Tag Archives: i’m

[ISN] Global Payments to Buy Heartland for $4.3 Billion

www.bankinfosecurity.com/global-payments-to-buy-heartland-for-43-billion-a-8753 By Tracy Kitten @FraudBlogger Bank Info Security December 16, 2015 Two leading payments processors that each suffered massive data breaches are consolidating. Atlanta-based Global Payments Inc. plans to buy its smaller rival, Princeton, N.J.-based Heartland Payment Systems Inc., for $4.3 billion. The deal that is expected to close during the fiscal fourth quarter ending May 31, 2016. Industry observers are weighing in on whether the merged companies will successfully build a strong culture of security. “Heartland really took its breach to heart and was one of the best examples of how to learn from such an event and turn it into a leadership opportunity,” says Al Pascual, director of fraud and security at Javelin Strategy & Research. “I give the CEO [Bob Carr] a lot of credit for that. Global Payments was quite the opposite, with one of the least transparent breach events in the payments industry. I’m hoping the security culture of Heartland becomes the dominant one.” But Tom Wills, managing director of payments security consultancy Secure Strategies, says it could be difficult for the new company created through the merger to improve security. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Researcher to FireEye: If you’re not paying, I’m not talking

http://www.csoonline.com/article/2981474/vulnerabilities/researcher-to-fireeye-if-youre-not-paying-im-not-talking.html By Steve Ragan Salted Hash CSO Online Sep 8, 2015 On Sunday, Kristian Erik Hermansen disclosed an unauthorized file disclosure vulnerability in FireEye’s core product. The zero-day disclosure quickly generated public attention, as did the discussion around three other vulnerabilities that haven’t been published and the $10,000 USD price tag on the flaws. But the disclosed vulnerability and the three other unpublished flaws are not the only thing FireEye has to be concerned about, there’s plenty more where that came from. Hermansen, along with researcher Ron Perris, has claimed the discovery of at least thirty additional flaws in FireEye’s products. Many of them are in the HX line, but plenty of others exist in various products too, Hermansen added. As word of Hermansen’s disclosure spread online, the opinions of those discussing the issue were split. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Here’s what Ashley Madison members have told me

http://www.troyhunt.com/2015/08/heres-what-ashley-madison-members-have.html Monday, 24 August 2015 I found myself in somewhat of a unique position last week: I’d made the Ashley Madison data searchable for verified subscribers of Have I been pwned? (HIBP) [1] and now – perhaps unsurprisingly in retrospect – I was being inundated with email. I mean hundreds of emails every day with people asking questions about the data. Not just asking questions, but often giving me their life stories as well. These stories shed a very interesting light on the incident, one that most people are not privy to and one that doesn’t come across in the sensationalist news stories which have flooded every media outlet in recent days. When sent to me as an unknown third party in a (usually) foreign location, people tended to be especially candid and share stories that really illustrate the human impact of this incident. I thought I’d share some of those here – de-identified of course – to help people understand the real world impact of this incident and ’for those caught up in it to realise that they’re among many others going through the same pain. I responded to every legitimate email I received. Very early on I wrote up a Q&A and the following is the canned response I sent in response to almost every query: My apologies for not being able to respond to you personally, I’m addressing questions of this nature via a Q&A you can find here: http://www.troyhunt.com/2015/08/ashley-madison-data-breach-q.html Here’s what Ashley Madison members have told me: [1] https://haveibeenpwned.com/ […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Wi-Fi at DEF CON – dealing with the worlds most dangerous network

http://www.computerworld.com/article/2974662/network-security/wi-fi-at-def-con-dealing-with-the-worlds-most-dangerous-network.html By Michael Horowitz Computerworld Aug 23, 2015 The wireless network at the DEF CON hacker conference has been called the most dangerous in the world. Members of the press were warned beforehand that “This is a Hacker Con, so consider the public network at DEF CON profoundly hostile! … keep your Wi-fi and Bluetooth disabled as much as possible.” The press room at the conference offered a private Ethernet connection to the outside world. I heard that staff at the DEF CON hotels (Paris and Bally’s in Las Vegas) were telling guests to turn off their Wi-Fi. In the days after the conference, I ran across four articles from people who attended DEF CON, all with a common theme of avoiding the Wi-Fi. My defensive stance was taking a Chromebook to the conference. I used the machine, offline, to take notes, saving a copy both to a thumbnail sized USB flash drive and the internal Chromebook storage. There were two Wi-Fi networks at DEF CON, one was totally open and the other locked down with WPA2/ 802.1x (a.k.a WPA2 Enterprise). Perhaps I’m naive, but I felt no danger connecting the Chromebook to the public, open, unsecure network. Of course, I would only do so in Guest Mode. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Mad John McAfee: ‘Can you live in a society that is more paranoid than I’m supposed to be?’

http://www.theregister.co.uk/2015/06/04/mad_mcafee/ By Alexander J Martin The Register 4 June 2015 Infosec 2015 – John McAfee delivered a surprisingly non-controversial keynote speech to the London Infosec Conference on Wednesday afternoon, lauding the value of privacy, doing so – to the concern of his bewildered audience – whilst seemingly tickling himself through the cloth of his pocket. McAfee’s talk was essentially a rant against governments’ security-compromising activities, summed up by his statement: “We cannot allow a fearful government to create weaknesses in the very software we are trying to protect. By putting backdoors in the software, we have given hackers the access we are trying to prevent.” Easily the rockstar of infosec, McAfee took to the stage fashionably late – though his audience had remained comfortable, being plied with free alcohol, free food and an enjoyable musical set (wasted on Infosec’s more senior attendees) during their wait. The man himself, a young 70-year-old in a handsome navy suit, looking and seeming much like a millionaire version of Matthew McConaughey’s Rust Cohle, was quick to address what he regarded as the major political influences upon security and explicitly criticised governments’ notions of backdooring software. A strong approach to a conference which has always had plenty of government security bods attending. “Take control of your lives,” McAfee urged Infosec. “Say ‘I am going to be responsible for myself, at least to some extent.’ Governments cannot protect you.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] ‘CSI: Cyber’ review: Hackwork

http://www.nj.com/entertainment/tv/index.ssf/2015/03/csi_cyber_review_patricia_arquette_cbs.html By Vicki Hyman NJ Advance Media for NJ.com March 04, 2015 Thank goodness Patricia Arquette just won an Oscar, because otherwise I’d really have nothing to say about “CSI: Cyber.” The newest “CSI” franchise, which debuts on CBS tonight at 10 p.m., is about the FBI’s cyber crime division, comes with all the series’ high-tech visual flourishes and stars “Boyhood” star Arquette, who, um, just won an Oscar. Yeah. Oh! This time, the Who theme song is “I Can See For Miles.” I’m not saying “CSI: Cyber” isn’t worth watching. I’m just saying there’s not a heck of a lot to say about it. (The original flavor “CSI” is still plugging away after 15 years, while the Miami and New York franchises lasted 10 and 9 seasons, respectively. The latest entry is a bit different in that there’s a lot of people peering at computer screens instead of into microscopes. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The World’s Email Encryption Software Relies on One Guy, Who is Going Broke

http://www.propublica.org/article/the-worlds-email-encryption-software-relies-on-one-guy-who-is-going-broke By Julia Angwin ProPublica Feb. 5, 2015 Update, Feb. 5, 2015, 8:10 p.m.: After this article appeared, Werner Koch informed us that last week he was awarded a one-time grant of $60,000 from Linux Foundation’s Core Infrastructure Initiative. Werner told us he only received permission to disclose it after our article published. Meanwhile, since our story was posted, donations flooded Werner’s website donation page and he reached his funding goal of $137,000. In addition, Facebook and the online payment processor Stripe each pledged to donate $50,000 a year to Koch’s project. The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project alive. Werner Koch wrote the software, known as Gnu Privacy Guard, in 1997, and since then has been almost single-handedly keeping it alive with patches and updates from his home in Erkrath, Germany. Now 53, he is running out of money and patience with being underfunded. “I’m too idealistic,” he told me in an interview at a hacker convention in Germany in December. “In early 2013 I was really about to give it all up and take a straight job.” But then the Snowden news broke, and “I realized this was not the time to cancel.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The breach at Sony Pictures is no longer just an IT issue

http://www.csoonline.com/article/2854672/business-continuity/the-breach-at-sony-pictures-is-no-longer-just-an-it-issue.html By Steve Ragan Salted Hash CSO Dec 2, 2014 I’m going to make a prediction. The breach at Sony Pictures has nothing to do with North Korea, aside form the fact that the destructive malware believed to be present on Sony’s network is similar to the malware used in South Korea in 2013 – an incident that was blamed on North Korea. Furthermore, I predict there will be an insider aspect to Sony’s breach. The first part of the attack on Sony centered on compromising records, once done, the attackers planted malware that was timed – based on the FBI memo – to activate just before Thanksgiving. The easiest way to accomplish this task – assuming I’m right – is by having someone on the inside with just enough access that everything looks normal with a passive glance at the logs. The second part of the attack on Sony is the aftermath, including the financial burden of dealing with box office losses, employee issues, as well as any fines that are sure to be levied. Sony’s just starting to enter this phase. On Monday, GOP (Guardians of Peace), the group claiming responsibility for the attack on Sony, pushed 25GBs worth of data to the public domain. They say this is only a fraction of the data they were able to compromise, suggesting to one media outlet that they were harvesting records for more than a year before making themselves known. A year. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail