The PCI Council normally releases a new version of the standard which governs merchants that accept credit cards once every three years. Given that version 3.0 came out in January, everybody thought they were safe for a while. Version 3.1 was released today and even though merchants have 14 months to become compliant, there is […]
Continue reading → [DISPLAY_ACURAX_ICONS]Everyone talks about “The Internet Of Things” (IoT), whether it is a web accessible security camera or your internet connected refrigerator that tells you when you are low on milk. Recently, a stalker talked to a nanny while she changed the baby’s diaper. We have also seen home routers with vulnerabilities that allow a hacker […]
Continue reading → [DISPLAY_ACURAX_ICONS]I wrote about an attack on hotel routers a few weeks ago (see post). Today, I heard more details on the attack. ANTlabs InnGate router, used by many hotel chains (see advisory), was configured incorrectly. This configuration error allowed anyone to read or write any file in the router, thereby easily owning that router and […]
Continue reading → [DISPLAY_ACURAX_ICONS]UPDATE: (Note: this is a bit geeky) Again according to Steve Gibson, the way this malware that attacked Github and GreatFire worked is that it modified the local hosts file using vulnerabilities that were fixed but that users had not yet patched and changed the local hosts file. It created entries for connect.facebook.net and google-analytics.com […]
Continue reading → [DISPLAY_ACURAX_ICONS]An upstate NY State woman sued the DEA for creating a fake Facebook profile of her, using pictures of her young son and niece as well as suggestive pictures of her to try and lure drug dealers (see link and picture below). Authorities had taken her phone after she was arrested for her role in […]
Continue reading → [DISPLAY_ACURAX_ICONS]I have written before about Verizon (and AT&T) supercookies (see here and here, among others). Briefly, supercookies are tracking devices that Verizon adds to your web traffic from your phone after the traffic leaves your phone but before it reaches the intended web site. Verizon uses this traffic to figure out what sites you visit […]
Continue reading → [DISPLAY_ACURAX_ICONS]