Tor infrastructure compromised. Upgrade now!

  announcement anonymity compromise tor update

A most disturbing announcement was posted to the or-talk mailing list by Roger Dingledine, one of the core developers of Tor. Earlier this month it was discovered that moria1 and gablemoo, two of the seven directory authorities of the Tor darknet were compromised along with a server added to the project's domain to track and serve metrics. One of the boxen was imaged for later analysis but all were reconstructed. New crypto keys were cut for the directory authorities due to the compromise, necessitating a new release of the software. Scarily, moria also hosted the Subversion and git repositories for …

Read more...

Virginia Prescription Monitoring Program compromised - 8 million records held for ransom.

  virginia compromise cracking database health_care medical_records prescription_medicine ransom records security

Yesterday morning, word got out through the Internet Storm Center that the web server of the Virginia Prescription Monitoring Program was compromised by an unknown attacker. The VPMP is tasked with recording all of the pharmaceutical prescriptions filled in the state of Virginia for the purpose of data mining to determine who may or may not be abusing prescription drugs, and probably who may or may not be selling their prescriptions on the street. Given that Virginia enacted some annoying laws a couple of years ago that require a photo ID to get hold of Sudafed and placed limits on …

Read more...

Ameritrade cracked - 6.3 million customers exposed.

  ameritrade compromise database spam stock_scam

The online stock trading and investment company TD Ameritrade announced this morning that a database server holding contact information for approximately 6.3 million customers was cracked and copied by agents unknown. They're saying that the Social Security and account numbers in the database weren't copied, but it sounds kind of odd that crackers would only take names, addresses, and e-mail addresses and leave the good stuff behind. Because the FBI, SEC (Securities Exchange Commission), and FIRA (FInancial Industry Regulatory Authority) are involved they're not allowed to release any more information pertinent to the case. The compromise appears to have …

Read more...