Cell Phone Tapping: GSM Encryption Hacked

January 11, 2010 by ADMIN · 1 Comment

By Michael Coats for Information Security Short Takes

GSM cellular networks in the US and Europe use the A5/1 stream cipher meant to ensure cellular calls cannot be listened into by unauthorized parties monitoring radio traffic. However, the guarantee of privacy is no longer ensured. New attack techniques were unveiled at the Hacking at Random conference in The Netherlends which would allow an attacker to decrypt cellular calls made over a GSM network. The attacker only needs the new software and about $500 in radio monitoring equipment.

ISR News: CardSystems Breach Spurs Suit

June 1, 2009 by ADMIN · Leave a Comment

Excerpts From Digital Transactions

Four years later, the fallout from the notorious CardSystems Solutions Inc. data breach—at the time the biggest hacking of payment card data ever—surfaced last week and looks like it could go on for months or even years. Merchant acquirer Merrick Bank Corp. is suing Savvis Inc., the company that inspected CardSystems before the breach, for alleged negligence because Savvis had concluded that the processor’s security systems met Visa Inc.’s standards.

ISR News: US Banks Going Biometric

April 9, 2009 by ADMIN · Leave a Comment

Excerpts From Finextra.com

A global survey conducted by Unisys last year found that 72% of US citizens would be willing to undergo fingerprint scans to verify their identities when dealing with banks and government organisations.

ISR News: FBI Raids Texas Data Centers

April 8, 2009 by ADMIN · 2 Comments

Excerpts From Blog.wired.com

The raids were part of an investigation prompted by complaints from AT&T and Verizon about unpaid bills allegedly owed by some data center customers, according to court records. One data center owner charges that the telecoms are using the FBI to collect debts that should be resolved in civil court. But on Tuesday, an FBI spokesman disputed that charge.

ISMG Launches GovInfoSecurity.com

April 8, 2009 by ADMIN · Leave a Comment

Press Release From GovInfoSecurity.com

We have a new President, a new Administration, a new session of Congress … and a new national mission throughout government to secure personal data and protect our borders from cyber threats. Information security has never been more important to the federal government - or to all of us, as we conduct personal and professional business in this electronic world.

ISR News: PCI DSS verses Cybercrime

April 8, 2009 by ADMIN · Leave a Comment

Excerpts From BankInfoSecurity.com

Yvette Clarke, D-NY, Chair of the Subcommittee, admonished the payments industry, saying “The payment card industry and issuing banks should be ashamed about the current state of play and doing everything possible to immediately institute improvements in infrastructure.”

Payment Card Industry Swallows Its Own Tail

April 1, 2009 by ADMIN · 10 Comments

By Anthony M. Freed, Information-Security-Resources.com Financial Editor

Anyone who has been following the cascade of security failures plaguing the payment card industry in the last year, and punctuated by the still-shrouded breaches at RBS WorldPay (RBS) and Heartland Payment systems (HPY), has to acknowledge that there are major problems with security that need to be addressed pronto. But the greatest threat to the survival of PCI DSS (Payment Card Industry Data Security Standard) may not be the ever-evolving tactics of the criminal hackers intent on a “big score,” but instead the dysfunctional nature of the relationships between the very parties the standards are meant to serve.

ISR News: Heartland Class Action Lawsuit

March 18, 2009 by ADMIN · Leave a Comment

Excerpts From ComputerWeekly.com

An investor has filed a proposed class action in the US district court of New Jersey on behalf of all other investors in Heartland between August 2008 and February 2009. The complaint alleges that Heartland issued false or misleading statements and failed to disclose material adverse facts about its business, operations and prospects during that period. Heartland’s shares during that period also declined from $21.84 per share, or approximately 80%, from its high of $27.19 per share in September 2008.

ISR News: Visa Sanctions RBS Too

March 16, 2009 by ADMIN · Leave a Comment

Excertps From BankInfoSecurity.com

In the statement, Visa confirmed that both Heartland and RBS WorldPay as a result of their recent data breaches, have been removed from the company’s Payment Card Industry Data Security Standard (PCI DSS) Compliant Service Providers list. This list represents the service providers that Visa has validated as being PCI DSS compliant for merchants and other businesses to run their credit card transactions.

Visa Sanctions: Heartland Issues Statement

March 13, 2009 by ADMIN · Leave a Comment

STATEMENT FROM HEARTLAND PAYMENT SYSTEMS
March 13, 2009

Heartland was certified as PCI-DSS compliant in April 2008 and expects to continue to be assessed as PCI-DSS compliant in the future. We’re undergoing our 2009 PCI-DSS assessment now, which Heartland believes will be complete no later than May 2009 and will result in Heartland, once again, being assessed as PCI-DSS compliant.

Categories
- Anthony M. Freed (26)
- Bill Brenner (2)
- Bob Violino (1)
- Bozidar Spirovski (23)
- Breach (540)
- Britt Womelsdorf (5)
- By Dr. InfoSec (2)
- Cara Garretson (7)
- CCCNews (1)
- Chorey Taylor & Feil (8)
- Christophe Veltsos (2)
- Christopher Burgess (7)
- CIOZone (26)
- Class Action Lawsuit (111)
- Cloud computing (113)
- Coby Royer (5)
- CTO Forum (9)
- D&O Liability (601)
- Daniel Wallace (5)
- Danny Lieberman (11)
- DataLine (10)
- David Alexander (2)
- Derek Crawford (1)
- Doug Pollack (7)
- due diligence (310)
- Fame Foundry (1)
- FEATURE ARTICLE (428)
- Financial (587)
- Fred Leland (7)
- Gene Kim (3)
- Government (373)
- Greg George (5)
- H1N1 (15)
- hackers (539)
- healthcare (134)
- Heather Bourgoin (1)
- HomeATM (8)
- identity-theft (535)
- IDExperts (17)
- Ike Z. Devji (1)
- Infosec Island Network (38)
- Insider Threat (490)
- Internet Crime Complaint Center (1)
- Internet Security Alliance (71)
- ISR News (321)
- Jacqueline Herships (2)
- Jenni Hesterman (3)
- John M. Salomon (2)
- John Watkins (7)
- John-Patrick Skaar (2)
- Kaliber Data Security and Compliance Consultants (3)
- Kat Sanders (2)
- Ken Leeser (3)
- Kevin L. Jackson (10)
- Kevin M. Nixon (21)
- Larry Ketchersid (1)
- Laton McCartney (7)
- Lauren Taylor (1)
- Linda McGlasson (1)
- malware (501)
- Mark Smail (1)
- Mark Wright (1)
- Mel Duvall (3)
- Michael Eggebrecht (3)
- Michael Lohr (1)
- Michael O'Conner (4)
- MicroSolved (1)
- Mike Duncan (3)
- Mike Meikle (4)
- Mike Spinney (1)
- Military (211)
- national security (453)
- PCI (308)
- PCI Security Standards Council (32)
- Physical Security (11)
- privacy (552)
- Rachel James (10)
- reach (11)
- Rebecca Herold (16)
- Richard Stiennon (44)
- Robert Siciliano (34)
- Sarbanes-Oxley (502)
- ScamStop (2)
- Sean Wilkins (2)
- Semyon Dukach (1)
- Simon Heron (14)
- Software Associates (11)
- Steven Fox (19)
- SUPERAntiSpyware (3)
- Sybase (6)
- Symplified (5)
- The Jester (8)
- The Privacy Professor (16)
- Thomas R. Fox (8)
- Tom Groenfeldt (2)
- Tom McLain (2)
- Trefis (14)
- Tripwire (18)
- Uncategorized (621)
- virtualization (101)
- Webcast (49)

Information Security Resources