A most disturbing announcement was posted to the or-talk mailing list by Roger Dingledine, one of the core developers of Tor. Earlier this month it was discovered that moria1 and gablemoo, two of the seven directory authorities of the Tor darknet were compromised along with a server added to the project's domain to track and serve metrics. One of the boxen was imaged for later analysis but all were reconstructed. New crypto keys were cut for the directory authorities due to the compromise, necessitating a new release of the software. Scarily, moria also hosted the Subversion and git repositories for …

Yesterday morning, word got out through the Internet Storm Center that the web server of the Virginia Prescription Monitoring Program was compromised by an unknown attacker. The VPMP is tasked with recording all of the pharmaceutical prescriptions filled in the state of Virginia for the purpose of data mining to determine who may or may not be abusing prescription drugs, and probably who may or may not be selling their prescriptions on the street. Given that Virginia enacted some annoying laws a couple of years ago that require a photo ID to get hold of Sudafed and placed limits on …

The online stock trading and investment company TD Ameritrade announced this morning that a database server holding contact information for approximately 6.3 million customers was cracked and copied by agents unknown. They're saying that the Social Security and account numbers in the database weren't copied, but it sounds kind of odd that crackers would only take names, addresses, and e-mail addresses and leave the good stuff behind. Because the FBI, SEC (Securities Exchange Commission), and FIRA (FInancial Industry Regulatory Authority) are involved they're not allowed to release any more information pertinent to the case. The compromise appears to have …