had discussions on this talking about the  
vulnerabilities of the Cloud on the listserve.  Larry are you sure  
this is real.  It makes us look like geniuses or geni! (If only I was  
a genius I would know that and my wife is already asleep! )

On the same web site they talked about a hack at Monster.com and their  
response was:

> The company regrets any inconvenience caused to its customers as a  
> result of this security breach, but claims that “no company can  
> completely prevent unauthorized access to data.”

How come, when they sell you the system they say "We have total  
protection!" and the theme of "I am Invincible" as sung by Celine Dion  
is playing as background but when they spill information all over the  
world the quote above is considered acceptable.

Let's look at other industries and compare.  Suppose a Cemetery  
notified you that your family members had just popped up and were not  
in locations all over town.  Would you accept a "Stuff happens"  
statement?

If you went to the dry cleaners and your clothers were all gone or  
your parking garage told you that they gave all the cars out to  
whoever came along?

Why is this acceptable for computers?  No product should be allowed to  
exist that has a security risk.  Just pull it from the market  
immediately.  How long would it take for them to focus more on  
security that being the next fast improvement.

They also reported:
> This is not the first time Monster is attacked by identity thieves.  
> Back in 2007, hackers obtained unauthorized access to 1.3 million  
> resumes stored in the database. Also, later that same year, some of  
> the site's pages were injected with malicious code that was  
> distributing malware to visitors. This security breach might have  
> more serious consequences in addition to potential phishing  
> attempts, as a lot of Internet users still use the same password for  
> multiple online services, including financial ones.

Here is another tale:

> RBS WorldPay, a popular payment processing service, has announced  
> that an unknown and unauthorized party has illegally obtained access  
> to its computer systems. The personal information of 1.5 million  
> customers, as well as the Social Security numbers of 1.1 million,  
> may have been compromised, according to the company.
>
> RBS WordPay is a business operated by The Royal Bank of Scotland  
> Group, and is based in Atlanta, GA. It offers payment processing  
> solutions that cover credit, debit, Electronic Bank Transfers, gift  
> cards, customer loyalty cards, checks, ATM, and tailored solutions  
> for retail, restaurant, petroleum, convenience stores, grocery,  
> hospitality, transport, and cardholders not present in these sectors.
> The company has set up a special web page for the affected customers  
> where important instructions have been published, and which in  
> addition offers a free one-year subscription with a credit  
> monitoring service.

If I was Sherlock Holmes or the Hardy Boys, I would see if the Credit  
Monitoring Services are hiring hackers.  After all they seem to be the  
only ones benefitting.

Larry what if we open the hot dog stand next to Emergency Care  
Facility and we put that hot sauce on them that Peter talks about that  
is smokin' hot.  We charge extra for the medical care and give the hot  
dogs away for free!  ;~) Just kidding Homeland Security.  (Plus the  
Sushi places already figured this out.) Just kidding Sushi Chefs.   
(They have those really sharp knives and no sense of humor. )

Hugh Smith
FIRELOCK Fireproof Modular Vaults
[log in to unmask]
(610)  756-4440    Fax (610)  756-4134
WWW.FIRELOCK.COM
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US