Monthly Archives: March 2015

Credit Card Skimmers Close to Home?

Posted on by
44

Do you have an alarm system? If you do, did you get one before or after your neighbor was robbed? Few of us are proactive enough to get one without something hitting close to home.

These are the thoughts that came to mind when I saw this:

pic2

That, my friends, is a gas pump. Do you notice anything strange about it.  Look a little bit closer:

security tape on credit card swipe

That security tape is similar to the plastic seal on a bottle of Diet Pepsi. If broken, do not drink! In other words, that tape was put on the credit card swipe of this gas pump as a detective control to identify tampering, like the installation of a skimmer device for example. I won’t name the particular gas station I was at, but it’s green and white about 5 miles from the University. And I have several of their toy trucks in my office. I know that doesn’t narrow it down much, so please don’t try to pull out the geo-location data embedded in the above photos. In actuality, they should be commended for putting something like this in place, but it begs the question…was this proactive or reactive? Things that make you go hmmmm….

That’s why I like credit cards and debit cards that offer $0 liability protection. Combine one of those with Apple Pay, and you’re in pretty good shape. Of course, cash will always be king.

Have you ever had a run-in with a credit card skimmer? If so, where?

Thanks for reading and don’t forget to subscribe.

UPDATE 5/20/15: To be fair, I noticed that this particular chain of gas stations has security tape on their pumps at most locations I’ve visited… So I guess there IS a possibility they are being proactive, or had a bad experience at a subset of locations and then deployed the tape widely. Things that make you go hmmm…

REVIEW: CSI: Cyber

Posted on by
129
http://en.wikipedia.org/wiki/CSI:_Cyber#mediaviewer/File:CSI-Cyber-Logo.jpg

http://en.wikipedia.org/wiki/CSI:_Cyber#mediaviewer/File:CSI-Cyber-Logo.jpg

This week was the beginning of a new CSI television series, CSI: Cyber. I am not a CSI fan by nature. In fact, I’m not a big fan of television dramas at all. I try to like them. I really do, but it’s hard for me to get passed mediocre acting and low budget explosions. However, I had to give CSI: Cyber a chance. After all, it promised to deliver on a theme that is near and dear to me, cyber security. Did it deliver?

To start on a positive note, I thought the technology aspects of the show were only moderately exaggerated, so kudos for that. I think it’s a positive thing that they are highlighting real world consequences of hacker activity. It is not a harmless pastime or a victimless crime. This show can potentially serve as a nationwide public awareness campaign. Hopefully, they will work in some useful reminders for viewers, like the importance of antivirus and the like, rather than simply inciting FUD (fear, uncertainty and doubt).

http://commons.wikimedia.org/wiki/File%3AMBP36_-_Digital_Video_Baby_Monitor_MBP36.jpg

http://commons.wikimedia.org/wiki/File%3AMBP36_-_Digital_Video_Baby_Monitor_MBP36.jpg

With that said, the first episode was named Kidnapping 2.0, making reference to the next generation of kidnapping that incorporates hacking into internet connected baby monitors. The “baby auction” plot may be farfetched, but the idea of some weirdo hacking into your baby monitor is one based on fact. It happens, and for that reason I advise my friends to avoid buying an internet connected baby monitor unless they really have a need for it. Even the ones without Wi-Fi are relatively easy to access, but you need to be in physical proximity to the camera.

I thought the title of the episode, Kidnapping 2.0, was appropriate because they kidnapped one hour of my life with no remorse. The casting choice is just unreal. Lil’ Bow Wow is a rhyming hacker being rehabbed by the FBI. To quote my wife, “STRIKE 1.” The action star of the show is none other than the star of Dawson’s Creek, James Vanderbeek. I never thought I would live to see Dawson kick down a door, but network television has blown my mind yet again. The “best white hat hacker” in the world is a stereotypical “heavyset” gentleman and at one point the FBI director tells his staff that they can “go home to their parents basements.” Really? LOL.

All things considered, I will probably watch this show again. Not because it was a good show, but I find the random technical references extremely entertaining. I love how the writers jam technical jargon into sentences that do not require it at all. It’s just hilarious. And I find the security talk extremely entertaining. There is nothing better than hearing acronyms explained by bad actors. Unfortunately, I doubt the mildly entertained IT crowd can keep this series afloat for very long.

In any case, if you’re looking for a mediocre drama with a mixture of technical chatter and law enforcement, you’ve found it! I will let it record on my DVR and from time to time I’ll check out an episode. More so for a laugh than a thrill, but at the end of the day it served its purpose of entertainment…for one reason or another.

Note to Producers: This show can still be saved by adding a key guest star or two. Namely, Jack Bauer or Liam Neeson (he has a very particular set of skills).

Did you catch the first episode? Tell me what you thought in the comments below.

Thanks for reading and don’t forget to subscribe.

 

Security Conference Round-Up

Posted on by
3

Just about once a year, I start to explore the various security conferences that are available, their approximate cost and when they are usually held.  There are a few summaries out there on the web, but most are exhaustive with way too much information or simply not enough. So, here’s a summary of conferences on my radar, based on 2015 data. Fortunately, the data does not change much from year to year so this will be a good point of reference in the future. This is far from an exhaustive list, though. There are smaller hacker conventions, like Derby Con and Hope X, which I did not thoroughly investigate, but are definitely worth a nod. The costs are estimated (assuming no discounts) and the descriptions are highly subjective, mostly based on hearsay. How is that for minimizing the usefulness of this post?!

http://en.wikipedia.org/wiki/File:DEF_CON_17_CTF_competition.jpg

http://en.wikipedia.org/wiki/File:DEF_CON_17_CTF_competition.jpg

Conference Location $$$ Timing Description
Blackhat Vegas $5500 August All the corporate heavies will be here, leans towards a hacker theme. Conference without any training is about $2500.
Defcon Vegas $250 August Hacker convention. Cash only, starts right after Blackhat, lots of bad words. If you’re going to Blackhat, Defcon is a must do.
Educause Security Pro Minnesota $500 May Security within the higher ed vertical, peer preso heavy, REN-ISAC meetup.
Gartner Security Summit Maryland $3,000 June Calling all CISO’s, managers and CISSP’s! Strategic thinking and networking.
Interop Vegas $3000 April/May General IT conference with security track. Some tech, vendor heavy.
(ISC)2 Security Congress Anaheim $1000 Sept/Oct Calling all CISO’s, managers and CISSP’s, with some technical mixed-in.
RSA Conference San Fran $5000 April All the big shots will be here. Corporate with broad security coverage. Conference without any training is about $2500.
SANS Various $5000 Various More training than conference, top-notch educational opportunity. Heavy technical with some strategy mixed in. SANS 2015 in Orlando is a main attraction.

You can check out my 2014 Interop NY review here, but there will not be a NY version this year. Vegas only, so my guess is that quite a few people agreed with my assessment.

I’m sure I missed some really good ones. Please add them to the comments below. Thanks for reading and don’t forget to subscribe!