Legal: Privacy Lessons from the Twitter Breach

Earlier this year Twitter was hacked. Below are three recommendations from the FTC that would apply to most businesses.

Three Steps to Protect Your Business

What can you do to protect yourself from the FTC and claims by your users?

Read your privacy policy. Many website owners do not know what their privacy policy requires them to do. You must understand what your privacy policy says and what it is requiring you to do.

Develop an internal policy. You should have an internal administrative policy that all employees should follow that address storage, use, types, and periodic changes of passwords. Also, it should address use and access of personal information collected from the users and where that information is stored.

Disclose uses of data collected. Address in your privacy policy how you plan on using data collected, including the following points:

Individuals should be clearly advised of the type of personal data being collected;
The intended uses and users of personal data should be identified;
Describe the security measures intended to protect the personal data from unauthorized access;
Describe a means through which users can review their personal data and correct or contest it;
Special measures need to be included for personal information of children if it is collected. Companies that collect data from or about children should provide a means through which parental authorization will be obtained.

This is not an exhaustive list of items and you should review your privacy policy with “standard reasonable security practices” in mind. You should periodically review and audit your procedures to see what is working and what is not working. You should determine if you are continuing to consistently do what you said you would do in your privacy policy. Also, if you share any user information with other companies, you should have contracts with those companies requiring that user information be protected at a minimum under your privacy and security measures, and limit use of the information.

You can read the full article here at Practical eCommerce: http://www.practicalecommerce.com/articles/2321-Legal-Privacy-Lessons-from-the-Twitter-Breach-

SecurityTube.net - Metasploit Megaprimer- 300+ mins of video tutorials

Vivek has posted a megaprimer on Metasploit on his video blog SecurityTube.net. The info below was taken from The Ethical Hacker Network form found here: http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/

Note that this series is still in progress and you can keep checking for the latest videos on SecurityTube http://www.securitytube.net

Below are the video links and a short description:

1. Metasploit Megaprimer (Exploitation Basics and need for Metasploit) Part 1

http://bit.ly/b2Y2pE

2. Metasploit Megaprimer (Getting Started with Metasploit) Part 2

http://bit.ly/bLgTOm

3. Metasploit Megaprimer Part 3 (Meterpreter Basics and using Stdapi)

http://bit.ly/9sjqqH

4. Metasploit Megaprimer Part 4 (Meterpreter Extensions Stdapi and Priv)

http://bit.ly/97f1U3

5. Metasploit Megaprimer Part 5 (Understanding Windows Tokens and Meterpreter Incognito)

http://bit.ly/anbODH

6. Metasploit Megaprimer Part 6 (Espia and Sniffer Extensions with Meterpreter Scripts)

http://bit.ly/c4A4Eg

7. Metasploit Megaprimer Part 7 (Metasploit Database Integration and Automating Exploitation)

http://bit.ly/bT1uD5

8. Metasploit Megaprimer Part 8 (Post Exploitation Kung Fu)

http://bit.ly/dicJzI

9. Metasploit Megaprimer Part 9 (Post Exploitation Privilege Escalation)

http://bit.ly/asr1ML

10. Metasploit Megaprimer Part 10 (Post Exploitation Log Deletion and AV Killing)

http://bit.ly/bvCudb

11. Metasploit Megaprimer (Post Exploitation and Stealing Data) Part 11

http://bit.ly/auwtBm

12. Metasploit Megaprimer Part 12 (Post Exploitation Backdoors and Rootkits)

http://bit.ly/a7n8nw

13. Metasploit Megaprimer Part 13 (Post Exploitation Pivoting and Port Forwarding)

http://bit.ly/9mOztm

14. Metasploit Megaprimer Part 14 (Backdooring Executables)

http://bit.ly/bZxwgK

15. Metasploit Megaprimer Part 15 (Auxiliary Modules)

http://bit.ly/du779R

16. Metasploit Megaprimer Part 16 (Pass the Hash Attack)

http://bit.ly/d7bdZi

Please do let me know your feedback!