I really enjoy watching (and knowing) about hacks. Most security conferences will include at least one demonstration or talk about hacking and it’s just fantastic. I made the switch in the 90s from IT Operations to Information Security after watching someone get through a firewall and take remote command of a server.
I didn’t take too many pictures today as the question, “Will these presentations be available online after?” was finally answered with a yes!
Senator Elizabeth Warren’s two round of questions for Wells Fargo CEO John Stumpf at the September 20, 2016 Senate Banking Committee hearing entitled: “An Examination of Wells Fargo’s Unauthorized Accounts and the Regulatory Response.”
Wells Fargo employees secretly opened unauthorized accounts to hit sales targets and receive bonuses.
Wells Fargo employees also submitted applications for 565,443 credit card accounts without their customers’ knowledge or consent. Roughly 14,000 of those accounts incurred over $400,000 in fees, including annual fees, interest charges and overdraft-protection fees.
Wells Fargo agreed to pay $185 million in fines, along with $5 million to refund customers.
I’m going to drop a little knowledge first.
The common hard drive uses an arm holding read/write heads over spinning metal platters (like a record player! but smaller and faster with a lot of arms, heads, and platters).
Years ago, hard drives though were physically the same size, didn’t have near the storage capacity and precision as they do today, were tolerant (to an extent) to vibration, today’s hard drives with the terabytes they can hold can only tolerate 1/1,000,000 of an inch in vibration. Any more than that deviation will just stop the read/write heads from doing any reading or writing.
The Story ING Bank was testing the inert gas within their fire suppression system at their data center and it was so loud (noise = vibration), it vibrated the read/write heads over the spinning metal platters more than 1/1,000,000 of an inch and it took greater than 10 hours to restart every system in their data center.
The bank put out a press release (written in Romanian, but if you use Chrome, you can auto-translate it)
On a side note, this proves screaming at your computer when it’s slow doesn’t make it work better.
A pet peeve of mine is when Information Security is interchanged with IT (Information Technology) Security. Over the many years working this profession, I’ve heard people, clearly working in the Information Security realm, state they work in IT Security (though their job/role dictates otherwise).
People working for a CISO (Chief Information Security Officer and not a Chief Information Technology Security Officer) cannot always tell the difference.
It is accurate to say that IT security is a component of Information Security. Sometimes a CISO is tasked with giving clarity to an IT Organization regarding their role to reduce “not my job” syndrome. Hopefully this graphic helps.
Some of the technical areas are usually absorbed into IT Operations, for example Hardware Hardening. Governance will establish that hardware must be hardened, IT Operations, will follow suit and harden as they build.
Incident response should come from everybody being vigilant and reporting what they see. The police don’t just respond to what they see themselves, but they respond to what is reported by the public.
Per the FAA site, the Federal Aviation Administration has asked the public not to turn on or charge the Samsung Note 7 on board aircraft and not to stow them in any checked baggage.
If you haven’t heard, there has been a massive recall on Samsung Note 7s as they were exploding on the charger. The phone retails for near $1,000 USD and the recall/exchange program is pulling back 2.5 million of them.
The issue appears to be in the construction of the battery used inside the phablet. Any damage to the internal mechanics of the cell or imperfections in the electrolyte can raise the risk of a short-circuit.