Adult dating site hack exposes sexual secrets of millions
Written by Administrator
Saturday, 23 May 2015 18:41
|
|
More than 3.5 million people's sexual preferences, fetishes and
secrets have been exposed after dating site Adult FriendFinder was
hacked.
Already, some of the adult website's customers are being identified by name. Adult FriendFinder
asks customers to detail their interests and, based on those criteria,
matches people for sexual encounters. The site, which boasts 64 million
members, claims to have "helped millions of people find traditional
partners, swinger groups, threesomes, and a variety of other alternative
partners." The information Adult FriendFinder collects is
extremely personal in nature. When signing up for an account, customers
must enter their gender, which gender they're interested in hooking up
with and what kind of sexual situations they desire. Suggestions
AdultFriendfinder provides for the "tell others about yourself" field
include, "I like my partners to tell me what to do in the bedroom," "I
tend to be kinky" and "I'm willing to try some light bondage or
blindfolds." The hack, which took place in March, was first uncovered by independent IT security consultant Bev Robb on her blog Teksecurity a month ago. But Robb did not name the site that was hacked. It wasn't until this week, when England's Channel 4 News reported on the hack, that Adult FriendFinder was named as the victim. |
Last Updated on Saturday, 23 May 2015 18:41 |
|
PCI/DSS 3.0 What's New?
Written by Administrator
Friday, 27 March 2015 01:58
|
|
By Chris Camejo, Director of Assessment Services, NTT Com Security
Version
3.0 of the PCI Data Security Standard (PCI DSS) goes into
effect by the first of next year, and it probably doesn’t come as a surprise
that merchants that process credit card payments are still confused about what
the changes mean for them.
While
most of the changes are simple clarifications of previous
requirements, they could have a major impact on merchants as they touch on
everything from the definition of scope and segmentation, to formally
documenting responsibilities between merchants and service providers and controls
for preventing tampering and skimming at the point-of-sale.
The
scope definition has always been one of the thorniest issues within PCI
compliance. Many merchants will say they are compliant simply because they ran
a vulnerability scan on a handful of credit and debit card data systems. But
performing an external vulnerability scan is just one sub-requirement out of
over 200 in the PCI DSS.
Additionally,
by only focusing on the systems that actually handle credit card data, you’re
ignoring all of the other potentially vulnerable servers and workstations that
share a network with the credit card processing systems, which should be
included based on the way the scope is defined within PCI DSS. It’s
not necessary for attackers to go directly after the systems that contain
credit card data, especially because most companies have a “flat network” where
only the Internet connection is guarded by a firewall and every server has the
ability to communicate without going through a firewall or other filter. That
means attackers just need to find the easiest way to breach the network
perimeter, which helps explain why we see so many phishing attacks that trick a
user into running malware that opens a backdoor into their device. The attacker
can then use the compromised device to launch attacks on the credit card
processing systems from behind the secured perimeter.
For
this reason, PCI DSS compliance is required on systems including those that
actually handle card data, all the unrelated systems that connect to the same
network, and the systems that can affect their security (authentication
servers, firewalls, web redirection servers, etc.). This has been clarified and
made explicit in the scope section of 3.0 and may come as a shock to merchants
that have only addressed compliance on the systems that directly handle card
data. |
Last Updated on Monday, 30 March 2015 01:59 |
|
|
|
|
|
Page 1 of 4 |