Lisa Vaas

Security Experts : Merchants Racing to the Bottom for PCI Certs”> Security experts are starting to grumble about the Payment Card Industry Data Security Standard, saying that some merchants just want to get PCI-certified as cheaply and easily as possible—and that the PCI certification system is set up to help them do just that. “The […]

Twenty-seven employees at Palisades Medical Center have reportedly been suspended for a month without pay for allegedly accessing George Clooneys medical records after the actor/director was hospitalized with injuries from a motorcycle crash in September. The investigation reportedly is continuing, with more than 40 employees under the crosshairs. Clooney and his companion Sarah Larson were […]

Microsoft has issued six security advisories for nine vulnerabilities, including a server-side remote procedure call vulnerability that needs no user interaction to trip a denial of service. Other patches fix a trio of Internet Explorer zero-day flaws that could lead to system hijacking and a Word flaw thats being actively exploited even though theres been […]

Overworked, undereducated or lazy Citrix administrators are neglecting to install even the free SSL VPN that Citrix ships with products, users say, presenting the dismaying scenario of sites full of holes on domains that include government and military sites. “I feel most of the problem is, simply put, really bad admins who are not following […]

SoftScan, an anti-virus, anti-spam company, told the New York Times recently that zombified machines belonging to college students are behind a rise in spam that was observed last month. The Times quotes Diego d’Ambra, CTO at SoftScan, as saying that students are coming back to school pre-infected. Once they plug into the high-speed networks available […]

The Citrix technology that chugs away underneath Web applications is being used to put up military and government GUIs with security holes you could drive a bus through. Security researcher Petko D. Petkov—aka “pdp”—said in an Oct. 4 posting that his recent testing of Citrix gateways led him to “tons” of “wide-open” Citrix instances, including […]

All the craziness with the Feds pushing California’s government domain off the continental shelf earlier this week makes you wonder what sort of disaster recovery they’ve got. They sure need it, between earthquakes, wildfires and the GSA’s profoundly unhelpful helpfulness in shutting off the ca.gov domain to try to trip up a hacker doing porno […]

This is the Web site for the California Air Resources Board. Its nothing fancy to look at, but earlier this week it set itself apart for the simple reason that the possibility of its going offline didnt threaten to cut off the agency at the knees. The same couldnt be said for the many California […]

Attackers can slip past Windows system defenses due to a flaw in the way Apples QuickTime for Windows handles URLs in the “qtnext” field in QTL files—i.e., media link files. Apple on Oct. 3 put out a security advisory with an update for QuickTime 7.2 for Windows. Apple distributes the QuickTime Player to play QuickTime […]

Lets Demand Names in Data Fumbles”> Connecticut recently announced it will sue Accenture for negligence after a backup tape with confidential information of Connecticut residents and agencies was stolen from a car belonging to an intern working for the CIO of Ohio. Sound like a disconnected trail? Specifically, Attorney General Richard Blumenthal said in a […]