SneakyDave Posted June 1, 2016 Posted June 1, 2016 (edited) This is a law passed in 2014 in order to help protect members of web sites when those web sites experience data breaches. Read about it here: Senate Bill 1524 (2014) - The Florida Senate In part: 1 2 An act relating to security of confidential personal 3 information; providing a short title; repealing s. 4 817.5681, F.S., relating to a breach of security 5 concerning confidential personal information in third 6 party possession; creating s. 501.171, F.S.; providing 7 definitions; requiring specified entities to take 8 reasonable measures to protect and secure data 9 containing personal information in electronic form; 10 requiring specified entities to notify the Department 11 of Legal Affairs of data security breaches; requiring 12 notice to individuals of data security breaches under 13 certain circumstances; providing exceptions to notice 14 requirements under certain circumstances; specifying 15 contents and methods of notice; requiring notice to 16 credit reporting agencies under certain circumstances; 17 requiring the department to report annually to the 18 Legislature; specifying report requirements; providing 19 requirements for disposal of customer records; 20 providing for enforcement actions by the department; 21 providing civil penalties; specifying that no private 22 cause of action is created; amending ss. 282.0041 and 23 282.318, F.S.; conforming cross-references to changes 24 made by the act; providing an effective date. This rule appears to fit the situation that TAZ recently experienced, data breaches, possible vulnerabilities, password hacking attempts, with not much information from TheAdminZone.com LLC. I'd like to keep this thread updated with facts about information that people DO KNOW about these hacking attempts, breaches, or whatever is going on at TAZ. As I understand it, there have been at least 3 known incidents of security breaches at TAZ. ------------------------------------ In one instance, late May 2015, a password reset was performed for all members on TheAdminZone.com. At the time, members were told that a staff member's account had been "hacked" by a member of the Vietnamese site, Brivium.com. The staff member had accounts on both TAZ and Brivium.com. At first, there was an explanation that the staff member's password between TAZ and Brivium were "similar, but not identical". I'm still curious as to why that information was needed, as even a "similar" password wouldn't gain a hacker an advantage to accessing the TAZ forum. Later, claims were made that the Brivium "hacker" somehow installed a keylogger on the staff member's PC, and the TAZ password was then lifted from this staff member's account. After much discussion, the majority of members came to the conclusion that the staff member had simply used the SAME password on both sites, which allowed somebody with access to the Brivium forum database to access the TAZ staff member's account. Once the "hacker" had access to the TAZ staff member's account, the "hacker" attempted to remove posts on TheAdminZone's forum that were critical of Brivium.com. As a result of this breach, the staff member had their password changed, and all members of TheAdminZone.com had their passwords reset. As far as I know, I don't think the staff member was identified, whether they still are a staff member, nor if it was found out if Brivium was the real perpetrator. There was also no evidence provided that anybody had installed a keylogger on the staff member's PC. ------------------------------------ In another more recent instance, on or before May 13th, 2016, server problems and unavailability were present, and then a full member password reset was performed. The explanation was thus: We had another hacking attempt take place - this time we were able to detect it very quickly so only a small number of accounts were at risk. It's not clear how this was able to be done despite 2FA and htaccess protection - it's still being investigated. However, we have gone through the server and removed any files that could have possibly been used and added several additional layers of security. TAZ Security No further information was provided. The only thing evident from that description is that the mention of 2FA, and "small number of accounts" means that there was an attempt to overtake another staff member's account. Was the hacking attempt successful? What was stolen, if anything? Why the password reset? What is the update? Will Brivium be blamed again? As of today, the official answer to that question is that the administrator is still looking into it. On May 13th, prior to this announcement, it was discovered that old installations of TheAdminZone's forum software were still located on the server, and that addons developed by Brivium were installed on at least one of these installations. It was surmised that these Brivium addons may have been the reason for the password reset announced on May 16th, but no connection or information has been forthcoming identifying or explaining the 2 incidents. ------------------------------------ I thought there was another password reset incident, or something defined as a "hacking attempt", but I can't find it at the moment. I'll update the thread to fix my mispellings, and to try better grammar. Edited June 1, 2016 by SneakyDave Quote "I wonder if wife Susie knows about the vile crap he posts on his site and how it fits in with her "youth ministry"?" - Dr. Howard Rosenzweig, former owner of TheAdminZone
Sheldon Posted June 2, 2016 Posted June 2, 2016 Announcement by Morganna May 29th, 2015 Important, please read! Potential Account Breach Announcement by The Sandman January 27th, 2016 Security Breach Announcement by The Sandman May 16th, 2016 TAZ Security Comments by Morganna, Steve (another Administrator) The Sandman about hackings from November that apparently didn't deserve a topic. January 27th, 2016 Security Breach Security Breach Security Breach .....will update/add as needed Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.