Adobe, Court Hackers Affect Up to 1 Million Washington State Residents

The Washington state court system has failed to protect personal data of as many as one million people.



Hackers have compromised the Washington state court system’s servers exploiting a vulnerability in Adobe’s ColdFusion app server.  This means personal data for up to one million residents, including access to at least 160,000 Social Security numbers.

The attacks affect residents who’ve been involved in three types of cases:

  1. Any type of traffic case that was filed in a district or municipal court from 2011 through 2012
  2. A DUI citation from 1989 through 2011
  3. A superior court criminal case in from 2011 through 2012 

ID-10074457 chanpipatTwo attacks were discovered last February and March of 2013, but state officials don’t know when the court system was hacked but suspect it was after September 2012.

The court system claims attackers had no access to financial information. But that’s a bogus conclusion any time Social Security and drivers’ license numbers are compromised.

The Administrative Office of the Courts (AOC) issued a technical explanation: 

“Once the breach was discovered, AOC took immediate action to further secure the environment and begin investigation and analysis into the depth and severity of the breach. In addition, AOC collaborated with the Washington State Consolidated Technology Services (CTS) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) for internet security, who provided valuable information in determining the scope of this security breach. MS-ISAC is a focal point for cyber threat prevention, protection, response and recovery for the nation’s state, local, territorial and tribal governments. The MS-ISAC 24×7 cyber security operations center provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification, and mitigation and incident response. AOC has implemented significant security enhancements to ensure that our systems and data are secure and to prevent the potential for future compromise.”

Look or an Adobe patch for a vulnerability on ColdFusion next week. Hopefully, it will protect against the courts’ flaw.

You can read the court system’s full explanation here.

From the Coach’s Corner, related security tips: 

“You have zero privacy anyway. Get over it.”

-Scott McNealy

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Photo courtesy of chanpipat at www.freedigitalphotos.net

Tips to Prevent Hacking of Your Bluetooth



Bluetooth technology, of course, allows you freedom when talking on your cell phone. But you’ll lose other freedoms if you don’t prevent scammers from exploiting your system via a trend called “bluebugging.”

Beware, cybercriminals using software, are able to intercept your Bluetooth signal to hack into your phone.

This, of course, means all your data, photos and call history are at-risk.

In addition, hackers are also making long distance calls at the expense of bluebugging victims.

On its Web site, the Better Business Bureau (BBB), www.bbb.org, warns about another bluebugging scam.

“Recently, the newest scheme is for scammers to set up a pay-per-minute phone number,” according to the BBB.

“Then, they hang out in a busy area and hack into phones. Scammers use the phones to dial the number and rack up charges by the minute,” warns the organization.

For protection, here are BBB’s bluebugging tips:

— Always use a minimum of eight characters in your PIN. The longer your code, the more difficult it is to crack.

— Switch Bluetooth into “not discoverable” mode when you aren’t using it. If you make a call from your car, be sure to switch it off when you get out. Crowded public places are top spots for hackers.

— Don’t accept pairing requests from unknown parties. If you happen to pair your phone with a hacker’s computer, then all your data will be at risk.

— When pairing devices for the first time, do so at home or in the office.

— Make sure you download and install regular security updates. Device manufactures will release updates to address threats and correct weaknesses.

The BBB also suggests checking out www.bluetooth.com for more tips.

From the Coach’s Corner, related security tips:

BYOD, Mobile-Banking Warnings about Security Prove Prophetic — Not to be gauche, but in 2009 you saw the Internet security warning here first – mobile banking is so risky an IT security guru said don’t do it. The warning was prophetic.

Who Profits from Android’s Security Issues? Not Users. — A government task force, the Internet Crime Complaint Center (IC3) has issued a dire warning about malware. In particular, it’s a threat to Android users.

Surprise — Cyber Criminals Chew up Apple Products, too — For years in terms of security, Windows has been considered inferior to Macs. But no longer thanks to malware security epidemics. If you’ve got an iPhone, get busy. Apple continues to have security issues. Apple was forced on Feb. 21, 2014 to fix a vulnerability with iOS 7.0.6

Identity Fraud Escalates in Smartphones, Social Media — Skyrocketing mobile malware threats amid widespread use of BYOD, bring your own devices, will lead to a $1.88 billion services market in 2013.

8 Tips to Avoid Being Victimized by Phishing Scams —  Despite all the publicity about phishing scams, even employees at a major health provider and university system are guilty of risking personal data, including medical information and Social Security numbers, for thousands of people.

Protect Your Bank Accounts So You Can Sleep at Night — Imagine for a moment — you’re sitting at your desk enjoying a second cup of morning coffee. Then, your phone rings. It’s a call from your bank to discuss possible fraud. Your bank is concerned about possible suspicious activity with your accounts, and wants to make sure you’re not a victim.

“In modern business it is not the crook who is to be feared most, it is the honest man who doesn’t know what he is doing.”

 -William Wordsworth


__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.




Photo image: www.scottliddell.net

Seattle business consultant Terry Corbell provides high-performance management services and strategies.