Pat and Courtney Announce

Of course we knew back in December, but we weren’t allowed to say anything until Pat and Courtney were ready. We did a real good job keeping it under wraps. Here is Pat and Courtney’s Christmas present to the family and how they made it a surprise.

Pat and Courtney Announce from Carmelo Walsh on Vimeo.

1795625_10152045939927669_1754582188_n
The baby is already waving and smiling! lol
(Update 4/1/2014, this is the face of Beau)

Posted in life | Comments Off on Pat and Courtney Announce

Targeting Compliance

KbAg0dV

As many of you may have heard, Target has had their customer databases compromised. From several sources, such as Krebs on Security and Information Week. The blame falls on Target relying on an external company who remotely manages the HVAC (Heating, Ventilation, Air Conditioning) for the stores. Most HVAC systems now are appliances, appliances with IP Addresses that allow for monitoring and management. But the blame is not only the HVAC company’s. We’ll get to that part.

Per Payment Card Industry Data Security Standards (PCI-DSS) regulations, Target is liable for any of its third-party contractors’ security shortcomings. Notably, PCI requires that merchants “incorporate two-factor authentication for remote access (network-level access originating from outside the network) to the network by employees, administrators, and third parties.”

The result of the breach:

  • Customer loyalty was damaged and sales dropped, during the busiest and most profitable time of the year
  • Banks had to re-issue cards, Target had to pay banks for re-issued bank cards
  • Credit monitoring for all affected customers had to be purchased
  • Failure of compliance fines had to be paid

All which total $420 million, give or take.
What else?

  • Eight stores had to be closed down due to the losses, leaving hundreds of employees without a job.
  • The supply chain, such as delivery companies, security guards, insurers of locations, all take a hit to the finances as well.

What blame does Target have? They did not provide a two-factor authentication system for their contractors. They only reached compliance, but in many people’s opinion, did not do their due diligence and segregate their network for security. How is it they set up permissions for an external contractor to even have the ability to access payment systems. It is not a mandate within PCI to not intermingle PCI-zones and non-PCI-zones. (But it is highly recommended and from a security stance, a must!). Probably, the most important question. Was the CISO empowered to have made the right decisions or did the CIO/CFO/CEO squash them because it would cost too much to not just make things compliant but to make them secure? Was due diligence and due care sought?

Some companies do just barely enough to reach compliance. Some exceed.

I’d imagine that many companies are doing a lessons learned breakdown of what happened and how they can protect themselves and their customers from this type of cybercrime.

Posted in Security Blog | Tagged , , , , , , | Comments Off on Targeting Compliance

Mikko Hypponen: How NSA Ruined Our Trust

Airgap, blackpearl, cineplex, xkeyscore, prism, creek, crossbones, cultweave, cybertrans, dishfire, doublearrow, dragonfly, wealthycluster, hightide, skywriter, jollyroger, kingfish, liquidfire, messiah, nightsurf, normalrun, mailorder, pinwale, taperlay, tarotcard, twistedpath, yellowstone.

If you have nothing to hide, can you be trusted with secrets? How can you keep confidential information confidential if you are open to complete availability.

Ms. Dilma Roussef has been quoted with saying “If there is no right to privacy, there can be no true freedom of expression and opinion, and therefore no effective democracy”

Posted in Security Blog | Tagged , , , , , , | Comments Off on Mikko Hypponen: How NSA Ruined Our Trust

Hackers Target HVAC to Target Target

yotarget

Here is a link to Krebs On Security in regards to how Target hackers broke in via an HVAC Company.

I would be weary about phishing sites that contact you to sign up for credit monitoring, they could be… A TRAP!

Posted in Security Blog | Tagged , , , | Comments Off on Hackers Target HVAC to Target Target

Don Frieson: Forgotten Password Comedy

Some good clean comedy about passwords and websites with comedian Don Frieson.

Posted in Security Blog | Tagged , , , , , | Comments Off on Don Frieson: Forgotten Password Comedy

Hack an Electronic Safe with a Potato

No seriously!
Not in English. But you will get it.

Posted in Security Blog | Tagged , , , , | Comments Off on Hack an Electronic Safe with a Potato

Arizona Renaissance Festival 2014

Ahh, the magical Renaissance Festival in Arizona. Such beauty and magic.

OK, I know that it is always a hoot to see what people will wear in the hot weather for attention, and how so many people are not period specific. But really? Who cares? It’s fun! The food is good. There are plenty of shops that represent local artists and we usually buy somethings for our patio and boat. Plus it’s fun to socialize with people in ‘old period’ dialog.

I bought a glorious top hat, Damien got a jester hat, Jaime bought sweet smelling Jasmine oils, and Pat bought a blunderaxe and holster.

One day I will have a ren fest costume, period appropriate :)

 

20140208_105317

20140208_130356

Posted in Event | Tagged , , , , , | Comments Off on Arizona Renaissance Festival 2014

More James Lyne, Discussing Cybercrime

James Lyne is just brilliant.

Posted in Security Blog | Tagged , , , | Comments Off on More James Lyne, Discussing Cybercrime

Cryptography Video Speaker James Lyne


The speaker is James Lyne

Posted in Security Blog | Tagged , , , , , | Comments Off on Cryptography Video Speaker James Lyne

The Value of a Hacked PC

Just to enlighten you what the value of a hacked PC is to a bad guy.

HackedPC2012

From a Krebs security article

Posted in Security Blog | Tagged , , , | Comments Off on The Value of a Hacked PC