The reason PCI (Payment Card Industry) has set up the organization is to officially create a place for all users of the system to look up how to secure their systems and networks. In the “real world” you call the credit card processor, such as First Data, which then has a method of contacting VISA, Mastercard, … Read more
Hacker news story: http://thehackernews.com/2015/01/iDict-icloud-password-hacking-tool.html It looks like the hacker “Pr0x13” has released a password hacking tool at GitHub that allows hackers to break into any iCloud account – thus giving them access to iPhone user account data. Tool is called iDict: https://github.com/Pr0x13/iDict/ GitHub is a repository of software development projects by various programmers around the world. … Read more
I want to focus on a couple of Bruce Schneier posts today. Jan 1 Doxing as an Attack https://www.schneier.com/blog/archives/2015/01/doxing_as_an_at.html As Bruce mentions the old attack Doxing where all your information (personal information like cell phone, ss#, birthday, emails, medical information, etc.) is posted to the Internet to pressure the target for a political or otherwise … Read more
How can hackers steal data without anyone knowing? It has been shown that it takes months before a breach is found, let’s assume one of your users clicked on a phishing email. With the email malware was installed on the persons computer, unbeknown to the user this malware has now opened a process named “notepad” ( … Read more
Wall Street Journal has a very good detailed story of what happened during the hack. http://www.wsj.com/articles/behind-the-scenes-at-sony-as-hacking-crisis-unfolded-1419985719?mod=WSJ_hpp_MIDDLENexttoWhatsNewsThird (May have to have a subscription to see the whole article) Besides the improvisation of he employees and management it is obvious to me: 1. There was no Disaster Recovery plan. 2. The erased contents of their servers meant … Read more
