It was another eventful week in security, with another big revelation in the story of a hack of box retailer Target Inc. That update – which accompanied Target’s fourth quarter earnings guidance – nearly doubled the number of known victims of that attack. It also revealed that credit card data was not the only information stolen by hackers, who also made off with customer names, mailing addresses and emails. In this latest installment of Security Ledger’s Security Week in Review, we spoke with Jody Brazil, the President of the security firm FireMon about the week’s events. Jody is a seasoned security professional who works day-in-day-out with companies that are trying to manage their risk. He said that even large companies like Target can fall victim to sophisticated attacks, but the IT security may be too quick to give up on traditional defensive technologies. Jody and I had an interesting chat about […]
Identity Theft
Target: Hack Exposed Data On 70 Million
Target provided some guidance on its fourth quarter earnings on Friday and, not incidentally, dropped another bombshell in the long-running story about the November data breach that exposed credit card information on some 40 million customers. It turns out that the credit card numbers were just the tip of a much larger iceberg. The box store retailer now claims that its investigation of that incident revealed that data on around 70 million customers was exposed, including e-mail addresses, phone numbers, mailing addresses and more. In a statement, Target said that much of the stolen data was “partial in nature,” but that it will reach out to customers whose e-mail addresses were stolen to warn them about potential fraud, including “phishing” e-mails that purport to come from Target. “I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are […]
Are We Even Trying To Defend The Internet of Things?
Josh Corman has been a frequent mention on this blog. Josh, who is the Director of Security Intelligence at Akamai Technologies, joined me on the first episodes of Talking Code, speaking about application security and The Internet of Things. He talked candidly about the role that platform security played in his thinking about buying a new car. Well, a few months have passed and now Josh has the new car. But now that he has it, he’s thinking more than ever about the security problem as it pertains to the Internet of Things. In this video, from a TEDx event in Naperville, Illinois (right outside Chicago), Josh talks about his evolving theory of security on the Internet of Things. The IoT, he says, is a “tidal wave” of change that will transform our lives – connecting every aspect of life via software. But this growing amalgam of Internet connected stuff […]
Prediction: Rough Road Ahead in 2014 For Security and Internet of Things
With the New Year fast approaching, it’s (unofficially) ‘prediction season,’ when everyone worth their salt stares into the crystal ball and tries to imagine what the world will look like 12 months hence. To sort through our 2014 predictions, we called on Mark Stanislav, the chief Security Evangelist at Duo Security. Mark is a seasoned security researcher who has taken an interest in the security of the Internet of Things. Earlier this year, we wrote about research Mark did on the IZON Camera, an IP-enabled home surveillance camera that is sold by big-box retail stores like Best Buy, as well as by the Apple Store. Beneath the IZON’s polished exterior, the IZON was a mess of sloppy coding and poor security implementation, Stanislav discovered. Like many IoT devices, IZON cameras punted security to those responsible for the wireless network that it was deployed on – essentially trusting any connection from […]
Report: Cards Stolen From Target Used – at Target
The web site that first broke the news that data on millions of credit cards was lifted from box retailer Target now reports that those cards are being used to make fraudulent purchases at brick and mortar stores- including at Target itself. Writing on the website Krebsonsecurity.com, Brian Krebs said that so-called “dumps” of stolen card data are flooding underground “carder” web sites where cyber criminals fence stolen card information. Citing an unnamed source at a New England bank, Krebs said that the bank had, with his help, purchased about 20 cards for its customers that were offered for sale on rescator(dot)la, the carder web site, and confirmed that all the stolen cards had been used at Target. Furthermore, the source confirmed to Krebs that some of the stolen cards had already been used to make fraudulent purchases – including at Target and other big box retailers. Only one […]
