Apple Pay vs. Other Tap to Pay Providers

Apple Pay May Revolutionize Secure Mobile Payments

Melinda Reinicker

October 29, 2014 - Posted by Melinda Reinicker to Security Insight

Apple Pay

Apple Pay Joins Tap to Pay

Last week, on October 20, 2014 Apple joined others in the new near-field communication (NFC) based  Tap to Pay market (this doesn’t count their original Passbook offering) with Apply Pay. On Monday, Apple CEO Tim Cook stated that over one million credit cards had been activated on Apple Pay within the first 72 hours of its release, declaring Apple as the market leader in Tap to Pay.

Cook is also quoted as saying, “You are only relevant as a retailer or merchant if your customers love you.” and “It’s the first and only mobile payment system that’s easy, private and secure.”

That’s the goal of all the Tap to Pay pioneers, making a system that easy, private and secure. In a year when many large merchants are disclosing credit card breaches of unprecedented size, the market is... read more >

A Bad Day Phishing is Better than a Good Day at Work

Jon-Louis Heimerl

October 28, 2014 - Posted by Jon-Louis Heimerl to Security Insight


It seems like phishing emails never let up. Or maybe that they are increasing again. Or maybe it’s just that I feel like I am getting more of them. Maybe it’s all in my mind.

Phishing emails come in essentially two flavors:

  1. Scare tactics
  2. Awesome deals

In either case, the goal of the phisher (is that a word?) is to make you react instead of think. The more you stop and think about that email, the less likely you are to just react to it instead of thinking to yourself “phishing=delete.”

As a matter of fact, in the world of phishing, you would never really think about your email, you would just read it, and think “I have to do this!” (whatever “this” is).

That’s why we saw so many phishing emails advertising Jennifer Lawrence et al in the buff.

Read.... read more >

Shellshock Bash Bug

Breaking Down the Anatomy of Chained Exploits

Michael Born

October 23, 2014 - Posted by Michael Born to Security Insight


Several weeks ago, I was reading about Shellshock Bash and it sparked my curiosity to investigate just how far one could exploit this vulnerability.

I was conducting an external penetration assessment for a client and it didn’t take long for me to find an opportunity to investigate this issue. The further I was into the assessment, the more I realized the seriousness of Shellshock.

I am sharing what I’ve learned and hope you will use this information to help keep all the pieces of your puzzle in place. If you find out you have some of the key components that made this exploit successful, I recommend you stop reading this blog and apply the remediation suggestions as soon as feasibly possible.

This blog is my attempt to recreate the environment.

The Scenario

This was a routine gray-box external... read more >

Wi-Fi Jamming is a Crime - FCC Rules

Bob Bybee

October 22, 2014 - Posted by Bob Bybee to Security Insight


There's free Wi-Fi, and there's paid Wi-Fi.

Both are legal, and the price of paid Wi-Fi can be whatever the market will bear. In some hotels and conference centers, that price is substantial -- $100 per day and sometimes much more.

This can be a major revenue stream, so it’s no wonder that facilities try to sell the service. It’s also no wonder that their customers might try to use alternatives. Most cell phones can establish a Wi-Fi hotspot, allowing one or more Wi-Fi enabled computers to access the Internet. Cell phone carriers also offer stand-alone hotspots such as the Jetpack and MiFi products.

Major players don’t like competition. By now, you may have seen the headline: a large hotel chain was discovered to be intentionally interfering... read more >

Understanding the Techniques for Social Engineering

A List of Do's and Don'ts

Brent White

October 21, 2014 - Posted by Brent White to Security Insight

social engineering

This blog was co-written by Solutionary Offensive Security Consultants Brent White and Tim Roberts.

Employees return from lunch and swipe their badges across proximity readers at the main entrance and the side door leading from the smoking area. The chatter of multiple conversations via mobile and in-person merges with the oh-so-familiar beeps, accompanied by the green (or was it red) light and the routine motions of “badging in” is just that... routine.

The hacker observes discretely. He identifies the vulnerability. Adopting the guise of an employee, he raises his smartphone to his head and joins the line of tailgaters. He exploits the vulnerability.

The above scenario is constantly used by penetration testers, security consultants, disgruntled and active employees... read more >

The Internet of Things

10 Steps to Privacy In-Depth

Erik Barnett

October 17, 2014 - Posted by Erik Barnett to Security Insight


The latest buzz-phrase in the technology world has to be “Internet of Things" (IoT). This week, it's also the the weekly theme for National Cyber Security Awareness Month (NCSAM).

This term describes the expansion of the Internet from the World Wide Web to your home (smart TV, thermostats, automobiles) and even your body (pacemaker, bio chip transponder). The basic concept is that if a device can be networked, it will be able to communicate to other devices for real-time monitoring or triaging.

One question keeps bubbling to the surface: Are we humans ready for this mass integration of technology and life?

Keep in mind that roughly 10 years ago, 70% of the technology we see today didn’t exist: iPhone, Kindle, Galaxy, Bluetooth watches. With our human nature to be social, open and divulge information to those we trust, we put ourselves... read more >

Ransomware - What I Want to be for Halloween

This Scary Malware is More of a Trick than a Treat

Bernie Lambrecht

October 16, 2014 - Posted by Bernie Lambrecht to Security Insight


This year, I'm dressing as ransomware for Halloween. Maybe I'll take candy from trick-or-treaters and hold it for ransom. Or maybe I'll pass out malware-infected USB sticks.

Just kidding!

Last year I wrote a blog of how CryptoLocker ransomware was striking fear and panic into the hearts of IT staff around the world.

Ransomware is like Clark Griswold's crazy Cousin Eddie in the movie National Lampoon Vacation. It just won’t go away, no matter how hard you try to get rid of it.
In case anyone has forgotten, CryptoLocker encrypted user files and held them for ransom. It was delivered through good ol’ social engineering phishing attempts.

Typically, the phishing attempts were conducted via emails with a failed delivery message from various ... read more >

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | Older Entries >>

Voted Best Corporate Security Blog 2014
Solutionary is a leading managed security services provider. The Solutionary Minds blog is a place to learn about and discuss IT security and compliance topics.

Click here for the entire RSS feed.

Get the Solutionary Minds blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)