Over the weekend, many people got notices from their banks and retailers informing them that their 3rd party email company has been hacked by outsiders. Texas based Epsilon, the 3rd party company in this case, issued a brief statement warning that hackers had stolen customer email addresses and names from its database. Krebs on security article.
Companies impacted includes Chase, Kroeger, LL Beans and Target. And this list of companies is quite long. Visit the link above to see the list.
So someone out there got your email address. What's the big deal? It's a big deal because it probably is the same address that you use to sign onto your bank, log into your frequent buyer program and so on.
It's amazing how email addresses are now so widely used as identifiers. Even if I have multiple email addresses, how many can I remember any way. So, it is even more important to use a good secured password.
There had got to be better ways to identify an individual. There are other methods, 2 factor identification - but SecurID announced they were hacked the previous week. Biometric identification - but they are clumsy and not always accurate.
Have you heard of other ways? I'd like to know.
In the mean time, security experts warned us to be extra careful with regard to email spammers and scams in the next weeks and months.
Monday, April 4, 2011
Monday, March 21, 2011
Follow up on RSA incidence
NSS lab has released their analysis of the incidence.
NSS lab is a well known security research lab testing and verifying claims made by security hardware and software vendors.
NSS lab is a well known security research lab testing and verifying claims made by security hardware and software vendors.
Sunday, March 20, 2011
RSA information stolen
RSA has announced this past Thursday that certain information about the SecurID technology has been stolen. RSA is best known for providing the hardware key device that many used for 2 factor authentication. At this time, RSA has not announced what is impacted. But there are certain steps you can take if you are using RSA for your authentication. Network World published an article with 4 steps that you can take now.
RSA has been a trusted source for years, and many have taken it for granted. This latest episode again reminds us that security needs more than just trusting in a single device or technology. If we use more than a single lock on the door at our house, why do we think a single device can serve our security needs for system access?
Yes, there are other devices or technology that performs similar functions as SecurID, such as phone based systems. But no matter how good or robust the technology, someone might be able to compromise it by sheer luck and persistent.
Defense in depth is the way to go. Diligent monitoring of access log can also help. It is good security practice.
Yes, there are other devices or technology that performs similar functions as SecurID, such as phone based systems. But no matter how good or robust the technology, someone might be able to compromise it by sheer luck and persistent.
Defense in depth is the way to go. Diligent monitoring of access log can also help. It is good security practice.
Friday, January 28, 2011
Firesale at the Cyber Criminal shopping mall.
This month special:
$2 each - a legitimate but unverified bank account or credit card number,
with guarantee for the available credit line or bank balance, add $70.
According to a just released report from Panda Security, the cyber criminal are facing competition like we all are. So price is dropping.
Panda Security 2011 January The-Cyber-Crime-Black-Market.pdf
In this article, Panda Security has done a great job explaining how this illegal underground business operates. There are the manufacturers - ones who actually does the stealing, distributors - aggregaters of illicit information, bankers - mules who handle the money laundering and, of course, source - the victims. The report even include screenshots of a transaction.
In any economy, supply and demand hold true. If the price drops, it can either be that the demand has dropped or the source is getting plentiful. I don't think anyone believes that the demand has dropped, so the source must be getting plentiful. In other words, if you are not a victim today, you soon will be!
With malware generating tools like Zeus freely available, it will be foolhardy for us not to recognize the need for cyber security vigilance at office and at home.
$2 each - a legitimate but unverified bank account or credit card number,
with guarantee for the available credit line or bank balance, add $70.
Panda Security 2011 January The-Cyber-Crime-Black-Market.pdf
In this article, Panda Security has done a great job explaining how this illegal underground business operates. There are the manufacturers - ones who actually does the stealing, distributors - aggregaters of illicit information, bankers - mules who handle the money laundering and, of course, source - the victims. The report even include screenshots of a transaction.
In any economy, supply and demand hold true. If the price drops, it can either be that the demand has dropped or the source is getting plentiful. I don't think anyone believes that the demand has dropped, so the source must be getting plentiful. In other words, if you are not a victim today, you soon will be!
With malware generating tools like Zeus freely available, it will be foolhardy for us not to recognize the need for cyber security vigilance at office and at home.
Subscribe to:
Posts (Atom)