Vulnerable Disclosures: Disbelief, Legal Threats, Admissions of Guilt... What a week...

Tuesday, May 26, 2015

Disbelief, Legal Threats, Admissions of Guilt... What a week...

So it's been an interesting week at SLC Security. We have been doing many security notifications over the past few weeks and the number one reaction to put things in perspective is disbelief. One company that we previously reported on actually called us back in disbelief. From what we can gather they have been owned for quite some time but have failed to resolve the issue (and we are still seeing problems from their network).

We have been providing grace periods before we report the issues and it's funny because until we post information on a company nobody even cares. They ignore the notifications and then as soon as the post hits the blog they want to call in a panic when if they responded to our notifications in the first place we would have not posted the information in the first place.

Also here's the biggest issue. Many times we remove the post if requested if we feel that the company is doing something to resolve their issues but guess what happens 95% of the time? They get added to the blacklist and our system detects activity and we know that they are still vulnerable to the same issue that we attempted to notify them of in the first place. So what should a group of security professional volunteers to do? Do we let the public vulnerable? That's what most of these companies would like to see us do. No we simply block them in our blacklist and then it goes out to our clients and customers that subscribe to our feeds.

It's a shame really that these companies can make money off of the Internet yet they don't want to invest in a secure environment for their computing requirements. In fact the number one issue we see is that people just don't seem to care. They would rather deny that they have an issue or try and brush the activity under a rug. Well guess what? You can't stop foreign companies from calling you out and the blacklist are still showing a problem.

Here is what you should do. Hire us! We reported on issues at BCBS (2 months prior to them becoming public), we reported issues at JP Morgan Chase (prior to them acknowledging an issue). We all know the PR nightmares that were caused by these cases and there are a few others that we detected ahead of time. The reality here is that our subscriptions and solutions are way cheaper than the PR nightmare of actually having to disclose a breach so my suggestion is to consider the fact that we are detecting problems faster than some of the larger infosec companies out there and our technology is completely different than what is being used in a traditional security model.

It really makes you stop and wonder as in the case of one of the big breaches several other entities that were named never publicly disclosed any issues yet after the big breach notification we stopped seeing the malicious activity. Do you think it is possible that they decided to fix the issue and sweep it under the rug?

--

SLC Security Services LLC is a private intelligence company located in Raleigh, NC. The company has been making breach notifications to companies and organizations that are not customers in order to help protect clients that could be affected by security issues on their corporate networks. The company has been providing notifications with a 2 day grace period before posting the notifications.

SLC Security provides threat intelligence products that can be directly consumed by your IDS, Firewall and monitoring solutions. We also provide outsourced monitoring to companies that want to augment their security staff and do not want to have to hire expensive analyst in house. By outsourcing your monitoring you are allowing your security teams to fix problems while you leave the detection and notifications to our highly skilled analyst.

No comments:

About SLC Security

The driving factor in us deciding to provide this service to consumers is the growing cost of cybersecurity defense and notification systems. We are providing an RSS feed of content as a public service. It is our policy to only release the full details of data breach information directly to the companies or entity that was the target of the breach or attack. If you need assistance researching the source of the breach or leak please visit SLC Security Services LLC to obtain assistance.

NOTICE: All information posted to this blog is derived from open source intelligence systems developed by SLC Security Services LLC. The OSINT-X platform is available via subscription and via a paid RSS Feed. The OSINT-X system only maintains 90 days but this timeframe may and will change without notice depending on the amount of data we are processing. We also provide a delayed RSS feed that may not contain all feed sources. The public RSS feed is on this page on the right hand side and is provided without charge. The moderators of this site are all volunteers and are not paid for their services.

If your company needs a TSCM Sweep or Vulnerability assessment feel free to contact us through the contact form on this page or call us at (717) 831-TSCM to schedule an audit.

NOTICE: Starting in January 2015 we will only discuss issues on the blog or in our feeds with the clients directly. We receive upward of 200+ calls per day requesting information. It is impossible for our volunteers to field that number of calls and still get our work done. While we would love to help every person that calls remember we are a for profit business and answering calls takes time. If we are not busy you may get in touch with us. The best approach is to email us at soc@slcsecurity.com instead of calling. Please include your name, telephone number and a brief reason for the call or communication and we will get back to you as soon as possible time permitting.

About this Page

The purpose of this page is to provide awareness to individuals and organizations that are leaking information and the information of their customers. The entities listed on this site are verified to be leaking personal information sometimes without the company even being aware. We will include information on what type of information is being leaked but we will not release the methods in which the information is being leaked unless we are under non-disclosure agreements with the organization. The information posted on this site will contain scrubbed information if we release it to protect the information source and to ensure that the person or persons being affected are not farther harmed by the disclosure of their personal information.

Before a breach is reported it is reported to the entity affected and we normally wait at least 5 days for a response. We only post disclosures whenever there have been no response by the organization or when it involves confirmed leaks or we can verify that the security issue has not been resolved by the organization. Certain items will remain on the blog if they are a major release or new information is being posted frequently concerning the incident.

We do NOT maintain data on the leaked information as we would not want to create a second incident. Reports are submitted by security researchers, patients, clients, corporations and through open source identification as well as through passive monitoring of open source systems and proprietary algorithms.

The information on this site is provided by SLC Security Services LLC a leading cyber security and investigation company located in Raleigh, NC. If your company appears on this list and you would like additional information you may contact us by mail at 2664 Timber Dr Suite 342 Garner NC 27529 or by email via the contact form available at www.slcsecurity.com or by phone at (717)831-8726.

The Stats

Reporting Stats are available upon written request.

Please report all known security issues to soc@slcsecurity.com. We will review each report manually whenever possible. Please note that not all reports will be published to the disclosure list. Also you can specifically request that the data NOT be posted during your submission.

RSS OSINT-X FEED PERMALINK
Feed Delayed 30-60 Minutes
Not all sources we monitor are in this RSS feed. This feed contains mostly news sites but does not include IRC, Darknet or File Dump site monitoring that our commercial products monitor for your organization. This feed is limited in scope. For full access you must be a customer under a service contract. If interested in a full service contract call (919)441-7353 to inquire about pricing and services available.

TWITTER FEED

Tuesday, May 26, 2015

Disbelief, Legal Threats, Admissions of Guilt... What a week...

No comments:

Post a Comment