Late last December ended with a hacker leaking data on 300,000 Verizon FIOS customers which was apparently stolen via a third-party partner of Verizon. And now, the middle of 2013 ends with Edward Snowden, the former Booz Allen Hamilton contractor who worked for the National Security Agency (NSA), leaking secrets about NSA spying, including that Verizon, along other U.S. telecom companies, gives customer phone records to the NSA. It's been a busy six months for security chills and spills, and here's our semi-annual update on the "biggest security snafus so far" this year.
- Hacker group NullCrew brazenly broke into the Department of Homeland Security website through a section advising foreigners about studying at American schools, and dumped internal DHS information onto a public Pastebin page.
- When it was noticed that the Apple iOS 6's new Do not Disturb' feature stopped resetting according to schedule on New Year's Day, Apple said scheduling wouldn't work until Jan. 8, 2013.
- A 27-year-old Romanian man, Cezar Butu, was sentenced to 21 months in prison after admitting he was part of a group that stole payment card data from hundreds of computers belonging to merchants in the U.S.
- A Chinese man, Xiang Li, 36, pled guilty in U.S. court to selling pirated software used by the U.S. defense, space and other industries that would have retailed for $100 million. Li and a partner sold the pirated software for between $20 and $1,200 though some of it would have retailed for $1 million. Buyers of the pirated software included a NASA electronics engineer and a scientist at a government contractor selling microwave technology and other products used in military equipment. Li had been nabbed by U.S. undercover agents from the U.S. Immigration and Customs Enforcement on the island of Saipan.
- The exploit for a Java-based zero-day vulnerability was added into popular attack toolkits, but Oracle didn't have immediate plans to patch the vulnerability. Security experts, as well as the U.S. Computer Emergency Readiness Team (US-CERT), advised disabling Java in browsers. Oracle then issued an emergency patch advising customers to update Java 7 immediately.
- The programming framework Ruby on Rails was found to have two critical security vulnerabilities. The worse one was a hole that allowed anyone to execute commands on the servers running affected web applications. Developers were advised to patch to the latest update immediately.
- The Utah Health Department admitted data on 6,000 Medicaid recipients was compromised due to the employee of an outside contractor, Goold Health Systems, losing a USB memory stick containing the data.
- Restaurant chain Zaxby's Franchising said it found malware on the systems of many of its restaurants after it was notified of potential fraud activity at dozens of its restaurant locations. Zaxby's said it thinks the attacks originated outside the restaurant chain and is in touch with law enforcement about it.
Sign up for Computerworld eNewsletters.