As reported in the New York Times, Justine Sacco became an instantaneous celebrity when she sent out a Tweet prior to boarding a flight to South Africa from JFK. Social media can be both powerful and cruel. In this case, it changed Justine’s life. The Tweet, along with one of the many photos of her, […]
Continue reading → [DISPLAY_ACURAX_ICONS]The International Business Times is reporting that Benjamin Lawsky, New York State’s top bank cop surveyed 40 banks and found that fewer than half regularly inspect the security systems of their outside vendors. Both the Target and Home Depot breaches were caused by compromised third party vendors. Regulators are concerned that light oversight of bank’s […]
Continue reading → [DISPLAY_ACURAX_ICONS]The PCI Council normally releases a new version of the standard which governs merchants that accept credit cards once every three years. Given that version 3.0 came out in January, everybody thought they were safe for a while. Version 3.1 was released today and even though merchants have 14 months to become compliant, there is […]
Continue reading → [DISPLAY_ACURAX_ICONS]Everyone talks about “The Internet Of Things” (IoT), whether it is a web accessible security camera or your internet connected refrigerator that tells you when you are low on milk. Recently, a stalker talked to a nanny while she changed the baby’s diaper. We have also seen home routers with vulnerabilities that allow a hacker […]
Continue reading → [DISPLAY_ACURAX_ICONS]I wrote about an attack on hotel routers a few weeks ago (see post). Today, I heard more details on the attack. ANTlabs InnGate router, used by many hotel chains (see advisory), was configured incorrectly. This configuration error allowed anyone to read or write any file in the router, thereby easily owning that router and […]
Continue reading → [DISPLAY_ACURAX_ICONS]UPDATE: (Note: this is a bit geeky) Again according to Steve Gibson, the way this malware that attacked Github and GreatFire worked is that it modified the local hosts file using vulnerabilities that were fixed but that users had not yet patched and changed the local hosts file. It created entries for connect.facebook.net and google-analytics.com […]
Continue reading → [DISPLAY_ACURAX_ICONS]