EMV(Europay, MasterCard, Visa) is the standard with the pin and chip technology which the US has finally moved to on October 1st of this year. Since EMV history and about https://www.emvco.com/about_emv.aspx So it is good that we have gotten up to speed from our days of just mag stripe and pin number. But since the standard has … Read more
https://technet.microsoft.com/en-us/library/security/ms15-oct.aspx Has several patches including MS15-106 ” One memory corruption vulnerability (CVE-2015-6056) has been publicly disclosed.” from the following link: https://msisac.cisecurity.org/advisories/2015/2015-121.cfm As far as Microsoft patches go – the ones that patch remote code execution in the vulnerability impact column. And 4 of the 6 have remote code execution. As a systems person I … Read more
A breach has many looks… THE fundamental problem is highlighted in this article: http://www.infosecurity-magazine.com/news/15mn-affected-medical-information/ Besides the obvious headline grabber “1.5mil records stolen by hackers.” I am going to compile a few sentences from the article and then discuss: {He added, “Every healthcare firm, large and small, that stores patient data is at risk of a … Read more
All it takes is one patch is missed, One computer not taken care of. Computers must be patched so that Zero-day exploits have minimal affects. We discussed this on July 20th http://oversitesentry.com/why-security-news-scrutinized-to-nth-degree/ Let’s review: After a vulnerability is introduced, an exploit hits the “wild” and then the clock starts ticking, the attackers(criminal hackers) and defenders(software … Read more
Richard Bejtlich has a new post (as of May 10) http://taosecurity.blogspot.com/ He set out a few excerpts of a 1978 book “Computer Capers” by Thomas Whiteside. To me the most interesting excerpt(2nd): “The difficulties of catching up with the people who have committed computer crimes is compounded by the reluctance of corporations to talk about the … Read more
