About
Dennis Fisher is a journalist with more than 13 years of experience covering information security.
The malware-infected CDs that were mailed to some credit unions may have been part of a penetration test designed to gauge whether an employee would run the software. The SANS Internet Storm Center says it was notified by a representative from Microsolved that the mailing was part of an authorized pen test.
A pair of Japanese researchers have developed an improvement on an existing technique for attacking wireless LAN traffic that enables them to intercept and decrypt encrypted packets in about a minute, significantly lowering the barrier to entry for attackers looking to listen in on supposedly private connections.
From Zero in a Bit (Tyler Shields)
Trust has long been a favorite target of malicious individuals. Most people would say that proper management of trust is one of the primary cornerstones of information security. Trust is a relative term and all trust relationships should be examined with a very critical eye. Ken Thompson’s seminal paper “Reflections on Trusting Trust”, which won a Turing Award, addresses in detail why we can never be fully sure of the trust relationships in our development environment. Read the full story [Zero in a Bit].
It seems that hackers have not been taking the move to two-factor authentication lying down. Instead, they have been hard at work figuring out a method for siphoning off the one-time passwords generated by devices such as the RSA SecurID token and using them immediately to steal money from victims’ bank accounts.
From NYTimes.com (Brad Stone)
Albert Gonzalez, a suspect in several hacking cases, was close to reaching a comprehensive plea agreement with federal prosecutors in Massachusetts and New York when federal prosecutors in New Jersey indicted him on Monday on a new raft of computer crimes, said Mr. Gonzalez’s lawyer, Rene Palomino Jr. Read the full story [NYTimes.com].
Dennis Fisher talks with David Mortman and Alex Hutton of the New School of Information Security blog about the Mortman/Hutton model, data breaches and the effect of breaches on the reputation and viability of an organization.
Martin Hellman, the co-inventor of public key cryptography, uses his background in security and cryptography to bring insights to two seemingly unrelated issues: nuclear weapons and soaring.
The news that federal authorities have indicted the man they claim is responsible for the TJX attack for also allegedly hacking into the networks of Heartland Payment Systems, 7-Eleven and the Hannaford Brothers grocery chain shows that law enforcement is indeed stepping up its work on cybercrime. But it also provides what is probably the clearest evidence to date that the people executing these attacks are highly competent, organized and motivated.
By Dmitry Bestuzhev
The credit crunch means we’re all increasingly aware of bank charges, interest rates, and how we can save a few extra pennies. Financial advisors have written pages on how transferring an existing credit card balance to another card issuer could save you money, and most people are shopping around for the best offers.
Of course, the APR and other rates don’t worry cybercriminals. All they want to do is get their hands on credit card numbers and then use them or sell them on. Who cares if the card owner gets stung with additional charges? Read the full story [Viruslist].
A huge number of Web sites are employing a little-known tracking mechanism to gather information on visitors and are failing to disclose the practice in their privacy policies, according to a new paper from a group of university researchers. The technique employs cookies generated by the Adobe Flash software and the cookies often have the same value as HTTP cookies, the researchers report.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
