Google CEO tried to remove search results to protect his own privacy. Who is Epsilon and why does it have my data? If you didn't get an e-mail warning this week that your name and e-mail address were part of a database that was breached, consider yourself lucky, and unique.
E-mails from dozens of companies--including Citibank, Chase, Capital One, Walgreens, Target, Best Buy, TiVo, TD Ameritrade, Verizon, and Ritz Carlton--began flooding inboxes this week after a company called Epsilon announced that its system had been breached. Some people have reported receiving as many as four of these warnings. Citibank is a household name, as are most of the brands on the list (which now reaches more than 55, according to this list on DataBreaches.net). But who exactly is Epsilon, and what is it doing with my data? Sporting a tag line of "Marketing As Usual. "The e-mail component of Epsilon is a small part of the company," Dave Frankland, vice president and principal analyst at Forrester Research, told CNET. Related links Were you affected by Epsilon data breach?
Breaches at third-party providers aren't new. MySQL.com and Sun hacked through SQL injection. Over 170,000 people are part of the Sophos community on Facebook.
Why not join us on Facebook to find out about the latest security threats. Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats. Already using Google+? Find us on Google+ for the latest security news. Proving that no website is ever truly secure, it is being reported that MySQL.com has succumbed to a SQL injection attack. Most embarrassingly, the Director of Product Management's WordPress password was set to a four digit number... his ATM PIN perhaps? MySQL's parent company Sun/Oracle has also been attacked. It does not appear to be a vulnerability in the MySQL software, but rather flaws in the implementation of their websites. Auditing your websites for SQL injection is an essential practice, as well as using secure passwords. Either can lead you down a road that ends in tears. Researchers crack W3C encryption standard for XML. There's new reason to be leery about relying on Web-based services to handle sensitive data.
A pair of German researchers revealed at the ACM Conference on Computer and Communications Security in Chicago this week that they have discovered a way to decrypt data within XML documents that have been encrypted using an implementation of the World Wide Web Consortium's XML Encryption standard. XML Encryption is used widely as part of server-to-server Web services connections to transmit secure information mixed with non-sensitive data, based on cipher-block chaining. It can be used, for example, to encrypt credit card information for a payment within an XML-based purchase order, so that the general data can be accessed by everyone who needs to have access to it while access to the financial data is limited to the people or systems authorized to process it.
But that encryption is apparently very weak, as Juraj Somorovsky and Tibor Jager of Ruhr University Bochum demonstrated.