Security Coin
 
Showing 1-10 of 12 records
 
Expand article

Insecurities in Privacy Protection Software

The Article has images
2008-09-24 14:13:00 by Random InfoSec Guy in Security Coin
...information, ironically, by the very software that claims to protect it in the first place! These security companies seem to be riding on a new wave of PII protection - and the vendors are scurrying to come up with their own versions of a solution, forgetting all about secure software development practices. The importance of writing secure...
 
Tags: company confidential information, information, protection, software, company, vendors, security vendors, secure software, sensitive information
 
 
 
 
Expand article

Is an incorrectly implemented security program better than a non-existent one ?

The Article has images
2008-09-03 16:02:00 by Random InfoSec Guy in Security Coin
...security controls in place - and is in desperate need of getting a security program impemented. They hire a new CISO to make sure their physical and logical controls are in place, network and applications are secured appropriately and their incident management and forensics capabilities are upto date. At this point the CISO clearly knows that...
 
Tags: security, security program, program, security controls, change, leaders change, programs, security programs, roles change
 
 
 
 
Expand article

Random stuff on my to do list

2008-07-31 16:46:00 by Random InfoSec Guy in Security Coin
 
...security companies are still making good moolah by capturing 'crown jewels' by exploiting this - However, I'm not sure that SQL injection testing for non web based applications/scenarios has caught on. Are they even worth trying ? For example: I'd really like to test the logic for the following (for starters) at some point in life 1. Cell...
 
Tags: credit cards, cards, hotel access cards, sql inject, debit cards, sql injection, cell phones, test, backend
 
 
 
 
Expand article

.. and now - PIN stealing..

2008-06-19 10:38:00 by Random InfoSec Guy in Security Coin
 
...security controls like requiring dual control and split knowledge for key components, strict physical security requirements and Tamper Resistant Security Modules help in securing the keys. Assuming one cannot gain access to the encryption keys, this leaves only two scenarios for an attacker to gain access to the unencrypted PINs 1. Before the...
 
Tags: pin, pin reaches, pin offsets, fake pin pads, atm location, atm, bank pins, atm crime spree, access
 
 
 
 
Expand article

Secure Email from Voltage

The Article has images
2008-04-01 17:39:00 by Random InfoSec Guy in Security Coin
Voltage offers one of the many alternatives present in the industry for secure encrypted email communication. It is supposed to have incorporated strong anti-phishing technology within it. Could very well be, but there is a huge problem with the whole concept. You see, the way it is supposed to work is 1. I type an email - and then choose to...
 
Tags: email, voltage, email-address, email communication, voltage offers, html attachment, attachment, click, secure
 
 
 
 
Expand article

ID Theft Incidents

The Article has images
2008-03-29 21:29:00 by Random InfoSec Guy in Security Coin
Chris Hoofnagle published a report that attempts to measure ID thefts at major financial institutions. It is no surprise that BoA is the leader of the pack here, but that is mainly due to the fact that it is also the largest institution in the list. To address that, he created another list - this time with number of incidents per billion in...
 
Tags: major financial institutions, chris hoofnagle, list, incidents, thefts, leader, story, time, surprise
 
 
 
 
Expand article

Can I get your Username and Password ?

2008-03-24 17:25:00 by Random InfoSec Guy in Security Coin
 
...security flag on your account. Could you please give us your username and password to reset the flag Wow!" I almost yelled in excitement " A real live telephone scammer!" I quickly noted the possibly-fake telephone number (yeah - Nitesh alerted me about spoofcard.com a long time ago!) and attempted to get a number where I could call him...
 
Tags: security, security flags, major benefits provider, security flag, benefits, call, flag, quickly, quickly noted
 
 
 
 
Expand article

Hannaford Supermarkets

The Article has images
2008-03-22 12:27:00 by Random InfoSec Guy in Security Coin
...information, such as names or addresses, was accessed. Hannaford doesnt collect, know or keep any personally identifiable customer information from transactions We sincerely regret this intrusion into our systems, which we believe, are among the strongest in the industry. The stolen data was limited to credit and debit card numbers and...
 
Tags: card, debit card, pci, track data, pci dss, data, hannaford supermarkets, hannaford, pci compliant
 
 
 
 
Expand article

PCI Co and ASVs

2008-03-21 23:53:00 by Random InfoSec Guy in Security Coin
 
...information. Our customers are allowed to make the decision where to put their resources. I personally want them to put their resources where they're needed most, in things that can affect the confidentiality, the integrity, or the availability of that system that we're certifying. Cross-site scripting can be used to do a variety of things,...
 
Tags: xss, xss flaws, xss vulnerabilities, pci, site, cross-site, pci ssc, site-specific, xss attacks
 
 
 
 
Expand article

The Case For Information Security

The Article has images
2008-03-21 14:08:00 by Random InfoSec Guy in Security Coin
...information is something 'they' have already accounted for ? Thats brutal. A weak glimmer of hope could be PCI. PCI SSC has been making an effort to fix this scenario - and we could begin to see changes. But these standards are currently so vague and can be interpreted in so many different ways - it is pathetic. Unless there are strict...
 
Tags: attack, mdac attack, sql injection attack, card, card data, sql injection, million card, loss, pci