« November 2007 | Main | January 2008 »
Greetings folks! It has been quite a year. I've only been lucky enough to spend the last 5 months with you writing in this blog, but I sure had fun. I enjoy zoning out for 10 minutes on YouTube looking for silly videos that promote sanity in the workplace.
I hope you all enjoyed reading along this year... see you next year!
Visa just released slides from a webinar on Automatic Fuel Dispensers (AFDs) as it relates to skimming. Looking at the pictures they included, this is something we all could easily be victims of as there do not appear to be any external signs that you are becoming a victim of foul play (thanks Shane!).
AFDs are notorious for having these kinds of issues simply because there is not someone watching over them like a cashier does at a traditional Point of Sale (POS). We've seen examples of this occurring in ATMs as well. Not only is this a call to duty for AFD manufacturers to become compliant with PED and PA-DSS standards, but it is a call for merchants using these devices to enhance training and field checks to prevent this type of fraud.
While sitting in the Courtyard this morning in Sterling, VA, I saw that Dan Frost of the USA Today is warning of the Evil Twin problem with wireless networks.... again. I seem to remember seeing this pop up in the past, but this problem has been around as long as wireless has been in cafes.
So, watch out.... again!
One of our consultants brought a great write up on Dan Egerstad, the Swedish security consultant who set up a series of Tor servers designed to promote anonymous browsing. Unfortunately, the organizations deciding to adopt Tor forget that unencrypted traffic can still be read, captured, and exploited.
This brings up an interesting trend though. Why are people still not protecting their internet traffic? I'm not talking about browsing around and picking up the next Super Mario Bros game at Amazon, but using Outlook for email via POP3/IMAP. Compound this with the problem that most people are remiss in using unique passwords for your key accounts, and you can see how a nefarious organization with a little bit of technology could easily stumble across information to be used in a data breach.
Still using unencrypted POP? How about an open wireless access point?
Todd Wilkens posted about his personal war against Blackberries this month. As a consultant, it is not only hard to conduct meetings (where we are getting paid by the hour) with customers when this happens, but I have been tempted to do the same thing as well! I think we all tune out at some point when it comes to meetings, especially those after lunch ones.
What I'm interested to know is if anyone has ever suffered a breach due to a lost blackberry. With the amount of scrutiny over email these days, I know that some caution is taken. That said, I also know that humans are lazy people and email is very pointy/clicky. I've seen executives forward extremely sensitive information via email to their Yahoo email accounts so they can work on it when they get home.
So as these computing devices get more ubiquitous, how much concern is there really out there related to a data breach, and what measures are you taking to mitigate that risk?
