[ISN] Texas company lays out 'hacking' case against Minnesota Public Radio

From: InfoSec News <alerts_at_private>
Date: Thu, 17 Dec 2009 02:08:11 -0600 (CST)
http://www.minnpost.com/braublog/2009/12/15/14315/texas_company_lays_out_hacking_case_against_minnesota_public_radio

By David Brauer 
minnpost.com
Dec 15 2009 

Do Minnesota Public Radio and reporter Sasha Aslanian realistically face 
civil and criminal penalties after uncovering a Texas firm’s security 
breaches involving state of Minnesota job-seeker data?

Lookout Services - which acknowledges an October security breach and 
subsequent security weaknesses - claimed in a Dec. 14 statement that 
their data was "illegally compromised." The company - which notes "only 
the Minnesota Public Radio reporter viewed" some data and wants MPR to 
disclose what was viewed - will "aggressively seek prosecution for this 
egregious act," according to the statement.

In a Dec. 11 report, Aslanian said she was able to see "employee names, 
birth dates, Social Security numbers and hire dates" on Lookout's web 
site "without using a password or encryption software."

Lookout CEO Elaine Morley says that’s not the whole truth. She contends 
Aslanian did use a password and ID to penetrate Lookout's security - and 
told Morley so during a Dec. 7 phone call. Later, Morley asserts, 
Aslanian used information from that penetration to view the state data, 
even though she didn’t need a password or encryption that time.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Thu Dec 17 2009 - 00:08:11 PST

This archive was generated by hypermail 2.2.0 : Thu Dec 17 2009 - 00:28:50 PST