City of Tulsa website not hacked after all

[Dan White <dwhite () olp net>]

http://www.tulsaworld.com/news/article.aspx?subjectid=334&articleid=20121002_11_A1_CUTLIN325691

"A third-party security firm that was hired to do periodic, unannounced
tests of the city's networks for vulnerabilities used an "unfamiliar
testing procedure" last month that city IT personnel misinterpreted as an
unknown breach, according to a city statement. 

The city's website was offline for more than two weeks as an investigation
was conducted and additional security measures were taken. 

Some website functions, such as the public meeting agenda postings, are
still not working. 

City officials didn't realize that the apparent breach was caused by the
security firm, Utah-based SecurityMetrics, until after 90,000 letters had
been sent to people who had applied for city jobs or made crime reports
online over the past decade, warning them that their personal
identification information might have been accessed. 

The mailing cost the city $20,000, officials said. The letters encouraged
those contacted to closely monitor their credit reports for suspicious
activity."

--
Dan White
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.