Apr. 29th, 2011

A pretty good spam email

Apr. 29th, 2011 08:21 am
thewayne: (Default)
From: Free Sample Enlargement
Subject: The Greatest Shag of All

(I didn't open the message)

So, you get a sample from somewhere and for no cost, it gets really big. Cool! I get food samples from Trader Joe's whenever we go there, so this could feed both of us instead of just having a bite. Or could the sample keep growing and destroy the store? Next Godzilla flick!

And greatest shag of all? We do kinda need new carpeting....
Tags:
  • Add Memory
  • Share This Entry

Do you own a Tom-Tom GPS unit?

Apr. 29th, 2011 07:22 pm
thewayne: (Default)
Guess what! Not only do the units with 3G capability track your location AND speed, the manufacturer makes it available (in an anonymized fashion, naturallyallegedly) to law enforcement and local gov't!

http://crave.cnet.co.uk/cartech/tomtom-admits-to-sending-your-routes-and-speed-information-to-the-police-50003618/

http://yro.slashdot.org/story/11/04/28/1719247/GPS-Maker-TomTom-Submits-Your-Speed-Data-To-Police

Allegedly this is sent back to Tom-Tom HQ to help them build congestion maps. Theoretically this could be used by street traffic engineers to note that the average speed on a particular roadway is at +5 or +10 over the limit and there has not been a significant increase in accidents, so why not increase the speed limit? Like that's going to happen.
Tags:
  • Add Memory
  • Share This Entry

More on the Verizon data breach report

Apr. 29th, 2011 08:02 pm
thewayne: (Default)
There's a new threat called an APT, Advanced Persistent Threat, where basically attackers are taking over a company's entire network rather than just compromising databases looking for credit card records. Remediating such an intrusion is not easy.

The scary thing is that they're saying that a reduction in the number of compromised records does not mean that IT shops are doing a better job of implementing security.

Here's some highlights from the Verizon report:

* The average time from compromise to data breach was minutes to days, not weeks or months (see report Figure 37).
* The average time between compromise and the victim discovering it was weeks to months.
* The average time from discovery to containment was weeks to months as well, including 2 percent that took years to never. I suspect this latter stat is far higher in the real world.
* Eighty-six percent of the time, the breach was discovered and reported to the victim by a third party (see report Figure 39), even though the breach probably could have easily been found by the victim if he or she had deployed normal detection systems. Sixty-nine percent of victims had event log evidence of the compromise (see report Figure 41).
* Only 8 percent of attacks required a high level of complexity (see report Figure 34).
* External agents were responsible for 92 percent of attacks and 99 percent of data breaches (see report Figures 7 and 12).
* Insiders were involved in 16 percent of all cases; the crossover with the 92 percent external agent figure is due to collusion.
* The role makeup among internal attackers was as follows: 85 percent were normal end-users, 22 percent were accounting or financial staff, 11 percent were management, and only 9 percent were IT related. (emphasis mine)

http://www.infoworld.com/print/158988

An insider's view on protecting/removing APTs: http://www.infoworld.com/print/141896

http://it.slashdot.org/story/11/04/26/210221/Fewer-Hacked-Records-Does-Not-Mean-Better-Security
Tags:
  • Add Memory
  • Share This Entry

Let's talk about the Sony Playstation Network hack

Apr. 29th, 2011 10:19 pm
thewayne: (Default)
Sony PSN has been down for over a week now. Unknown parties compromised their system and broke in to their billing and authentication database(s), stealing 77 million accounts and credit card information. In a monumental act of stupidity, Sony stored all passwords as plaintext, they were not hashed, with or without a salt value. The bad thing about this is that so many people use the same password for multiple online accounts, and since their email address was also compromised, those people could be compromised all over the interweb.

The only good thing about this is that Sony did ont store the CVN on the back of the card with the card data, so it was not compromised. This makes it much harder to make charges on the stolen cards and greatly reduces their value.

This also affects Sony's Qriocity network, whatever that is. Apparently PSN and Qriocity are operated and managed by an outside marketing company, not that it absolves Sony of any responsibility.

http://cyberinsecure.com/sony-playstation-network-breached-77-million-users-private-data-stolen/

http://yro.slashdot.org/story/11/04/27/142238/77-Million-Accounts-Stolen-From-Playstation-Network


One thing that I find interesting is that the credit card industry has standards that businesses must follow to secure credit card data. (Remember the TJ Maxx hack?) If you're a small merchant and all you have is machines to process in-person credit card purchases, it's no big deal. But if you store credit card data for repeat purchases, i.e. monthly network access, you are expected to have pretty good security. Clearly Sony is in gross noncompliance with these directives. I've read them, it takes a very skilled and serious staff to implement, maintain, and audit them.


Here's an article on Wired theorizing about who might have committed the hack. There's some very interesting comments, possibly indicating that some of the information may already have been sold to telemarketers and scammers.

http://www.wired.com/threatlevel/2011/04/playstation_hack/


The law suits have already begun, and it's guaranteed that they'll seek class action status. And as Sony and the network provider was so grossly negligent, it's going to hurt Sony as they so deserve.

http://tech.slashdot.org/story/11/04/27/2122241/Sony-Sued-For-PlayStation-Network-Data-Breach
Tags:
  • Add Memory
  • Share This Entry

Good news for AT&T Cellular! (and other big corps)

Apr. 29th, 2011 11:40 pm
thewayne: (Default)
The Supreme Court just held up on appeal that contracts that state that arbitration must be used instead of lawsuits is solid. A couple in California sued AT&T for being charged sales tax on “free” phones. It went back and forth in the courts until it worked its way up to SCOTUS, which sided with AT&T.

I'll bet Sony heaved a huge sigh of relief when they heard about this, assuming they have such a clause in their PSN legalese.

http://arstechnica.com/tech-policy/news/2011/04/scotus-rules-att-can-force-arbitration-block-class-action-suits.ars

http://yro.slashdot.org/story/11/04/28/1948247/Supreme-Court-ATampT-Can-Force-Arbitration
Tags:
  • Add Memory
  • Share This Entry

Profile

thewayne: (Default)
The Wayne
Spare Brains Games

July 2025

S M T W T F S
   1 2345
67891011 12
13 1415 16171819
20212223242526
2728293031  

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Jul. 17th, 2025 10:43 pm
Powered by Dreamwidth Studios