The Investor Sentiment - Equity and investments forum for Sri Lankans

Join the forum, it's quick and easy

The Investor Sentiment - Equity and investments forum for Sri Lankans
The Investor Sentiment - Equity and investments forum for Sri Lankans
Would you like to react to this message? Create an account in a few clicks or log in to continue.
Please send an email to contact.lankaninvestor@gmail.com if you face any technical difficulties when posting
Search
Display results as :
Advanced Search
Latest topics
When Will It Be Safe To Invest In The Stock Market Again?Wed Apr 19, 2023 6:41 amකිත්සිරි ද සිල්වා
Dividend AnnouncementsWed Apr 12, 2023 5:41 pmකිත්සිරි ද සිල්වා
MAINTENANCE NOTICE / නඩත්තු දැනුම්දීමThu Apr 06, 2023 3:18 pmකිත්සිරි ද සිල්වා
SEYB.N0000 (Seylan Bank PLC)Thu Mar 30, 2023 9:25 amyellow knife
The Korean Way !Wed Mar 29, 2023 7:09 amකිත්සිරි ද සිල්වා
In the Meantime Within Our Shores! Mon Mar 27, 2023 5:51 pmකිත්සිරි ද සිල්වා
What is Known as Dementia?Fri Mar 24, 2023 10:09 amකිත්සිරි ද සිල්වා
SRI LANKA TELECOM PLC (SLTL.N0000)Mon Mar 20, 2023 5:18 pmකිත්සිරි ද සිල්වා
THE LANKA HOSPITALS CORPORATION PLC (LHCL.N0000)Mon Mar 20, 2023 5:10 pmකිත්සිරි ද සිල්වා
Equinox ( වසන්ත විෂුවය ) !Mon Mar 20, 2023 4:28 pmකිත්සිරි ද සිල්වා
COMB.N0000 (Commercial Bank of Ceylon PLC)Sun Mar 19, 2023 4:11 pmකිත්සිරි ද සිල්වා
REXP.N0000 (Richard Pieris Exports PLC)Sun Mar 19, 2023 4:02 pmකිත්සිරි ද සිල්වා
RICH.N0000 (Richard Pieris and Company PLC)Sun Mar 19, 2023 3:53 pmකිත්සිරි ද සිල්වා
Do You Have Computer Vision Syndrome?Sat Mar 18, 2023 7:36 amකිත්සිරි ද සිල්වා
LAXAPANA BATTERIES PLC (LITE.N0000)Thu Mar 16, 2023 11:23 amකිත්සිරි ද සිල්වා
What a Bank Run ?Wed Mar 15, 2023 5:33 pmකිත්සිරි ද සිල්වා
104 Technical trading experiments by HUNTERWed Mar 15, 2023 4:27 pmkatesmith1304
GLAS.N0000 (Piramal Glass Ceylon PLC)Wed Mar 15, 2023 7:45 amකිත්සිරි ද සිල්වා
Cboe Volatility Index Tue Mar 14, 2023 5:32 pmකිත්සිරි ද සිල්වා
AHPL.N0000Sun Mar 12, 2023 4:46 pmකිත්සිරි ද සිල්වා
TJL.N0000 (Tee Jey Lanka PLC.)Sun Mar 12, 2023 4:43 pmකිත්සිරි ද සිල්වා
CTBL.N0000 ( CEYLON TEA BROKERS PLC)Sun Mar 12, 2023 4:41 pmකිත්සිරි ද සිල්වා
COMMERCIAL DEVELOPMENT COMPANY PLC (COMD. N.0000))Fri Mar 10, 2023 4:43 pmyellow knife
Bitcoin and Cryptocurrency Fri Mar 10, 2023 1:47 pmකිත්සිරි ද සිල්වා
CSD.N0000 (Seylan Developments PLC)Fri Mar 10, 2023 10:38 amyellow knife
PLC.N0000 (People's Leasing and Finance PLC) Thu Mar 09, 2023 8:02 amකිත්සිරි ද සිල්වා
Bakery Products ?Wed Mar 08, 2023 5:30 pmකිත්සිරි ද සිල්වා
NTB.N0000 (Nations Trust Bank PLC)Sun Mar 05, 2023 7:24 amකිත්සිරි ද සිල්වා
Going South Sat Mar 04, 2023 10:47 amකිත්සිරි ද සිල්වා
When Seagulls Follow the TrawlerThu Mar 02, 2023 10:22 amකිත්සිරි ද සිල්වා
Re-activatingSat Feb 25, 2023 5:12 pmකිත්සිරි ද සිල්වා
SAMP.N0000 (Sampath Bank PLC)Wed Nov 30, 2022 8:24 amකිත්සිරි ද සිල්වා
APLA.N0000 (ACL Plastics PLC)Fri Nov 18, 2022 7:49 amකිත්සිරි ද සිල්වා
AVOID FALLING INTO ALLURING WEEKEND FAMILY PACKAGES.Wed Nov 16, 2022 9:28 pmකිත්සිරි ද සිල්වා
Banks, Finance & Insurance Sector ChartTue Nov 15, 2022 5:26 pmකිත්සිරි ද සිල්වා
VPEL.N0000 (Vallibel Power Erathna PLC)Sun Nov 13, 2022 12:15 pmකිත්සිරි ද සිල්වා
DEADLY COCKTAIL OF ISLAND MENTALITY AND PARANOID PERSONALITY DISORDER MIX.Mon Nov 07, 2022 6:36 pmකිත්සිරි ද සිල්වා
WATA - WatawalaSat Nov 05, 2022 8:44 amකිත්සිරි ද සිල්වා
KFP.N0000(Keels Food Products PLC)Sat Nov 05, 2022 8:42 amකිත්සිරි ද සිල්වා
Capital Trust Broker in difficulty?Fri Oct 21, 2022 5:25 pmකිත්සිරි ද සිල්වා
IS PIRATING INTELLECTUAL PROPERTY A BOON OR BANE?Thu Oct 20, 2022 10:13 amකිත්සිරි ද සිල්වා
What Industry Would You Choose to Focus?Tue Oct 11, 2022 6:39 pmකිත්සිරි ද සිල්වා
Should I Stick Around, or Should I Follow Others' Lead?Tue Oct 11, 2022 9:07 amකිත්සිරි ද සිල්වා
DV-2024 Program: Online RegistrationThu Oct 06, 2022 11:26 amකිත්සිරි ද සිල්වා
Tile - SnapshotWed Sep 28, 2022 12:45 pmකිත්සිරි ද සිල්වා
Disclaimer


Information posted in this forum are entirely of the respective members' personal views. The views posted on this open online forum of contributors do not constitute a recommendation buy or sell. The site nor the connected parties will be responsible for the posts posted on the forum and will take best possible action to remove any unlawful or inappropriate posts.
All rights to articles of value authored by members posted on the forum belong to the respective authors. Re-using without the consent of the authors is prohibited. Due credit with links to original source should be given when quoting content from the forum.
This is an educational portal and not one that gives recommendations. Please obtain investment advises from a Registered Investment Advisor through a stock broker

Go down
First Guy
First Guy
Posts : 2599
Join date : 2014-02-22

Does That Headhunter Want Your Head, or Your Secrets? Empty Does That Headhunter Want Your Head, or Your Secrets?

Wed Sep 17, 2014 8:07 am
By Jordan Robertson

Job seekers may fake their credentials. But the recruiter on the phone with you could be lying, too.

IntelCrawler, a Sherman Oaks, California,security firm, said it has uncovered a database of user names and passwords from a government jobs website that is being sold in the underground. The company has alerted U.S. authorities, who are investigating the matter.

The breach affected as many as 5,000 accounts at GovJobs.com, according to IntelCrawler. Not a huge number, but in files reviewed by Bloomberg News, many of the user names, e-mail addresses and passwords IntelCrawler says were stolen correspond to recruiters for top defense contractors and a range of government departments including the National Security Agency and each branch of the U.S. military.

Hackers with such information could impersonate recruiters and tap job seekers who have knowledge of sensitive government projects, or seek damaging information about applicants to blackmail them into spying for them, said Dan Clements, IntelCrawler's president. They could cross-reference job-hunter lists with information, stolen in earlier hacks of commercial firms, on applicants' use of drugs, alcohol and pornography or their financial transactions. Like many Internet users, some recruiters reuse their passwords, which can put their contacts at other sites at risk as well.

IntelCrawler said it alerted law enforcement agencies and the U.S. Computer Emergency Readiness Team (US-CERT) about the breach, which the company said occurred on Aug. 13. US-CERT, an arm of the Department of Homeland Security that coordinates the sharing of cyber-security threat information, said it is aware of the report and is investigating. NSA spokeswoman Vanee Vines declined to comment. Pentagon representatives didn't return messages.

Peter Osapay, operations manager for ProGovJobs, which operates GovJobs.com, said that the company wasn't aware of any data breach, that it works closely with U.S. law enforcement officials to investigate attacks, and that it hadn't heard from authorities about any such attack. The Laguna Hills, California, company stores limited data about job seekers, reducing its usefulness to attackers, he said.

"Even without a hack, if an employer went through our resume database and resold it, it is mostly old data with not much use really, as it lacks many personal details acquired later at interviews," Osapay said in an e-mailed statement.

The site states that it attracts almost three million job seekers a month and has more than 50,000 resumes for recruiters to browse. Resumes can be accessed through recruiters' accounts, Clements said.

IntelCrawler said it knows the stolen passwords are real because it validated them against the GovJobs site as well as other government-jobs websites where the recruiters had accounts and where they reused their log-in credentials. Bloomberg News reviewed some of the files related to those efforts. The information leaked because of a common website vulnerability that is still present on GovJobs, according to IntelCrawler.

"If they have the full resume or CV of that person, if they have a classified clearance, they could be severely compromised," Clements said.

IntelCrawler said the attack may have been state-sponsored, as it has been tracking the group it believes was behind it, and has documented its interest in cyber-espionage attacks against people with secret clearances. It declined to be more specific, saying it didn't want to compromise its methods.

Hackers are always looking for weak links in the protection of sensitive information, said Reece Hirsch, a partner with the law firm Morgan, Lewis & Bockius who is focused on privacy and cyber-security. "It seems that they may have identified a new one – sites that recruit for sensitive government, military and other security-clearance positions," Hirsch said.

As networks with sensitive information harden their defenses against hackers, online intruders seem to have found a side door to companies' computer systems in employment services. Last month, the Washington Post reported that US Investigations Services, the largest provider of job-applicant background checks for the federal government, was hacked and information on employees of the Department of Homeland Security stolen. DHS and USIS acknowledged the breach, and USIS said the break-in had "all the markings of a state-sponsored attack."

Also in August, a hacking group that was behind attacks on the Wall Street Journal, the BBC and other news organizations boasted on Twitter that it had breached a jobs portal for G4S, a U.K. security company with more than 600,000 employees. Piers Zangana, a G4S spokesman, declined to comment.

Source:
http://www.bloomberg.com/news/2014-09-16/does-that-headhunter-want-your-head-or-your-secrets-.html
Back to top
Permissions in this forum:
You cannot reply to topics in this forum