This has been an interesting week in the world of information security. On Tuesday, Brian Krebs blog site, KrebsOnSecurity, posted an article detailing how a number of self service accounts were hijacked from ADP. In short, due to a weak registration process and a far too lackadaisical approach to stale accounts (i.e., accounts that were never activated by employees) on ADP’s part, as well as the inadvertent posting of sensitive registration codes on the part of a number of clients including a large commercial bank, U.S. Bancorp, victimizers were able make self service accounts for a considerable number of dormant accounts. In turn, the intruders used…
