Top IT Security Bloggers
Krebs on Security
-
Complex Solutions to a Simple Problem
Krebs on SecurityMy inbox has been flooded of late with pitches for new technologies aimed at making credit cards safer and more secure. Many of these solutions are exceedingly complex and overwrought -- if well-intentioned -- responses to a problem that we already know how to solve.Here's a look at a few of the more elaborate approaches. -
Banks: Park-n-Fly Online Card Breach
Krebs on SecurityMultiple financial institutions say they are seeing a pattern of fraud that indicates an online credit card breach has hit Park-n-Fly, an Atlanta-based offsite airport parking service that allows customers to reserve spots in advance of travel via an Internet-based reservation system. The security incident, if confirmed, would be the latest in a string of card breaches involving compromised payment systems at parking services nationwide. -
In Damage Control, Sony Targets Reporters
Krebs on SecurityOver the weekend I received a nice holiday letter from lawyers representing Sony Pictures Entertainment, demanding that I cease publishing detailed stories about the company's recent hacking and delete any company data collected in the process of reporting on the breach. While I have not been the most prolific writer about this incident to date, rest assured such threats will not deter this reporter from covering important news and facts related to the breach. -
SpamHaus, CloudFlare Attacker Pleads Guilty to Computer Abuse, Child Porn Charges
Krebs on SecurityA 17-year-old male from London, England pleaded guilty this week to carrying out a massive denial-of-service attack last year against anti-spam outfit SpamHaus and content delivery network CloudFlare, KrebsOnSecurity has learned. -
‘Security by Antiquity’ Bricks Payment Terminals
Krebs on SecurityLast week, several thousand credit card payment terminals at various retailers across the country suddenly stopped working, their LCD displays showing a blank screens instead of numbers and letters. Puzzled merchants began to worry that this was perhaps part of some sophisticated hacker attack on their cash registers. It turns out that the incident was indeed security-related, but for once it had nothing to do with cyber thieves. -
‘Poodle’ Bug Returns, Bites Big Bank Sites
Krebs on SecurityMany of the nation's top banks, investment firms and credit providers are vulnerable to a newly-discovered twist on a known security flaw that exposes their Web site traffic to eavesdropping. The discovery has prompted renewed warnings from the U.S. Department of Homeland Security advising vulnerable Web site owners to address the flaw as quickly as possible. -
Microsoft, Adobe Push Critical Security Fixes
Krebs on SecurityIf you use Microsoft or Adobe software products, chances are that software is now dangerously out of date. Microsoft today released seven update bundles to fix two dozen security vulnerabilities in Windows and supported software. Adobe pushed patches to correct critical flaws in Acrobat, Reader, and Flash Player, including a bug in Flash that already is being exploited. -
Unencrypted Data Lets Thieves ‘Charge Anywhere’
Krebs on SecurityCharge Anywhere LLC, a New Jersey mobile payments provider, today disclosed that malicious software planted on its networks may have jeopardized credit card data from transactions the company handled between November 2009 and September 2014. -
More on Wiretapping ATM Skimmers
Krebs on SecurityLast month, this blog featured a story about an innovation in ATM skimming known as wiretapping, which I said involves a "tiny" hole cut in the ATM's front through which thieves insert devices capable of eavesdropping on and recording the ATM user's card data. Turns out, the holes the crooks make to insert their gear tend to be anything but tiny. -
Toward a Breach Canary for Data Brokers
Krebs on SecurityWhen a retailer's credit card systems get breached by hackers, banks usually can tell which merchant got hacked soon after those card accounts become available for purchase at underground cybercrime shops. But when commercial data brokers get hacked or are tricked into giving consumers' data to identity thieves, there is no easy way to tell who leaked the information when it ends up for sale in the black market. In this post, we'll examine one idea to hold consumer data brokers more accountable.