Information Security News
by Megan Geuss
On Friday evening, luxury retailer Neiman Marcus admitted that it had suffered a data breach exposing customers' credit card information and that it was working with federal investigators to find out the extent of the damage. The company told security writer Brian Krebs that it was not sure how many customers were affected or now the hack was caused.
Krebs, who appears to have unearthed news of the hack first, explains: “Earlier this week, I began hearing from sources in the financial industry about an increasing number of fraudulent credit and debit card charges that were being traced to cards that had been very recently used at brick-and-mortar stores run by the Dallas, Texas based high-end retail chain. Sources said that while it appears the fraud on those stolen cards was perpetrated at a variety of other stores, the common point of purchase among the compromised cards was Neiman Marcus.”
For its part, Neiman Marcus said in an official statement that its credit card processor alerted the chain in mid-Decemeber about “potentially unauthorized payment card activity that occurred following customer purchases at our Neiman Marcus Group stores.”
The latest version can of course reconstruct TCP flows but also has some interesting feature such as being able to carve files out of web traffic (zip, gif, jpg, css, etc) and reconstruct webpages. Another nice feature is the fact it provides a summary PDF report of the pcap file processed by tcpflow.
When enabling file reconstructions, the web output of the files are in the following format which differentiate them from the regular TCP flow reconstructed files. Their format ends with HTTPBODY-001.html, HTTPBODY-001.gif, HTTPBODY-001.css or HTTPBODY-001.zip to name a few.
A precompiled 32 and 64 bit version 1.4.0b1 is available for download here and contains all the same functionality the Unix version which can be downloaded here. This basic setup replays a pcap file and enables all the features use in tcpflow:
tcpflow -a -r -o tcpflow daemonlogger.pcap
-a: do ALL post-processing
-r file: read packets from tcpdump pcap file (may be repeated)
-o outdir : specify output directory (default '.')
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Indian government shuns Google as election partner over NSA fears
However, a government and private sector-backed alliance of cyber security experts called the Indian Infosec Consortium, expressed grave doubts about Google's relationship with the American spy agencies. "Google is committed to help make public ...
India's Poll Panel Declines Google Voting Services Offer Over Security Concerns
Election Commission drops plan to partner Google
India's election regulator drops plan to partner Google after spying fears