Google Stored G Suite Passwords in Plaintext Since 2005

Threatpost

Google said it had stored G Suite enterprise users' passwords in plain text since 2005 marking a giant security faux pas. Cloud Security G Suite Gmail google google cloud google security Password password store plain text

Google Has Stored Some Passwords in Plaintext Since 2005

WIRED Threat Level

On the heels of embarrassing disclosures from Facebook and Twitter, Google reveals its own password bugs—one of which lasted 14 years. Security Security / Security News

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The Intranet Imperative (2005)

ChiefTech

I wrote this in June 2005. The history of intranets is one of a slow burn of adoption (or innovation, if you like). But the pace of technology change is increasing , email is being challenged. is it time now to dust off the intranet imperative and think about about where we go next? What exactly is an intranet? The nature of intranets is changing.

Vancouver property tax records to 2005 now available at the Archives

Archives Blogs

We are pleased to announce that after a significant transfer of records from the Revenue Services Department, the Archives can now make available property tax records up to 2005. We have an almost-complete set of tax statements for the years 1976 to 2005 (1991 has yet to make its way to us), and the records include a variety of indexes that provide entry points to the records, which are organised by Tax account number.

FFIEC Final Authentication Guidance

Data Breach Today

The Final FFIEC Guidance has been issued and its main intent is to reinforce the 2005 Guidance's risk management framework and update the Agencies' expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment

This is the old ChiefTech blog.: Now blogging on the E2EF blog

ChiefTech

Thursday, 14 February 2008 Now blogging on the E2EF blog It feels a little odd - having been blogging here on my own since 2005 - but I just made my first post to the Enterprise 2.0 This is the old ChiefTech blog. Nice of you to drop in and visit. However, you need to come over and see my new blog at chieftech.com.au. ©2005-2009. ©2005-2009. Disclaimer: Information on this blog is of a general nature and represents my own independent opinion.

Body Found in Canada Identified as Neo-Nazi Spam King

Krebs on Security

In 2005, AOL won a $12.8 The body of a man found shot inside a burned out vehicle in Canada three years ago has been identified as that of Davis Wolfgang Hawke , a prolific spammer and neo-Nazi who led a failed anti-government march on Washington, D.C. in 1999, according to news reports.

CISA adds 66 new flaws to the Known Exploited Vulnerabilities Catalog

Security Affairs

The oldest flaws in the set of 66 recently added issues are dated back to 2005. The US Cybersecurity and Infrastructure Security Agency (CISA) added 66 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S.

Risk 95

15-Year-Old Malware Proxy Network VIP72 Goes Dark

Krebs on Security

An ad circa 2005 for A311 Death, a powerful banking trojan authored by “Corpse,” the administrator of the early Russian hacking clique Prodexteam.

'It can't be true.' Inside the chip industry's meltdown

Information Management Resources

Researchers began writing about the potential for security weaknesses at the heart of central processing units, or CPUs, at least as early as 2005. Hardware and software Data security Cyber security Intel

IT 28

Iran announced to have foiled massive cyberattacks on public services

Security Affairs

Stuxnet is a malicious computer worm developed to target SCADA systems that were first uncovered in 2010, but researchers believe its development began at least in 2005. .

SAML: Still Going Strong After Two Decades

eSecurity Planet

In 2005, the open standard consortium OASIS released SAML 2.0 In 2005, OASIS released 2.0, SAML is an open standard facilitating the communication and verification of credentials between identity providers and service providers for users everywhere.

Canon publicly confirms August ransomware attack and data breach

Security Affairs

The hackers accessed company file servers that contained information about current and former employees from 2005 to 2020 and their beneficiaries and dependents.

What Financial Institutions Should Know About the Capital One Data Breach

Rippleshot

The sheer scope of this incident shows how the fallout from this breach could be unknown for years: “Consumers and small businesses who applied for Capital One credit cards from 2005 through early 2019 are most at risk,” the company revealed. The Capital One data breach was a harsh reminder for financial institutions and their customers that data breaches are an all too common occurrence growing at scale each time the next one hits.

Risk 40

Archivists and Records Managers, part 8

The Schedule

In 2005, two people working in Records and Archives at the World Health Organisation — Ineke Deserno and Donna Kynaston — had this to say about the intersection of records management and archival work: “A records management program is indispensable for an archives program. ” [from “A Records Management Program that Works for Archives,” Information Management Journal (May/June 2005): 60-62].

Experts devised a new attack to bypass Microsoft PatchGuard

Security Affairs

The feature was first introduced in 2005 with the x64 editions of Windows XP and Windows Server 2003 Service Pack 1. A security researcher discovered a bug in PatchGuard Windows security feature that can allow loading unsigned malicious code into the Windows kernel.

IT 114

Real-Time Attacks Against Two-Factor Authentication

Schneier on Security

I wrote about this exact attack in 2005 and 2009. Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post.

Capital One discovered more customers’ SSNs exposed in 2019 hack

Security Affairs

The security breach data breach took place on March 22nd and 23rd, the hacker accessed information of customers who had applied for a credit card between 2005 and 2019. More clients of Capital One have been impacted in the 2019 data breach, the US bank is notifying them of their SSNs exposure.

Google Glitch Left Passwords Unprotected for 14 Years

Adam Levin

Google announced a glitch that stored unencrypted passwords belonging to several business customers, a situation that had been exploitable since 2005. In a blog post released this week, the company admitted the passwords of “some” of its G Suite customers had been stored on internal servers without cryptographic protection, also known as a hash. This issue has been fixed and, again, we have seen no evidence of improper access to or misuse of the affected passwords.

Cuts to skilled immigration degrade a U.S. strength

Information Management Resources

Between 1995 and 2005, immigrants started more than half of the new businesses in Silicon Valley. As of 2011, more than 40 percent of Fortune 500 companies were started by immigrants or their children. H-1B visas Hardware and software Data science

SEC warns of investment scams related to Hurricane Ida

Security Affairs

“For example, the SEC brought a number of enforcement actions against individuals and companies who made false and misleading statements about alleged business opportunities in light of damage caused by Hurricane Katrina in 2005.

Efficient QR codes

Imperial Violet

The 2005 edition changed that to be ISO/IEC 8859-1 (i.e. One thing to note is that the QR spec (ISO/IEC 18004:2005) has a whole section on “structured append” mode, where multiple QR codes can be combined into one. QR codes seem to have won the battle for 2D barcodes, but they're not just a bag of bits inside. Their payload is a series of segments , each of which can have a different encoding.

MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks

The Last Watchdog

SIEMs failed to live up to their hype in the decade after they were first introduced in 2005. Log4j is the latest, greatest vulnerability to demonstrate just how tenuous the security of modern networks has become. Related: The exposures created by API profileration. Log4j, aka Log4Shell, blasted a surgical light on the multiplying tiers of attack vectors arising from enterprises’ deepening reliance on open-source software.

A 16-year-old bug (CVE-2021-3438) in printer driver affects millions of printers worldwide

Security Affairs

The discovery was casually made several months ago, while experts were configuring a brand new HP printer, and noticed that an old printer driver from 2005 called SSPORT.SYS was triggering an alert by Process Hacker.

Spanish state-owned railway infrastructure manager ADIF infected with ransomware

Security Affairs

It was formed in 2005 in response to European Union requirements to separate the natural monopoly of infrastructure management from the competitive operations of running train services.

New French Data Protection Act and Implementing Decree Take Force

Hunton Privacy

The adaption of French law to the new EU data protection framework was conducted in various stages: The French Data Protection Act of January 6, 1978, was first amended by a law dated June 20, 2018, while its implementing Decree of October 20, 2005, was amended by a Decree of August 1, 2018. On June 1, 2019, New Decree No. 2019-536 (the “Implementing Decree”) took force, enabling the French Data Protection Act, as amended by an Ordinance of December 12, 2018, likewise to enter into force.

Gov and Basketball

Unwritten Record

on Feb 26, 2005. What a beautiful time of the year for basketball. The Kansas Jayhawks had their One Shining Moment, the NBA Playoff bracket will be underway soon, and the weather outside is getting nice enough around the country to ditch the snow boots and lace up the sneaks.

Popular Webkinz World online children’s game hacked, 23M credentials leaked

Security Affairs

” Webkinz were originally released by the Canadian toy company Ganz on April 29, 2005. ZDNet reported that a hacker has leaked 23 million credentials from the Webkinz World online children’s game.

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

Data Matters

The Guidance replaces prior FFIEC-issued guidance on risk management practices for financial institutions offering internet-based products: “Authentication in an Internet Banking Environment” (2005) and the “Supplement to Authentication in an Internet Banking Environment” (2011).

MY TAKE: Equipping SOCs for the long haul – automation, edge security solidify network defenses

The Last Watchdog

Security information and event management systems — SIEMs — came along in about 2005 to screen all incoming data packets and kick out alerts to anything that seemed suspicious. Network security is in the throes of a metamorphosis. Advanced technologies and fresh security frameworks are being implemented to deter cyber attacks out at the services edge, where all the action is. Related: Automating security-by-design in SecOps. This means Security Operations Centers are in a transition.

Capital One Data Theft Impacts 106M People

Krebs on Security

“The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019,” the statement continues. Federal prosecutors this week charged a Seattle woman with stealing data from more than 100 million credit applications made with Capital One Financial Corp.

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

Security Affairs

The issue affects SAP Commerce versions 1808, 1811, 1905, 2005, 2011. April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released notes, one of them fixes a critical issue in SAP Commerce.

10KBLAZE exploits could affect 9 out of 10 SAP installs of more than 50k customers

Security Affairs

The good news is that most recent versions of SAP software are configured by default to drop unauthorized connections, Since 2005, SAP is providing instructions on how to configure an ACL for the Message Server. In 2005 the company released the security note 8218752 and in 2009 released the security note 14080813 containing instructions on how to properly configure the access list for Gateway.

Risk 80

NEW TECH: Exabeam positions SIEM technology to help protect IoT, OT systems

The Last Watchdog

Security information and event management systems — SIEMs — have been around since 2005, but their time may have come at last.

IoT 136

Revoked NARA Bulletins

National Archives Records Express

December 23, 2005. Over the past several months, we have undertaken a review of NARA bulletins to determine if any require revisions or should be revoked. NARA Bulletin 2019-01 notifies agencies that the following bulletins are no longer needed or do not reflect current policy: Bulletin Number and Title. Date Issued. 2006-03 : Availability of the Federal Enterprise Architecture Records Management Profile, version 1.0.

MY TAKE: Agile cryptography is coming, now that ‘attribute-based encryption’ is ready for prime time

The Last Watchdog

And since 2005 or so, one area of focus has been on sharpening the math formulas that make attribute-based encryption possible. Encryption agility is going to be essential as we move forward with digital transformation. Refer: The vital role of basic research. All of the technical innovation cybersecurity vendors are churning out to deal with ever-expanding cyber risks, at the end of the day, come down to protecting encrypted data.

A Head Scratcher - Solving the Productivity Riddle

AIIM

But after 2005, these effects vanish from the measured statistics. Total productivity growth has fallen by two-thirds since 2005, while real GDP growth has averaged about 2 percent per year—all during a period in which the digital economy has continued to grow.”. I came across a chart recently that left me scratching my head. It was a chart from the Federal Reserve Bank of St. Louis, featuring U.S. Bureau of Labor Statistics (BLS) on labor productivity.

Episode 229: BugCrowd’s Casey Ellis On What’s Hot In Bug Hunting

The Security Ledger

Programs like iDefense Labs Vulnerability Contributor Program (VCP) (launched in 2002) and TippingPoint’s Zero Day Initiative (2005) were accused -at the time- of incentivizing the work of criminals and bad actors. .

SIEM Explained: What is SIEM and How Does it Work?

eSecurity Planet

Gartner first coined the term SIEM in 2005 to combine the technologies of security event management (SEM) and security information management (SIM). Security information and event management (SIEM) technology provides foundational support for threat detection.

Scaring People into Supporting Backdoors

Schneier on Security

This is me from 2005: Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Back in 1998, Tim May warned us of the "Four Horsemen of the Infocalypse": "terrorists, pedophiles, drug dealers, and money launderers."