• home
• About
• Advertise On This Blog
• Leaderboard
• How-Tos
• Archives
• browse ↓

Category

Security

• 08.07.08
  Techsoup Hit By SQL Injection Attack Security | 3517(8)http%3A%2F%2Fwww.nonprofittechblog.org%2Ftechsoup-hit-by-sql-injection-attackTechsoup+Hit+By+SQL+Injection+Attack2008-08-07+10%3A32%3A29Allan+Benamerhttp%3A%2F%2Fwww.nonprofittechblog.org%2F%3Fp%3D3517

  I was wondering why Techsoup was down all day. The sad news after the jump: Continue Reading...
• 03.27.08
  Pro-Tibet Non-Profit Under Cyber-Attack Internet, Security, Students for a Free Tibet | 3374(6)http%3A%2F%2Fwww.nonprofittechblog.org%2Fpro-tibet-non-profit-under-cyber-attackPro-Tibet+Non-Profit+Under+Cyber-Attack2008-03-27+17%3A13%3A13Allan+Benamerhttp%3A%2F%2Fwww.nonprofittechblog.org%2Fpro-tibet-non-profit-under-cyber-attack

  UPDATE: Please Digg this story at http://snurl.com/22s1n We haven’t discussed security very much on this blog for two simple reasons: I’m not a computer security expert and despite the Convio security breach, I rarely get wind of security issues that occur in the non-profit sector. However, we’ve had a few non-profits go public recently with a sustained series of cyberattacks that have been perpetrated on pro-Tibet advocacy nonprofits. Unfortunately, the Washington Post writer didn’t have enough specifics for us techies to take action on the problems there. NOTE: Be aware that much of the discussion that follows was written with ...
• 11.27.07
  NY Times finally breaks the story about the Convio security breach Convio, NY Times, Security | 3286(1)http%3A%2F%2Fwww.nonprofittechblog.org%2Fny-times-finally-breaks-the-story-about-the-convio-security-breachNY+Times+finally+breaks+the+story+about+the+Convio+security+breach2007-11-27+08%3A23%3A54Allan+Benamerhttp%3A%2F%2Fwww.nonprofittechblog.org%2Fny-times-finally-breaks-the-story-about-the-convio-security-breach

  OK, this isn't how I pictured the blog showing up in the New York Times, but the whole Convio affair has just been covered by Stephanie Strom of the New York Times. Thanks to Beth Kanter for directing the reporter to me. It turns out the affair might be worse than we thought: Continue Reading...
• 11.20.07
  Techsoup affected by Convio security breach, too Convio, nptech, Security | 3285(7)http%3A%2F%2Fwww.nonprofittechblog.org%2Ftechsoup-affected-by-convio-security-breach-tooTechsoup+affected+by+Convio+security+breach%2C+too2007-11-21+00%3A24%3A39Allan+Benamerhttp%3A%2F%2Fwww.nonprofittechblog.org%2Ftechsoup-affected-by-convio-security-breach-too

  Go here. Oh well. I'm screwed or rather my old organization is. I doubt they'll be reading that post but now it's time to tell them. UPDATE (Thanksgiving 2007): And of course I can't tell them because they sent out the notice the night before a holiday only adding to the exposure -- GAHHHH!  I found out from Beth Kanter. She got the e-mail. I didn't because I don't have access to my old Techsoup account. Of course, I'm not sure if my old org has it either. I know for a fact their systems aren't compromised though since I never used administrator account ...
• 11.14.07
  Suggested guidelines for nonprofit disclosure of security breaches Convio, GetActive, nptech, Security, Working Assets | 3280(9)http%3A%2F%2Fwww.nonprofittechblog.org%2Fsuggested-guidelines-for-nonprofit-disclosure-of-security-breachesSuggested+guidelines+for+nonprofit+disclosure+of+security+breaches2007-11-14+15%3A44%3A03Allan+Benamerhttp%3A%2F%2Fwww.nonprofittechblog.org%2Fsuggested-guidelines-for-nonprofit-disclosure-of-security-breaches

  I'm very disappointed with the reaction of nonprofits to the Convio security breach. The main reason I'm disappointed with it is that out of 92 affected organizations, we know of only FOUR that have been affected. These are: Working Assets freepress.net CARE American Museum of Natural History I know of an additional nonprofit that doesn't want to disclose this as well. Continue Reading...
• 11.07.07
  Dave Crooke explains how passwords are stored and used on GetActive systems Convio, nptech, Security | 3276(4)http%3A%2F%2Fwww.nonprofittechblog.org%2Fdave-crooke-explains-how-passwords-are-stored-and-used-on-getactive-systemsDave+Crooke+explains+how+passwords+are+stored+and+used+on+GetActive+systems2007-11-07+05%3A50%3A15Allan+Benamerhttp%3A%2F%2Fwww.nonprofittechblog.org%2Fdave-crooke-explains-how-passwords-are-stored-and-used-on-getactive-systems

  I'm not quite sure why Dave Crooke is using an e-mail list like the Progressive Exchange to talk about the technical aspects of the Convio security breach. However, it beats not getting anything at all. Dave is discussing the way passwords were stored on the GetActive system: Continue Reading...
• 11.06.07
  Dave Crooke speaks about the Convio security breach Convio, nptech, Security | 3275(7)http%3A%2F%2Fwww.nonprofittechblog.org%2Fdave-crooke-speaks-about-the-convio-security-breachDave+Crooke+speaks+about+the+Convio+security+breach2007-11-06+06%3A44%3A25Allan+Benamerhttp%3A%2F%2Fwww.nonprofittechblog.org%2Fdave-crooke-speaks-about-the-convio-security-breach

  Over on the progressive exchange list, Dave Crooke gave out more technical details about the Convio security breach: Continue Reading...
• 11.04.07
  More about the security problems at Convio CI Host, Convio, nptech, Security, Working Assets | 3274(1)http%3A%2F%2Fwww.nonprofittechblog.org%2Fmore-about-the-security-problems-at-convioMore+about+the+security+problems+at+Convio2007-11-05+01%3A37%3A23Allan+Benamerhttp%3A%2F%2Fwww.nonprofittechblog.org%2Fmore-about-the-security-problems-at-convio

  The progressive blogosphere is also reporting issues with Convio mainly through ActForChange which is run by Working Assets: Continue Reading...
• 11.04.07
  Breaking news: Convio reports security breach on GetActive systems Convio, nptech, Security | 3273(46)http%3A%2F%2Fwww.nonprofittechblog.org%2Fbreaking-news-convio-reports-security-breach-on-getactive-systemsBreaking+news%3A+Convio+reports+security+breach+on+GetActive+systems2007-11-04+22%3A28%3A41Allan+Benamerhttp%3A%2F%2Fwww.nonprofittechblog.org%2Fbreaking-news-convio-reports-security-breach-on-getactive-systems

  If you're a former GetActive client [UPDATE 11/5/2007]: (and you were unlucky enough to have your Convio system hacked), you might have just received an e-mail that reads like this: Convio has identified a security attack against our GetActive software systems that has resulted in your constituent data being accessed by an unauthorized third-party. We take this attack very seriously and are committed to working with you to minimize the impact on your organization and your constituents. The third-party sought to download email addresses and, in some instances, member passwords. There was no loss of credit card data. We are confident ...
• 12.24.06
  Fundraising Widgets = Possible Phishing Attack ChipIn, Internet, Nonprofit 2.0, nptech, Online Fundraising, Security | 167(4)http%3A%2F%2Fwww.nonprofittechblog.org%2Ffundraising-widgets-possible-phishing-attackFundraising+Widgets+%3D+Possible+Phishing+Attack2006-12-24+07%3A25%3A05Allan+Benamerhttp%3A%2F%2Fwww.nonprofittechblog.org%2Ffundraising-widgets-possible-phishing-attack

  You know, I was wondering about the speed of implementation for all these badges and widgets appearing on the Web. I thought to myself, was it really that easy to create a me-too fundraising widget? What was the barrier of entry? I decided to discuss the technical specifications of the technology. Now, I'm an old Internet hand. I still remember finger and gopher. I've held not one but two jobs with the title of "webmaster" (blast from the past, huh?). However, I wouldn't call myself a security guru. Unfortunately, I found out within minutes that it's remarkably easy to reverse-engineer a ...

Search Only Non-profit Links