Monthly ArchivesAugust 2012

PCI Hacks Going Global standard

Looks like non-US based merchants can start to shake in their boots a bit. I know this isn’t the first one outside the US (and not the biggest), but it seems like all we hear about are the ones here at home. So how big was this one? According to Wired, pretty big. 500K cards is not 95 million, but it’s certainly not a handful either. What I find interesting about this particular hack is not the number of cards or the source of the hack, but the fact that it wasn’t really advanced and much different from the majority of the small merchant breaches here in the US. The smoking gun comes from paragraph three: The company’s network used ...

Continue Reading

Guest Post: Different Kinds of Document Destruction standard

The following is a guest post by Andrew Morrell. The general public and businesses alike fret over how to dispose of their sensitive documents. Anything from a personal paper to PII/PCI data to an accounting sheet can be used by competitors or otherwise be a source of ridicule and liability. The difference for a business is that competition for real money is at stake. A large business can have thousands of pages to destroy. The choice is between small office shredders and professional services. While it might surprise some, there are enterprises that offer to haul away waste paper in fairly large trucks and use an industrial shredder. This is one way to dispose and recycle a mountain of business ...

Continue Reading

If I Derive PII/PHI, Does It Make A Sound? standard

The Big Data problem and solution is fascinating. In some respects it is incredibly powerful and has tremendous applications for humanity at large, but other implementations are frighteningly big brother-esque. If you hadn’t heard, Target knows you are pregnant before your family does. They do it by watching your behavior on their website. So the new question that we face is what do we do if we derive or create accurate PII/PHI in the normal course of learning about our customers? I’m worried that companies will recklessly create data about their customers in new ways never before possible, exposing we citizens to many privacy breaches. I’m doing research in this area now, and am very interested to see where this ...

Continue Reading

The Apple Incident standard

This weekend had some interesting security implications for a significant portion of you out there. Mat Honan had his digital life pwned. Erased. Disrupted. Even if only for a few days, I am certain it was incredibly stressful. The kicker here is that it wasn’t some sophisticated hacking scheme that got it done, it was simple social engineering and some crafty computing. Go read about Mat’s story and imagine what it would be like if it happened to you (regardless of your device). Lifehacker also answered a question about this, so check it out if you want to take steps to protect yourself against attacks like this. What I want to talk about today is how that incident forced Apple ...

Continue Reading

Mountain Lion Troubles and Solutions standard

I’m a techie at heart. This means I want the latest and greatest in my grubby little hands at all times. AT ALL TIMES. Of course, I do have a day job and a wife and kids, so many times I don’t get to have the latest and greatest, or they steal it from me. Mostly the kids. But over the weekend after BlackHat, I took the plunge and upgraded all of my machines to Mountain Lion. If you are going on this quest, there are a few things you should be aware of before you start. You should prepare your Mac before upgrading, This means performing all those mundane tasks you have been avoiding. Lifehacker has a decent post ...

Continue Reading

June-July 2012 Roundup standard

What was popular in June/July? First off, I was apparently too busy to put this together! I was lucky enough to get a vacation this year with the wife, and I sort of neglected this. No worries, we’ll make up for it! We had BlackHat/Defcon/BSidesLV, more suspected hacks (DropBox), and record heat across a large portion of the Midwest. As I’m writing this now, the thermometer is topping 110°F, but thankfully relief is in sight! Here are the five most popular posts from the last two months: Visa Kills PCI Assessments and Wants Your Processor to Support EMV. Another two months, another winner! Is this the end of PCI Assessments? Visa threw out some timelines and program details last year ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!