The series I’ve written about ATM skimmers, gas pump skimmers and other related fraud devices have become by far the most-read posts on this blog. I put this gallery together to showcase the entire series, and to give others a handy place to reference all of these stories in one place. Click the headline or the image associated with each blurb for the full story.
Farid Mheir's insight:
An overview of all the ways that thief use to capture our credit card and bank card numbers to fraud.
WHYIS THIS IMPORTANT
Even when very careful, you can get your credit card number stolen.
Also, we should fear the real world as much or more as the virtual world when it comes to fraud.
In January 2015, the FBI released stats showing that between Oct. 1, 2013 and Dec. 1, 2014, some 1,198 companies lost a total of $179 million in so-called business e-mail compromise (BEC) scams, also known as “CEO fraud.” The latest figures show a marked 270 percent increase in identified victims and exposed losses. Taking into account international victims, the losses from BEC scams total more than $1.2 billion, the FBI said.
Farid Mheir's insight:
We often think that malware (ie. computer viruses) are big business but it looks like emails scams are an even bigger one.
Made me think of recent scams publicized in Montreal local papers.
Business email scams are difficult to protect against because users are the weak link and technology has limited means to prevent that. Businesses should make sure all employees are briefed on the security hazards of email scams and how to prevent them. Below is link on how banks try to help prevent email scams: worth reading.
Praetorian tracking all IoT devices in Austin, Texas running on ZigBee protocol, similar to the Shodan scanner.
Farid Mheir's insight:
A project has been devised to map all internet of things devices in the Austin Texas area, and identify vulnerabilities. Cool demonstrations of what you can do with a drone and some technology skills.
You need to work on formatting of your replies. This is one giant sentence. Remember the requirements. You need a 2-3 sentence summary, at least 1 sentence of IR implications and 1 sentence about your thoughts.
The other shoe just dropped. The hackers who breached the cheating site AshleyMadison.com appeared to make good on their threat to expose customer data on Tuesday, dumping the stolen information online.
Farid Mheir's insight:
A review of what we know about the data breach.
WHY IS THIS IMPORTANT
Interesting to see how pirates distribute their loot and wha constitutes valuable information, other than credit card numbers.
What is most interesting here I believe are these stats:
- thousands of fake female profiles
- 90-95% of actual users are male
Speaks volume on the anonymity of the Internet and the lack of reliable information out there.
The Tesla Model S is the most connected car in the world. It might surprise you to hear that it is also one of the most secure. In this talk we will walk you through the architecture of a Tesla Model S noting things that Tesla got right as well as identifying those that they got wrong. From this talk you will get an intimate understanding of how the many interconnected systems in a Tesla model S work and most importantly how they can be hacked. You will also get a good understanding of the data that this connected car collects and what Tesla does with this telemetry. We will also be releasing a tool that will enable Tesla Model S owners to view and analyse that telemetry in real time. Finally we will also be releasing several 0day vulnerabilities that will allow you to hack a Tesla Model S yourself - both locally and remotely. Note - only one of the 6 vulnerabilities we will discuss and release has been fixed. Disclaimer: With great access comes great responsibility - In other words we are not responsible for any Tesla Model S bricked by over enthusiastic attendees of this talk :)
Farid Mheir's insight:
I love August because it is the month where hacking conferences are held. And they always have their share of flamboyant hacks like this one. Looking forward to see what this year's crop will bring...
Also read the short piece in the WSJ about the hack and what it does.
Tens of millions of people have lost their private information in data breaches over the past few years. But what happens after that—how the data are leveraged for financial gain—remains murky.
Farid Mheir's insight:
Reporter has gone to dark web to find out that user information of quality is worth almost 100$.
WHY THIS IS IMPORTANT?
There is an opportunity for a company to start charging higher fees to collect and protect your digital identity. Today it seems Apple may be gearing towards that model: you pay more for its services than Google, Amazon, Facebook and others but they - as far as we know - do not sell your data.
Reporter has gone to dark web to find out that user information of quality is worth almost 100$.
WHY THIS IS IMPORTANT?
There is an opportunity for a company to start charging higher fees to collect and protect your digital identity. Today it seems Apple may be gearing towards that model: you pay more for its services than Google, Amazon, Facebook and others but they - as far as we know - do not sell your data.
Italian jeweler Bulgari is bringing traditional craftsmanship into the digital ecosystem with an intelligent timepiece focused on data security.
Farid Mheir's insight:
Luxury watch now includes an NFC chip to allow it to be recognized by digital devices such smartphones.
WHY THIS IS IMPORTANT?
Access to your wrist will become key in the future for security reasons. You wear a watch all the time and can never leave home without it as you could a phone or another device. As multi-factor authentication gains in popularity, the watch will become an essential component for payment, authentication, etc. And with Apple now trying to secure they are the only device on your wrist (no way you'll wear multiple devices), luxury brands will try to incorporate electronics into their analog watches.
Here's an inside look at the crazy business models ruling the hacking world, where hackers can make more than $80,000 a month by infecting people's computers.
10 local and cloud-based contenders make passwords stronger and online life easier for Windows, OS X, iOS, Android, BlackBerry, and Windows Phone users
Farid Mheir's insight:
Great review of essential tools in everyone's computer and mobile phone.WHY THIS IS IMPORTANTStrong password are our only protection for our digital lives and yet to many people still rely on simple and easy to guess ones. I wrote about this many times before http://www.scoop.it/t/digital-transformation-of-businesses?q=password, and this article provides links and ratings for different solutions on the market.And by the way, when possible, always turn on two-factor authentication : see http://sco.lt/6DAZgv
Bruce Schneier, American cryptographer, computer security and privacy specialist, will be coming to Google to talk about his new book: "Data and Goliath: The...
Farid Mheir's insight:
Bruce Schneier is a legend in the security and privacy world and he explains in a 30 minute talk (20min if you listen at 1.5x speed ;-) the content of his new book. He makes me want to read it (good job I guess) but also closes with an interesting analogy: data is the pollution of the information age.
WHY THIS IS IMPORTANT
Bruce raises the issue of privacy but also ventures into solutions, which is rare because it is a difficult subject with no straight answer. He makes the case that there is duality in producing data and analyzing it: it is both useful and dangerous. Every company is faced with the questions that Bruce raises.
Three years ago, on May 28th 2012, we announced the discovery of a malware known as Flame. At the same time we published our FAQ, CrySyS Lab posted their thorough analysis of sKyWIper. A few days earlier, Maher CERT published IOCs for Flamer. In short, Flame, sKyWIper and Flamer are different names for the same threat, which took the world by surprise as the first major discovery after Stuxnet and Duqu.
Since the discovery of Flame, we reported on many other advanced malware platforms, including Regin and Equation, yet Flame remains special in terms of being one of the most complex, surprising and innovative malware campaigns we have ever seen.
Looking back at the discovery of Flame, here are some lessons we learned.
Farid Mheir's insight:
A short account of the level of sophistication that computer viruses have achieved. And a video that pleades for the need to keep computers secure.
The incident is notable because it's one of the few computer intrusions to cause physical damage. The Stuxnet worm that targeted Iran's uranium enrichment program has been dubbed the world's first digital weapon, destroying an estimated 1,000 centrifuges. Last week, Bloomberg News reported that a fiery blast in 2008 that hit a Turkish oil pipeline was the result of hacking, although it's not clear if the attackers relied on physical access to computerized controllers to pull it off. The suspected sabotage of a Siberian pipeline in 1982 is believed to have used a logic bomb. Critics have long argued that much of the world's factories and critical infrastructure aren't properly protected against hackers.
Farid Mheir's insight:
Article is short but links to the IDC report is included.
How strong are your passwords? Here's an analysis of 10 million via @wpengine
Farid Mheir's insight:
This analysis is very in depth and looks at many different angles to show how and why we pick simple passwords. I continue to be amazed by the lack of proper passwords being used by people in general.
This study is recent but I assume things may change quite rapidly and solutions such as lastpass or password box are helping change this trend.
Also I assume this applies well to the USA but may be different in Canada, Quebec and elsewhere due to differences in language and culture.
If you are viewing online porn in 2015, even in Incognito mode, you should expect that at some point your browsing history will be publicly released and attached to your name.
Farid Mheir's insight:
Beyond the catchy title, this short post highlights some very important links to help you determine if your browser sessions are safe Mine are not it seems...
On Sunday night, 60 Minutes aired a segment about the Defense Advanced Research Projects Agency, or DARPA, and its attempts to secure the internet from hackers, human traffickers and other criminals. One of the DARPA efforts the program highlighted — and did so even more in an unaired segment for the web — is a project called…
Farid Mheir's insight:
This is must see TV. Look at both the 60 minutes program and the unaired segment. It will confirm many of the things I've been highlighting for a while now regarding security and privacy, but also regarding car hacking.
I am not a pessimist but I believe security should be more present as we make our digital transformation.
After breaking up into a number of task forces and discussing strategic priorities, CIOs at the Journal’s CIO Network event came together to create a prioritized set of recommendations to drive business and policy in the coming year. While proposals ran the gamut, consensus seemed to form around two major themes: cybersecurity, and delivering change through effective communication with the rest of the business. The full results will be published in The Wall Street Journal CIO Network special report later this month. Here’s a look at the top five:
All top 5 point to "changing the way business works", i.e. corporate culture and the behavior changes required to successfully transition from "old world" to "new world".
It’s not enough to just implement new controls and technologies around the systems, though; smart organizations are dedicating teams to look in the deep crevices of the web for detailed information on threats to their environments. World news and events, potentially controversial company announcements, new executive appointments, industry and partner breaches, industry-specific malware — all of these and more can indicate a risk, and analysts need to find the intelligence that must be acted upon to protect the company and its customers. The wealth and scope of available information can be overwhelming for intelligence analysts, however. While in the past actionable and credible threat intelligence could be elusive, now information can be found online anywhere, at any time, in any language. With the volume of information and limited resources and budgets, organizations need to be strategic in their intelligence gathering.
Farid Mheir's insight:
First time I hear of "open source intelligence" (OSINT). should be good.
To get content containing either thought or leadership enter:
To get content containing both thought and leadership enter:
To get content containing the expression thought leadership enter:
You can enter several keywords and you can refine them whenever you want. Our suggestion engine uses more signals but entering a few keywords here will rapidly give you great content to curate.
Oh well, too bad.
Made me think of stories I published in the past about how to disappear from the web http://sco.lt/4pi8g5