Contactless card transactions are becoming increasingly popular in the United States, Europe and Asia. In the United Kingdom alone there are some 34.5 million cards in issue with contactless functionality according the UK Cards Association. With contactless payments no signatures or PINs are required for authorization. This makes transactions under approximately $35 dollars quick, occurring…
DetailsMaybe it’s just me, but many market analysts tend to be skeptical about the latest shiny new thing promising the “complete solution” in security and other technology initiatives. Skepticism is fueled by the constant stream of overlapping tools, enhancements and nuanced products promising to do something “more;” but with functionality that ultimately may become features in…
DetailsOne day last summer I was in a bank branch, standing in line waiting to conduct my business. Bored, I studied my surroundings and took note of a security camera directed toward the teller station ahead of me. No doubt it was capturing video of each person that approached the teller window and especially of…
DetailsIf you mention security service to an information security professional more than likely they think of a technical control running on a host. This is true, but there is another service – the service that we, as security professionals, provide to employees and customers. How would we be rated on our level of employee or…
DetailsFirmware attacks are growing increasingly popular among software hackers. Despite efforts to issue patches for firmware, reported attacks are on the uptick. For instance, Ruben Santamarta, a security researcher at IOActive, recently posted a blog in which he describes how he directed the firmware of a counterfeit money detector to force the system to literally accept any piece of…
DetailsIf you are like me you completely discount official protests as posturing. In this age of suspicion of all politicians there is not much to be read into the President of Brazil, angry about spying, canceling a state visit to the United States, or the governments of Germany, Spain and France summoning their respective US Ambassadors. What I look for are reactions…
DetailsMIT researchers have produced a new paper that uncovers security flaws in C and C++ software, generated by compiler optimizations that discard ambiguous code or code, which produce undefined behavior. Some of that code includes security-relevant checks and the paper includes examples of null pointer checks and pointer overflow checks that the GCC compiler optimizes away, leaving…
DetailsNovember 2, 2013 is the 25th anniversary of the Morris Worm. In the intervening years, we have not solved the problems of buffer overflows, reusable single-factor credentials, peer-to-peer trust or password reuse. What then have we learned from this incident? 1. Access to some files should be restricted. No more world-readable password files. Shadow files in…
DetailsTwo secure email services, Lavabit and Silent Circle, on Wednesday announced the formation of the Dark Mail Alliance. The announcement at the Inbox Love email conference in Mountain View, California, follows the shuttering of the services in August. At that time Lavabit founder Ladar Levison said he was forced to close after pressure was exerted to hand over…
DetailsSpeaking at the Michigan Cybersecurity Summit on October 25, Thomas MacLellan, Director, Homeland Security and Public Safety Division, National Governors Association (NGA) Center for Best Practices, called FirstNet the “largest network deployment in US history.” FirstNet was established by The Middle Class Tax Relief and Job Creation Act of 2012 as the First Responder Network…
Details