maravis.com

The hacker group Lulz Security claimed that it had obtained login information for about 62,000 private internet accounts a few days ago from different sites, including Facebook, PayPal, some dating sites, Xbox Live and Twitter.

One of the things that I have noticed is that a lot of companies use production data for testing. They usually justify this by saying that some use cases can only be reproduced by using production data. PCI-DSS requires that production data is scrubbed or sanitized before being used for testing purposes. The Ponemon Institute has come out with some interesting (and scary) data on data security during development and testing.

A new product from Voltage Security claims to use a technique that may make implementing database encryption easier. The product, called SecureData, encrypts data without requiring changes to the column lengths.