Yet another 2017 December link post

December 29, 2017

What I'm reading

Would people (who actual read this blog) rather have me do link posts or spend this time putting together blog posts?

New Pluralsight Play by Play: What You Need to Know About HTTPS Today. Another Pluralsight course by Troy Hunt.

Jocko Willink on the Power of Discipline by Cal Newport: "If you want freedom, then you need to have discipline"

On the Complicated Economics of Attention Capital by Cal Newport: "And yet, even though we’ve pushed connectivity to daring new levels — a technological miracle built on numerous ingenious innovations — we haven’t become more productive."

Mirai IoT Botnet Co-Authors Plead Guilty by Brian Krebs: "The Mirai malware is responsible for coordinating some of the largest and most disruptive online attacks the Internet has ever witnessed."

"I can' believe you wore a plunging neckline when you save mankind" by Frances Cole Jones. Some people will always find something negative to say.

Anti-Skimmer Detector for Skimmer Scanners by Brian Krebs. Of course, skimmers are getting more complicated and harder to detect.

The end of facebook's ubiquity by Cal Newport. "...once social media services are forced to make a sales pitch, as oppose to leveraging an inherited position of cultural ubiquity, they suddenly seem so much less vital."

New Package Moniker rules. I love npm's stance on security. They're doing a lot of great things (see link below). In this instance they're trying to battle the typosquatting issue in the npm registry.

Skyrocketing Bitcoin fess hit carders in the wallet by Brian Krebs. Interesting to see the downside (for the darkside) of the rising value of Bitcoin (that sentence sounds weird. Is it weird?).

4 Years after target, the little guys is the target by Brian Krebs (can you tell I like Brian Krebs?). If you like Jason's Deli (I don't really care for it) it may have had credit card information compromised.

npm private modules outage on December 12th. I love this! This is awesome and gives some insight into responding, troubleshooting, and fixing a production issue.

Buyers beware of tampered gift cards by Brian Krebs. I had something like this happen to me. I won a gift card at work. Went to use it and it had less the $3 on it.

What I'm watching

This is my favorite holiday video for this time of year.

An interesting take by John Sonmez on Net Neutrality. I like looking at contradictory views. I think losing net neutrality will cause a positive reaction.

Brockmire. I recently watched the first season of Brockmire. I gotta say it's a funny series. Crud, but funny.

This blog post first appear on Exploring Information Security.

Infosec links January 6, 2015

January 6, 2015

Chip & PIN vs. Chip & Signature - Brian Krebs - Krebs on Security

The Obama administration recently issued an executive order requiring that federal agencies migrate to more secure chip-and-PIN based credit cards for all federal employees that are issued payment cards. The move marks a departure from the far more prevalent “chip-and-signature” standard, an approach that has been overwhelmingly adopted by a majority of U.S. banks that are currently issuing chip-based cards. This post seeks to explore some of the possible reasons for the disparity.

Banks' Lawsuits Against Target for Losses Related to Hacking Can Continue - Nicole Perlroth - The New York Times

The ruling is one of the first court decisions to clarify the legal confusion between retailers and banks in data breaches. In the past, banks were often left with the financial burden of a hacking and were responsible for replacing stolen cards. The cost of replacing stolen cards from Target’s breach alone is roughly $400 million — and the Secret Service has estimated that some 1,000 American merchants may have suffered from similar attacks.

Banks: Card Breach at Some Chick-fil-A's - Brian Krebs - Krebs on Security

The source said his institution saw Chick-fil-A locations across the country impacted, but that the bulk of the fraud seemed concentrated at locations in Georgia, Maryland, Pennsylvania, Texas and Virginia.

This post first appeared on Exploring Information Security.

Brian Krebs InfoSec Links May 7, 2014

May 7, 2014

Cause Brian Krebs is awesome.

Phishers Divert Home Loan Earnest Money - Brian Krebs - Krebs on Security

In this scheme, the attackers intercept emails from title agencies providing wire transfer information for borrowers to transmit earnest money for an upcoming transaction. The scammers then substitute the title company’s bank account information with their own, and the unsuspecting would-be homeowner wires their down payment directly to the fraudsters.

Emails are being intercepted and the account information changed so that the home buyers send the money to the criminal and not the loan agency. That's really scary and shows that if it's financially profitable criminals will find a way to exploit the system.

Adobe Update Nixes Flash Player Zero Day - Brian Krebs - Krebs on Security

Update Adobe Flash Player on your computers. Do it. Do it NOW!

The Target Breach, By the Numbers - Brian Krebs - Krebs on Security

Krebs breaks down some of the numbers involved in the Target breach that took place from November 27 to December 15, 2013. The most glaring one is the number of Chief Information Security Officers (CISO) or Chief Security Officers (CSO), which was zero, according to the AP. If true, that's pretty sad for the second-largest discount retailer in the United States. And it's not that a CISO or CSO would have stopped the breach, but does give us a peek into Target's thoughts on information security.

This post first appeared on Exploring Information Security.

InfoSec Links April 2, 2014

April 2, 2014

Banks Drop Suit Against Target, Trustwave - Brian Prince - Security Week

A day after linking articles that talk about how ridiculous it was to sue Target and Trustwave we learn that both banks have put in for dismissals of their lawsuit. Coincidentally, news of this comes on April Fool's day, which makes it just an elaborate April Fool's day joke.

Analyzing the Target Break "Kill Chain Analysis" Report - Rafal Los - Following the Wh1t3 Rabbit

Excellent in-depth analysis and discourse of the Target breach and how it happened.

The Continuing Public/Private Surveillance Partnership - Bruce Schneier - Schneier on Security

What's really happening between the government and the companies that are handing over your data.

This post first appeared on Exploring Information Security.