Tag Archives: security

Mikko Hypponen: Three types of online attack – TED

February 22, 2012 by Brent Sordyl 0 Comments

Cybercrime expert Mikko Hypponen talks us through three types of online attack on our privacy and data — and only two are considered crimes. “Do we blindly trust any future government? Because any right we give away, we give away for good.”

As computer access expands, Mikko Hypponen asks: What’s the next killer virus, and will the world be able to cope with it?

(Full Story: Mikko Hypponen: Three types of online attack – TED)

security
,

How hackers gave Subway a $30 million lesson in point-of-sale security

December 23, 2011 by Brent Sordyl 0 Comments

While the scale of this particular ring may be significant, the methods used by the attackers were hardly sophisticated. According to the indictment, the systems attacked were discovered through a targeted port scan of blocks of IP addresses to detect systems with a specific type of remote desktop access software running on them. The software provided a ready-made back door for the hackers to gain entry to the POS systems—which is why remote access software is banned from systems that handle payment cards by the PCI Security Standards Council, which governs credit card and debit card payment systems security.

“With PCI compliance, those apps shouldn’t be on those systems,” said Konrad Fellmann, audit and compliance manager for SecureState, an IT security firm with a practice in retail security auditing, in an interview with Ars. But because small retailers who don’t store credit card data, they’re not required to have the same level of auditing as larger companies, Fellmann said.

(Full Story: How hackers gave Subway a $30 million lesson in point-of-sale security)

security
,

RSA admits SecurID tokens are compromised

June 7, 2011 by Brent Sordyl 0 Comments

RSA has finally admitted publicly that the March breach into its systems has resulted in the compromise of their SecurID two-factor authentication tokens.

(Full Story: RSA admits SecurID tokens are compromised)

security
,

google-authenticator – Google Project for Two-step verification

March 22, 2011 by Brent Sordyl 0 Comments

The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms, as well as a pluggable authentication module (PAM). One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH) (which is unrelated to OAuth).
These implementations support the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm currently in draft.

(Full Story: google-authenticator – Google Project for Two-step verification)

authentication, google, security
, ,

Follow

Get every new post delivered to your Inbox.