breach

Oracle, the giant enterprise software company, has accused Qtrax, the legal peer-to-peer music service, of copyright infringement and breach of contract in a $2 million lawsuit filed last week in Northern California.

Qtrax is the music service that was ridiculed in January 2008 after the four major labels denied the company's claims that it had licensing agreements with them. Eventually, Qtrax did get the major label deals. Nonetheless, the start-up has apparently run into some trouble paying bills in the past several months, said a source close to the company.

Oracle said in the complaint, filed with U.S. … Read more

CEOs and their senior executives don't see eye to eye on key security issues, according to a new survey.

Many CEOs don't consider their own companies vulnerable to security attacks and are confident in their ability to combat those attacks, says a survey released Wednesday. However, those findings contrast with the opinions of senior executives who report to the CEO. They see their companies as more vulnerable and are not confident they can stop data theft. The survey was sponsored by security company Ounce Labs and conducted by security researcher Ponemon Institute.

The survey sought to determine how … Read more

Twitter's latest security hole has less to do with its users than it does with its staff, but lessons can be learned on both sides.

In the case of Jason Goldman, who is currently Twitter's director of product management, the simplicity of Yahoo's password recovery system was enough to let a hacker get in and gain information from a number of other sites, including access to other Twitter staff's personal accounts.

The aftermath of the hack, which took place in May, is just now coming to fruition. Documents that a hacker by the alias of Hacker Croll recovered from Goldman's account and others (including Twitter co-founder Evan Williams) could be a treasure trove of inside information about the company and its plans.

While Croll was planning to release the entire batch publicly (and at once), tech blog TechCrunch posted news late Tuesday that it had received them and was considering posting the details of at least some of them.

Although it seems that Twitter has been thrust into this situation a bit unfairly, a hack along these lines could have happened to the executives of more Web companies than anybody would like to admit. What it really highlights is the extreme interconnectedness of the social Web: with the likes of e-mail contact importing and data-portability services like Facebook Connect now commonplace, a savvy hacker can have access to multiple accounts simply by accessing one.

A post Wednesday on Twitter's official blog highlights just how far-reaching this can be.

"About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked," the post from co-founder Biz Stone read. "From the personal account, we believe the hacker was able to gain information which allowed access to this employee's Google Apps account which contained Docs, Calendars, and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company."

Following that attack, Twitter conducted a security audit, and Stone's post says that there was not a security vulnerability in Google Apps and that Twitter continues to use the suite internally. A separate hack targeted the account of CEO Evan Williams' wife, and from that some of Williams' personal accounts were accessed as well, Stone explained.

But Twitter is front and center in the news these days, and is now talked about as a communications protocol as much as a Web start-up. Not only does that make it a particularly appealing target, but also… Read more

A T-Mobile spokesman said on Tuesday that data someone posted to a security e-mail list over the weekend was legitimate T-Mobile data but not customer information, and that the phone company's network was not hacked or breached as the poster claimed.

The statement raises more questions than it answers. If indeed there was no network hack, could there have been an inside leak? Or could it have been something as low-tech as dumpster diving, in which records are obtained from trash bins outside a company's offices?

All T-Mobile would say is that it is investigating how the information … Read more

Hackers based in Turkey penetrated two U.S. Army Web servers and redirected traffic from those Web sites to other pages, including one with anti-American and anti-Israeli messages, according to a report in InformationWeek.

The hackers, who go by the group name "m0sted," breached a server at the Army's McAlester Ammunition Plant in Oklahoma on January 26 and a server at the U.S. Army Corps of Engineers' Transatlantic Center in Winchester, Va., on September 19, 2007, the report said.

Investigators believe an SQL injection attack was used to exploit a vulnerability in Microsoft's SQL Server … Read more

Updated 6 p.m. PDT with Microsoft comment.

It apparently didn't take long for hackers to try to take advantage of a zero-day hole in Microsoft Internet Information Services (IIS).

Ball State University in Muncie, Ind., told The Register that servers running the program were breached on Monday, the same day Microsoft warned the public about the vulnerability.

Students accessing their iWeb pages on Monday saw messages saying the system had been hacked, The Register reported on Wednesday. There is no evidence data was stolen or malicious files uploaded, however the iWeb accounts were expected to be offline until … Read more

This post was updated at 2:16 p.m. PDT with comment from an outside database security software vendor.

Hackers broke into the University of California at Berkeley's health services center computer and potentially stole the personal information of more than 160,000 students, alumni, and others, the university announced Friday.

At particular risk of identity theft are some 97,000 individuals whose Social Security numbers were accessed in the breach, but it's still unclear whether hackers were able to match up those SSNs with individual names, Shelton Waggener, UCB's chief technology officer, said in a press … Read more

Hackers have broken into the air traffic control mission-support systems of the U.S. Federal Aviation Administration several times in recent years, according to an Inspector General report sent to the FAA this week.

In February, hackers compromised an FAA public-facing computer and used it to gain access to personally identifiable information, such as Social Security numbers, on 48,000 current and former FAA employees, the report said.

Last year, hackers took control of FAA critical network servers and could have shut them down, which would have seriously disrupted the agency's mission-support network, the report said. Hackers took over … Read more

Every time I use my credit card online I suffer a momentary feeling of angst, even though I know that it's still safer than handing my card over to an unscrupulous waiter. The impersonal nature of the Internet and the perception that I lose control of my data after I hit "submit" contributes to this lack of sense of security.

Also contributing to this paranoid feeling are all the reports of phishing scams, including IRS and tax-related scams; data breaches at retailers like TJX, where more than 45 million accounts were exposed; and payment processors like RBS WorldPay, … Read more