Search

Home > Down the Security Rabbithole > DtR Episode 119 - NewsCast for November 17th, 2014


	Podcast:		Down the Security Rabbithole
	Episode:		DtR Episode 119 - NewsCast for November 17th, 2014
	Category:		Technology
	Duration:		00:41:12
	Publish Date:		2014-11-17 10:55:33
	Description:		Note: The hashtag for the show on Twitter has changed, please connect with us using #DtSR going forward. Thanks! Topics covered Update: Home Depot breach (Hint: apparently it was a 3rd party entry point) Story: http://www.computerworld.com/article/2844491/home-depot-attackers-broke-in-using-a-vendors-stolen-credentials.html Apparently as a reaction, all execs are being switched to iDevices (blame Windows? and why only execs?) - http://www.imore.com/home-depot-switches-execs-iphones-macbooks-it-blames-windows-massive-breach Also, they lost ~53 Million email addresses too - http://online.wsj.com/articles/home-depot-hackers-used-password-stolen-from-vendor-1415309282 American Express is pushing tokenization to their payment ecosystem, this is big news but leaves a lot more questions and concerns than answers (for example- what about chip & pin (sign)? )- Story: http://threatpost.com/american-express-brings-tokenization-to-payment-cards/109137 Check out the standard itself: http://www.emvco.com/download_agreement.aspx?id=945 Flaw found (in a lab) in the VISA EMV protocol, but is it realistic to do this kind of "immense fraud" in outside the lab, in real life? Story: http://www.cio.com/article/2842994/flaw-in-visa-cards-could-ring-up-a-very-large-fraud.html The FTC further exerises its (Constitutional?) powers to take down fake "Support call scammers" and is on track to some public fanfare- Story: https://nakedsecurity.sophos.com/2014/10/26/ftc-takes-down-fake-support-scammers-upbeat-about-getting-consumers-money-back-poll/ Connecticut Supreme Court paves the way for class-action suit in HIPAA breach/violation. Big question- is this good for anyone other than the lawyers? Will it just add to the rising cost of healthcare, or is this doing some good? Story: http://www.ctlawtribune.com/home/id=1202676138225/Conn-Supreme-Court-HIPAA-Decision-Likely-to-Spawn-More-Litigation A "spying software" that can spot a phone theft in "2 minutes"? Call us skeptical, and leary- Story: http://www.fastcodesign.com/3038031/spying-software-spots-phone-theft-in-2-minutes-no-password-needed Starwood Hotels is going keyless with iPhone & iWatch integration for room entry. A great idea, if it's free of the usual security bugs. Story: http://www.theipadfan.com/starwood-hotel-rooms-now-keyless-with-iphone-and-apple-watch-app-integration/ Michael's take on the story: http://www.csoonline.com/article/2691383/security-leadership/what-did-you-expect-to-happen-when-you-bought-the-electronic-lock.html Episode 111, where we briefly cover this topic in detail via the Onity court case: http://podcast.wh1t3rabbit.net/dtr-episode-111-newscast-for-september-22nd-2014 Breaches BrowserStack goes down, gets transparent and honest, promises to come back stronger - http://www.browserstack.com/attack-and-downtime-on-9-November "Massive" USPS data breach identified, hits customers and employees (cue the lawsuits!) - http://www.cnn.com/2014/11/10/politics/postal-service-security-breach/index.html?hpt=hp_t2 NOAA breached by .... China! - http://www.eweek.com/security/noaa-other-u.s.-agency-security-breaches-connecting-the-dots.html State Department shuts down unclassified email system, after spotting "activity of concern" - http://www.nytimes.com/2014/11/17/us/politics/state-department-targeted-by-hackers-in-4th-agency-computer-breach.html?_r=0
	Total Play:		0