Consumer Archives

Consumer

Welcoming A New Sponsor: Duo Security

January 6, 2014 Paul Roberts

Those of you who pay close attention to The Security Ledger may have noticed some new artwork gracing our home page in recent days. It is with great pleasure that I note the addition of our newest sponsor: Duo Security Inc., a maker of two-factor authentication technology. I followed Duo from its earliest days, but my interactions with the company picked up after last year’s RSA Conference in San Francisco, when I had the chance to get briefed by CEO Dug Song about the company’s technology and how Duo was leveraging consumer-driven trends like BYOD (bring your own device) to solve vexing enterprise identity and authentication problems. Duo, which is based in Ann Arbor, Michigan, sells a hosted two-factor authentication service that leverages the cloud and mobile devices to provide a secure login experience using something you know (a password) and something you hold (a mobile phone). The Duo platform […]

US CERT Warns About Point-of-Sale Malware

January 3, 2014 Paul Roberts

With news of the breach of big-box retailer Target Inc. still in the headlines, the U.S. Computer Emergency Readiness Team (CERT) issued a warning about the danger posed by malicious software targeting Point of Sale (POS) systems. CERT issued an advisory (TA14-002A) on Thursday asking POS owners to take steps to secure the devices, and telling consumers to beware. The warning comes after a string of reports that suggest that malware attacking point of sale systems is on the rise. In December, researchers from Arbor Networks said they had detected an “active PoS compromise campaign” to steal credit and debit card data that used the Dexter and Project Hook malware. Dexter is a Windows-based program that was first discovered in December, 2012 by Seculert, an Israeli security firm. It is still not known whether malware played a part in the huge theft of credit card data from Target Inc. That […]

AT&T: Security A Top Issue For M2M In 2014

December 29, 2013 Paul Roberts

There’s an interesting 2014 predictions blog post by AT&T’s Mobeen Khan that offers some thoughts on where the market for Machine-to-Machine (or M2M) technology is going in the next 12 months. According to Khan, an Executive Director of Marketing at AT&T Business, the M2M space is poised to take off in the next twelve months, as consumer demand for “smart” devices grows in both developed and developing markets, and as the M2M application stack matures, attracting the interest of developers. With M2M technology maturing, and the “Internet of Things” exiting its “gee whiz” phase, firms selling the technology no longer need to worry as much about justifying the return on investment for M2M and IoT technology. As that happens, however, security will become the most pressing issue in the M2M space, Khan believes. “To date, companies deploying M2M solutions have looked to ROI as the #1 need. As the need/ROI of […]

Prediction: Rough Road Ahead in 2014 For Security and Internet of Things

December 26, 2013 Paul Roberts

With the New Year fast approaching, it’s (unofficially) ‘prediction season,’ when everyone worth their salt stares into the crystal ball and tries to imagine what the world will look like 12 months hence. To sort through our 2014 predictions, we called on Mark Stanislav, the chief Security Evangelist at Duo Security. Mark is a seasoned security researcher who has taken an interest in the security of the Internet of Things. Earlier this year, we wrote about research Mark did on the IZON Camera, an IP-enabled home surveillance camera that is sold by big-box retail stores like Best Buy, as well as by the Apple Store. Beneath the IZON’s polished exterior, the IZON was a mess of sloppy coding and poor security implementation, Stanislav discovered. Like many IoT devices, IZON cameras punted security to those responsible for the wireless network that it was deployed on – essentially trusting any connection from […]

Report: Cards Stolen From Target Used – at Target

December 20, 2013 Paul Roberts

The web site that first broke the news that data on millions of credit cards was lifted from box retailer Target now reports that those cards are being used to make fraudulent purchases at brick and mortar stores- including at Target itself. Writing on the website Krebsonsecurity.com, Brian Krebs said that so-called “dumps” of stolen card data are flooding underground “carder” web sites where cyber criminals fence stolen card information. Citing an unnamed source at a New England bank, Krebs said that the bank had, with his help, purchased about 20 cards for its customers that were offered for sale on rescator(dot)la, the carder web site, and confirmed that all the stolen cards had been used at Target. Furthermore, the source confirmed to Krebs that some of the stolen cards had already been used to make fraudulent purchases – including at Target and other big box retailers. Only one […]