ITsecurity
twitter facebook rss

OPM would not have been breached if only it had bought my product!

Posted by Kevin on June 7, 2015

By now everyone will have heard that the US Office of Personnel Management (OPM) has been breached, allegedly by Chinese hackers. This is not the first time the OPM has been breached – the same thing happened last year. The OPM is like the HR department for the entire US government. Details of some four […]

HSBC Turkey loses 2.7m card details; but won’t reissue

Posted by Kevin on November 15, 2014

HSBC Turkey revealed last week that 2.7 million customer card details had been compromised. In a statement HSBC claimed to have detected the compromise itself via its own internal controls within a few days of it occurring. Trey Ford, global security strategist at Rapid7 comments, “This is impressive given that the vast majority of breaches […]

The cost of a breach

Posted by Kevin on September 21, 2014

I always find this sort of statement totally absurd. The average for which companies? all companies? some companies? which companies? The average of which breaches? all breaches? some breaches? which breaches? which of the unreported breaches are included and which are excluded? Over what period of time? all time? last two years? current? What costs […]

More on the Avast breach and the hash used

Posted by Kevin on May 29, 2014

My understanding is that the hash formula used by Avast to store its forum users’ passwords was $hash = sha1(strtolower($username) . $password); This is the formula built into the SMF open source forum software used by Avast. It is both good and bad. It confirms that the hash was salted (with the user’s username); but […]

Avast forum hack demonstrates we need password storage disclosure

Posted by Kevin on May 29, 2014

A blog post early this morning by Avast Software CEO Vince Steckler announced The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. AVAST forum offline due to attack Avast’s […]