Organizations Need To Implement Additional Security Precautions As Many Well Known Organizations Bec

By Author: EC-COUNCIL
Total Articles: 68
Comment this article

The growing numbers of security breaches continue to expose internet users around the world to unnecessary and dangerous risk. Organizations may step-up its security levels by hiring information security professionals who are fully equipped with the best technical security training certifications.
Recently, popular UK online retailer Play.com has admitted its customer database was recently the scene of a security breach. CEO of Play.com, John Perkins, sent an email out to customers explaining that on March 20th some customers had receiving a spam email to email addresses they only use for Play.com.
Perkins said that the issue could be related to "irregular activity” that was traced back to December 2010 at its email service provider, Silverpop.
"We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps,” he said.
"Investigations at the time showed no evidence that any of our customer email addresses had been downloaded. We would like to assure all our customers that the only information communicated to our ...
... email service provider was email addresses.”
According to Perkins, all other personal information such as credit cards, addresses and passwords are kept in the very secure Play.com environment.
He added, "Play.com has one of the most stringent internal standards of e-commerce security in the industry,” This is audited and tested several times a year by leading internet security companies to ensure this high level of security is maintained.”
Another popular website, TripAdvisor, has also come forward with details of a recent breach. The travel website sent out an email to users explaining the hackers had only made off with email addresses after a selection of its 20 million-strong email list was stolen.
The company has posted a message outlining some details of the incident, which supposedly took place “recently” and involves an undisclosed number of member email detail taken from the system.
Officials are intent to stress that the company does not collect credit card details or any other financial information, but it is warning members that they may receive some “unsolicited emails” as a result of incident.
“We sincerely apologize to our affected members for this inconvenience and are implementing additional security precautions to help prevent another incident in the future.
Agencies from outside the company are now said to be looking into the theft due to the seriousness of the breach, although it is unclear whether the investigation is taking place at one of its international offices or the headquarters in Massachusetts, US.
“While we’re still investigating the details, we’ve identified the vulnerability, shut it down and are vigorously pursuing the matter with law enforcement.”
The bulletin to members goes on to explain how they might be able to identify any unsolicited emails in the future and how to deal with them.
How such a major incident could have taken place may well emerge in the coming weeks, but while TripAdvisor’s transparency with coming forward immediately to notify members should be applauded, such openness elsewhere may also shed some light on some of the wider IT practices within the company.
A technical manager wrote in forums seven months ago that TripAdvisor developers have “root access on every box”, meaning that technical staff could essentially see all files, delete them and add them from a server.
There is no evidence at all at this stage whether the theft was carried out by individuals within the company or from the outside.

IT professionals will have to have the right skills if they want to improve their organization’s information security management and protect affected members in the event of a data breach. EC-Council, a leading information security certification body, offers technical security training courses that are designed for effective and dynamic implementation, providing organizations worldwide efficient and superior knowledge to safeguard against cyber-crime related incidents including misuse of compromised data.
TakeDownCon Dallas 2011, is a highly technical information security conference that will showcase how different systems can be compromised with ease. Topics that will be discussed include how security systems are being breached, and what methods perpetrators are employing to hijack or steal your assets, and proliferate from it. TakeDownCon will also feature a pre-event training platform offering EC-Council ethical hacking training including the world-renowned Certified Ethical Hacker (CEH) and Computer Hacking Forensic Investigator (CHFI) programs.
ABOUT EC-COUNCIL:
EC-Council is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous ethical hacking training , the Certified Ethical Hacker (CEH) course, Computer Hacking Forensics Investigator (CHFI) program, License Penetration Tester (LPT) program and various other technical security training programs offered in over 60 countries around the globe. TakeDownCon Dallas 2011, is one of the conferences of EC-Council’s Take Down information security conference series. www.eccouncil.org