Thanks Siri… “Smart Lock” Lets the Neighbor In

Posted on September 28, 2016 by Carmelo

Someone decided to automate his house with Philips Hue LED lights bulbs you can turn on with your phone, Ecobee Wi-Fi thermostats and remote temperature sensors for the house. He also bought himself an August Smart Lock: a Bluetooth-enabled lock that recognizes your mobile phone when you approach and unlocks the door.

from Reddit

I made the mistake of adding an August Home Smart Lock to my front door. It’s an Apple HomeKit device so it requires a hub for Siri; either an AppleTV or iPad. I use an iPad Pro in the living room for this purpose. I was showing off my home automation setup to a neighbor a few days ago, he’s cool techy guy like myself. Fast forward to this morning, I’m pulling out of my driveway and he runs up and asks to borrow some flour to fry wings for an office wing party/contest; dope. So I put the car in park and to go back inside and he’s like “I’ll let myself in.” I’m stunned, like what the f*ck. Dude walks up to my front door and shouts, “HEY SIRI, UNLOCK THE FRONT DOOR.” She unlocked the front door.

Apparently though, his iPad was also connected to the Apple HomeKit. The neighbor yelling was able to activate Siri and she complied.

iOS 10.0.2 put’s the Apple HomeKit on everyone’s iPhones.

Breakdown interview from Sophos.

Posted in Security Blog | Tagged , , , , , , , , , , , , , | Comments Off on Thanks Siri… “Smart Lock” Lets the Neighbor In

PCI Community Meeting in Vegas!

Posted on September 25, 2016 by Carmelo

So, I was asked sort of last minute to go to the PCI Conference/Community meeting in Vegas and Jaime was able to join me!

img_9275

img_9277

img_9278

img_9285

img_9292

img_9296
Continue reading

Posted in life | Comments Off on PCI Community Meeting in Vegas!

Mr Robot

Posted on September 24, 2016 by Carmelo

mrrobothackparking

Posted in Security Blog | Tagged , , , | Comments Off on Mr Robot

Cyber Security Themed Playing Cards

Posted on September 24, 2016 by Carmelo

I got these at the PCI Community Meeting #PCICM

I thought they were really cool and wanted to share them.

img_9503-edited img_9508-edited img_9507-edited img_9506-edited img_9504-edited

Posted in Security Blog | Tagged , , | Comments Off on Cyber Security Themed Playing Cards

Got an @yahoo.com Email Address? This is for you!

Posted on September 24, 2016 by Carmelo

Depending on the news source you follow, either 200 million or 500 million Yahoo! accounts have been breached, so….

if you have an @yahoo.com email address, change your password

The accounts were actually stolen about 2 years ago, but it is assumed that it’s a nation state hack and under investigation by the FBI, so hush hush!

The theft may have included names, email addresses, telephone numbers, dates of birth, and in some cases, encrypted or unencrypted security questions and answers.

Half of all users (you included!) that were surveyed or analyzed by Gartner, use the same password across all their accounts, so out of the half billion accounts compromised, I hackers, would try to use that password against other online services to see if they could get in. With 200-500 million accounts, you can bet they are going to run a program that automatically checks many online services (like bank websites) with the list of user names and passwords.

It’s a good idea to have multiple email accounts, especially when you think about what it takes to reset an online password.

emailaccess

Posted in Security Blog | Tagged , , , , , , | Comments Off on Got an @yahoo.com Email Address? This is for you!

PCI SSC 2016 North America Community Meeting: Day 3

Posted on September 23, 2016 by Carmelo

Day 3 photos of the #PCICM

I really enjoy watching (and knowing) about hacks. Most security conferences will include at least one demonstration or talk about hacking and it’s just fantastic. I made the switch in the 90s from IT Operations to Information Security after watching someone get through a firewall and take remote command of a server.

I didn’t take too many pictures today as the question, “Will these presentations be available online after?” was finally answered with a yes!

img_9391

img_9394

img_9403

img_9416

img_9422

img_9429

img_9432

img_9433

Posted in Security Blog | Tagged , , , | Comments Off on PCI SSC 2016 North America Community Meeting: Day 3

PCI SSC 2016 North America Community Meeting: Day 2

Posted on September 22, 2016 by Carmelo

Yesterday was Day 2 of the conference and I had a full agenda. Here are some pictures (mostly of slides…)

img_9363

My buddy Felix was working the Qualys booth!

img_9365

img_9366

img_9367

img_9368

img_9369

img_9370

I love how it has to be clarified that single factor can’t be used more than once within multi-factor.

img_9371

img_9372

img_9373

img_9374

img_9380

Posted in Security Blog | Tagged , , , | Comments Off on PCI SSC 2016 North America Community Meeting: Day 2

Senator Elizabeth Warren vs. CEO John Stumpf

Posted on September 21, 2016 by Carmelo

Senator Elizabeth Warren’s two round of questions for Wells Fargo CEO John Stumpf at the September 20, 2016 Senate Banking Committee hearing entitled: “An Examination of Wells Fargo’s Unauthorized Accounts and the Regulatory Response.”

Wells Fargo employees secretly opened unauthorized accounts to hit sales targets and receive bonuses.

Wells Fargo employees also submitted applications for 565,443 credit card accounts without their customers’ knowledge or consent. Roughly 14,000 of those accounts incurred over $400,000 in fees, including annual fees, interest charges and overdraft-protection fees.

Wells Fargo agreed to pay $185 million in fines, along with $5 million to refund customers.

5,300 firings took place over several years

Posted in Security Blog | Tagged , , | Comments Off on Senator Elizabeth Warren vs. CEO John Stumpf

PCI SSC 2016 North America Community Meeting: Day 1

Posted on September 21, 2016 by Carmelo

The 10th Annual PCI SSC Community Meeting Kicked Off yesterday and I have the privilege of attending.

Here are some pictures of the event from yesterday.

img_9337

Jeremy King, International Director

img_9342

Stephen Orfei, General Manager

img_9343

img_9348

Tracy Kitten, Stephen Orfei, Jeremy King, and Troy Leach

img_9350

Communicating PCI to the Boardroom

img_9353

Selfie with Stephen, nice guy!

e4c90203-27a8-4556-9e89-0f0f769f311a

Existing and Future Threats to Cardholder environments and data

Posted in Security Blog | Tagged , , , | Comments Off on PCI SSC 2016 North America Community Meeting: Day 1

Fire Extinguisher Test Damages ING Banks Data Center

Posted on September 18, 2016 by Carmelo

I’m going to drop a little knowledge first.
The common hard drive uses an arm holding read/write heads over spinning metal platters (like a record player! but smaller and faster with a lot of arms, heads, and platters).

Years ago, hard drives though were physically the same size, didn’t have near the storage capacity and precision as they do today, were tolerant (to an extent) to vibration, today’s hard drives with the terabytes they can hold can only tolerate 1/1,000,000 of an inch in vibration. Any more than that deviation will just stop the read/write heads from doing any reading or writing.

The Story
ING Bank was testing the inert gas within their fire suppression system at their data center and it was so loud (noise = vibration), it vibrated the read/write heads over the spinning metal platters more than 1/1,000,000 of an inch and it took greater than 10 hours to restart every system in their data center.

The bank put out a press release (written in Romanian, but if you use Chrome, you can auto-translate it)

On a side note, this proves screaming at your computer when it’s slow doesn’t make it work better.

stock-photo-attractive-young-bald-business-man-screaming-in-crisis-stress-and-frustration-at-computer-from-188176346

Posted in Security Blog | Tagged , , , , , , | Comments Off on Fire Extinguisher Test Damages ING Banks Data Center