Information Security News
by Sean Gallagher
A lot has been done to secure major Web services and Internet applications, particularly on the PC. But one of the lessons learned from our collaboration with NPR and Pwnie Express was that for every data leak that has been plugged by the major websites, another springs up on mobile. And mobile devices are the ones that face the greatest risk of surveillance and attack—not so much from the National Security Agency, but from companies and criminals looking to track and target individuals on a smaller scale.
Public Wi-Fi has become an integral part of how mobile devices’ apps work. Apple and Google have both configured their mobile services to leverage Wi-Fi networks to improve their location services, and mobile and broadband companies offer public (and unencrypted) Wi-Fi networks to either offload users from their cellular data networks or extend the reach of their wired network services. Comcast, for example, has been expanding its Xfinity broadband networks by turning access points at homes and businesses into public Wi-Fi hotspots for subscriber access.
That’s great for customers’ convenience, but it also opens up a potential vector of attack for anyone who wants to get in the middle of broadband users’ Internet conversations. We demonstrated one potential Wi-Fi threat during our testing—using a rogue wireless access point broadcasting the network ID (SSID) “attwifi” prompted AT&T iPhones and Android devices with default settings to automatically connect to them.
US restaurant chain P.F. Chang's China Bistro plans to temporarily bring back manual credit card imprinting while it investigates a security breach that allowed hackers to steal customer payment card data from multiple stores.
The old-school manual system has already been spotted by people affiliated with Sans, a computer security training institute. Readers may remember the system from decades ago, when eight-track tapes and, later, Betamax video, were still the rage. P.F. Chang's servers will be retaining carbon copies of the transactions, according to KrebsOnSecurity reporter Brian Krebs, who first reported the breach three days ago after finding that thousands of newly stolen credit and debit cards for sale in underground forums were all used at the chain.
"At P.F. Chang's, the safety and security of our guests' payment information is a top priority," a statement posted on the chain's website stated. "Therefore, we have moved to a manual credit card imprinting system for all P.F. Chang's China Bistro branded restaurants located in the continental United States. This ensures our guests can still use their credit and debit cards safely in our restaurants as our investigation continues."
Posted by InfoSec News on Jun 13http://www.networkworld.com/article/2363025/security/fcc-will-push-network-providers-on-cybersecurity-wheeler-says.html
Posted by InfoSec News on Jun 13http://www.computerworlduk.com/news/security/3524486/bank-of-england-receives-7-or-8-cyber-attacks-week-says-ciso/
Posted by InfoSec News on Jun 13http://www.nextgov.com/cybersecurity/2014/06/fake-dot-gov-webmail-used-phishing-scam-hack-epa-and-census-staff/86374/?oref=ng-HPtopstory
Posted by InfoSec News on Jun 13http://ottawacitizen.com/technology/internet/how-did-the-rcmp-crack-blackberrys-security
Posted by InfoSec News on Jun 13http://english.cntv.cn/2014/06/12/ARTI1402535320647496.shtml
Posted by InfoSec News on Jun 13http://www.slate.com/articles/technology/future_tense/2014/06/target_breach_cyberinsurance_is_a_mess.html
Posted by InfoSec News on Jun 13http://www.computerworld.com/s/article/9249064/DDoS_attacks_knock_Feedly_offline_for_second_day_running