Archive for the 'Security' Category

As the global conflict for resources heats up, the Internet is just another battleground. Last weekend I watched a terrific documentary about the bottled water industry called “Tapped.” The second half of the movie is an intensive look at the plastic bottle manufacturing industry, and the enormous damage that these petroleum-based products cause to our […]

Read Full Post »

“Mike,” the owner of a midsized web-hosting company, talks about the effects of the Payment Card Industry Data Security Standard (PCI/DSS) on web hosting companies and small online merchants who are his customers. s: If PCI/DSS were enforced today, what would happen? m: Well, all the small businesses would lie. Right? If you’re a small […]

Read Full Post »

Recently, a friend of mine received a letter from Bank of America informing her that “some credit card information on your Bank of America account may have been compromised at an undisclosed third-party location.” The letter went on to state that BofA had reviewed her account and saw “no evidence that your account has been […]

Read Full Post »

If your medical data, credit card number, Social Security number, personal email, or other information were stolen, would you even know about it? After ten years handling incident response and forensics, I’ve been repeatedly shocked at the number of times that organizations sweep data breaches under the rug. When upper management is notified of a […]

Read Full Post »

Recently I saw an ad which read: “Over 60% of the U.S. state governments have gone Google.” Does this mean that we’ve now handed the majority of our state governments’ operational data to a single privately-controlled company which has well-publicized partnerships with other governments such as China? To find out more, I contacted Google’s press […]

Read Full Post »

‘”Until the first blow fell, no one was convinced that Penn Station really would be demolished, or that New York would permit this monumental act of vandalism against one of the largest and finest landmarks of its age of Roman elegance.” (New York TImes) ‘”Its destruction left a deep and lasting wound in the architectural […]

Read Full Post »

Hackers and the Power Grid

I really loved Robert Graham’s article about the Brazilian power outages. He writes: “Most rumors of hacker infiltrations are false. If you investigate computers in any large organization hard enough, you’ll find malware. This doesn’t mean hackers have broken in, because most viruses are not under control of the hacker who launched them. Also, things […]

Read Full Post »

Here’s where you can download my “scary” DEFCON presentation: Reverse of the United States Great SealNovus Ordo Seclorum“A New Order of the Ages” “Death of Anonymous Travel”DEFCON 2009 – PDF MD5sum: c772681c37c9ad5d210c19c12eb43095 Thanks to everyone who sent in comments, suggestions, and encouragement. (Special thanks to the EFF lawyers for reviewing this beforehand– you guys rock!) […]

Read Full Post »

TSA in Japan

TSA works to create “international harmonization of security” (I did not make that up). Snapped this photo last week in Japan’s Kansai International Airport.

Read Full Post »

Kindle Spying

Josh Wright recently purchased a new Kindle. Surprisingly, when he downloaded one of his books onto the new Kindle, it offered to open it to the page where he had left off on his old Kindle. In other words, Amazon tracked not just the books he was reading, but specifically which sections of the book […]

Read Full Post »

Chase Identity Theft FAIL

This week I discovered that someone had opened up a new Chase card in my name. Scouring the Chase site for the appropriate number to report fraud, I stumbled onto their “Identity Protection” page and received this rather ironic pop-up.  (Click to enlarge) Sherri Davidoff PGP-signed text: 2009-07-02 (current)

Read Full Post »

Credit Cards == ID

Saw this sign in the Baltimore airport last week: “Self-Service Check-In: You Will Need a Major Credit Card” and then in small print: “For Identification Only” Yes, apparently American Airlines will only give boarding passes to individuals who have been thoroughly vetted according to the strict standards of American Express, Mastercard, or VISA (and perhaps […]

Read Full Post »

The illustrious John Strand has an update for us regarding Verizon’s demo EVDO system security. This summer John is launching his new SANS class, Security Architecture for Systems Administrators. Shortly after we posted the article about the openness of the Verizon EVDO demonstration terminals, we were contacted by Verizon. After discussing the issue at length […]

Read Full Post »

Verizon Stores Pre-p0wned

John Strand is the author of this week’s article. John is the owner of Black Hills Information Security and a member of PaulDotCom Security Weekly. He is also a SANS Instructor and a regular presenter at various security conferences. Last week I was plucking around at my local Verizon Wireless store looking for a power […]

Read Full Post »

Walking into the doctor’s office, I was surprised to see a new sign in front of the receptionist, which read: “Red Flag Identity Theft Rule We are now required by law to ask for a Photo ID at the time of each visit. Please have your Photo ID ready for the receptionist to scan.” As […]

Read Full Post »

On May 15, the first phase of TSA’s Secure Flight program took effect after years of development. By the end of the year, when you book a flight, the airline will send your name (as specified on your government-issued ID), birthdate, gender, and itinerary to TSA’s centralized Secure Flight system, where you will be checked […]

Read Full Post »

Today I got a charming letter in the mail from Citibank informing me that: “A paper trail is an identity thief’s best friend. Sign up for paperless statements and you can rest easy knowing all your account information is locked away safely online.” Ahahahahaha!…ha… ha… When’s the last time you heard about millions of credit […]

Read Full Post »

If You See Something…

Sherri Davidoff PGP-signed text: 2009-04-26 (current) Last week, the evening before speaking at the RSA Conference in San Francisco, we saw a large black suitcase sitting by the main entrance of the Courtyard Marriott. It appeared to have been left behind by an unfortunate traveler. We walked up to the front desk to let the […]

Read Full Post »

Squid Forensics

Cephalopod autopsies? Nope, today’s article is about conducting forensics on a Squid web proxy/cache. Just as complicated, but less smelly. Chances are pretty good that you’re reading this page through a web proxy right now, especially if you’re in an enterprise environment. Web proxying and caching have become increasingly popular, for both filtering traffic and […]

Read Full Post »

I love the Minneapolis airport. For an information security geek, it never fails to provide some interesting gem. Wandering through the airport this week I ran across a Delta “Helpline” kiosk (formerly Northwest’s Rebook Service Center). Every time I walk through the airport I see these gray kiosks closed up and pushed aside in some […]

Read Full Post »

Next »