Tech

Capital One Data Breach – I Have Questions

ByMike McBride July 31, 2019July 30, 2019 Reading Time: 2 minutes

I’m sure by now that you’ve seen news, and hot takes on the data breach of Capital One.

Many of the articles I’ve seen about it have been focused on the fact that they went from finding the breach on July 19, to an arrest on July 29, which is pretty amazing really. But, I’m not ready to start proclaiming Capital One as the new standard bearer for breach response just yet.

First off, the breach apparently first started in March, and the data dump that was found was dated April 21. Capital One didn’t know anything about it until someone told them about it:

On July 17, a tipster wrote to a Capital One security hotline, warning that some of the bank’s data appeared to have been “leaked,” the criminal complaint said.

After that, apparently it was fairly easy to track down the hacker, because she bragged about it online.

The suspect, Paige Thompson, 33, left a trail online for investigators to follow as she boasted about the hacking, according to court documents in Seattle, where she was arrested and charged with one count of computer fraud and abuse.

There’s more details elsewhere, including the fact that the data was stored under an account with her name on it, that she bragged about it using the handle “erratic”, which she also used to communicate details about her self, including a pic of her cat’s vet bill. She practically gave the FBI a map to the data, and her identity. Great that they were able to follow it, but let’s not talk about how great the cyber defense was here.

So, while yes, she was a former Amazon employee who worked with AWS, she doesn’t appear to be the brightest hacker out there.

And yet, she was still able to easily make off with “140,000 Social Security numbers and 80,000 bank account numbers.”

All because someone at Capital One built an application using AWS and left a firewall misconfigured.

Far from a victory for cybersecurity folks, this is actually kind of embarrassing. We are failing when it comes to protecting data, and this just makes that more obvious.

Follow these topics: Tech

HelpDesk | LawFirms | Tech

Annual Exercise – Helpdesk Shift?

ByMike McBride October 21, 2008 Reading Time: 2 minutes

Today at work I was being helpful and covering the helpdesk for an hour so that our helpdesk folks could have a meeting with their manager. Being the always-on kind of guy, I posted to twitter from my phone about doing that and what it was like. In fact, I mentioned that it was kind…

Tech

Segway

ByMike McBride December 3, 2001July 22, 2015 Reading Time: 1 minute

I suppose, since this is a blog about technology, that I have to comment on “IT” or “Ginger” or “Segway”, whatever you choose to call Dean Kamen’s latest invention . Frankly, I’m not overly impressed. Unlike some others , I don’t want one. I have no need for it, and I don’t typically spend $3000…

Links | Tech

Linked – How to create a security-focused work culture

ByMike McBride March 18, 2019March 18, 2019 Reading Time: 2 minutes

So the problem is laid out pretty well in this statement: In a press release about the report, Monu Kalsi, vice-president of Shred-it, is quoted as saying, “The study’s findings clearly show that seemingly small habits [of employees] can pose great security risk and add up to large financial, reputational and legal risks.” And the…

Tech

An honest look at NFTs

ByMike McBride April 7, 2021April 6, 2021 Reading Time: 2 minutes

If you’ve been paying attention around the ol’ Internet lately, I’m sure you’ve seen someone talk about an NFT, or at least how much money is being spent on buying up various NFT items at auctions.

But what, exactly, is an NFT? (Non-fungible Token)

LawFirms | LitigationSupport | Tech

Techshow Day 3 Session 2

ByMike McBride March 15, 2008July 19, 2014 Reading Time: 3 minutes

Automated Documents Barron Henley and Allan MacKenzie Barron: Quit using copy/paste and search replace to create documents! You copy over errors into all your documents. Most of the people, who consider themselves power users, don’t use word processing software effectively at all. Movement away from per hour billing to flat fee means you need to…

Tech

Is Google About the Change The Way We Browse the Web?

ByMike McBride April 26, 2019 Reading Time: 3 minutes

The rumor is that Google Chrome will soon be using DNS over HTTP in order to navigate the web. When it does, that may provide some level of privacy, and security, but it may break a whole lot in the process, and that is worrying some: DOH will encrypt the addresses of the websites we…

Capital One Data Breach – I Have Questions

Like this:

Annual Exercise – Helpdesk Shift?

Like this:

Segway

Like this:

Linked – How to create a security-focused work culture

Like this:

An honest look at NFTs

Like this:

Techshow Day 3 Session 2

Like this:

Is Google About the Change The Way We Browse the Web?

Like this:

Leave a ReplyCancel reply

Top Posts

Like this:

Similar Posts

Like this:

Like this:

Like this:

Like this:

Like this:

Like this:

Leave a ReplyCancel reply

Follow Me

Top Posts