Tag: banking

Retail Breach - Who is Next?

Update: Retail Breaches Spread. Point of Sale Malware A Suspect.

Reuters is reporting on Monday that the recently disclosed hack of box store retailer Target Inc. was just one of a series of attacks against U.S. retailers, including Target, the luxury department store Neiman Marcus and other, as-yet-unnamed companies.* The story adds to other, recent revelations, including the breach at Neiman Marcus, which was first disclosed by the security blog Krebsonsecurity.com on Friday. Also on Monday, Target CEO Gregg Steinhafel confirmed that his company was the victim of malicious software installed on point of sale (PoS) systems at the store. According to the Reuters report, Target Corp and Neiman Marcus are just two retailers whose networks were breached over the holiday shopping season. The story cites unnamed sources “familiar with attacks,” which have yet to be publicly disclosed. Breaches of “at least three other well-known U.S. retailers took place and were conducted using similar techniques as the one on Target,” according […]

Continue Reading

BitCoin’s Popularity Is Undermining Promises of Anonymity

The virtual currency Bitcoin has soared in value against the U.S. dollar in recent months, topping out a staggering $913 USD to 1 Bitcoin (or BTC) as of late Tuesday. The currency had many ups and downs since it was launched in January 2009. But its main attraction, all along, has been anonymity. Unlike any other online payment system, Bitcoin transactions – like cash transactions – cannot be traced back to specific individuals. Also like cash, they cannot be reversed. Both those factors give Bitcoin users the confidence that their online purchasing activity – whether computer hardware or contraband will remain private. But a group of researchers at two U.S. universities have released a paper that suggests reports of Bitcoin’s anonymity may (to paraphrase Twain) “be greatly exaggerated.” Specifically: the researchers found that, by culling a variety of open source data using public data from the Bitcoin Peer to Peer network and from […]

Continue Reading

Hack Uses Phone’s Camera and Mic To Best Anti-Keylogger

Smart phones these days are bristling with sensors. Forget about the camera and microphone – there are accelerometers, Global Positioning System components, not to mention Bluetooth and NFC transmitters. All those remote sensors enable all kinds of cool features – from finding the nearest Starbucks to mobile payments. But they also pose a risk to the privacy of the phone’s owner – as malicious actors (and the occasional national government) look for ways to turn cameras and other sensors into powerful, cheap and convenient spying tools. Now researchers at The University of Cambridge have demonstrated one possible, new attack type: harnessing the built-in video camera and microphone on Android devices to spy on an owner’s movements and guess his or her password. The technique could be a way for cyber criminals to defeat anti-keylogging technology like secure “soft” keyboards used to enter banking PINs and other sensitive information. The work […]

Continue Reading

BitSight: A Equifax For Security Risk?

I’ve opined in these pages and elsewhere that one of the big problems in the IT security space is the absence of actionable data. After all, problems like denial of service attacks, network compromises and inadvertent data leaks are all just risks that organizations and individuals must grapple with in our increasingly wired world. True – they’re new kinds of risks, but otherwise they’re not fundamentally different from problems like auto accidents, property crime or illness – things  that we do a good job accounting for. The difference, as I see it, is an absence of accepted and independent means of assessing the relative security posture of any organization. IT security is still so much dark magic: we rely on organizations to tell us about how secure they are. Organizations, in turn, rely on a complex and patchy network of security monitoring and detection tools, then try to read the […]

Continue Reading

Why The Mailpile Misstep Is No Joke To PayPal

 PayPal and Mailpile, the scrappy secure mail startup ended the week on a high note: hugging it out (via Twitter) after the online payments behemoth froze more than $40,000 in payments to the crowd-funded startup then donated $1,000 to the project, to boot. But making it right with the tiny secure email firm is just the beginning of the story at PayPal, which is making the whole mix-up as something of an object lesson in how it needs to change to address a fluid and fast-moving online payments market. First, some background: Mailpile, of Reykjavík, Iceland, has raised more than $145,000 in a month-long campaign on the crowd funding web site Indiegogo.com to build a “fast, web-mail client with user-friendly encryption and privacy features.” Beginning on Saturday, PayPal froze more than $40,000 of those donations, suspecting fraud. The company’s spokespeople told company executive Brennan Novak that it wanted to see […]

Continue Reading
1 6 7 8 9 10 11