Friday, October 26, 2012

South Carolina Got Hacked

South Carolina Got Hacked: FACED WITH ANOTHER SECURITY BREACH, GOV. NIKKI HALEY SAYS SHE WANTS PERPETRATOR “BRUTALIZED” Computer systems at the S.C. Department of Revenue were hacked on repeated occasions beginning two months ago – coughing up as many as 3.6 million Social Security numbers and nearly 400,000 credit and debit card numbers.


South Carolina Got Hacked

By  • on October 26, 2012

FACED WITH ANOTHER SECURITY BREACH, GOV. NIKKI HALEY SAYS SHE WANTS PERPETRATOR “BRUTALIZED”

Computer systems at the S.C. Department of Revenue were hacked on repeated occasions beginning two months ago – coughing up as many as 3.6 million Social Security numbers and nearly 400,000 credit and debit card numbers.
Individual tax returns may have also been accessed by the assailant – identified only as an “international hacker.”
“This is not a good day for South Carolina,” S.C. Gov. Nikki Haley said, adding that she wanted the person responsible for the cyber attack found and “brutalized.”
Astoundingly, SCDOR didn’t even know it had been hacked until October 10 when it was informed of the breach by state information technology officials.  The “vulnerability in the system” was not resolved until October 20 – two months after the hacking attempts first began.
Unreal … it took these people two months to secure our data?

Nikki Haley: “I want that man brutalized.”
How broad is the damage from this unprecedented breach?
Well, anyone who has filed a tax return in South Carolina since 1998 has been asked to call 1-866-578-5422 and then visit this website, where they are to enter the activation code they received during the toll free phone call.
Of course the line was totally unaccessible, with recorded messages referring to “higher than normal calls.”
And assuming you get through … why would youever trust these people with your personal information again?
This is the second scandal involving the unauthorized release of confidential information to befall Haley’s administration this year.  Back in April, nearly a quarter of a million confidential Medicare and Medicaid records were improperly releasedto a private email address by an employee at the S.C. Department of Health and Human Services (SCDHHS).
An angry Haley told reporters on Friday that “I want this person slammed against the wall.”
Really?
The person who needs to be “slammed against the wall” in this case is Haley.  After all, it’s her administration that dropped the ball on securing this information … mere months after a major lapse at another one of her cabinet agencies.
The worst part of all this?  We’re all on the hook for her administration’s incompetence.
“We are going to pay for the fact that we have to give everyone credit protection,” Haley told reporters.  ”We’re going to cover the cost behind that.  This is the responsibility of the state to protect the taxpayers.”
Actually the state is the taxpayers … which means Haley’s not paying for this, we are.  Oh … and if it was the state’s responsibility to protect its taxpayers, then why in the hell did it take two friggin’ months to close this security breach?
Depending on how much this winds up costing the state we could be looking at the biggest disaster of the Haley administration – bigger than even the “Savannah River Sellout.”
Haley wasn’t ready to provide a damage estimate on Friday, but acknowledged that “this is not going to be inexpensive.”
Meanwhile Democrats assailed the governor for her ongoing lack of focus on state issues.
“Maybe if she spent more time doing her job in South Carolina rather than traveling around the country raising money and playing politics, someone would have been paying attention and not let more than a third of our state’s personal information be compromised,” S.C. Democratic Party chairman Dick Harpootlian said. “If she were the CEO of a company that had a third of its data hacked especially after all the public warnings of the danger of hackers, she would be fired.  Too bad she has two more years on her contract.”
UPDATE: Here’s more info on the hack straight from the SCDOR website.  
UPDATE II: Haley has a conference call scheduled for Monday morning with state lawmakers to discuss the situation.
***
Follow FITSNews on Twitter and like us on Facebook
(864) 498-0569


Posted by at 4 comments:
Labels: , , , , , , , ,

Tuesday, October 16, 2012

Your phone number may not be as private on Facebook as you think - and how to fix it

Your phone number may not be as private on Facebook as you think - and how to fix it: If you use Facebook, your phone number may not be as private as you think.

A way in which Facebook privacy can be abused has come to light that will shock many users, but that the social network itself seems to consider a deliberate feature.

by Graham Cluley on October 10, 2012
If you use Facebook, your phone number may not be as private as you think.
Facebook phone numbers aren't necessarily private
A way in which Facebook privacy can be abused has come to light that will shock many users, but that the social network itself seems to consider a deliberate feature.
If you enter someone's phone number into the search box on Facebook, the site can perform a reverse look-up and tell you who the phone number belongs to.
Reverse look-up of a phone number on FacebookYou can see in the screenshot how I entered the mobile phone number of someone I am not Facebook friends with, and instantly was offered their name, photograph and a link to their profile.
When I spoke to the Facebook user in question, she was shocked and surprised that I had been able to find her profile simply by entering her mobile phone number.
She confirmed that her privacy settings werecorrectly locked down to such an extent that her phone number should only be accessible to her.
Think this Facebook privacy setting protects your phone number? Think again
In her opinion, a privacy setting that says "Only me" attached to her phone number meant it shouldn't be shared with any of her Facebook friends - and certainly should not accessible by me, as I'm not even one of her online friends.
And yet, if I entered her phone number into Facebook it would instantly tell me that she owned the number.
Is this a problem? Well, yes. I think it is.
Imagine, for instance, if a company knew the telephone numbers of people calling it - they would now be able to determine your name too, and possibly use it for more aggressive marketing.
Phone number on a napkin. Image from ShutterstockOr picture meeting someone at a party and giving them your phone number - and not realising that you were also potentially sharing your full name and other contact information.
You can probably dream up other privacy concerns of your own about this Facebook "feature".
It should be your choice as to whether your phone number is connected with your Facebook profile, and whether someone can use one to find the other.
Even if you altered your privacy settings to ensure that your phone number is only visible to you, other people can still use it to look you up.

How to make your phone number more private on Facebook

The solution is to enter another section of Facebook's privacy settings called "How you connect".
Are you allowing anyone to search for you on Facebook via your phone number?
You will find the default Facebook chooses for "Who can look you up using the email address or phone number you provided?" is "Everybody".
Once again, Facebook chose the least private default for your information.
To have tighter control over your phone number, and limit those who can perform a reverse look-up against your number, you will need to change that setting to "Friend of friends" or "Friends only".
Of course, this will also mean that the same privacy settings apply to the email address you use on Facebook.

Facebook wants your mobile phone number

Facebook is becoming more and more aggressive in its pursuit of users' phone numbers.
Remember, Facebook has been wanting your mobile phone number for some time and hasn't been above using scare tactics to get you to hand it over.
Many users are forced to enter a mobile number for authentication when they create an account, or to be used as a security check if suspicious activity is detected.
Facebook encourages users to enter mobile phone numbers
My advice is always to be careful what phone numbers you share with websites.
There may be a case for keeping an old phone in a drawer, with a pay-as-you-go SIM. That throwaway number can be used for websites that demand a phone contact, but you don't feel they really need it. Keep your real, regular phone number closer to your chest - and only share it with websites which you believe have a genuine requirement for it.
(864) 498-0569


Posted by at 1 comment:
Labels: , , , , , , , , , ,
Subscribe to: Posts (Atom)