Categories ArchivesHeadlines

WJLA News reports that a University of Virginia graduate student and two fellow hackers have cracked code contained in smart cards. Information security rears it’s head again! The company claims they only got a portion of the code, but depending on what they got, it could be enough to launch a feasible attack against those keys. Any reduction in bits can make a huge difference in the time required to retrieve a key. You know, those smart card guys would have gotten away with a sub-par setup if it weren’t for those meddling kids…

Greetings folks! How about a headline wrap-up? Ready? OK! Liquid Bombs? Trivial or did they use a lab? False advertising on drive encryption? Recovering disk encryption keys from RAM? Cracking GSM in 30 seconds? What a week!

USA Today had an interesting article on Monday detailing how Cybercrooks are getting craftier (is that a word? more crafty? more craftierest?) on the scams designed to trick people into parting with personal information. A couple of the attacks listed include: Email greeting cards that give intruders control of your router (specifically a popular router in Mexico). Turn-key phishing kits with everything needed to create bogus bank websites. Click fraud targeting small e-commerce sites to drive up fake ad revenues for crooks. And here’s someone else with too much time on their hands (thanks Springtown!)!

As a follow up to the last article, here’s a pretty interesting story about a teenager in Poland who figured out a way to control how trains change tracks. He didn’t hack through the internet, or some rogue access point at a station. He used a TV remote. Between this and the Boeing 787 Dreamliner’s issues, I wonder if this will force companies to take a hard look at the software they use to drive their products.

After getting an extended battery for my laptop (yaay! Less whipping out the iGo for power on the plane!), I am wondering if anyone has had problems with the new TSA Battery Guidelines. My battery is well below any proposed limit, and I rarely check bags (thank YOU London Airports!), but it seems any time a new TSA regulation is put into place there can be some difference in interpretation. What say you?

While sitting in the Courtyard this morning in Sterling, VA, I saw that Dan Frost of the USA Today is warning of the Evil Twin problem with wireless networks…. again. I seem to remember seeing this pop up in the past, but this problem has been around as long as wireless has been in cafes. So, watch out…. again!

According to an interview on 60 Minutes, the National Retail Federation’s position (says Dave Hogan, NRF’s CIO) is that the Card Associations are at fault for credit card fraud because the card associations require retailers to store consumer’s CC data. I can’t believe how wrong these guys are and that they are taking the national spotlight to try and scare consumers into believing this lie. He also says he is not sure how vested the credit card companies are in securing customer data. The funny thing is the whole PCI Standard “thing” came BECAUSE the card associations are interested in securing customer data, not the other way around. And the notion of fines being a revenue stream are absurd. Look ...

Have you got your ISSA Journal for October in the mail yet? If not, click on over to their website and you will see that they featured my article!

USA Today published a rather comical headline last week about airport security and security screening — Most fake bombs missed by screeners. FAKE bombs. Wouldn’t you want to let FAKE bomb parts pass through and catch the ACTUAL bomb parts? I’m not sure what this study shows. Does it show that the TSA is doing their job well? Hard to say. I think it would be interesting if they redid the study (with some kind of get out of jail free card) with ACTUAL bomb parts. I can only hope that they would be stopped.