Patrick Gray's blog

July 22, 2010 -- 

The online customer database of a New Zealand-headquartered pizza store chain has been compromised.

Risky.Biz understands multiple intruders have compromised Hell Pizza's 400mb database. While it does not contain any credit card information, it does contain in excess of 230,000 rows of customer entries.

The company operates 64 stores in New Zealand, three in England, nine in Australia and one in Ireland.

July 20, 2010 -- 

So here's some food for thought: According to a report in the Washington Post, 22 US Government departments and 143 private companies are involved in top secret "cyber operations" programs.

July 7, 2010 -- 

US soldier Bradley Manning has been charged with disclosing classified material to whistleblower site Wikileaks.

But it's what he hasn't been charged with that's interesting.

Since the news of Manning's arrest broke there has been much speculation about the fate of 150,000 diplomatic cables the young soldier is alleged to have stolen.

July 5, 2010 -- Photo kiosks in Big W stores are allegedly infecting customers with USB-borne viruses.

The Windows-based Fuji photo kiosks located in the company's stores apparently don't run antivirus software, so lovely little bits of malicious software like Trojan.Poison-36 are winding up on customers' USB keys, according to Risky Business listener and blogger Morgan Storey.

July 1, 2010 -- 

I've followed with great interest Wired.com's coverage of the arrest of Private Bradley Manning, the young American soldier who allegedly leaked reams of classified US military material to Wikileaks.

I've also watched in disbelief as Wikileaks has lashed out at Wired.com journalist Kevin Poulsen, suggesting he somehow acted unethically in his reporting of the arrest.

In my mind all he did was scoop other outlets with the news of Manning's troubles. That's not unethical, that's just good journalism.

May 27, 2010 -- 

The following is a longer, uncut version of a story that appeared on the front pages of The Age and Sydney Morning Herald yesterday.

Facebook's woeful relationship with law enforcement bodies is hampering police investigations and putting lives at risk, the Australian Federal Police says.

May 21, 2010 -- 

Risky.Biz has confirmed IBM staff distributed malware-infected USB drives at the AusCERT security conference this week.

In a highly embarrassing admission, the company has sent a broadcast e-mail to all AusCERT attendees warning them of the security lapse.

"At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth," the message reads. "Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected."

April 6, 2010 -- 

Security vendor Trend Micro accidentally e-mailed a planned outage notification to over 1200 of its Australian customers with their e-mail addresses in the open CC field.

While not the worst kind of data leak, the mistake has left the vendor somewhat red faced and contrite. Following enquiries from Risky.Biz last week the company e-mailed the users affected by the blunder.

March 17, 2010 -- 

Sourcefire partners in the Asia Pacific region have been bombarded with abusive e-mails purporting to come from Ammar Hindi, the company's APAC and Japan managing director.

Hindi isn't sending the mail. The company suspects the messages are the work of a disgruntled ex-employee based in Singapore. "We have strong suspicions who it is, but haven't been able to establish it definitively," a source close to the matter told Risky.Biz. "It was our hope that they'd lose interest and move on, but after every period of quiet, another wave goes off."

November 24, 2009 -- 

"Unu's blog" is back online and has claimed the high-profile scalp of a Symantec website.

The anonymous blogger, who goes by the pseudonym Unu, successfully extracted customer data including license keys, usernames and passwords from a Symantec website that "facilitates customer support for users of Symantec’s Norton-branded products in Japan and South Korea," the company acknowledged in a statement.

He or she published their findings overnight on the resurrected blog.