Verizon | 2010 Data Breach Report From Verizon Business, U.S. Secret Service Offers New Cybercrime Insights: Via Verizon Business(PR).

Expanded Study Finds More Insider Threats, Greater Use of Social Engineering, Continued Strong Organized Criminal Involvement

BASKING RIDGE, N.J. – July 28, 2010 –

The 2010 Verizon Data Breach Investigations Report, based on a first-of-its kind collaboration with the U.S. Secret Service, has found that breaches of electronic records last year involved more insider threats, greater use of social engineering and the continued strong involvement of organized criminal groups.

The study, released Wednesday (July 28), also noted that the overall number of breaches investigated last year declined from the total for the previous year - "a promising" indication, the study said.

The report cited stolen credentials as the most common way of gaining unauthorized access into organizations in 2009, pointing once again to the importance of strong security practices both for individuals and organizations.  Organized criminal groups were responsible for 85 percent of all stolen data last year, the report said.  

Verizon Business investigative experts found, as they did in the company's prior data breach reports, that most breaches were considered avoidable if security basics had been followed.  Only 4 percent of breaches assessed required difficult and expensive protective measures. [ Read more ... ]

Security study says data breaches often caused by configuration errors: Via Computerworld Cybercrime/Hacking News.

Hackers are increasingly exploiting configuration errors and faulty application code -- not the kind of software holes that get vendor patches -- to steal information from computer systems, according to a new study by Verizon Communications Inc.

The "2010 Data Breach Investigations Report" covers 141 cases investigated either by Verizon or the U.S. Secret Service last year.

The researchers said one surprising trend was the continued decline in attacks that exploit software vulnerabilities like holes in operating systems. [ Read more ... ]

EFF to Verizon: Etisalat Certificate Authority Threatens Web Security: Via EFF.org Updates.

EFF will soon be launching the SSL Observatory project, an effort to monitor and secure the cryptographic infrastructure of the World Wide Web. There is much work to be done, and we will need the help of many parties to make the HTTPS-encrypted web genuinely trustworthy. To see why, you can read the following letter, which we are sending to Verizon today:

(there is also a story in the New York Times) [ Read more ... ]

Civility, Neutrality, and Google: Via Lauren Weinstein's Blog.

Greetings. It's now four days since Google and Verizon published their joint policy proposal for an open Internet. Today, Google posted an additional document, addressing what they view as the misconceptions being promulgated in various negative reactions to the plan.

I am extremely disappointed.

However, my disappointment is not with Google, nor Verizon. I applaud the willingness of both firms to put forth their public proposal.

Rather, I am disappointed -- no, that's not a strong enough word -- I'm mortified -- by the level of vitriol, obnoxiousness, obscenity, and emotionally-laden, hyperbole-saturated rhetoric that is characterizing many of the negative responses to the proposal. [ Read more ... ]

A Review of Verizon and Google's Net Neutrality Proposal: Via EFF.org Updates.

Efforts to protect net neutrality that involve government regulation have always faced one fundamental obstacle: the substantial danger that the regulators will cause more harm than good for the Internet. The worst case scenario would be that, in allowing the FCC to regulate the Internet, we open the door for big business, Hollywood and the indecency police to exert even more influence on the Net than they do now.

On Monday, Google and Verizon proposed a new legislative framework for net neutrality. Reaction to the proposal has been swift and, for the most part, highly critical. While we agree with many aspects of that criticism, we are interested in the framework's attempt to grapple with the Trojan Horse problem. The proposed solution: a narrow grant of power to the FCC to enforce neutrality within carefully specified parameters. While this solution is not without its own substantial dangers, we think it deserves to be considered further if Congress decides to legislate.

Unfortunately, the same document that proposed this intriguing idea also included some really terrible ideas. It carves out exemptions from neutrality requirements for so-called "unlawful" content, for wireless services, and for very vaguely-defined "additional online services." The definition of "reasonable network management" is also problematically vague. As many, many, many have already pointed out, these exemptions threaten to completely undermine the stated goal of neutrality.

Here's a more detailed breakdown of our initial thoughts: [ Read more ... ]

Google, Verizon Deny Deal -- and Why I Have No Comment (For Now): Via Lauren Weinstein's Blog.

Greetings. A lot of people (including various media) have been banging on my inbox and phone wondering why I haven't so far specifically commented on the New York Times Google/Verizon Internet Deal story (and similar articles in other publications), and have been asking me for immediate comments.

First, let's note here that as of this morning, Google has said that the Times story is wrong, and Verizon has published a similar statement denying the reported deal.

In a previous note I acknowledged the usefulness of private discussions in some related situations (so long as full transparency is forthcoming), and my concern that the track record of many "agreements" related to telecom is poor enough to engender understandable skepticism in some quarters. [ Read more ... ]

Verizon: Comcast P2P blocking was wrong, we won't do it: Via Law & Disorder Section - Ars Technica.

Verizon isn't a fan of the FCC's proposed "third way" approach to network neutrality rules, and the company's top policy people have suggested that the Internet needs an entirely new "policy framework." Such a framework will require massive wrangling in Congress, so in the short term, Verizon has partnered with Google and others to find a "consensus" framework for the short-term.

Is this a plan to avoid government rules on openness and turn the company into a maniacal bit-blocker? At a recent panel discussion (PDF), Verizon policy exec Link Hoewing said no—the company has no wish to go down Comcast's P2P blocking route, and he called out Comcast for its earlier approach.

Read Original Article:(Via Law & Disorder Section - Ars Technica.)

"Three Strikes" and Verizon: Not Happening: Via Public Knowledge.

Yesterday’s CNET report that Verizon had secretly adopted a “three strikes” policy towards alleged copyright infringers had our office all atwitter last night - how could a charter member of our ad hoc copyright reform coalition be engaging in such radical activity? Well, it turns out they weren’t.

As their misquoted spokesperson explains here, what Verizon employs is a process for passing on warning notices to alleged infringers, but that process does not include automatic termination. My guess is that to the extent that she was talking about infringers having their internet access terminated, she was referring to people who had been adjudicated by a court to be infringing, and as such, they would be violating Verizon’s terms of service.

Passing on warning notices that do not involve deep packet inspection is a process for limiting infringement that PK wholeheartedly supports and which appears to be quite effective. [ Read more ... ]

Verizon Terminating Copyright Infringers’ Internet Access: Via Threat Level.

While it was not immediately clear whether other internet service providers were following suit, the move comes as the Recording Industry Association of America and the Motion Picture Association of America are lobbying ISPs and Congress to support terminating internet access for repeat, online copyright offenders.

All the while, the United States has been privately lobbying the European Union to “encourage” so-called three strikes policies, according to leaked documents surrounding a proposed international intellectual property accord.

Verizon was not immediately prepared to comment in detail on the developments, first reported by CNET, or to detail how many of its more than 8 million broadband subscribers it has terminated — although CNET said the number was “small.” The RIAA declined comment.

“We reserve the right to do that,” Verizon spokeswoman Bobbi Henson said in a telephone interview regarding the terminations. [ Read more ... ]

Verizon: metered billing much fairer than all-you-can-eat: Via Law & Disorder Section - Ars Technica.

Verizon Wireless' top engineer, Dick Lynch, was at it again during CES, setting the stage for a world in which Verizon moves away from flat-rate pricing and adopts metered billing instead. Lynch, a staple on the conference circuit, has made such comments for some time, and they regularly draw a negative reaction from consumers. But to Lynch, it's a matter of fairness—and a response to a newly "open" wireless world.

First, when it comes to traditional data usage from 3G smartphones and laptop cards, Lynch argues that buffet economics produce unfair subsidies to the heaviest users. [ Read more ... ]

Verizon: Data Breaches Getting More Sophisticated: Via Threat Level.

Methods of stealing data are becoming increasingly sophisticated, but attackers are still gaining initial access to networks through known, preventable vulnerabilities, according to a report released by Verizon Business on Wednesday.

“Attacks are getting more sophisticated and more difficult to prevent,” said Wade Baker, research and intelligence principal for Verizon Business’s RISK Team, in an interview. “The attackers still usually get in the network through some relatively mundane attacks. But once they’re in, they’re getting more and more adept at getting the data they want and getting it effectively and silently. And we seem to be on a plateau in terms of our ability to detect [them].”

For example, while companies have been expanding their use of encryption to protect bank card data in transit and in storage, hackers have begun to use RAM scrapers to grab data during the few seconds it’s unencrypted and transactions are being authorized. [ Read more ... ]

"So, Verizon, about those doubled early termination fees...": Via Law & Disorder Section - Ars Technica.

The FCC has been asking plenty of "innocent questions" lately about the mobile space. It doesn't threaten any direct action against companies like AT&T and Apple, it just wants "a more complete understanding" of some situations. But those questions usually get results. [ Read more ... ]

Yahoo, Verizon: Our Spy Capabilities Would ‘Shock’, ‘Confuse’ Consumers: Via Threat Level.

Want to know how much phone companies and internet service providers charge to funnel your private communications or records to U.S. law enforcement and spy agencies?

That’s the question muckraker and Indiana University graduate student Christopher Soghoian asked all agencies within the Department of Justice, under a Freedom of Information Act (FOIA) request filed a few months ago. But before the agencies could provide the data, Verizon and Yahoo intervened and filed an objection on grounds that, among other things, they would be ridiculed and publicly shamed were their surveillance price sheets made public.

Yahoo writes in its 12-page objection letter (.pdf), that if its pricing information were disclosed to Soghoian, he would use it “to ’shame’ Yahoo! and other companies — and to ’shock’ their customers.” [ Read more ... ]

Verizon to forward RIAA warning letters (but that's all): Via Law & Disorder Section - Ars Technica.

If you're a copyright owner who has gone to the trouble and expense of tracking down online copyright infringers, don't send warning letters to Verizon without striking a deal first; Verizon simply chucks them in the bin.

Do a deal with the "big V" and Verizon is willing to forward warning letters on to its subscribers, but that's it. No customer information is exchanged and no sanctions are implemented—and Verizon has been handling the issue this way for years.

Read Original Article:(Via Law & Disorder Section - Ars Technica.)

Verizon Wants To Share Your Personal Information: Via Slashdot: Your Rights Online.

hyades1 writes "Gizmodo reports that Verizon is sending out notification letters infested with virtually-indecipherable legalese. In their sneaky, underhanded way, they're informing you that you have 45 days to opt out of their plan to share your personal data with 'affiliates, agents and parent companies.' That data can include, but isn't limited to, 'services purchased (including specific calls you make and receive), billing info, technical info and location info.' If you view your statement on-line, you won't even get the letter. You'll have to access your account and view your messages. However, Read Write Web says the link provided there, called the 'Customer Proprietary Network Information Notice,' was listed as 'not available.' No doubt Verizon would like to reassure you that everyone they're going to hand your personal data over to will have your best interests at heart."

Read Original Article (Via Slashdot: Your Rights Online.)

Verizon to Implement Spam Blocking Measures - Security Fix: Via Washington Post

Verizon.net is home to more than twice as many spam-spewing zombies as any other major Internet service provider in the United States, according to an analysis of the most recent data from anti-spam outfit Spamhaus.org. Verizon, however, says it plans to put measures in place to prevent it from being used as a home to so many spammers.

[...] [ Read more ... ]

FairPoint ready for final switch from Verizon: Via Rutland Herald Online

FairPoint spokeswoman Beth Fastiggi said Friday that Internet customers will keep their existing user names and passwords but will use a different domain: myfairpoint.net. [ Read more ... ]

Fairpoint Pledges To Violate Net Neutrality: Via Slashdot: Your Rights Online

wytcld writes "Fairpoint Communications, which has taken over Verizon's landline business in Maine, New Hampshire and Vermont, has announced that on February 6 'AOL, Yahoo! and MSN subscribers will continue to have access to content but will no longer be able to access their e-mail through the third-party Web site. Instead, Yahoo! and other third-party e-mail will be accessed directly at the MyFairPoint.net portal. [ Read more ... ]

Verizon Employees Snoop on Obama's Cellphone Records: Via Threat Level

An unspecified number of Verizon Wireless employees snooped into President-elect Barack Obama???s personal cellphone records, the company announced Friday.

Verizon immediately suspended all employees who accessed the records and will take ???appropriate disciplinary action??? against employees found to have looked at them without authorization. 

Obama had a simple flip phone, not a smartphone, meaning the interlopers found only records of phone calls and text messages. The account has been inactive for several months, the company said.

???We apologize to President-elect Obama and will work to keep the trust our customers place in us every day,??? Verizon Wireless CEO Lowell McAdam said in a press release.

Obama already had his passport files snooped into by federal contractors, while an Ohio agency director was suspended Thursday for allowing state employees to search databases for information on Joe the Plumber, the Ohioan who became famous after confronting Obama about his tax policies. [ Read more ... ]

Verizon plays fast and loose with the wrong 1,200 e-mail addresses - Via NetworkWorld.com Community:

This should be a vendor's first rule when inviting 1,200 IT pros to a seminar about securing data and protecting personal information: Make sure you protect the personal information of the 1,200 professionals you're trying to impress.

How did Verizon do in that regard on Tuesday? They failed miserably ... and not just once.

David Williams, technology coordinator for a Texas school district, alerted me to the situation because he had read my recent post -- "Run-amok Verizon robo-caller torments 1,400 customers" -- which recounted the nine phone calls in 24 hours that were received at my house last month.

"I had something similar occur today," Williams writes. "In a period of three hours I received 14 e-mails promoting Verizon's 'Secure the Information. Secure the Infrastructure' webinar series, and three e-mails promoting their '2008 Data Breach Investigations Report Road Show.' "

The excessive volume of e-mail wasn't the half of it, though. [ Read more ... ]

AT&T, Verizon Back Opt-In Approach for Behavioral Advertising - Via CDT - PolicyBeta:

Earlier this week, we set out our wish list for what we hoped to hear from witnesses during today’s Senate Commerce Committee hearing on behavioral advertising as this emerging online marketing practice comes under congressional scrutiny.

We are pleased that the telecom companies testifying today, AT&T and Verizon, appear headed in the right direction.

Both companies strongly embraced setting a high bar for engaging in behavioral advertising and challenged the rest of the industry to do the same. Dorothy Attwood, senior vice president of Public Policy and Chief Privacy Officer for AT&T, said her company was committing to a policy of “advance, affirmative consumer consent,” noting that the phrase is “generically referred to as “opt-in.” [ Read more ... ]

ISPs Facing Privacy Scrutiny Likely to Point At Google - Via Threat Level:

Google is not an ISP, but at Thursday’s Senate hearing on privacy and ISPs, expect the search and online advertising giant's name to be the keyword invoked by ISPs wishing to escape the attention of legislators.

ISPs have good reason to want to be forgotten.

Earlier this year, lawmakers all but killed off the idea of letting ISPs watch their customers' web usage in order to serve them targeted ads after Charter Communications retreated from its plan to test such technology and several smaller ISPs admitted to secret tests of such technology from NebuAd.

But ISPs are hungry for new revenue so expect that AT&T, Verizon and Time Warner – three of the nation’s top ISPs – will take the opportunity Thursday in front of the Senate Commerce committee to favorably compare their privacy practices and market reach to Google's.

In fact, don't be surprised if the ISPs suggest that Google is the one that needs some federal rules written for it and that ISPs need to be free to find ways to serve targeted ads to their customers. [ Read more ... ]

Daniel Rubin: When your name gets turned against you - Via Philadelphia Inquirer | 07/30/2008 :

Don't even start with the jokes. He's heard them all before. And he is not amused.
You're either broken or made stronger when you grow up in 1940s West Philadelphia and your last name is Libshitz.

And Dr. Herman I. Libshitz, retired radiologist, is no pushover.

Verizon is learning this the hard way.

This spring, the 69-year-old physician and his wife, Alison, were trying to upgrade the Internet service in their summer place in Rehoboth Beach, Del. They had dial-up. They wanted DSL.

When it was time to enter their user name and create an e-mail address, Verizon wouldn't let them complete the job.

This is how the doctor remembers it: [ Read more ... ]

Data Breach Post Mortem Offers Surprises - Via Threat Level:

A new report (.pdf) examining network data breaches from 500 forensic investigations involving 230 million compromised records has some surprising statistics.

Although it's long been thought that insiders proved to be a greater threat for companies than outsiders, the post mortem study shows that intruders outside an organization (whether they be criminal hackers or others) were the cause of 73 percent of breaches examined in the study. Only 18 percent of breaches were attributed to insiders (although when the culprit was an insider, the consequences of the breach were generally greater, exceeding the size of external breaches by ten to one).

Thirty-nine percent of attacks came from a privileged business partner -- a vendor, supplier, customer or contractor -- and were the fastest growing type, increasing fivefold over the course of the four-year study. [ Read more ... ]

Verizon Business Releases Trailblazing Data-Breach Study Spanning 500 Forensic Investigations - Via Verizon Business News:

Key Findings Indicate 87 Percent of Breaches Avoidable through Reasonable Security Measures Businesses Urged to Be Proactive

June 11, 2008

BASKING RIDGE, N.J. – Nearly nine in 10 corporate data breaches could have been prevented had reasonable security measures been in place, according to a comprehensive report issued today by Verizon Business. The study also provides key recommendations to help businesses protect themselves and urges them to be proactive.

The “2008 Data Breach Investigations Report” spans four years and more than 500 forensic investigations involving 230 million records, and analyzes hundreds of corporate breaches including three of the five largest ones ever reported. This first-of-its-kind study, conducted by Verizon Business Security Solutions investigative experts, also found that 73 percent of breaches resulted from external sources versus 18 percent from insider threats, and most breaches resulted from a combination of events rather than a single hack or intrusion. [ Read more ... ]