Tag Archives: processing

[ISN] Hello Barbie controversy re-ignited with insecurity claims

www.theregister.co.uk/2015/11/29/hello_barbie_controversy_reignited_with_insecurity_claims/ By Richard Chirgwin The Register 29 Nov 2015 Back in February, The Register queried the security and privacy implications of Mattel’s “Hello Barbie”, and now the doll has hit the shelves, a prominent security researcher has turned up the first security problems with the toy. After an initial flurry of concern, the issue went quiet, but last Friday Matt Jakubowski (formerly of Trustwave’s SpiderLabs) reignited it by extracting Wi-Fi network names, account IDs, and MP3 files from the toy. That brought a defensive response from Oren Jacob, CEO of ToyTalk (which provides the cloud processing chunk of Hello Barbie). He called Jakubowski an “enthusiastic researcher”, said the data is “already available” to customers, and “no major security or privacy protections have been compromised”. While it’s probably easier to get an SSID by standing outside a house and letting it pop up on your phone’s Wi-Fi connection list, an account ID is another matter, since all an attacker needs is to get a password and they have access to the Hello Barbie account. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Credit Card Breach at a Zoo Near You

http://krebsonsecurity.com/2015/07/credit-card-breach-at-a-zoo-near-you/ By Brian Krebs Krebs on Security July 9, 2015 Service Systems Associates, a company that serves gift shops and eateries at zoos and cultural centers across the United States, has acknowledged a breach of its credit and debit card processing systems. Several banking industry sources told KrebsOnSecurity they have detected a pattern of fraud on cards that were all used at zoo gift shops operated by Denver-basd SSA. On Wednesday morning, CBS Detroit moved a story citing zoo officials there saying the SSA was investigating a breach involving point-of-sale malware. Contacted about the findings, SSA confirmed that it was the victim of a data security breach. “The violation occurred in the point of sale systems located in the gift shops of several of our clients,” the company said in a written statement. “This means that if a guest used a credit or debit card in the gift shop at one of our partner facilities between March 23 and June 25, 2015, the information on that card may have been compromised.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] EFCC arraigns two for hacking into bank’s internet network

http://nationalmirroronline.net/new/efcc-arraigns-two-for-hacking-into-banks-internet-network/ By Matthew Irinoye National Mirror June 25, 2015 The Economic and Financial Crimes Commission, EFCC yesterday arraigned two men for allegedly attempting to hack into the internet network of Enterprise Bank Plc. The suspects include Ola Lawal, Abass Ajide while the third person Olumide Kayode was said to be at large. The defendants who were arraigned before Justice Lateef Lawal-Akapo, on a four count charge offence bordering on conspiracy to defraud, felony, stealing and forgery pleaded not guilty to the four count charge. EFCC counsel, Mr. Seidu Atteh, said that the suspects conspired to defraud Enterprise Bank and hacked into the bank’s network with their laptop computer, router model and grabber/ key logger to obtain the password of key operations staff through the Central Processing Unit (CPU). He said the defendants aimed to access the network of the bank without authority to conduct fraudulent transactions. Atteh alleged that the defendants wanted to access the CPU to conduct fraudulent transactions and transfer unauthorised money into other accounts. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cyber war in Ukraine: How NATO is helping the country defend itself against digital threats

http://www.zdnet.com/article/ukraines-cyber-warfare-how-nato-helps-the-country-defend-itself-against-digital-threats/ By Andrada Fiscutean Central European Processing ZDNet News June 11, 2015 Ukraine’s recent history has been dramatic, with border changes, riots, the occupation of government buildings, and bloodshed. Behind all this, a quiet conflict, free of gunfire but equally hard-fought, has been taking place in the online world. DDoS attacks and communications jamming has lead to misinformation in an already confused country. Now, North Atlantic Alliance nations are joining forces to help Ukraine protect its digital space. Albania, Estonia, Hungary, Poland, Portugal, Romania, and Turkey have offered financial or in-kind contributions to Ukraine’s Cyber Defense Trust Fund, a program agreed by world leaders during a NATO summit held last September in Wales. US president Barack Obama, British prime minister David Cameron, German chancellor Angela Merkel, and French president François Hollande all participated. “The technical requirements for the implementation of this project have been set up and the negotiations for the necessary legal arrangements are at an advanced stage,” a NATO official in Brussels told ZDNet. “NATO needs to keep abreast of the rapidly changing threat landscape and to maintain a robust cyber-defence,” he added. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Harbortouch is Latest POS Vendor Breach

http://krebsonsecurity.com/2015/05/harbortouch-is-latest-pos-vendor-breach/ By Brian Krebs Krebs on Security May 1, 2015 Last week, Allentown, Pa. based point-of-sale (POS) maker Harbortouch disclosed that a breach involving “a small number” of its restaurant and bar customers were impacted by malicious software that allowed thieves to siphon customer card data from affected merchants. KrebsOnSecurity has recently heard from a major U.S. card issuer that says the company is radically downplaying the scope of the breach, and that the compromise appears to have impacted more than 4,200 Harbortouch customers nationwide. In the weeks leading up to the Harbortouch disclosure, many sources in the financial industry speculated that there was possibly a breach at a credit card processing company. This suspicion usually arises whenever banks start feeling a great deal of card fraud pain that they can’t easily trace back to one specific merchant (for more on why POS vendor breaches are difficult to pin down, check out this post. Some banks were so anxious about the unexplained fraud spikes as stolen cards were used to buy goods at big box stores that they instituted dramatic changes to the way they processed debit card transactions. Glastonbury, Ct. based United Bank recently included a red-backgrounded notice conspicuously at the top of their home page stating: “In an effort to protect our customers after learning of a spike in fraudulent transactions in grocery stores as well as similar stores such as WalMart and Target, we have instituted a block in which customers will now be required to select ‘Debit’ and enter their ‘PIN’ for transactions at these stores when using their United Bank debit card.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] CfP – Workshop on Security and Privacy in Cloud-based Applications (in conjunction with ARES EU Projects Symposium 2015)

Forwarded from: “Egner, A.I.” *** Apologies for multiple copies *** CALL FOR PAPERS ************************************************************************ Workshop on Security and Privacy in Cloud-based Applications (in conjunction with ARES EU Projects Symposium 2015) Université Paul Sabatier, Toulouse, France, August 24th – 28th, 2015 http://www.ares-conference.eu/conference/ares-eu-symposium/au2eu/ ************************************************************************ Cloud services and cloud-based applications have become increasingly popular in the recent years. Security and privacy of the cloud-based applications have always been major roadblock for wide use of cloud services that involve sensitive data. Therefore this research field attracts a lot of attention from the academia and industry. The aim of the workshop is to provide the environment to exchange ideas and to foster discussions on a broad list of aspects related to privacy and security of cloud-based applications, and to find answers to questions like: How do we design authentication and authorization frameworks for cross-cloud environments, supporting different identity/attribute providers and organizational policies while guaranteeing privacy, security and trust? How can we extend current solutions with higher assurance of claims, trust indicators, policy enforcement mechanisms and processing under encryption techniques to address specific security and confidentiality requirements of large distributed infrastructures? What is the best way to validate practical aspects of the cloud-based applications, such as scalability, efficiency, maturity and usability? Next to regular sessions with research papers, the workshop will include an invited talk as well as a round table on “Evolution of privacy-preserving authentication and authorization tools: from concepts to deployment“, presenting the results of the FP7 AU2EU project (http://www.au2eu.eu/). CONFERENCE TOPICS The conference topics include, but are not limited to: – Privacy-preserving Authentication – Attribute-based Authorization – Integrated Authentication and Authorization – Assurance of Claims – Crypto-based Policy Enforcement – Attribute-based Encryption – Secure Data Management – Key Management – Trust Management – Operations under Encryption – Homomorphic Encryption – Searchable Encryption – Privacy-Preserving Data Mining – Security as a Service – Big Data Security PAPER SUBMISSIONS The proceedings of ARES 2014, published by Conference Publishing Services (CPS), are available here in the IEEE XPlore Digital Library. Authors are invited to submit research and application papers according the following guidelines: 8 pages (a maximum of 10 pages is tolerated), two columns, single-spaced, including figures and references, using 10 pt fonts and number each page. Submitted papers will be carefully evaluated based on originality, significance, technical soundness, presentation and clarity of exposition. Simultaneous submission of the same work to multiple venues, submission of previously published work, or plagiarism constitutes dishonesty or fraud. ARES, like other scientific and technical conferences and journals, prohibits these practices and may take action against authors who have committed them. Contact author must provide the following information at the ARES conference system: paper title, authors’ names, affiliations, postal address, phone, fax, and e-mail address of the author(s), about 200-250 word abstract, and about five keywords. Accepted papers will be given guidelines in preparing and submitting the final manuscript(s) together with the notification of acceptance. Double blind review: ARES requires anonymized submissions – please make sure that submitted papers contain no author names or obvious self-references. Details about submission can be found here: http://www.ares-conference.eu/conference/conference/submission/ IMPORTANT DATES Submission Deadline May 8, 2015 Author Notification June 1, 2015 Proceedings Version June 8, 2015 Conference August 24-28, 2015 PROGRAM CHAIRS – Milan Petkovic (General Chair), Philips Research / Eindhoven University of Technology – Netherlands – Jan Camenisch (Program Co-Chair), IBM Research – Zurich, Switzerland – John Zic (Program Co-Chair), CSIRO – Sydney, Australia – Alexandru Egner (Organization Co-Chair), Eindhoven University of Technology – Netherlands PROGRAM COMMITTEE – Giuseppe Ateniese, Sapienza University of Rome, Italy – George Danezis, University College London, UK – Refik Molva, EURECOM, France – Gerrit Bleumer, Scheidt & Bachmann, Germany – Ljiljana Brankovic, University of Newcastle, Australia – Jeroen Doumen, Irdeto, Netherlands – Csilla Farkas, University of South Carolina, USA – Pietro Colombo, University of Insubria, Italy – Simone Fischer-Hubner, Karlstad University, Sweden – Dieter Gollmann, Hamburg University of Technology, Germany – Tanya Ignatenko, Eindhoven University of Technology, Netherlands – Mizuho Iwaihara, Waseda University, Japan – Sushil Jajodia, George Mason University, USA – Nguyen Manh Tho, Vienna University of Technology, Austria – Guenther Pernul, University of Regensburg, Germany – Bart Preneel, KU Leuven, Belgium – Kai Rannenberg, Goethe University Frankfurt, Germany – Ahmad-Reza Sadeghi, Darmstadt University, Germany – Andreas Schaad, Huawei Research – Yuan Zhang, State University of New York at Buffalo, USA – Sabrina De Capitani di Vimercati, University of Milan, Italy For any questions, please contact the organization co-chair: a.i.egner (at) tue.nl


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Call for Papers – Workshop on Security and Privacy in Cloud-based Applications (in conjunction with ARES EU Projects Symposium 2015)

Forwarded from: “Egner, A.I.” CALL FOR PAPERS ************************************************************************ Workshop on Security and Privacy in Cloud-based Applications (in conjunction with ARES EU Projects Symposium 2015) Université Paul Sabatier, Toulouse, France, August 24th – 28th, 2015 http://www.ares-conference.eu/conference/ares-eu-symposium/au2eu/ ************************************************************************ Cloud services and cloud-based applications have become increasingly popular in the recent years. Security and privacy of the cloud-based applications have always been major roadblock for wide use of cloud services that involve sensitive data. Therefore this research field attracts a lot of attention from the academia and industry. The aim of the workshop is to provide the environment to exchange ideas and to foster discussions on a broad list of aspects related to privacy and security of cloud-based applications, and to find answers to questions like: How do we design authentication and authorization frameworks for cross-cloud environments, supporting different identity/attribute providers and organizational policies while guaranteeing privacy, security and trust? How can we extend current solutions with higher assurance of claims, trust indicators, policy enforcement mechanisms and processing under encryption techniques to address specific security and confidentiality requirements of large distributed infrastructures? What is the best way to validate practical aspects of the cloud-based applications, such as scalability, efficiency, maturity and usability? Next to regular sessions with research papers, the workshop will include an invited talk as well as a round table on “Evolution of privacy-preserving authentication and authorization tools: from concepts to deployment“, presenting the results of the FP7 AU2EU project (http://www.au2eu.eu/). CONFERENCE TOPICS The conference topics include, but are not limited to: – Privacy-preserving Authentication – Attribute-based Authorization – Integrated Authentication and Authorization – Assurance of Claims – Crypto-based Policy Enforcement – Attribute-based Encryption – Secure Data Management – Key Management – Trust Management – Operations under Encryption – Homomorphic Encryption – Searchable Encryption – Privacy-Preserving Data Mining – Security as a Service – Big Data Security PAPER SUBMISSIONS The proceedings of ARES 2014, published by Conference Publishing Services (CPS), are available here in the IEEE XPlore Digital Library. Authors are invited to submit research and application papers according the following guidelines: 8 pages (a maximum of 10 pages is tolerated), two columns, single-spaced, including figures and references, using 10 pt fonts and number each page. Submitted papers will be carefully evaluated based on originality, significance, technical soundness, presentation and clarity of exposition. Simultaneous submission of the same work to multiple venues, submission of previously published work, or plagiarism constitutes dishonesty or fraud. ARES, like other scientific and technical conferences and journals, prohibits these practices and may take action against authors who have committed them. Contact author must provide the following information at the ARES conference system: paper title, authors’ names, affiliations, postal address, phone, fax, and e-mail address of the author(s), about 200-250 word abstract, and about five keywords. Accepted papers will be given guidelines in preparing and submitting the final manuscript(s) together with the notification of acceptance. Double blind review: ARES requires anonymized submissions – please make sure that submitted papers contain no author names or obvious self-references. Details about submission can be found here: http://www.ares-conference.eu/conference/conference/submission/ IMPORTANT DATES Submission Deadline May 8, 2015 Author Notification June 1, 2015 Proceedings Version June 8, 2015 Conference August 24-28, 2015 PROGRAM CHAIRS – Milan Petkovic (General Chair), Philips Research / Eindhoven University of Technology – Netherlands – Jan Camenisch (Program Co-Chair), IBM Research – Zurich, Switzerland – John Zic (Program Co-Chair), CSIRO – Sydney, Australia – Alexandru Egner (Organization Co-Chair), Eindhoven University of Technology – Netherlands PROGRAM COMMITTEE – Giuseppe Ateniese, Sapienza University of Rome, Italy – George Danezis, University College London, UK – Refik Molva, EURECOM, France – Gerrit Bleumer, Scheidt & Bachmann, Germany – Ljiljana Brankovic, University of Newcastle, Australia – Jeroen Doumen, Irdeto, Netherlands – Csilla Farkas, University of South Carolina, USA – Pietro Colombo, University of Insubria, Italy – Simone Fischer-Hubner, Karlstad University, Sweden – Dieter Gollmann, Hamburg University of Technology, Germany – Tanya Ignatenko, Eindhoven University of Technology, Netherlands – Mizuho Iwaihara, Waseda University, Japan – Sushil Jajodia, George Mason University, USA – Nguyen Manh Tho, Vienna University of Technology, Austria – Guenther Pernul, University of Regensburg, Germany – Bart Preneel, KU Leuven, Belgium – Kai Rannenberg, Goethe University Frankfurt, Germany – Ahmad-Reza Sadeghi, Darmstadt University, Germany – Andreas Schaad, Huawei Research – Yuan Zhang, State University of New York at Buffalo, USA – Sabrina De Capitani di Vimercati, University of Milan, Italy For any questions, please contact the organization co-chair: a.i.egner (at) tue.nl


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] [CFP] BSides Las Vegas August 2015

Forwarded from: BSidesLV CFP: https://bsideslv.org/cfp/ First Round CFP closes April 15th. Round two opens May 25th and closes June 8th. BSidesLV 2015 will consist of seven main speaking tracks and one workshop track.It will also include Passwords, however they have a separate CFP. Look for that at https://passwordscon.org/ Proving Ground – First-time speaker* mentor-ship and scholarship program. Get matched with a great mentor who will assist you in crafting your talk and slides and we’ll cover up to $500 in costs for your trip to Las Vegas. *Regional BSides and local group meetings (OWASP/ISSA/ISACA etc.) do not fall into this category More info: http://www.bsideslv.org/speakers/cfp/proving-ground-call-for-papers/ Breaking Ground – Ground Breaking Information Security research and conversations on the “Next Big Thing”. Interactively discussing your research with our participants and getting feedback, input and opinion. No preaching from the podium at a passive audience. Common Ground – Other topics of interest to the security community. e.g., Lock-picking, hardware hacking, mental health/burnout, Law, Privacy, Regulations, Risk, Activism, etc. Again, interactive discussions with your peers and fellow researchers. Not passive lectures “at” an audience. Underground – OTR talks on subjects best discussed AFK. No press, no recording, no streaming, no names. Just you and your peers, behind closed doors. Think about it. Ground Truth – This  track is focused on innovative computer science and mathematics applied to security. Topics of interest include machine learning, natural language processing, Big Data technologies, cryptography, compression, data structures, zero knowledge proofs or just about anything academically publishable that usually baffles review committees for other conferences. Above The Ground Plane – The team that brings you the Wireless Village at DEFCON and the Wireless Capture the Flag contests at multiple conferences throughout the year is organizing a new speaking track for BSidesLV. The Above The Ground Plane track will consist of any and all forms of exciting hacks and unusual uses of wireless technology. Think you have something new and exciting, spread your spectrum and come share it. Trust us, you ohm it to yourself. Training Ground – Workshops and classes to give our participants hands-on experience and in-depth knowledge. We accept proposals for 1/2 day, full-day and 2-day workshops. We don’t charge for workshops, nor do we pay for them, although we may cover circuit boards. Conference information: https://bsideslv.org More CFP information: https://www.bsideslv.org/speakers/cfp/ CFP: https://bsideslv.org/cfp/ Security BSides Las Vegas, Inc. A 501(c)(3) Non-Profit Educational Corporation http://bsideslv.org info@bsideslv.org https://twitter.com/bsideslv


Facebooktwittergoogle_plusredditpinterestlinkedinmail