Information Security & Occasional Forays Into Adjacent Realms
Online Thievery, that is. With two rival gangs running card skimming operations on a Brazilian sportswear manufacturer, the stakes for finishing first are high, and the downside is borne by the consumer...
Brian Krebs as is his signum modus operandi, elucidates detective functionalities when those methods are brought to bear on fraudulent (in this case cloned) Debit and Credit Cards. Absolutely tremendous reportage, and today's MustRead.
Well-now... a tightly-coordinated and well-crafted primer targeting Bitcoin and Ethereum, two ponderously heavier-than-air subjects, weighed down by lucre of-a-sort, and the need for encrypted fungibility. Enjoy.
John Leyden, writing at El Reg, tells the tale of the latest ATM SNAFU. All based on CVE-2017-6968... Astonishing, indeed.
"To exploit the vulnerability, a criminal would need to pose as the control server, which is possible via ARP spoofing, or by simply connecting the ATM to a criminal-controlled network connection," said Georgy Zaytsev, a researcher with Positive Technologies. "During the process of generating the public key for traffic encryption, the rogue server can cause a buffer overflow on the ATM due to failure on the client side to limit the length of response parameters and send a command for remote code execution." - via John Leyden, at El Reg
Fascinating screed via Phil Windley writing at his site - Technometria on decentralization and governance - this time dealing with ledgers, blockchain and otherwise.
Suprised by the largest heist in history? Concerned about Carbanak APT? Clearly, proof-positive that advanced persistent threats are deeply evil - and highly efficient when coupled with other complimentary and stealth-like methodologies (aka Hiding in Plain Sight). Read on...
via VentureBeat's Evan Schuman, comes the sorry tale of enterprise security failures, and importantly, the continued failures of both security implementation and deployment in the recently high profile retail security snafus of last year [eg. Target's gargantuan credit and debit card breach] Astonishing...
Marc Rogers' take on the SONY [NYSE: SNE] incursions, with a step-by-step rebuttal of the ostensible involvement of the Government of North Korea. Mr. Roger's argument - bolstered by the opinions of other, highly respected security professionals - is hardly surprising, yet satisfying in it's diametric view of the Federal Bureau of Investigation's examination of the matter...
via Michael Riley, writing at Bloomberg Businessweek, comes the sordid tale, with film-noir-like building-blocks, of miscreant Russian nationals targeting the NASDAQ stock exchange, the kicker? They succeeded...
Via the inimitable Brian Krebs, of Krebs on Security, comes reports of insert, thin and mini card skimmers, and the perils of automated banking and commerce for consumers worldwide. The astonishing component to this litany of miscreant evil-doers is the apparent inability of hardware manufacturers' to detect, notify and terminate these devices at will [or, at the very least, reject all cards on the machine when nefarious activities are suspected].
