#Network World RSS feed on security Skip Links * Go to page content * Go to site-wide navigation * Go to Contact Us page * Newsletter Subscriptions * Newsletter Archives * White Papers * Reports & Guides * Webcasts * Downloads * Podcasts * This Week In Print * IT Jobs * Community * Slideshows * New Data Center * Solution Centers * CITRIX^® Virtual Computing Perspective * Executive Resource Center * Iron Mountain Solving Information Management Challenges * Masters of Converged Solutions * Network Advantage Solution Center * Networking Solution Center * Riverbed WAN Optimization * Save and Simplify With SIP * Symantec Small Mid Business Solutions * Trend Micro™ Securing Your Journey to the Cloud * Xerox Managed Print Services Network World * News * Blogs & Columns * Subscriptions * Videos * Events + Face-to-Face + Virtual * More ____________________ search * Security * LAN & WAN * Unified Communications * Cloud Computing * Infrastructure Management * Wireless * Software * Data Center * SMB Networking * IT Careers * Toolshed * Tech Debate * Community + Cisco Subnet + Microsoft Subnet + Open Source Subnet * Anti-malware * Compliance * Cybercrime * Firewall & UTM * IDS/IPS * Endpoint Security * SIEM * White Papers * Webcasts * Tests * Ethernet Switch * Router * IPv6 * Service Providers * Metro Ethernet * MPLS * VPN * WAN Optimization * White Papers * Webcasts * Tests * VoIP * E-mail services * Videoconferencing * Collaboration / Web 2.0 * White Papers * Webcasts * Tests * SaaS * White Papers * Webcasts * Tests * Network Management * System Management * Identity Management * Patch Management * Application Management * Asset Management * White Papers * Webcasts * Tests * 3G & 4G * Smartphones * Mobile Apps * Wi-Fi * WiMAX & LTE * Wireless Management * Wi-Fi Security * White Papers * Webcasts * Tests * Windows * Linux * Applications * CRM * ERP * Business Intelligence * White Papers * Webcasts * Tests * Virtualization * Disaster Recovery * Server * PC * Network Storage * Storage Management * Green IT * White Papers * Webcasts * Tests * Broadband * Collaboration * Equipment * Mobile * Networks * Security * Storage * White Papers * Webcasts * Tests * White Papers * Webcasts * Tests * Cool Tools * Gearhead * IT Asked & Answered * White Papers * Webcasts * Tests * White Papers * Webcasts * Tests * Tests * White Papers * Webcasts * Solution Centers [icon_insider_46x15.gif] You are previewing premium content. Become an Insider to read the full article. [icon_insider_46x15.gif] You are viewing Insider content. Browse other Insider articles Security vendor settles charges after getting hacked By Grant Gross, IDG News Service November 16, 2006 03:45 PM ET * Comment * Print Guidance Software Inc., vendor of computer forensics and security products, has settled a complaint filed by the U.S. Federal Trade Commission (FTC), which accused it of failing to take reasonable security measures to protect sensitive computer data. Guidance's lax security efforts, which allowed hackers to access sensitive credit-card information for thousands of customers, contradicted promises made on its Web site and violated U.S. law, the FTC said. The settlement, announced Thursday, will require the company to implement a comprehensive cybersecurity program and obtain independent security audits every other year for 10 years, the FTC said. A Guidance spokeswoman didn't immediately return a phone call seeking a comment on the settlement. To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in. [icon_insider_46x15.gif] Guidance Software Inc., vendor of computer forensics and security products, has settled a complaint filed by the U.S. Federal Trade Commission (FTC), which accused it of failing to take reasonable security measures to protect sensitive computer data. Guidance's lax security efforts, which allowed hackers to access sensitive credit-card information for thousands of customers, contradicted promises made on its Web site and violated U.S. law, the FTC said. The settlement, announced Thursday, will require the company to implement a comprehensive cybersecurity program and obtain independent security audits every other year for 10 years, the FTC said. A Guidance spokeswoman didn't immediately return a phone call seeking a comment on the settlement. In December 2005, the company informed customers that hackers had broken into a company database and stolen about 3,800 credit-card numbers apparently through a SQL injection attack. But security researchers had identified SQL injection attacks going back to 2000, and researchers had published multiple articles on how to protect against SQL injection attacks by 2005. Related Content Although Guidance made claims about data security on its Web site, it stored credit-card information in clear, readable text, the FTC said. In addition, the company failed to access the vulnerability of its network to commonly known or reasonably foreseeable Web-based attacks such as the SQL injection attacks, the FTC said. The company failed to implement "simple, low-cost, and readily available defenses," the FTC said. The settlement prohibits the company from misrepresenting security measures in the future. The company will be subject to record-keeping and reporting provisions to allow the FTC to monitor compliance. This is the FTC’s 14th case challenging faulty data-security practices by companies that handle sensitive consumer information. The IDG News Service is a Network World affiliate. * Comment * Print [ai?hb=DM550223OGAN&ai=ILC-rcb] From CIO.com * Four Ways the Red Sox are Scoring with SharePoint * Apple iCloud: A Visual Tour * 10 Great Games for Your BlackBerry PlayBook * When the Worst Happens: SharePoint Recovery Read the latest from CIO.com Comment Welcome, Logout Log in | Register Login Username ____________________ Password ____________________ Log in [BUTTON] Forgot your account info? Add comment Screen Name ____________________ Anonymous comments subject to approval. Register here for member benefits. Subject ____________________ Comment (required) ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ IFRAME: http://api.recaptcha.net/noscript?k=6LcD8bwSAAAAAJY2_ih78yM8RE0DpYRwhHpqw6vL ________________________________________ ________________________________________ ________________________________________ Submit Have a NetworkWorld account? Log in here. Register now for a free account. [ai?hb=DM550223OGAN&ai=ILC-Most_Read] Most Read * Why I dumped my 4G Android for an iPhone * CFOs lack faith in CIOs and IT teams, survey shows * Project PM leaks dirt on Romas/COIN * Microsoft confirms BPOS cloud outage * LulzSec members to be outed by Netherlands hacking group * 12 ways the cloud changes everything * Essential gadgets for the road warriors * Company claims it can disregard GPL requirements * iPhone 5 rumor roundup for the week ending June 10 * A Cisco engineer says changes at Cisco are good View more Most Read Videos http://link.brightcove.com/services/link/bcpid1403442705http://www.brightcov e.com/channel.jsp?channel=1243596290 rss Rss Feed Latest News * Report: US FTC preparing to serve subpoenas to Google * Gartner: New security demands arising for virtualization, cloud computing * Google fails to placate Calendar users over lingering flaw * Lockdown: How would you handle emergency network operations? * Terremark-Verizon cloud service ready to go * Startup touting data center fabric that will put a scare into Cisco, Juniper * Zenprise cloud service manages corporate mobile device surge * Tips for navigating the evolving wireless LAN landscape * Microsoft: Cloud computing won't hurt us * Winklevoss twins give up Facebook fight * Net neutrality goes Dutch * Anonymous, LulzSec bring bragging rights back to hacking, CTO says * Windows 7 migration: Tips and tricks * LulzSec members to be outed by Netherlands hacking group View more Latest News rss Rss Feed Newsletter Sign-Up Receive the latest news, reviews and trends on your favorite technology topics Choose a newsletter- 1. [_] Security Alert 2. [_] Compliance Alert 3. [_] Daily News Alert 4. [_] Data Center Alert 5. View all newsletters 6. ____________________ 7. [Industry.........................................................] 8. [Job Title......................] 9. [Company Size...] 10. [Country.....................................] 11. [US State...................] 12. 13. (na) Subscribe Terms of Service Sponsored Links Resource Center Network World's Daily Newsletter Stay up to date with the most important tech news (Submit) Sign-up Network World, Inc RSS The Connected Enterprise + About Us + Jobs @ NWW + Contact Us + Subscribe to Network World Magazine + Newsletter Subscriptions + Advertise + Reprints & Links + Partnerships + AdChoices Other IDG Sites + CFOworld + CIO + Computerworld + CSO + DEMO + GamePro + Games.net + IDG Connect + IDG Knowledge Hub + IDG TechNetwork + IDG Ventures + InfoWorld + ITwhitepapers + ITworld + JavaWorld + LinuxWorld + MacWorld + Network World + PC World Copyright © 1994 - 2011 Network World, Inc. All rights reserved. * Terms of Service