Dark Reading has an article on PCI compliance from end of last year: http://www.darkreading.com/risk/compliance/how-pci-dss-30-can-help-stop-data-breaches/a/d-id/1318306 An important paragraph: “In the cases of the largest data breaches, in 2014 a common point of vulnerability was the exploit of remote access methods to implant malware on systems that store, process, or transmit cardholder data. Frequently the point of … Read more
Hacker news story: http://thehackernews.com/2015/01/iDict-icloud-password-hacking-tool.html It looks like the hacker “Pr0x13” has released a password hacking tool at GitHub that allows hackers to break into any iCloud account – thus giving them access to iPhone user account data. Tool is called iDict: https://github.com/Pr0x13/iDict/ GitHub is a repository of software development projects by various programmers around the world. … Read more
I want to focus on a couple of Bruce Schneier posts today. Jan 1 Doxing as an Attack https://www.schneier.com/blog/archives/2015/01/doxing_as_an_at.html As Bruce mentions the old attack Doxing where all your information (personal information like cell phone, ss#, birthday, emails, medical information, etc.) is posted to the Internet to pressure the target for a political or otherwise … Read more
Wall Street Journal has a very good detailed story of what happened during the hack. http://www.wsj.com/articles/behind-the-scenes-at-sony-as-hacking-crisis-unfolded-1419985719?mod=WSJ_hpp_MIDDLENexttoWhatsNewsThird (May have to have a subscription to see the whole article) Besides the improvisation of he employees and management it is obvious to me: 1. There was no Disaster Recovery plan. 2. The erased contents of their servers meant … Read more
Which hospital chain will get hacked? Or should we ask which one will have the foresight to invest in security and prevent the hack? Only a matter of time … With the confluence of mass scanning, criminal hackers, and now monetization of health records: Reuters story: http://www.reuters.com/article/2014/09/24/us-cybersecurity-hospitals-idUSKCN0HJ21I20140924 “Security experts say cyber criminals are increasingly targeting the … Read more
