tag:securitywatch.eweek.com,2012:/13 2012-02-13T18:28:28Z Movable Type Pro 4.32-en tag:securitywatch.eweek.com,2012://13.36163 2012-02-12T18:25:59Z 2012-02-13T18:28:28Z

Mozilla has closed a serious security vulnerability in its latest Firefox Web browser. Users who have upgraded to Firefox 10 should immediately update the browser.

Fahmida Rashid Less than two weeks after releasing Firefox version 10, Mozilla has updated its popular Web browser to close a security flaw. A critical security vulnerability has been fixed in Firefox 10.0.1, Mozilla wrote in its advisory Feb. 10. The serious use-after-free flaw was found in a component that is shared with other Mozilla products, including the Thunderbird mail client and SeaMonkey application suite. "Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable," Mozilla said in its advisory. Firefox 9 and earlier versions are not affected by this vulnerability, according to Mozilla. Mozilla had released Firefox 10 on Jan. 31. Nine security holes had been patched in the new version, of which five had been rated critical. The critical issues addressed included a potential memory corruption flaw, objects being accessible even after being removed, memory safety hazards, malformed stylesheets, and frame scripts bypassing security checks. tag:securitywatch.eweek.com,2012://13.36157 2012-02-09T21:49:29Z 2012-02-10T19:19:33Z

Spammers are not turning into political pundits, but they are using Republican candidates to advertise their scams, according to Bitdefender. Mitt Romney is handily beating Newt Gingrich in this contest.

Fahmida Rashid "Most Mentioned Politician" spam survey, at 33 percent, followed by Ron Paul at 12.18 percent. "The results could indicate the politicians spammers think are most likely to get a reaction from random e-mail readers," Botezatu said Romney's name was being used in scam messages that advertise low-interest loans, free credit score analysis or ways to reduce the costs of the energy bill, Botezatu said. Gingrich spam tried to sell high-interest loans and miracle devices that could dramatically cut energy costs. "Political parties and colors don't really make any difference for spammers, who use candidates' names alike just to accomplish their hidden agenda," Botezatu said. While messages referencing political figures account for less than 1 percent, or 0.243 percent, of total spam volume, spammers are aware that the average Internet user is worried about the impact political change will have on their lives, according to Botezatu. In contrast, celebrity spam, which used to be one of the most popular spam vehicles a few years ago, is a mere 0.158 percent of global spam volume. Spammers are also inserting fragments of news reports about the primaries in order to "give extra credibility to the message," and to trick anti-spam filters, Botezatu said. ]]> tag:securitywatch.eweek.com,2012://13.36151 2012-02-08T16:11:13Z 2012-02-08T20:41:40Z

SwaggSec has picked up where LulzSec left off, attacking Apple's China-based iPhone manufacturer for fun and dumping passwords online

Fahmida Rashid Pastebin. @SwaggSec claimed responsibility for the breach on its Twitter account. The Pastebin post also included a link to the torrent file containing the leaked data. The torrent has yet to be analyzed, but it appears to contain user names and passwords. SwaggSec gave "consent" to others to "scavenge" through the torrent file to find user names and passwords that may work on other sites. "The passwords inside these files could allow individuals to make fraudulent orders under big companies like Microsoft, Apple, IBM, Intel and Dell," SwaggSec wrote in the post. These companies are known Foxconn customers. Foxconn had an "appropriate firewall" but SwaggSec was able to bypass it "almost flawlessly." The post mentions the breach occurred over several days and the group used several different techniques. SwaggSec's Twitter feed has a post from Jan. 26 claiming one of their victims was running an outdated and unpatched version of the Internet Explorer Web browser. It is not clear whether there were other victims, but it is likely the post refers to Foxconn. While SwaggSec enjoys "exposing governments and corporations," it appears the group attacked Foxconn just for fun. The "statement" on Pastebin references reports of inhuman conditions suffered by Foxconn workers and the recent rumor of an iPhone 5 launch. The group was "considerably disappointed" about the working conditions, but SwaggSec is not "hacking a corporation for such a reason," the statement said. "We are slightly interested in the existence of an iPhone 5, we are not hacking for this reason," the group added. "The more prominent reason is the hilarity that ensues when compromising and destroying an infrastructure," according to the statement. Even hacktivists with good intentions have a small part that enjoys feeling the "menacing satisfaction" that comes from a successful attack, the group claimed. "But to us and many others, the destruction of an infrastructure, the act of destruction that does not affect an individual, brings a sense of newfound content, a unique feeling, along with a new chance to start your own venture," SwaggSec wrote on the post. The sentiment is very similar to the statements made by LulzSec, a group of six hackers that wreaked havoc through cyber-space for a little over two months last year. The group insisted its activities were carried out for fun, to "entertain" and supposedly was not financially motivated. LulzSec disbanded in June. Some of the members, including Topiary, Kayla and T-flow have been arrested. Others who have not yet been caught are believed to be still active under the Anonymous banner. SwaggSec's icon, a sketch of a person wearing a top hat, is drawn in a style similar to LulzSec. ]]> tag:securitywatch.eweek.com,2012://13.36159 2012-02-08T15:22:41Z 2012-02-10T15:28:46Z

For anyone who has deleted photos on Facebook, it turns out the social networking company still hasn't fixed the problem where the images aren't removed from its CDNs.

Fahmida Rashid reported Ars Technica. Facebook offers the option to delete photos, but it appears the images are removed only from the site and not from the content delivery networks it uses to speed up user experience. Anyone who has the direct link to the image is able to navigate to it, even if it's not accessible from Facebook directly. Ars Technica originally brought the issue to Facebook's attention back in 2009, and the social networking site promised a fix was on the way. Facebook was "working with our content delivery network (CDN) partner to significantly reduce the amount of time that backup copies persist," the social networking giant said at the time. Ars Technica this month tested out some of the links to deleted images and found the images were still available, nearly three years after the initial 2009 report. Ars had also followed up with Facebook in Oct. 2010. The tested links belonged to staffers and to readers who had submitted their own links for testing. On Feb.3, Facebook admitted that its older systems for storing uploaded content "did not always delete images from content delivery networks in a reasonable period of time even though they were immediately removed from the site." Facebook is apparently finishing up a newer system that would make the process quicker, according to the Ars report. In contrast to Twitter and Flickr, where images are deleted instantly, Facebook's new system, when finally live, would ensure photos are fully deleted within 45 days of the removal request being received. Or so the spokesperson promised to Ars. As Ars Technica's Jacqui Cheng noted, "With a company history of stretching the truth when asked about this topic - we'll have to see it before we believe it."]]> tag:securitywatch.eweek.com,2012://13.36156 2012-02-04T21:23:29Z 2012-02-09T21:29:28Z

Apple and PHP released another set of security updates to fix serious issues that were introduced in a previous security update.

Fahmida Rashid HTTP Server 2.2.22 which included fixes to six significant security flaws. Most of the vulnerabilities were rated either moderate or low. Apache fixed two low-priority privilege escalation issues, three moderate-priority exposure flaws, and another low priority bug that could be exploited with a malicious cookie in the 2.2.22 release. Apple updated Mac OS X Snow Leopard and Lion with a massive Security Update on Feb 1. Apple released Security Update 1.1 on Feb. 4 to address some of the issues that was introduced with the earlier update. Mac OS X Security Update 2012-001 v1.1 also removed the three ImageIO fix that had been part of the original update but did not provide any explanations as to why. The PHP team also released PHP 5.3.10 to fix a remote code execution vulnerability that had been introduced in a previous update on Feb. 3. A pair of researchers at the Chaos Communication Congress conference in Germany demonstrated a new technique in December that could cause a denial of service condition. The vulnerability existed in several Web application frameworks, including ASP.NET, Apache Tomcat, Oracle Glassfish Server and PHP. The PHP team released version 5.3.9 in January to address the hash collision problem. PHP fixed the issue by limiting the number of input parameters and didn't introduce a new function. The "max_input_var" parameter limited the number of input parameters a request may send to 1,000. It turned out the fix was implemented incorrectly and instead, introduced a remote code execution flaw in PHP 5.3.9. An attacker would be able to craft a malicious request that could executive code on a Web server running PHP 5.3.9. Administrators running PHP 5.3.9 should patch immediately. The SANS Institute's Johannes Ullrish recommended that administrators running PHP 5.3.8 actually wait and not upgrade at all. ]]> tag:securitywatch.eweek.com,2012://13.36144 2012-02-01T22:26:43Z 2012-02-01T23:12:45Z

After earlier reports claimed all the data on Megaupload would be deleted this week, it appears users may be able to reclaim their legitimate data.

Fahmida Rashid MegaRetrieval.com to help users work with the EFF "to investigate their options for retrieving their legitimate, non-infringing files," the company said in a statement. Carpathia insisted that it "does not have, and has never had, access to the content on Megaupload's servers," and it still wants to "assist lawful users of the Megaupload service." Although originally reported that the data would be deleted as early as Feb. 2, it now appears that the data would be maintained for at least two more weeks, according to Ira Rothken, an attorney representing Megaupload in the legal case. "Carpathia Hosting has no immediate plans to reprovision some or all of the Megaupload servers. This means that there is no imminent data loss for Megaupload customers. If this situation changes, Carpathia will post a notice at least seven days in advance of reprovisioning any Megaupload servers at http://www.Carpathia.com and MegaRetrieval.com," Brian Winter, chief marketing officer at Carpathia, said in a statement. The data reprieve means that users who used the service to store personal files and photos may be able to regain access to their data. The servers have been offline since the Federal Bureau of Investigation shut down Megaupload and arrested seven executives on charges of racketeering, money laundering and copyright violations. ]]> tag:securitywatch.eweek.com,2012://13.36155 2012-02-01T21:17:32Z 2012-02-09T21:21:52Z

Romanian police have arrested TinKode and charged him for breaching Websites belonging to NASA and the Pentagon

Fahmida Rashid Romanian Directorate for Investigating Organized Crime and Terrorism said in a statement Jan. 31. He's charged with breaking into wireless systems to obtain data, unauthorized transfer of data, and seriously disrupting computer operations. The agency also claimed that Cernaianu sold hacking tools to others online. TinKode broke into Websites belonging to the Department of Defense and the National Aeronautics and Space Administration as well as computers belonging to the United States Army. He publicized the SQL injection vulnerabilities he had discovered and he disclosed the confidential data he had stolen from the US Army online. TinKode had "no right to access multiple servers belonging to the U.S. Army, in order to obtain confidential data" that was copied and transferred into another computer, according to a Google Translate version of the statement. Those two incidents are not all that he's done, as his list includes breaking into the British Royal Navy's Website in November 2010 and obtaining several site passwords. TinKode also exploited SQL injection vulnerabilities to break into MySQL.com and the European Space Agency. TinKode was not out for financial gain or data. The attacks were all about showing off TinKode's abilities and getting bragging rights. Romanian security experts say that hackers are often treated like heroes in Romanian press. Even so, "Perhaps now is a good time to remind everyone who thinks it's cool or amusing to expose an organisation's weak security that hacking into a site is still a crime, regardless of what your incentive may be," Graham Cluley, a senior technology consultant at Sophos, said. ]]> tag:securitywatch.eweek.com,2012://13.36132 2012-01-25T03:36:17Z 2012-01-25T04:54:07Z

Pwn2Own hacking contest has been modified to drop mobile devices and to make it a fairer competition than the previous winner-takes-all model.

Fahmida Rashid launched contest Website. Each successful compromise with a zero-day vulnerability will be worth 32 points. In the past, as soon as one researcher succeeded in the exploiting the targeted software, that aspect of the competition was over in a winner-take-all format. With the new points system, all the researchers would be able to take their turn, and the winners will win based on the number of points accumulated during the entire contest. Mobile devices have been dropped altogether from this year's Pwn2Own contest. The Pwn2Own organizers will also announce two previously patched vulnerabilities for which contestants could write exploits over the three day contest. Points awarded for a successful exploit will decrease with each day, with 10 days on the first day, nine on the second day and eight points on the third. The exploits won't need to use a sandbox escape or bypass protected mode in browsers. The changes are intended to make the event fairer for everyone involved. The three researchers with the highest point totals at the end of the three-day contest will win the cash awards, of $60,000, $30,000 and $15,000, respectively. The prizes are coming from Hewlett Packard. Contestants also win the laptops that they're able to successfully compromise targets on. Google is offering prizes of $20,000 for every unique set of bugs that can compromise the Chrome browser without any platform-specific bugs. Participants will have to get full code execution outside of Chrome's sandbox to claim the prizes. Google will also pay $10,000 for Chrome vulnerabilities that get code execution outside of the sandbox but require an operating system specific vulnerability to work successfully. All the vulnerabilities used in the contest become part of the ZDI database and immediately disclosed to the affected vendor. ZDI works with the vendor to get all the relevant information and helps get the security flaw fixed. CanSecWest will be held March 7 to March 9 in Vancouver. ]]> tag:securitywatch.eweek.com,2012://13.36131 2012-01-24T03:24:47Z 2012-01-25T03:34:10Z

Download apps only from trusted sources and official application stores, but also scrutinize the developer name to verify the app's legitimacy.

Fahmida Rashid Glyn Evans of iPhoneography, who found the app on Jan. 21. Once notified, Apple pulled the app from the App Store. It was not clear if Camera+ 4.0 VS & SS was just piggybacking on the popular name or if it actually has malicious functionality, according to Graham Cluley, a senior technology consultant at Sophos, wrote on the Naked Security blog. Even so, Apple's approval process should have noticed that someone was uploading an app with the same name as an app that is currently the 14th best-selling app in the App Store, according to Cluley. "Apple should surely recognize if someone other than Tap Tap Tap tries to submit it to the store?" Cluley said. The real makers of Camera+, Tap Tap Tap, confirmed on Twitter that the app was fake. "Oh Apple and your all too often disappointing approval process," the developers posted on Twitter. Android users learned the hard way last year that malicious apps can masquerade as photo apps and mobile wallpapers on the Android Market. There was a sense that Apple's App Store was safer because Apple pre-approves each app before it appears in the store, something Google doesn't do for the Android Market. Even so, that doesn't mean fake or malicious apps have never appeared on the App Store. Mac security researcher Charlie Miller's proof-of-concept app that would have allowed remote users to execute unsigned code on the iPhone was approved for the App Store last fall. "As always, be careful what applications you install on your computing devices - even if they come from the Apple App Store," Cluley said.]]> tag:securitywatch.eweek.com,2012://13.36100 2012-01-07T19:47:28Z 2012-01-09T19:55:55Z

McAfee addressed hacktivism in their 2012 security predictions.

Fahmida Rashid security predictions for 2012. Anonymous is a loosely defined collective with no formal hierarchy or set of leaders. Any individual can take part in an Anonymous operation, and anyone start a campaign and encourage supporters to join in. The lack of a structure has resulted in several members to denounce certain attacks as not being "really" from Anonymous. There have been disagreements between members whether or not to target a company even before the operation launched. "Either the 'true' Anonymous group will reinvent itself, or die out," McAfee Labs said. Just as there's no official "face" for Anonymous, there's no preferred method of attack. Some members prefer launching denial of service attacks to disable Websites and disrupt operations to prove a point. Others would rather exploit network and application vulnerabilities to capture and dump personally identifiable information on the Internet, a practice now known as 'doxing.' Anonymous and similar hacktivist groups will also cross the line between the digital and physical worlds and start organizing physical protests, McAfee said. The group organized protesters in the San Francisco Bay Area to protest police shootings by the transit police at the Bay Area Rapid Transit system in August and helped publicize the Occupy protests in the fall. McAfee also predicted there will be more focus on cyber-warfare, increased government activity in cyber-space and more hacktivism in 2012.]]> tag:securitywatch.eweek.com,2012://13.36095 2012-01-06T21:37:09Z 2012-01-07T00:09:39Z

Several Stratfor subscribers have received emails purporting to be from Stratfor but were clearly from Anonymous. Stratfor has issued a warning, but in this day of paranoia, there are doubts over the warning's legitimacy.

Fahmida Rashid Strategic Forecasting servers over Christmas Eve and waltzed off with over 800,000 password hashes belonging to individuals and corporations who have subscribed to the organization's publications. Credit card numbers and other sensitive data were also part of the haul. An eWEEK reader who also subscribes to Stratfor publications forwarded a Jan. 5 email message he received that purported to be from George Friedman, president of Stratfor, but was actually from the attackers. The email mocked the circumstances around the Stratfor breach and contained both Friedman's home and cell phone numbers. "To show our appreciation for your continued support, we will be making available all of our premium content *as a free service* from now on," according to the email. This was clearly not legitimate, and the senders made no attempt to try to be, as they included the Anonymous tag line, "We are Anonymous. We do not forgive. We do not forget. We are legion. Expect us!" at the end. There was also a second note appended at the end bragging about all the activities the collective has been involved in over the past few months. A few hours later, Stratfor recipients received yet another email purporting to be from Stratfor warning that the earlier message and other similar variants which had attachments or asked for private information were fake. "I also want to assure everyone that Stratfor would never ask customers and friends to provide personal information through the type of attachment that was part of the email at issue," Friedman wrote in the email. However, Mattijs Koot, a Ph.D. student at the University of Amsterdam, who had received both messages, found several items in this second email that seemed a little suspicious. The mailserver for the second email and one of the links in the email just didn't look right as they pointed to en25.com. The "from" header on regular mailings said "STRATFOR" but the latest email had "Stratfor," Koot added. "Authentic STRATFOR mailings often link to images on en25.com but that does not permit me to trust that a host in the en25.com domain, which also has a yet-unknown IP address, is a source for authentic-only STRATFOR mailings," Koot wrote on his blog about the mailserver that sent the message. He also noted that the link to unsubscribe from future emails usually pointed to app.response.stratfor.com, but the latest email linked back to en25.com. If the email is authentic, the effort appears to be "clumsy" on Stratfor's part, according to Koot. Stratfor has not responded to eWEEK's queries to verify the email. Everyone is on the edge about data breaches and malicious email, leading some people to even question warning messages. Koot even wondered whether Stratfor's Twitter and Facebook accounts, which contain the same text, was still under the publishing firm's control. In previous data breaches, there were concerns that scammers would send spam and phishing emails to all the people whose information was leaked. The original attackers contacting the victims directly to gloat some more appears to be a new development.]]> tag:securitywatch.eweek.com,2012://13.36093 2012-01-06T01:52:41Z 2012-01-06T12:04:57Z

Hackers claiming to have Symantec's Norton Antivirus source code are threatening to publish it, but security researchers and Symantec don't seem all that concerned.

Fahmida Rashid available on Google Cache. To prove their claims, the group posted excerpts of various documents they'd obtained, including an internal document from April 1999 that discussed the application programming interface for the company's Definition Generation Service. "As of now we start sharing with all our brothers and followers information from the Indian military intelligence servers," according to the post. The group has discovered "source codes of a dozen software companies," they added. The leaked document merely explains how the software is designed to work, such as what inputs are accepted and what outputs are generated, Cris Paden, senior manager of corporate communications at Symantec, told eWEEK. While the document contains function names, no actual source code was present in that document, according to Paden. The fact that the hackers claimed to have discovered source code for several types of software on the breached military server is not a surprise, as many governments require companies to supply source code to prove it isn't spyware, Rob Rachwald, director of security strategy at Imperva, told eWEEK. He said it wasn't unusual, especially when working with the military. The group breaching military servers should be of bigger concern than the possibility of leaked source code, Stephen Cobb, a security evangelist for ESET, told eWEEK. A security breach on such sensitive servers could "prove harmful to cooperation between public and private sectors," Cobb said. Lords of Dharmaraja promised to post actual source code for Norton Antivirus online once they lined up some mirror sites. "We are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies," the group wrote. Symantec is still investigating the incident, according to Paden. "As for the second claim of additional code, we cannot confirm or deny those claims as we are still analyzing the information," Paden said. While it "clearly is undesirable" for any antivirus vendor or software vendor to have their source code made public, it does not necessarily mean the protection the software provides has been compromised, Chester Wisniewski, a senior security adviser at Sophos, told eWEEK. It could provide attackers with the knowledge needed to exploit undiscovered or unpatched vulnerabilities, but shouldn't provide "any miracle insights" needed to defeat the product, according to Wisniewski. Imperva's Rachwald also noted that the only people to benefit from looking at the source code are likely to be Symantec competitors who would be able to look at how the company built its antivirus engine. There isn't "much" malware writers can learn from the source code, since they don't need to know how the engine works to defeat it, according to Rachwald. Antivirus software runs on signatures, and developers have been effectively creating malware that can evade detection for quite some time now, Rachwald said. Antivirus software tends to have a poor rate of detection, as low as 20 percent to 30 percent, because criminals are testing their code against security products and using encryption and other methods to ensure they slip through, he said. If the source code also dates back to 1999, then the information is likely to be of interest to only "software historians" interested in how software was created a decade ago, Aryeh Goretsky, a researcher for ESET, told eWEEK. It takes roughly two years to create a new antivirus engine, and although there may be certain elements that still stay the same, there's enough of a generational gap that attackers won't be able to find vulnerabilities in the source code that can be used to exploit modern versions of the software, he said. While an actual source code leak could turn out to be embarrassing for Symantec, it won't impact Symantec that much in the market, either, according to Goretsky. "It happened to both Kaspersky a year ago and Microsoft in 2004, and neither seemed to suffer any ill effects, economically," Goretsky said. If all the attackers have is a 12-year-old API document, the contents of which can be reverse-engineered from publicly available information, then Symantec and their customers can have "some confidence that the sky is not falling," Wisniewski said.]]> tag:securitywatch.eweek.com,2012://13.36089 2012-01-04T21:39:23Z 2012-01-04T23:49:56Z

Scammers are tricking users who hate Facebook's Timeline into clicking on likejacking and other malicious scams.

Fahmida Rashid checked out Timeline and decided they hate it are being targeted by scammers on the social networking site, according to a report on Inside Facebook. Searching for "remove Timeline" or "disable Timeline" on Facebook returns more than a dozen pages and groups that claim to have instructions on how to disable the new Facebook feature. Every single one of these "instructions" are fake, and ultimately con users into various scams, such as randomly like-ing pages or downloading a browser extension. Once the user has agreed to try out Facebook, there's no going back. It's a permanent change, and it will become mandatory across the site eventually. Users who think they may not like Timeline are better off not bothering to try it out at all for the time being. For the privacy-conscious, Facebook does offer privacy settings to customize what is visible on Timeline. If the user has switched over to Timeline and is really unhappy about all the long-forgotten wall posts and photos being resurrected, ZDNet's Zack Whittaker recommends using macros and a Greasemonkey script to delete the content semi-manually from the site. "Because the Timeline's switch is fully in the 'on' position, you cannot go back. You're stuck," Whittaker wrote. However, with some time and effort, "and a great deal of trial and error work," it was possible to delete the data, he said.]]> tag:securitywatch.eweek.com,2011://13.36076 2011-12-29T17:36:52Z 2011-12-29T09:40:27Z

More credit card numbers, email addresses and usernames and passwords were exposed in a hack on specialforces.com

Fahmida Rashid attack on Stratfor, a publisher of global intelligence and analysis, over Christmas. ]]> tag:securitywatch.eweek.com,2011://13.36075 2011-12-28T22:23:51Z 2011-12-28T23:17:02Z

The New York Times called the message sent to almost 9 million Internet users about their subscription spam. It was definitely unwanted, but that was all the paper got right.

Fahmida Rashid The New York Times regarding their home delivery service. Most of the recipients didn't even have a subscription with the venerable newspaper, let alone home delivery. The email listed a toll-free number, which did not seem to be listed with The Times. The message had been sent to users encouraging them to reconsider cancelling their subscription and to sign up again at discounted rates. Confused recipients flooded The Times with phone calls, and spurred Twitter speculations over whether the publication, or a third-party provider, had been hacked. The whispers about a possible hack seemed almost confirmed when The Times posted on its official Twitter account, "If you received an e-mail today about canceling your NYT subscription, ignore it. It's not from us." A quick response to deal with a developing situation, except it was wrong. The New York Times had not been hacked, and the email had actually been sent, albeit erroneously, by a Times staffer. Amy Chozick, writing for The Times' Media Decoder blog, stopped the Twitter speculation when she dug deeper into the issue. "'The email was sent by the NYT,' a spokeswoman said," Chozick wrote on Twitter, about two hours after the initial Times post. It turned out that a Times employee had intended to send out an email message to 300 people, and accidentally sent it to more than 8 million people, Chozick wrote. The 8.6 million recipients represented all the people who had ever given their email address to the newspaper for whatever reason in the past. "We regret that the error was made, but no one's security has been compromised," a Times Company spokeswoman, Eileen Murphy, told Chozick. The fact that people jumped so quickly to the conclusion that The Times, or a third-party marketing provider, had been hacked is a sign of how on edge they are by reports of data breaches. People are increasingly aware and alert for possible spam attacks, as well. Giga OM's Colleen Taylor looked at the email's DomainKeys Identified Mail to figure out whether it had been digitally signed (it hadn't) and traced the mail server that sent the message to Epsilon Data Management, a division of Alliance Data systems that manages email marketing campaigns for a number of large organizations. Epsilon had been breached earlier this year, and it appeared that this spam may have been part of that breach, or another incident. As a result of cyber-attacks targeting organizations in practically every industry, people are no longer surprised if hackers steal email addresses and send out spam. The reverse appears to be true, with people being surprised when it's not an attack but a simple mistake. ]]>