I'm sure Target would
like everyone to believe the attack was overwhelmingly superior to
any possible defense. I've never seen one that truly was...
Security
firm report says Target data hack was low tech
The U.S. Secret Service
has called the criminals behind Target
Corp.’s monster security breach well-organized, “highly
technical” and “sophisticated.”
But cybersecurity firm
McAfee Inc. said in a report out Monday that the heist was anything
but exotic, describing the attack as a Breach 101 operation.
The thieves used easily
modified off-the-shelf malware, common methods to hide
the malware inside Target’s point of sale system and didn’t
encrypt either the instructions on where to send the stolen card
data or the card information itself as it was being transmitted out
of Target to a remote server, a data stream that should have been
detected and caught,
… “As an attack,
it is extremely unimpressive and unremarkable.”
… McAfee’s
report, however, paints a picture of a run-of-the-mill attack.
The BlackPOS-based
malware may have been customized for Target’s systems, but it
was“far from ‘advanced,’” it said: “The BlackPOS malware
family is an “off-the-shelf” exploit kit for sale that can easily
be modified and redistributed with little programming skill or
knowledge of malware functionality.”
The methods the thugs
used to hide the malware on Target’s system were nothing new
either, it said, calling it “standard practice” for criminals to
evade the anti-malware and controls companies use for protection.
Thieves
can easily get software online to test a company’s defenses and
evade them, it said. [Security teams can use these tool too! Bob]
… The report names
multiple retailers that suffered point of sale attacks in 2013
including Neiman Marcus, Michaels Stores, hotel manager White Lodging
Services Corp., Harbor Freight Tools, Easton-Bell Sports and sandwich
chain ’Wichcraft.
“Probably
the biggest issue in this attack is that they lacked the situational
awareness to identify anomalous occurrence in their environment,”
Walter said. [Translation: They were not adequately monitoring their
systems. Bob]
[The
report is here:
http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2013.pdf
Simply harassment, or
the first shot in a true CyberWar? (How can you tell?)
Ukraine's
Computers Targeted by Powerful Malware: Experts
Dozens
of computer networks in Ukraine have been infected by an aggressive
new cyber weapon called Snake, according to expert analysis.
The
cyber weapon has been increasingly used since the start of this year,
even before protests that led to the overthrow of president Viktor
Yanukovych, British-based BAE Systems said in a report
published Friday.
… Although its
origins are unclear, its developers appear to operate it in the same
timezone as Moscow -- GMT plus four hours -- and some Russian text is
embedded into the code, BAE says.
If you are into that
kind of stuff...
Watch
Edward Snowden talk at the SXSW in a rare public appearance
Are drones so radical
that the government can't figure out what to do?
From EPIC:
A
federal judge has ruled
that commercial drones are legal, stating that the
Federal Aviation Administration has not issued an enforceable
regulatory rule that governs commercial drone operation.
The FAA plans
to appeal the decision. In 2012, Congress told the Agency to
implement a plan to integrate drones into the National Airspace by
2015. Shortly after, EPIC joined by over 100 other organizations,
experts, and members of the public petitioned
the FAA to address privacy as part of the integration. As a result,
the Agency published a notice
with proposed privacy requirements for drone operators. EPIC
submitted comments
in response to the notice, urging the Agency to mandate minimum
privacy standards for drone operators. After considering numerous
public comments on the privacy impact of aerial drones, the FAA
proposed a regulation
that requires test site operators to develop privacy policies but
does not require any specific baseline privacy
protections. Several states have passed drone privacy
laws and bills are also pending in Congress. For more information,
see EPIC:
Domestic Drones.
Nicer than an email...
Perhaps my students should write Apps for other platforms.
Sick
Of eCards? Send Real Cards With Ink By Sincerely
With Ink,
the Android app from Sincerely,
sending cards to your loved ones is simple and easy. And not those
boring old e-cards, but actual physical cards. (It’s true, they
still exist!)
There are many apps
out there for sending virtual cards, but Ink takes that to
another level by actually printing out a physical card for the user
and mailing it. It’s as simple as it gets, and it only costs $1.99
per card, less than you would otherwise pay for a card and stamps.
Something to hang over
my desktop.
No comments:
Post a Comment