Pick a Number, Win the Lotto – How Citibank was Hacked
Hackers discovered that by changing a string of numbers at the end of the Citi Account Online URL, they could break into any account and steal names, account numbers, and email addresses. How could this happen, and is your company in the same situation?
How RSA Tokens Were Used To Hack Into Military Contractors
Apparently, the information taken during an attack on the RSA SecurID servers has been used to break in to one or more military contractors. How did this happen and what can you do to protect your organization?
Why Encryption Might Not Stop Data Theft
The most secure encryption system in the world might not have prevented the Sony and Epsilon data thefts. Encryption is totally useless if an attacker can get to the data as an authorized user. Separation of duties is paramount when it comes to protecting data from disclosure.
What Can We Learn From the RSA Hack?
The security professionals who work for RSA are some of the best in the business. If they’re so good and RSA still got hacked, what does that portend for your organization?
Crisis Response – Where Security and Disaster Recovery Meet
School and law enforcement officials in dozens of states worked together to develop and publish guidelines for putting together a Crisis Response Box—and every company should have one for first responders to an incident at your organization.
Toner Cartridges a Threat To Society As We Know It
Toner and ink cartridges over 16 ounces are banned on passenger flights. Is this the best way to prevent a terrorist attack?
“The Most Significant Breach Of U.S. Military Computers Ever”
… was caused by a malware-loaded USB Flash Drive. Plugging the cigarette-lighter-sized flash drive into an American military laptop at a base in the Middle East amounted to “a digital beachhead, from which data could be transferred to servers under foreign control,” according to William J. Lynn 3d, deputy secretary of defense. Many security experts […]
SCADA Systems Under Attack
New malware spread on USB flash drives targets the default password on Siemens’ Simatic WinCC software to break in.
Has the IronKey Been Exposed?
A poster named Nexus is claiming that he removed the protective epoxy coating from an IronKey secure USB flash drive and it still works. Photos of the chips on the device are shown here and here. What is interesting to me is that to get the FIPS 140-2 Level 3 certification that the device has, […]
Secure Flash Drives Which Are
Several weeks ago I blogged about several brands of USB flash drives which were all breached in the same way. The rumor mill has it that all of these drives were OEM’d from SanDisk, whose drives have been subject to other hacks in the past. SanDisk and Verbatim maintain that a software update is sufficient to […]
