This person , after leaving the company he worked for planted a “logic bomb” on his old company’s network. A logic bomb is essentially leaving a piece of code to mess things up at a specified time. Duronio quit his job as a systems administrator in February 2002 after repeatedly expressing dissatisfaction about his salary and bonuses, the statement said. He then planted malicious computer code known as a “logic bomb” into about 1,000 of UBS PaineWebber’s approximately 1,500 networked computers in branch offices. On March 4, 2002, the “bomb” detonated and began deleting files. Now this not-so-bright person was trying to profit off of the potential drop in stocks his old company would suffer after the files were deleted.[…]

Yes, yes…happens all the time and the news doesn’t even make headlines anymore. Here is the WTH part: The attacks on the database began in October 2005 and ended November 21 of this year, when computer security technicians noticed suspicious database queries, according to a news release posted on a school Web site set up to answer questions about the theft. More than a year… Here in the States we really need to enact some legislation requiring companies, universities, etc. to disclose these types of data breaches. Most people probably don’t know that such laws don’t exist — they most likely think that CA and NY just have really bad IT security.

From the SANS NewsBites today: Credit Bureau Security Breached. My favorite part is the fact that one login had authorization to access multiple records from TransUnion – according to the article, any record in the country. This account supposedly belonged to a courthouse in Kingman, AZ. I want to know two things: 1. WTH is an account from Arizona doing with authorization to access any credit information in the country? 2. Why doesn’t TransUnion own up to the fact that yes, it was a breach of their security systems? – A misconfiguration on their part is still a security breach. With regards to 1, the account was obviously given to a court to access other people’s records, and I can[…]

Just another hack attack, via SecurityFocus A fan of the music group Linkin Park appears to have hacked into the lead singer’s mobile phone web account, stealing the phone bill, call records and digital photos taken using the phone. Yeah, so what’s the big deal? Why am I suggesting it might be time to panic? The explosive attack on the privacy of the band member reportedly came from Devon Townsend, an obsessed fan inside Sandia National Laboratories Sandia Labs is part of the Nuclear Regulatory division of the Department of Energy… These are the folks that are dealing with the safety and security of our nuclear weapons. If there’s someone working there that can get this obsessed with Linkin Park,[…]

From this article a nifty way to protect your passwords at public terminals. But even more interesting is the digg discussion on the topic.

I found a link to this list through a series of links back to a friend’s LiveJournal. But OSX has almost no ‘standard’ security features These features are simple things like stack and heap protections. Anyone want to volunteer good code to OS X?