20 Million People Exposed In Massive South Korea Data Leak 53
wiredmikey writes "While the recent data breach that hit Target has dominated headlines lately, another massive data breach was disclosed this week that affected at least 20 million people in South Korea. According to regulators, the personal data including names, social security numbers, phone numbers, credit card numbers and expiration dates of at least 20 million bank and credit card users was taken by a temporary consultant working at the Korea Credit Bureau (KCB). The consultant later sold the data to phone marketing companies, but has since been arrested along with mangers at the companies he sold the stolen data to. A similar insider-attack occurred at Vodafone late last year when a contractor made off with the personal data of two million customers from a server located in Germany. According to a study from PwC, organizations have made little progress developing defenses against both internal and external attackers, and insiders pose just as great a security risk to organizations as outside attackers."
The beta will kill Slashdot if it goes live. (Score:5, Interesting)
You're not alone.
As somebody who has worked in the software industry for decades now, I find it stunning that the Slashdot beta project has not been terminated yet. It's a failure in every single sense. The users here almost all absolutely hate it. It looks worse than the existing site. It functions worse than the existing site. I think it's slower than the existing site. There is so much wasted empty space. The fonts are harder to read. The discussion is much, much more difficult to follow. It's harder to post a comment. Being forced to use it unexpectedly affects users trying to use the existing site!
And those comparisons are to an existing Slashdot site that was Web 2.0-ified a while back, making it even shittier than the site that preceded it!
While we should be accustomed to social media web sites shitting all over their users with bad redesigns, Slashdot is really taking it a step beyond with this beta site. I can sincerely see a Digg v4-style disaster happening again if the beta site goes live, it's just that bad. The beta will drive away the few remaining users of value.
I sure hope that Slashdot does the right thing, and puts an end to this beta site project. Nothing good will come out of it, aside from lessons about what not to do. Everything about the beta site is just plain bad. Terminate the project, throw away the code, and move on. And do this well before the beta site ever replaces the current one!
Defending against inside attackers is hard (Score:4, Interesting)
Really. You'd need military-grade security and strictly planned access levels -- and then look at what Snowden did.
Even more, in most companies there's just no way to implement this. Data is just what they're working with and often the most basic security is bypassed or never implemented just because it's too bothersome while being without any immediately visible gain.
Come on, every admin out there will know that just too well. Security against attacks from the outside, yes. Security against attacks from the inside? Forget it. People need to work with the data and even just to make sure that people have only the access they really need often is so much bother that nobody wants to start with that.