PBS Presents: The Secret Lives of Hackers


Found here

Posted in Security Blog | Tagged , , | Comments Off on PBS Presents: The Secret Lives of Hackers

Sears:Kmart Breach

kmart-sears-logo

Today Kmart stores were hit with a data breach that compromised some shoppers’ debit and credit card information but no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by those criminally responsible.

Sears said that the attackers used malicious software that was undetectable to anti-virus software.

Posted in Security Blog | Tagged , , , , , , , | Comments Off on Sears:Kmart Breach

2 Factors of Authentication

two-factor-method-feature1

A little hassle with logging into a system is tremendously worth the amount of security, if that system has information worth securing. I’ve enabled two-factor authentication for services I use. Some services call it two-step authentication, which is a sub-category of two-factor.

For the last few months, with two-factor enabled, it hasn’t really bothered me at all. Except for those times I’m sitting on the couch and my phone is on the charger, just a few feet out of reach. Like trying to reach the remote when you’re lying on the couch and infomercials are on. You start to question if you really need to change the channel and can you just remain comfortable and try to believe in the product that is missing from your life.

  • Single-factor authentication: examples are PIN or password.
  • Two-factor authentication: Single-factor plus a software or hardware-generated token code, or a card that is magnetic or smart.
  • Two-step authentication: Single-factor plus a code sent to the user out-of-band.

Here are some services that offer two-step.

Go enable them and feel a little more confident in the security of some services you use!

Posted in Security Blog | Tagged , , | Comments Off on 2 Factors of Authentication

International Dairy Queen & Orange Julius Breach

contact-bizzard-burger-oj

According to the Dairy Queen website, they discovered evidence that the systems of some DQ locations and one Orange Julius location were infected with the widely-reported Backoff malware that is targeting retailers across the country.

The ice cream and fast food chain says 395 of its stores around the country were affected. The data breach happened between August and September.

According to their website:
You are entitled under U.S. law to one free credit report annually from each of the three nationwide consumer reporting agencies. We encourage you to remain vigilant by reviewing your account statements and monitoring your free credit reports. If you believe your payment card may have been affected, contact your bank or payment card issuer immediately.

See previous DQ post

Posted in Security Blog | Tagged , , , , , , | Comments Off on International Dairy Queen & Orange Julius Breach

FEMA Federal Emergency Management Agency on #NCSAM

Posted in Security Blog | Tagged , , , , , | Comments Off on FEMA Federal Emergency Management Agency on #NCSAM

Chris Pirillo on National Cyber Security Awareness Month #NCSAM


This video is from 3 years ago. So some of the talk is a little dated.

The NCSAM campaign is intended to help spread awareness of the importance of good Web browsing practices. Cyber security is a shared responsibility, and the most important weapon we have to fight a growing number of phishing scams and malicious software floating around cyberspace is education.

You can find more information on National Cyber Security Awareness Month here:
http://www.staysafeonline.org/ncsam

Posted in Security Blog | Tagged , , , , , | Comments Off on Chris Pirillo on National Cyber Security Awareness Month #NCSAM

Bruce Schneier: Talks at Google

From the YouTube page
Human society runs on trust. We all trust millions of people, organizations, and systems every day — and we do it so easily that we barely notice. But in any system of trust, there is an alternative, parasitic, strategy that involves abusing that trust. Making sure those defectors don’t destroy the cooperative systems they’re abusing is an age-old problem, one that we’ve solved through morals and ethics, laws, and all sort of security technologies. Understanding how these all work — and fail — is essential to understanding the problems we face in today’s increasingly technological and interconnected world.

Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a “”security guru,”” he is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.

Posted in Security Blog | Tagged , | Comments Off on Bruce Schneier: Talks at Google

Be a CISSP!

Avoid this frustration

Be a C. I. Double S. P.

To be honest, since I passed my exam in January, I feel I’ve been even more a respected member at work. The bolded ones below are the ones I’ve studied with. I highly recommend them. The first book is the official book and the Shon Harris book is highly praised.

  1. Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press)
  2. Shon Harris CISSP All-In-One Exam Guide [With CDROM]
  3. CISSP Exam Cram (3rd Edition)
  4. CISSP: Certified Information Systems Security Professional Study Guide
Posted in CISSP-Study | Tagged , , | Comments Off on Be a CISSP!

#ICYMI CyberSecurity News Last Week

Here are some big things in the news that happened last week. In case you missed it (ICYMI).

  1. National CyberSecurity Awareness Month
  2. 17 ATMs were hacked, but no customer information was stolen
  3. Hacker Group AnonSec hacked a drone
  4. JPMorgan Chase Data Breach Affects 76M Households, 7M Small Businesses (83 million records)
  5. 17,000 Apple computers were infected due to a Mac iWorm
  6. BadUSB came back into the news as source code on GITHUB was released
  7. US-Cert’s list of vulnerabilities that came out last week
Posted in Security Blog | Tagged , , | Comments Off on #ICYMI CyberSecurity News Last Week

BadUSB MalWare Tutorial

Here is an intro to BadUSB

BadUSB can be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic. BadUSB resides in the firmware that controls their basic functions, the attack code can remain hidden after the contents of the device’s memory is deleted. It’s not Windows or Linux specific and pretty much anything can be a target of attack.

Because it is embedded in firmware, there is no way to detect it or get rid of it. It’s not just usb thumb drives that can be infected, but keyboards, mice, and smartphones.

Here is a tutorial on taking advantage of BadUSB

References:

Posted in Security Blog | Tagged , , , , , , , , , | Comments Off on BadUSB MalWare Tutorial