Monthly ArchivesDecember 2013

What the Leaked Target PIN Data Actually Means for You standard

Before you read this, consider checking out my first post on the Target breach. Payment systems are complex. If you have ever assessed one or looked under the curtains going all the way back to the issuer, you know this. So it is not a surprise that there is a ton of misinformation flying around about the PIN data that Target admitted was taken. Before we get to far down the road here, I want to review a few items to make sure we’re all on the same page. First, let’s talk about track data. The type of data in the magstripe on the back of your card is sensitive, which is why PCI Requirement 3.2 forbids storing it. I’ve ...

Continue Reading

For the Super Geeky Crypto Guys standard

Of course, if you are a super geeky crypto guy (in which I am envious because math is not my strong suit) you probably already saw this amazing paper by Daniel Genkin, Adi Shamir (the S in RSA), and Eran Tromer in which they prove a side-channel attack against RSA encryption. Since the math behind RSA is such that decryption becomes infeasible through brute force, attackers must get creative in how they go after the protocol. Previous attacks on prime number generation have been published, as well as weak implementations of software that leak parts of the key. But this one is really ingenious. The authors are able to extract the RSA key by simply listening to the noise put ...

Continue Reading

I Thought We Were Done With These? standard

Well, it appears that the bad guys hit another giant retailer this year as Target now reports a massive breach. There are a few items here that are interesting to note. First, we are talking about magnetic stripe and a massive volume of cards in a short period of time. This would indicate some kind of software compromise (read, not an attached skimmer) that lead to the capture of stripe or PIN data. Given that there is a concern about PIN, I would guess that the compromise was either in the POS terminal or in the actual payment terminal itself where the PIN is entered. Breaches of this magnitude obviously call their compliance status in question, and the devil will ...

Continue Reading

Bitcoin and Virtual Currencies standard

There has been a ton of noise around Bitcoin recently for two big reasons. The first is that the Bitcoin-USD forex climbed above $1,000 (currently just under $900, and the second is a heist that moved around $100 million worth of the currency, all able to be watched online through the public clearing houses. So if you are a business, what should you do with this and other currencies? One of the main attractions to Bitcoin is that it is not regulated by a sovereign government. Some might say that it works in the purest form of capitalism, completely separating the buyer from the seller through an anonymous exchange. Well, somewhat anonymous. The contents and value of the wallet is ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!