Google Has Stored Some Passwords in Plaintext Since 2005

WIRED Threat Level

On the heels of embarrassing disclosures from Facebook and Twitter, Google reveals its own password bugs—one of which lasted 14 years. Security Security / Security News

Google Stored G Suite Passwords in Plaintext Since 2005

Threatpost

Google said it had stored G Suite enterprise users' passwords in plain text since 2005 marking a giant security faux pas. Cloud Security G Suite Gmail google google cloud google security Password password store plain text

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The Intranet Imperative (2005)

ChiefTech

I wrote this in June 2005. The history of intranets is one of a slow burn of adoption (or innovation, if you like). But the pace of technology change is increasing , email is being challenged. is it time now to dust off the intranet imperative and think about about where we go next? What exactly is an intranet? The nature of intranets is changing.

Vancouver property tax records to 2005 now available at the Archives

Archives Blogs

We are pleased to announce that after a significant transfer of records from the Revenue Services Department, the Archives can now make available property tax records up to 2005. We have an almost-complete set of tax statements for the years 1976 to 2005 (1991 has yet to make its way to us), and the records include a variety of indexes that provide entry points to the records, which are organised by Tax account number.

FFIEC Final Authentication Guidance

Data Breach Today

The Final FFIEC Guidance has been issued and its main intent is to reinforce the 2005 Guidance's risk management framework and update the Agencies' expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment

This is the old ChiefTech blog.: Now blogging on the E2EF blog

ChiefTech

Thursday, 14 February 2008 Now blogging on the E2EF blog It feels a little odd - having been blogging here on my own since 2005 - but I just made my first post to the Enterprise 2.0 This is the old ChiefTech blog. Nice of you to drop in and visit. However, you need to come over and see my new blog at chieftech.com.au. ©2005-2009. ©2005-2009. Disclaimer: Information on this blog is of a general nature and represents my own independent opinion.

Body Found in Canada Identified as Neo-Nazi Spam King

Krebs on Security

In 2005, AOL won a $12.8 The body of a man found shot inside a burned out vehicle in Canada three years ago has been identified as that of Davis Wolfgang Hawke , a prolific spammer and neo-Nazi who led a failed anti-government march on Washington, D.C. in 1999, according to news reports.

'It can't be true.' Inside the chip industry's meltdown

Information Management Resources

Researchers began writing about the potential for security weaknesses at the heart of central processing units, or CPUs, at least as early as 2005. Hardware and software Data security Cyber security Intel

IT 28

Real-Time Attacks Against Two-Factor Authentication

Schneier on Security

I wrote about this exact attack in 2005 and 2009. Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post.

Canon publicly confirms August ransomware attack and data breach

Security Affairs

The hackers accessed company file servers that contained information about current and former employees from 2005 to 2020 and their beneficiaries and dependents.

Capital One discovered more customers’ SSNs exposed in 2019 hack

Security Affairs

The security breach data breach took place on March 22nd and 23rd, the hacker accessed information of customers who had applied for a credit card between 2005 and 2019. More clients of Capital One have been impacted in the 2019 data breach, the US bank is notifying them of their SSNs exposure.

What Financial Institutions Should Know About the Capital One Data Breach

Rippleshot

The sheer scope of this incident shows how the fallout from this breach could be unknown for years: “Consumers and small businesses who applied for Capital One credit cards from 2005 through early 2019 are most at risk,” the company revealed. The Capital One data breach was a harsh reminder for financial institutions and their customers that data breaches are an all too common occurrence growing at scale each time the next one hits.

Risk 40

Archivists and Records Managers, part 8

The Schedule

In 2005, two people working in Records and Archives at the World Health Organisation — Ineke Deserno and Donna Kynaston — had this to say about the intersection of records management and archival work: “A records management program is indispensable for an archives program. ” [from “A Records Management Program that Works for Archives,” Information Management Journal (May/June 2005): 60-62].

Google Glitch Left Passwords Unprotected for 14 Years

Adam Levin

Google announced a glitch that stored unencrypted passwords belonging to several business customers, a situation that had been exploitable since 2005. In a blog post released this week, the company admitted the passwords of “some” of its G Suite customers had been stored on internal servers without cryptographic protection, also known as a hash. This issue has been fixed and, again, we have seen no evidence of improper access to or misuse of the affected passwords.

A 16-year-old bug (CVE-2021-3438) in printer driver affects millions of printers worldwide

Security Affairs

The discovery was casually made several months ago, while experts were configuring a brand new HP printer, and noticed that an old printer driver from 2005 called SSPORT.SYS was triggering an alert by Process Hacker.

Experts devised a new attack to bypass Microsoft PatchGuard

Security Affairs

The feature was first introduced in 2005 with the x64 editions of Windows XP and Windows Server 2003 Service Pack 1. A security researcher discovered a bug in PatchGuard Windows security feature that can allow loading unsigned malicious code into the Windows kernel.

IT 81

MY TAKE: Equipping SOCs for the long haul – automation, edge security solidify network defenses

The Last Watchdog

Security information and event management systems — SIEMs — came along in about 2005 to screen all incoming data packets and kick out alerts to anything that seemed suspicious. Network security is in the throes of a metamorphosis. Advanced technologies and fresh security frameworks are being implemented to deter cyber attacks out at the services edge, where all the action is. Related: Automating security-by-design in SecOps. This means Security Operations Centers are in a transition.

Cuts to skilled immigration degrade a U.S. strength

Information Management Resources

Between 1995 and 2005, immigrants started more than half of the new businesses in Silicon Valley. As of 2011, more than 40 percent of Fortune 500 companies were started by immigrants or their children. H-1B visas Hardware and software Data science

MY TAKE: Agile cryptography is coming, now that ‘attribute-based encryption’ is ready for prime time

The Last Watchdog

And since 2005 or so, one area of focus has been on sharpening the math formulas that make attribute-based encryption possible. Encryption agility is going to be essential as we move forward with digital transformation. Refer: The vital role of basic research. All of the technical innovation cybersecurity vendors are churning out to deal with ever-expanding cyber risks, at the end of the day, come down to protecting encrypted data.

Innovator of the Month: Laurent Boyadjian

Box

In the French town of Cognac sits the head office of Rémy Martin, subsidiary of Rémy Cointreau Group, where cloud domain manager Laurent Boyadjian has been working to transform the way this legendary luxury brand works since 2005.

Cloud 23

Spanish state-owned railway infrastructure manager ADIF infected with ransomware

Security Affairs

It was formed in 2005 in response to European Union requirements to separate the natural monopoly of infrastructure management from the competitive operations of running train services.

Popular Webkinz World online children’s game hacked, 23M credentials leaked

Security Affairs

” Webkinz were originally released by the Canadian toy company Ganz on April 29, 2005. ZDNet reported that a hacker has leaked 23 million credentials from the Webkinz World online children’s game.

NEW TECH: Exabeam positions SIEM technology to help protect IoT, OT systems

The Last Watchdog

Security information and event management systems — SIEMs — have been around since 2005, but their time may have come at last.

IoT 161

New French Data Protection Act and Implementing Decree Take Force

Hunton Privacy

The adaption of French law to the new EU data protection framework was conducted in various stages: The French Data Protection Act of January 6, 1978, was first amended by a law dated June 20, 2018, while its implementing Decree of October 20, 2005, was amended by a Decree of August 1, 2018. On June 1, 2019, New Decree No. 2019-536 (the “Implementing Decree”) took force, enabling the French Data Protection Act, as amended by an Ordinance of December 12, 2018, likewise to enter into force.

GDPR 67

10KBLAZE exploits could affect 9 out of 10 SAP installs of more than 50k customers

Security Affairs

The good news is that most recent versions of SAP software are configured by default to drop unauthorized connections, Since 2005, SAP is providing instructions on how to configure an ACL for the Message Server. In 2005 the company released the security note 8218752 and in 2009 released the security note 14080813 containing instructions on how to properly configure the access list for Gateway.

Risk 86

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

Security Affairs

The issue affects SAP Commerce versions 1808, 1811, 1905, 2005, 2011. April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released notes, one of them fixes a critical issue in SAP Commerce.

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

The Last Watchdog

In fact, PAM technology came on the scene around 2005, as a subset of identity access and management (IAM) systems. The challenge of embracing digital transformation while also quelling the accompanying cyber risks has never been greater for small- and mid-sized businesses. Related: How ‘PAM’ improves authentication. SMBs today face a daunting balancing act. To boost productivity, they must leverage cloud infrastructure and participate in agile software development.

Capital One Data Theft Impacts 106M People

Krebs on Security

“The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019,” the statement continues. Federal prosecutors this week charged a Seattle woman with stealing data from more than 100 million credit applications made with Capital One Financial Corp.

Cloud 205

BEST PRACTICES: Why pursuing sound ‘data governance’ can be a cybersecurity multiplier

The Last Watchdog

The accused hacker stole personal data for 106 bank patrons, including customer data from credit card applications dating back to 2005. Deploying the latest, greatest detection technology to deter stealthy network intruders will take companies only so far.

Revoked NARA Bulletins

National Archives Records Express

December 23, 2005. Over the past several months, we have undertaken a review of NARA bulletins to determine if any require revisions or should be revoked. NARA Bulletin 2019-01 notifies agencies that the following bulletins are no longer needed or do not reflect current policy: Bulletin Number and Title. Date Issued. 2006-03 : Availability of the Federal Enterprise Architecture Records Management Profile, version 1.0.

Subway Elevators and Movie-Plot Threats

Schneier on Security

In 2005, I coined the term "movie-plot threat" to denote a threat scenario that caused undue fear solely because of its specificity. Local residents are opposing adding an elevator to a subway station because terrorists might use it to detonate a bomb. No, really.

IT 64

A Head Scratcher - Solving the Productivity Riddle

AIIM

But after 2005, these effects vanish from the measured statistics. Total productivity growth has fallen by two-thirds since 2005, while real GDP growth has averaged about 2 percent per year—all during a period in which the digital economy has continued to grow.”. I came across a chart recently that left me scratching my head. It was a chart from the Federal Reserve Bank of St. Louis, featuring U.S. Bureau of Labor Statistics (BLS) on labor productivity.

XKCD forum data breach impacted 562,000 subscribers

Security Affairs

XKCD is one of the most popular webcomic platform created by the American author Randall Munroe in 2005, it is a webcomic of romance, sarcasm, math, and language. The popular webcomic platform XKCD has suffered a data breach that exposed data of its forum users, the incident impacted 562,000 subscribers. XKCD has suffered a data breach that exposed data of its forum users. The data breach impacted 562,000 subscribers, the forum has been taken offline after the incident.

NEW TECH: Exabeam retools SIEMs; applies credit card fraud detection tactics to network logs

The Last Watchdog

The earliest SIEMs cropped up around 2005 or so. Security information and event management, or SIEM, could yet turn out to be the cornerstone technology for securing enterprise networks as digital transformation unfolds. Related: How NSA cyber weapon could be used for a $200 billion ransomware caper. Exabeam is a bold upstart in the SIEM space.

Maybe Skip SHA-3

Imperial Violet

In 2005 and 2006, a series of significant results were published against SHA-1 [ 1 ][ 2 ][ 3 ]. But the competition itself proved that we do know how to build hash functions: the series of results in 2005 didn't extend to SHA-2 and the SHA-3 process produced a number of hash functions, all of which are secure as far as we can tell. These repeated break-throughs caused something of a crisis of faith as cryptographers questioned whether we knew how to build hash functions at all.

IT 103

Handling Multiple Action Filters in Tableau

Perficient Data & Analytics

The Final Dashboard with all three worksheets is shown below, Now, Set actions are added in Dashboard as follows, Same way Actions are added in other 2 sheets, Based on the product and year field, data are filtered in dashboard and is shown below, Product Type: cooking Gear is selected in Gross Profit Per Product worksheet, Year :2005 is selected in Planned Vs Actual Revenue worksheet, This way we can handle multiple action filters in Tableau Dashboard.

Birthday Wishes For Emmett Till

Archives Blogs

2005). Saturday will mark what would have been Emmett Till’s 79th birthday. Conversation and scholarship around Emmett Till and his place in the mid-century American Civil Right Movement usually focuses on his 1955 kidnapping, murder, and the ensuing trial , and rightfully so.

South Africa’s Protection of Personal Information Act Goes Into Effect

InfoGoTo

POPIA had started as a South African Law Reform Commission issue paper in 2003 and been designated for implementation back in 2005.

GDPR 52

Thought Leadership: South Africa’s Protection of Personal Information Act Goes Into Effect

InfoGoTo

POPIA had started as a South African Law Reform Commission issue paper in 2003 and been designated for implementation back in 2005.

GDPR 52

The Belgian Constitutional Court annuls Data Retention Act

DLA Piper Privacy Matters

The Data Retention Act was created to address the annulment of article 126 of the Act of 13 June 2005 concerning electronic communication by the judgment of 11 June 2015 of the Constitutional Court. Authors : Heidi Waem and Gert-Jan Fraeyman.