Posted by on

One of the largest security stories this month came from the goliath book retailer, Barnes & Noble. In September, they found some of their credit card scanners – limited to one PIN pad at each of 63 stores in nine states – had been “bugged” and used to steal card numbers and PINs from unsuspecting customers. In response, Barnes and Noble removed all PIN pads from all of the stores in the US, and instituted a policy for credit cards to be scanned by cashier at the register using verified readers. They have also been working with the FBI to investigate the theft.

No information has been released yet on who is responsible, how many customers fell victim, or how much was stolen. However, Barnes & Noble has been working with card issuers to mitigate damage.

You can view the full press release from Barnes & Noble here with a list of stores found to have a compromised PIN pad – none are in Oregon.  Read more...


Posted by on

For a long time only third party software existed to connect two networks via an encrypted connection (called Virtual Private Networking, or VPN). Microsoft introduced a built-in version of this technology into Windows Server, and its use became widespread.

This functionality is incorporated into many office networks to allow remote users to get access to the office while at home or on the road. Security researchers at the Black Hat computer security convention recently released information that Microsoft’s VPN was old, outdated and needed to go for the sake of people who think they are secure. CloudCracker released a blog detailing, step by step, the authentication process and how it could be compromised. They also released tools on the internet to allow users to crack captured VPN authentication data in under 20 hours. This affects us and our clients quite a bit. We’ve already begun working out plans to rethink who needs VPN access, and how we deploy it.  Read more...


Posted by on

In more recent security news – a database of 450,000 user names and passwords of Yahoo Voice users was stolen and produced to the internet. Unfortunately for Yahoo Voice’s users, the passwords weren’t encrypted. Lucky for us, Anders Nilsson, a Swedish security expert, saw this opportunity to analyze the password data to see what behaviors people have. What he found was a bit mind-blowing and he decided to share a few notable results; the most notable ones being ‘123456’ and ‘password’; even a few hundred users with one character passwords. The whole of his results can be seen here.

Lessons we can glean from this, aside from the essential need of password complexity, is not using the same password for any two logins. If these Yahoo accounts happened to use the same e-mail address and password for their Linkedin, Facebook, Twitter, or Bank accounts, they could be compromised.  Read more...


Posted by on

Some Dropbox users started complaining that they had received spam to accounts created and used solely for Dropbox. Claims of spam sent to users started to mount and, as Dropbox didn’t sell this user information, the first thought on everyone’s mind was that Dropbox had been compromised and user information was taken. The worry there was how much user data did they possibly get their hands on. Dropbox’s own access to user data has been a touchy subject, let alone nefarious hands that may have found their way into the popular remote storage provider. Receiving spam isn’t, necessarily, definitive proof of a leak but an independent party was hired to look and find any problems. They found one.

In late August, Dropbox announced in a blog post that an employee’s account was compromised and a file containing e-mail addresses was taken. How much data was in there, or what other files might have been accessed is unsure.  Read more...


Posted by on

Researchers at AVG got an interesting visitor while analyzing a virus. The virus programmer popped in for a chat.

In the AVG labs, they had installed a virus (that impostors itself as an instructional video for the new video game, Diablo 3) to take a look at what it does and see how it works. While doing so, the virus programmer used a chat built into the virus to peek his head in at what they were doing. “What are you doing? Are you researching my trojan?” was written in Chinese in a window that popped up in the middle of the screen. The back doors installed by the virus included the ability to see their screen, monitor keyboard and mouse input; even the ability to turn on and view any attached web-cam. After some banter, the remote hacker shut down the virtual machine to punctuate the end of the conversation.  Read more...


Posted by on

Security researchers are trying to get the word out to mac users that the cat is out of the bag: Mac users need to be concerned with viruses as much as anyone else. April saw the largest saturation of mac virus activity ever witnessed, infecting an estimated 600,000 machines within a few days of its initial detection. Apple has attempted to roll out updates and educate users to try and halt its spread but, as of this writing, the exploit is still vulnerable to infection by a new variant. The number of new infections has gone down but researchers say they can’t be entirely sure their detection methods can accurately measure it. Companies like Symantec and Kaspersky are actively working on combating the storm.

It’s a common fallacy that macs can’t get infected with viruses. More accurately, macs get infected with viruses that are left fallow because they are designed to affect windows machines; this doesn’t stop infected macs from spreading infection, via infected files, to windows machines.  Read more...


Posted by on


Google was caught with their hand in the cookie jar, raising a lot of ruckus concerning privacy on the internet. Google claims it sidestepped privacy settings in an attempt to make its “+1” Google+ system work across different browsers. The part where it gets hairy is that the cookies it saved to mark the click could also be seen by their ad agency, DoubleClick, which they can use to track what pages you go to. The research paper that detailed the methods and code behind this practice also found dozens other companies doing the same thing.

There have been a lot of claims and blame going around. Curious about what it all means? We’ll try and break it down for you. Cookies were meant as a way for websites to save a bit of info on a user’s computer to store user preferences and login session data when you log into a site. It can also use this info to see what pages on their site you’re going to.  Read more...

1 9 10 11