From lyger at attrition.org  Fri Jan  4 04:53:47 2008
From: lyger at attrition.org (lyger)
Date: Fri, 4 Jan 2008 04:53:47 +0000 (UTC)
Subject: [attrition] Groups: Record Data Breaches in 2007
Message-ID: <Pine.LNX.4.64.0801040452440.27241@forced.attrition.org>


http://attrition.org/news/content/08-01-03.001.html

BOSTON (AP) - The loss or theft of personal data such as credit card and 
Social Security numbers soared to unprecedented levels in 2007, and the 
trend isn't expected to turn around anytime soon as hackers stay a step 
ahead of security and laptops disappear with sensitive information.

And while companies, government agencies, schools and other institutions 
are spending more to protect ever-increasing volumes of data with more 
sophisticated firewalls and encryption, the investment often is too little 
too late.

"More of them are experiencing data breaches, and they're responding to 
them in a reactive way, rather than proactively looking at the company's 
security and seeing where the holes might be," said Linda Foley, who 
founded the San Diego-based Identity Theft Resource Center after becoming 
an identity theft victim herself.

Foley's group lists more than 79 million records reported compromised in 
the United States through Dec. 18. That's a nearly fourfold increase from 
the nearly 20 million records reported in all of 2006.

Another group, Attrition.org, estimates more than 162 million records 
compromised through Dec. 21 . both in the U.S. and overseas, unlike the 
other group's U.S.-only list. Attrition reported 49 million last year.

"It's just the nature of business, that moving forward, more companies are 
going to have more records, so there will be more records compromised each 
year," said Attrition's Brian Martin. "I imagine the total records 
compromised will steadily climb."

[...]

From lyger at attrition.org  Wed Jan  9 04:56:24 2008
From: lyger at attrition.org (lyger)
Date: Wed, 9 Jan 2008 04:56:24 +0000 (UTC)
Subject: [attrition] postal: i'm having egg issues today
Message-ID: <Pine.LNX.4.64.0801090455270.10359@forced.attrition.org>



http://attrition.org/postal/p0016.html


junior high locker room

with no parole

ding go the fries

SMOOCHES TOO

armegeddon

but if he was from new zealand

headless frenchy asssex

we thought he said "collect penis", so...

different meanings for different people

hey joe, give us a shout

From jericho at attrition.org  Mon Jan 28 18:01:25 2008
From: jericho at attrition.org (security curmudgeon)
Date: Mon, 28 Jan 2008 18:01:25 +0000 (UTC)
Subject: [attrition] [OSVDB-announce] OSVDB API and enhanced
	cross-referencing (fwd)
Message-ID: <Pine.LNX.4.64.0801281801080.29622@forced.attrition.org>



---------- Forwarded message ----------
From: David Shettler <dave at opensecurityfoundation.org>
Date: Mon, 28 Jan 2008 12:05:44 -0500
Subject: [OSVDB-announce] OSVDB API and enhanced cross-referencing

We are pleased to announce the OSVDB API beta.

Integration and cross-referencing with OSVDB just got a lot easier via
the new application programming interface (API), which can provide
multiple result formats to fit various needs. Queries can be run
against any number of correlation factors, including CVE ID, Microsoft
Bulletin ID, Bugtraq ID, and a host of other common reference points.
The API is also under constant development, particularly during beta,
and suggestions for improvements are quickly and easily implemented by
the OSVDB development team.

Some technical details about the API include:

It is a RESTful interface to the OSVDB database
It returns your choice of XML or CSV
Allows OSVDB ID correlation to a growing list of other references and
integrators products
And importantly, it is free ? though donations are appreciated.

See: http://osvdb.org/blog/?p=221 for full announcement, or
http://osvdb.org/api/about for more information