funsec mailing list archives
City of Tulsa website not hacked after all
From: Dan White <dwhite () olp net>
Date: Tue, 2 Oct 2012 09:51:03 -0500
http://www.tulsaworld.com/news/article.aspx?subjectid=334&articleid=20121002_11_A1_CUTLIN325691 "A third-party security firm that was hired to do periodic, unannounced tests of the city's networks for vulnerabilities used an "unfamiliar testing procedure" last month that city IT personnel misinterpreted as anunknown breach, according to a city statement.
The city's website was offline for more than two weeks as an investigationwas conducted and additional security measures were taken.
Some website functions, such as the public meeting agenda postings, arestill not working.
City officials didn't realize that the apparent breach was caused by the security firm, Utah-based SecurityMetrics, until after 90,000 letters had been sent to people who had applied for city jobs or made crime reports online over the past decade, warning them that their personalidentification information might have been accessed.
The mailing cost the city $20,000, officials said. The letters encouraged those contacted to closely monitor their credit reports for suspicious activity." -- Dan White _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- City of Tulsa website not hacked after all Dan White (Oct 02)
- Re: City of Tulsa website not hacked after all Valdis . Kletnieks (Oct 02)