Do you know what a passport card is? An hour ago I did not. But now I know that the department of state is trying to offer an alternative to the normal US passport - A passport card, which can be produced for just 45% of the cost of a normal passport. With RFID implemented on the card it allows US citizens to cross borders to neighboring countries via land or sea. The card contains an ID that is transmitted when crossing the border. Those numbers are then checked against blacklists. There is just one problem. The numbers can be easily gathered and used to create fake passport cards. Equipment that can be bought for less than $2K can be used to do that.
Here is an article about the passport card by the state department: http://travel.state.gov/passport/ppt_card/ppt_card_3926.html
Here is a comment from Ari Juels, the director of RSA labs: http://www.rsa.com/rsalabs/node.asp?id=3557
1SSA - Security consulting, training and products: http://www.1ssa.net
Thursday, October 23, 2008
Tuesday, October 21, 2008
Google Ads used to infect users with malware
We all have come to love and hate those Google ads that suddenly pop up over, under on the side or wherever with a text on a website, interrupting our reading with advertisement. Now this type of advertisement might not only have interrupted our reading but also the security of the PCs we are using. According to a news article published in CT, a German IT magazine, Google advertisement (also known as Adwords) has been used to distribute malicious code to exploit vulnerabilities in Adobe's Flash player.
If you are fluent in German, here is the article: http://www.heise.de/security/Google-Werbung-wird-als-Malware-Schleuder-missbraucht-Update--/news/meldung/117564
1SSA - Security consulting, training and products: http://www.1ssa.net
If you are fluent in German, here is the article: http://www.heise.de/security/Google-Werbung-wird-als-Malware-Schleuder-missbraucht-Update--/news/meldung/117564
1SSA - Security consulting, training and products: http://www.1ssa.net
Thursday, October 16, 2008
Europe standardizing on privacy
EuroPriSE the European Privacy Seal has official started its work. Nine European countries are behind EuroPriSE, tasked to standardize privacy standards and assessment methods for (at least eight of the) EU states. Privacy has been one of the biggest problems in our information overloaded societies. Hopefully eventually we will see some true international standards that bring the US and the EU a little closer.
Read more at: http://www.european-privacy-seal.eu/
1SSA - Security consulting, training and products: http://www.1ssa.net
Read more at: http://www.european-privacy-seal.eu/
1SSA - Security consulting, training and products: http://www.1ssa.net
Tuesday, October 14, 2008
Fake MS email with PGP signature
Normally I would not post this since it is nowadays a constant annoyance that we are living with: Fake emails for phishing, trojan, virus, worms, etc. purposes. But this one was special. Not only that it was good in mimicking the Microsoft language normally used but it also contained a PGP signature block on the bottom! Nice job. Who checks the signature block each time you get a message? Lucky are the ones that use an email program that does it automatically. But not everyone has one like that.
Read the article: http://www.scmagazineus.com/Fake-Microsoft-email-contains-backdoor-virus/article/119306/
1SSA - Security consulting, training and products: http://www.1ssa.net/
Read the article: http://www.scmagazineus.com/Fake-Microsoft-email-contains-backdoor-virus/article/119306/
1SSA - Security consulting, training and products: http://www.1ssa.net/
Monday, October 13, 2008
Creditcard readers manipulated to send data to Pakistan
Wowww... In Europe law enforcement discovered credit card readers that had additional electronic build in that allowed it to send information to Pakistan. The only initial difference with the devices, made in China, is that they are 100 grams heavier than a normal reader. So far the criminals have created $50-$100 Million in damage an early estimate says.
Read the full article: http://online.wsj.com/article/SB122366999999723871.html?mod=googlenews_wsj#printMode
1SSA - Security consulting, training and products: http://www.1ssa.net/
Read the full article: http://online.wsj.com/article/SB122366999999723871.html?mod=googlenews_wsj#printMode
1SSA - Security consulting, training and products: http://www.1ssa.net/
Saturday, October 11, 2008
Deutsche Telekom (again) - This time 30 million customer data breach
I guess I keep typing and see if Deutsche Telekom continues to trump itself. This time 30 million customers are affected by a data breach that puts their confidential data on the Internet. A first reaction from Deutsche Telekom: "We shall adopt a new policy" in respect of communication...well you could also try to systematically build security in your business processes...but it gets even better: A spokesman said that bank details were not attached, and that "according to our information, even though these details have been put up for sale on the black market, there has not been a buyer." - My crystal ball did not tell me that but I guess Deutsche Telekom' crystal ball told them that. Data is NOT a physical piece that can be retrieved. Data can be copied and sold to multiple buyers. Once lost you can never be sure that it does not surface again, someday, somewhere in some kind of form!
Read the article here: http://www.dw-world.de/dw/article/0,2144,3706182,00.html
1SSA - Security consulting, training and products: http://www.1ssa.net/
Read the article here: http://www.dw-world.de/dw/article/0,2144,3706182,00.html
1SSA - Security consulting, training and products: http://www.1ssa.net/
Major data security breach is still causing Deutsche Telekom headaches
I guess some organizations will not learn it, maybe because they used to be owned by the government and still operate like they are or they simply have no concept around data privacy and security. Deutsche Telekom and its subsidiary T-Mobile (mainly focusing on mobile phone service) always had a bad reputation with the German population (they used to be the only choice for telephone services) but after a data breach that allowed access to sensitive customer data it issued some statements that really let the German population doubt that it had any concept around data privacy and security. The breach happened in spring 2006 and was just recently disclosed, even though T-Mobile reported the breach to authorities. I am kind of amused and shocked by a statement made by Philipp Humm, managing director of T-Mobile Germany: "We are very concerned by the fact that the incident from 2006 is relevant once again. Until now, we were under the assumption that the data in question had been recovered completely as part of the investigations of the public prosecutors' office and were safe." - data is not a car that gets stolen and recovered. Data can be copied a million times without anyone knowing about it.
Read the article here:
http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=210700232
1SSA - Security consulting, training and products: http://www.1ssa.net/
Read the article here:
http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=210700232
1SSA - Security consulting, training and products: http://www.1ssa.net/
Subscribe to:
Posts (Atom)
Posts
