Stories by Grant Hatchimonji

Why giving mobile apps banking info isn't as risky as it seems

Data is compromised so frequently these days that it seems like nothing is safe anymore. So one would be forgiven for thinking that using apps that require the user to voluntarily submit payment card information in order to function -- think Venmo, Uber, etc. -- would be a risky play. The reality, however, is that these kinds of apps are actually no more risky than any other transaction involving payment cards.

Grant Hatchimonji | 09 Sep | Read more

Kicking the stool out from under the cybercrime economy

Put simply, cybercrime, especially financial malware, has the potential to be quite the lucrative affair. That's only because the bad guys have the tools to make their work quick and easy, though. Cripple the automated processes presented by certain malware platforms, and suddenly the threats -- and the losses --aren't quite so serious.

Grant Hatchimonji | 20 Aug | Read more

Getting past the most basic physical security of all: Learning to pick locks at DEFCON 22

Much like my experience with learning to hack at RSA, learning to pick locks was something that I was very interested in learning how to do, but approached with much trepidation given that I had zero experience with the practice. Nevertheless I thought I'd give it a shot, so I headed down to the Lockpicking Village at this year's DEFCON 22 so I could be shown the ropes.

Grant Hatchimonji | 10 Aug | Read more

Black Hat USA 2014: Talking botnets and ad campaigns

"The situation we're in with advertising is a lot like where the banks are, where everyone has struggled with the fact that you can't trust the other end of the connection," says White Ops CEO Michael Tiffany. "It's the same cookies, user information, etc. But one is real, and the other is fake."

Grant Hatchimonji | 07 Aug | Read more

The use of mobile credentials is on the rise, but can they be secured?

Given the current prevalence of mobile devices, especially smartphones, it comes as no surprise that they are becoming more and more entwined with everyday aspects of our lives. We don't just use them to make calls, to text, or to browse the internet anymore. We can use them to do just about anything, and that includes using them as a means to provide our credentials.

Grant Hatchimonji | 03 Jun | Read more

Up in smoke: How marijuana shops in Colorado are protecting themselves from losses

The moment I walk into the 3D Cannabis Center in Denver, Colorado, I'm approached by a security guard, taser on his hip, who requests my identification. As I fumble around in my wallet for my driver's license, I take a look around the lobby and spot at least three different cameras staring right back at me -- and this was after walking past multiple cameras outside just to get in the front door. After explaining that I'm here for an appointment with Toni Fox, the store's owner, I'm issued a badge and asked to sign in before taking a seat and waiting while she's notified of my arrival.

Grant Hatchimonji | 07 May | Read more

Why facial recognition isn't the way of the future... yet

It's the how the future is meant to be, isn't it? The good guys need to find a bad guy in a crowd of people, so they start scanning the environment with a camera that is equipped with facial recognition technology. Seconds later, they scan a face that's a positive match with an entry in their criminal database and bam, they've smoked him out.

Grant Hatchimonji | 29 Apr | Read more

How MDM works -- or doesn't work -- for SMBs

In large-scale organizations, implementing mobile device management (MDM) is typically given. After all, with so many employees using mobile devices that either contain or connect to sources of sensitive information, there needs to be some way to keep everything in check. But what about those companies that aren't big enough to be able to afford an MDM implementation and a full-sized IT department to manage it? Without a means to centralize the control of mobile devices, how can these smaller companies protect their data?

Grant Hatchimonji | 08 Apr | Read more

Talking insider threats at the CSO40 Security Confab and Awards

These days, the threat landscape for most companies is massive. But while there is a litany of outside threats that their security teams need to worry about, there is often an even greater danger much closer to home. Insider threats are an issue that no company is safe from, with breaches not just occurring at the hands of a disgruntled or malicious employee, but also unintentionally as a result of ignorance.

Grant Hatchimonji | 03 Apr | Read more

Without proper security measures, smart homes are just begging to be targets

As our world becomes increasingly connected via the Internet, it only seems logical that the interconnectivity would eventually permeate our homes. "Smart devices" like alarm systems, locks, thermostats, and more that can be controlled over the Internet are gradually gaining visibility and creating legions of "smart homes." For all the technological advancements, however, it would appear that our houses are simultaneously becoming more vulnerable.

Grant Hatchimonji | 17 Mar | Read more

Survey says more attention being paid to data privacy, but still a ways to go

Data privacy has gotten its fair share of attention these days, what with the high-profile data breaches that have taken place in recent months. Fittingly, PricewaterhouseCoopers released the results of its 2013 data privacy survey late last year, in which the 370 participants represented both board level members responsible for oversight of privacy programs within their organization and practitioners involved in day to day operations.

Grant Hatchimonji | 31 Jan | Read more