Branden R. Williams, Business Security Specialist

The Apple Incident standard

This weekend had some interesting security implications for a significant portion of you out there. Mat Honan had his digital life pwned. Erased. Disrupted. Even if only for a few days, I am certain it was incredibly stressful. The kicker here is that it wasn’t some sophisticated hacking scheme that got it done, it was simple social engineering and some crafty computing. Go read about Mat’s story and imagine what it would be like if it happened to you (regardless of your device). Lifehacker also answered a question about this, so check it out if you want to take steps to protect yourself against attacks like this. What I want to talk about today is how that incident forced Apple ...

Mountain Lion Troubles and Solutions standard

I’m a techie at heart. This means I want the latest and greatest in my grubby little hands at all times. AT ALL TIMES. Of course, I do have a day job and a wife and kids, so many times I don’t get to have the latest and greatest, or they steal it from me. Mostly the kids. But over the weekend after BlackHat, I took the plunge and upgraded all of my machines to Mountain Lion. If you are going on this quest, there are a few things you should be aware of before you start. You should prepare your Mac before upgrading, This means performing all those mundane tasks you have been avoiding. Lifehacker has a decent post ...

June-July 2012 Roundup standard

What was popular in June/July? First off, I was apparently too busy to put this together! I was lucky enough to get a vacation this year with the wife, and I sort of neglected this. No worries, we’ll make up for it! We had BlackHat/Defcon/BSidesLV, more suspected hacks (DropBox), and record heat across a large portion of the Midwest. As I’m writing this now, the thermometer is topping 110°F, but thankfully relief is in sight! Here are the five most popular posts from the last two months: Visa Kills PCI Assessments and Wants Your Processor to Support EMV. Another two months, another winner! Is this the end of PCI Assessments? Visa threw out some timelines and program details last year ...

Payments and NFC Still Under Fire standard

After spending a few days around Security Week (BlackHat, Defcon, BSidesLV) last week, I was constantly amazed at the excitement and innovation around security. Unfortunately, most of this focused on the attack side, but nevertheless, it will drive security thinking forward (which is what we want!). Several researchers focused on Near Field Communication (NFC) implementations as this technology is quickly becoming embedded in many mobile devices. While you may not be an NFC expert, you certainly have used NFC before. Think about any time you have used your credit card in a contactless way, paid for transport in London with an Oyster card, or even started your new automobile, you are using a form of NFC. Businesses want NFC because ...

BlackHat 2012 time! standard

One of the industry’s favorite conferences descends upon Vegas this week, which means you will find all manner of individuals casually, theoretically, or maybe maliciously looking for ways to own you and your devices. It’s one of my favorite times of the year because the kinds of research presented at BlackHat changes how people interact with technology. Even Apple is presenting this year! I’ll be out there on Wednesday and Thursday, and would love to catch up if you have a few minutes. Definitely stop by the RSA booth tomorrow and pick up a bracelet for our EPIC party tomorrow night. I know some of our execs will be there, and I’ve been assured that one particular exec will “stick ...

17th of July, 2012
In: Consumer Security, Enterprise Security
0
4

Can You Trust Email Anymore? standard

I’ve been running my own email server for almost as long as I’ve had an email address. And when you roll your own, you have to figure out your own answer to the onslaught of SPAM that hits you every single day. A quick poll says that my SPAM server (Postini) blocked over 200 emails addressed to me today, and over the last sixty minutes there have been more SPAM than legitimate emails for all of my users. This isn’t surprising. We’ve all been victim to the, “Didn’t you get my email?” question countered by, “Just found it in my SPAM folder.” Postini is fantastic. It’s interface isn’t great (Google has done NOTHING with it), support is spotty, and frankly ...

Semantics and Compliance standard

I was sitting in a meeting earlier this year and someone me asked a “quick” question about PCI DSS. Always happy to oblige, I listened to the person go through a very intricate discussion and setup for this question (as in, on the order of just over five minutes) to finally get to the punchline, “so is this out of scope?” I’ve been in those discussions before, and at times the systems were so complex that they warranted a five-plus minute review in order to set them up. In this case the majority of the discussion was around specific semantics and nuances in interpretation that could cause a particularly problematic system to be shifted off of this compliance managers desk. ...

Does EMV Fix SMB Compliance? standard

By now you probably know that EMV is coming to the US. Some say it is long overdue, others believe it will only shift fraud to other methods. But what if EMV adoption would solve the PCI issues for small and medium businesses? That could be a really interesting case study to see how it applies as small businesses are typically caught unawares when bad things happen. As with all things, it may come down to acceptance more than anything else. Imagine for a moment if companies did aim to remove PCI DSS assessment activities from their annual audit schedule and converted all of their terminals to support EMV. Unless you and I as consumers get cards with a chip ...

Healthcare Security, Where Are You? standard

Information security with electronic healthcare information is often discussed (not here) behind closed doors with lots of whispers. The state of information security in the healthcare space varies, but most insiders agree it is in conflict. Dismal even. Yours truly even took down an entire hospital’s printing network because they were running a super-duper-pooper vulnerable print server that just happened to get popped when doing what should have been innocent scanning. Security in many industries starts with compliance, but even that’s not working. HIPAA has been around for fifteen years—and its follow-up act(s) less than five—but we are constantly playing catchup. The results of a 2006 (yes five years old) survey showed that HIPAA had the lowest compliance rates among ...

Hospitality Still in the Crosshairs standard

With all the news and information we are pummeled with daily, it’s hard to ignore the significance of cyber security and its role in protecting enterprises and individuals. It’s even pretty easy to ignore until it happens to you. I have written and spoken about the challenges in the hospitality industry before, and they remain a big target for a few big reasons. Many hotels, even ones with a big-brand name on the facade, are owned and operated by individual companies and investors. Joe’s Hotel Group buys the building, hires the employees, and plugs into GiantHotelChain’s reservation and reward system. Many hotels are wide-reaching properties where everywhere you go you have an opportunity to perform a transaction (pay TV, internet, ...