Posts Tagged ‘Security’

In 2005, a research team led by the Electronic Frontier Foundation (EFF) broke the code behind tiny tracking dots that some color laser printers secretly hide in every document.

The U.S. Secret Service admitted that the tracking information is part of a deal struck with selected color laser printer manufacturers, ostensibly to identify counterfeiters. However, the nature of the private information encoded in each document was not previously known.

“We’ve found that the dots from at least one line of printers encode the date and time your document was printed, as well as the serial number of the printer,” said EFF Staff Technologist Seth David Schoen.

You can see the dots on color prints from machines made by Xerox, Canon, and other manufacturers (for a list of the printers we investigated so far, see: The dots are yellow, less than one millimeter in diameter, and are typically repeated over each page of a document. In order to see the pattern, you need a blue light, a magnifying glass, or a microscope (for instructions on how to see the dots, see:

EFF and its partners began its project to break the printer code with the Xerox DocuColor line. Researchers Schoen, EFF intern Robert Lee, and volunteers Patrick Murphy and Joel Alwen compared dots from test pages sent in by EFF supporters, noting similarities and differences in their arrangement, and then found a simple way to read the pattern.

“So far, we’ve only broken the code for Xerox DocuColor printers,” said Schoen. “But we believe that other models from other manufacturers include the same personally identifiable information in their tracking dots.”

You can decode your own Xerox DocuColor prints using EFF’s automated program at

Xerox previously admitted that it provided these tracking dots to the government, but indicated that only the Secret Service had the ability to read the code. The Secret Service maintains that it only uses the information for criminal counterfeit investigations. However, there are no laws to prevent the government from abusing this information.

“Underground democracy movements that produce political or religious pamphlets and flyers, like the Russian samizdat of the 1980s, will always need the anonymity of simple paper documents, but this technology makes it easier for governments to find dissenters,” said EFF Senior Staff Attorney Lee Tien. “Even worse, it shows how the government and private industry make backroom deals to weaken our privacy by compromising everyday equipment like printers. The logical next question is: what other deals have been or are being made to ensure that our technology rats on us?”

EFF is still working on cracking the codes from other printers and we need the public’s help. Find out how you can make your own test pages to be included in our research at



Security Breaches

Florida Bar Association hacked, members’ data leaked

6.6 million plaintext passwords exposed as site gets hacked to the bone

Russian hackers leak Simone Biles and Serena Williams files

Russian internet giant hacked, leaking 98 million accounts

Login details for 800,000 Brazzers users leaked

OneLogin security breach – Secure Notes exposed

Armenian Hackers leak Azerbaijani banking and military data

Alberta College of Paramedics privacy breach puts information of thousands of members at risk

UC San Diego School of Medicine notifying trainees whose SSNs were exposed on the Internet

Napa Valley Dentistry notifies patients after theft of server from storage facility

Dozens of clinics, thousands of patients impacted by third-party data leak

University of Ottawa missing hard drive with data on 900 students

County acknowledges ‘possible security breach’ of courthouse computers

Privacy breach shows names and addresses of military personnel’s families

County health care agency reports breach of patient data

Codman Square Health Center notifies members after breach at NEHEN

KidsPeace announces possible client information breach

Saint Francis investigating security breach

Personal information of La Joya ISD teachers accidentally released

CalOptima notifies members of breach 8 months later

Data breach in Oconee Co. causes employee pay issues

St. Elizabeth Physicians’ email gaffe exposed patient email addresses

Geisinger Health Plan notifies 2800 that processing error exposed their PHI to others

BDSwiss employee data allegedly stolen, investigations pending

Russian hackers release more confidential athlete data; WADA confirms

Trump’s campaign mute about data security #fail

Computer breach could have exposed trauma victims to further anguish

NBTC to probe alleged privacy breach by AIS employee

EurekAlert! goes offline following attack

Laptop stolen from U.S. Healthwork was encrypted but ,alas, the password was with it

VoIPtalk admits to possible data breach

One of Portland’s largest financial firms warns of possible data breach

King of Prussia Dental Associates and Pediatric Dentistry of Collegeville notify patients after finding computer intrusion

‘Massive data breach’ at Almelo municipality

eThekwini shuts down e-services after user data leak

Owen Smith tweets login data to 16,000 followers

DHS exposes thousands of individuals’ private information — including feds, golfers and priests

Mat-Su campus hit by data breach

‘Variety’ hacked by OurMine, subscribers inundated with email

Network security breach with Milwaukee VA affiliate

Cyber Attacks

Notice of data incident at Stallcup & Associates, CPAs

Keck Medical Center of USC discloses ransomware attack

Kennesaw State student hacks system, changes grades, steals data

Hacker tries to ransom housing authority data

Maplewood tax firm hacked; data held for ransom

University Gastroenterology notifies patients of ransomware attack

Hackers holding school computers hostage

Cyberattack cripples Appalaches school board, cancer support group

Al Zahra Private Medical Centre hacked

Computer hackers demanded ransom payment from Derriford Hospital

Misfortune cookie: Mr. Chow restaurants website hacked to distribute ransomware

Financial Attacks

AF Smith warns customers of data breach fear

China hackers swipe millions in data breach

Someone just lost 324k payment records, complete with CVVs

Abilene police reveal details of restaurant credit card fraud

McDonald’s employee stole about 100 credit card numbers while working drive-thru

Massive unreported security breach, $2 million alleged fraud at NorQuest College

PoS vendor Lightspeed suffers data breach


MarsJoke ransomware targets the government and K-12 educational sector

A single ransomware network has pulled in $121 million

Tesla issues software update after hackers report remote brake hack

Seagate faced with class-action lawsuit following whaling scam

Wells Fargo fined $185 million for phony account fraud – 5,300 employees fired


Romanian national sentenced to three years in prison for role in computer hacking scheme

Kosovo hacker gets 20 years in U.S. for helping Islamic State militants

Teenager to appear in court over alleged hack and data theft

Ex-LV employee in court over data leak

Guilty plea of Krystle Steed for taking over hospital patients’ bank accounts

The Open Web Application Security Project (OWASP) has opened a chapter in Canberra. Kicked off by Andrew Muller of Ionize, OWASP brings to Canberra expertise in web application security. It also brings the small community of security professionals to meet, discuss and engage in the crucial business of securing applications.

OWASP Canberra is committed to monthly meetings, and the occasional “special” meeting. See you there!

OWASP has a project called ‘The OWASP top ten project‘ which list the top 10 security threats for web-based applications.

OWASP Current Top Twelve Threats

Cross-Site Scripting (XSS) Malicious File execution Insecure Direct Object References Cross-site Request Forgery (spoofing) Information Leakage and Improper Error Handling (I’m guilty) Injections Flaws Broken authentication and session management Insecure cryptographic storage Transport Layer Protection (TLP) Failure to secure URL access (I’m guilty) Security Misconfiguration Unvalidated Redirects and Forwards

Ok, which ones are you guilty of?