Apple Pay May Revolutionize Secure Mobile Payments
Apple Pay Joins Tap to Pay
Last week, on October 20, 2014 Apple joined others in the new near-field communication (NFC) based Tap to Pay market (this doesn’t count their original Passbook offering) with Apply Pay. On Monday, Apple CEO Tim Cook stated that over one million credit cards had been activated on Apple Pay within the first 72 hours of its release, declaring Apple as the market leader in Tap to Pay.
Cook is also quoted as saying, “You are only relevant as a retailer or merchant if your customers love you.” and “It’s the first and only mobile payment system that’s easy, private and secure.”
That’s the goal of all the Tap to Pay pioneers, making a system that easy, private and secure. In a year when many large merchants are disclosing credit card breaches of unprecedented size, the market is... read more >
It seems like phishing emails never let up. Or maybe that they are increasing again. Or maybe it’s just that I feel like I am getting more of them. Maybe it’s all in my mind.
Phishing emails come in essentially two flavors:
- Scare tactics
- Awesome deals
In either case, the goal of the phisher (is that a word?) is to make you react instead of think. The more you stop and think about that email, the less likely you are to just react to it instead of thinking to yourself “phishing=delete.”
As a matter of fact, in the world of phishing, you would never really think about your email, you would just read it, and think “I have to do this!” (whatever “this” is).
That’s why we saw so many phishing emails advertising Jennifer Lawrence et al in the buff.
Read.... read more >
Breaking Down the Anatomy of Chained Exploits
Several weeks ago, I was reading about Shellshock Bash and it sparked my curiosity to investigate just how far one could exploit this vulnerability.
I was conducting an external penetration assessment for a client and it didn’t take long for me to find an opportunity to investigate this issue. The further I was into the assessment, the more I realized the seriousness of Shellshock.
I am sharing what I’ve learned and hope you will use this information to help keep all the pieces of your puzzle in place. If you find out you have some of the key components that made this exploit successful, I recommend you stop reading this blog and apply the remediation suggestions as soon as feasibly possible.
This blog is my attempt to recreate the environment.
This was a routine gray-box external... read more >
There's free Wi-Fi, and there's paid Wi-Fi.
Both are legal, and the price of paid Wi-Fi can be whatever the market will bear. In some hotels and conference centers, that price is substantial -- $100 per day and sometimes much more.
This can be a major revenue stream, so it’s no wonder that facilities try to sell the service. It’s also no wonder that their customers might try to use alternatives. Most cell phones can establish a Wi-Fi hotspot, allowing one or more Wi-Fi enabled computers to access the Internet. Cell phone carriers also offer stand-alone hotspots such as the Jetpack and MiFi products.
A List of Do's and Don'ts
Employees return from lunch and swipe their badges across proximity readers at the main entrance and the side door leading from the smoking area. The chatter of multiple conversations via mobile and in-person merges with the oh-so-familiar beeps, accompanied by the green (or was it red) light and the routine motions of “badging in” is just that... routine.
The hacker observes discretely. He identifies the vulnerability. Adopting the guise of an employee, he raises his smartphone to his head and joins the line of tailgaters. He exploits the vulnerability.
The above scenario is constantly used by penetration testers, security consultants, disgruntled and active employees... read more >
10 Steps to Privacy In-Depth
This term describes the expansion of the Internet from the World Wide Web to your home (smart TV, thermostats, automobiles) and even your body (pacemaker, bio chip transponder). The basic concept is that if a device can be networked, it will be able to communicate to other devices for real-time monitoring or triaging.
One question keeps bubbling to the surface: Are we humans ready for this mass integration of technology and life?
Keep in mind that roughly 10 years ago, 70% of the technology we see today didn’t exist: iPhone, Kindle, Galaxy, Bluetooth watches. With our human nature to be social, open and divulge information to those we trust, we put ourselves... read more >
This Scary Malware is More of a Trick than a Treat
This year, I'm dressing as ransomware for Halloween. Maybe I'll take candy from trick-or-treaters and hold it for ransom. Or maybe I'll pass out malware-infected USB sticks.
Last year I wrote a blog of how CryptoLocker ransomware was striking fear and panic into the hearts of IT staff around the world.
Ransomware is like Clark Griswold's crazy Cousin Eddie in the movie National Lampoon Vacation. It just won’t go away, no matter how hard you try to get rid of it.
In case anyone has forgotten, CryptoLocker encrypted user files and held them for ransom. It was delivered through good ol’ social engineering phishing attempts.
Typically, the phishing attempts were conducted via emails with a failed delivery message from various ... read more >