What you need to know for your personal cyber security life…
Number twenty-eight in a series of semi-regular daily current and topical computer threats that may affect your online, or even offline, digital and real life. Why cyber-security on SurvivalRing? Because EVERYTHING you do in your life everyday now is a part of the cyber world…even your offline plans. So, be aware, and pay attention. The bad guys WILL eventually get around to YOU…personally…so be prepared for it, by staying in the informational loop.
# # #
HEADLINES…for this issue…
- Probe finds KT website hacked 12 million times
- Chicago’s Trustwave sued over Target data breach
-
E-commerce security startup Forter lands $3M in funding from Sequoia Capital
- Full Disclosure Mailing List: A Fresh Start
- Why Cyber War Will Not and Should Not Have Its Grand Strategist
Probe finds KT website hacked 12 million times
http://koreajoongangdaily.joins.com/news/article/Article.aspx?aid=2986949
- JoongAng Ilbo
- March 26, 2014
The Ministry of Science, ICT and Future Planning said yesterday it confirmed that hackers accessed KT’s website more than 12 million times over the past three months.
The ministry announced the results of a public-private task force investigation into KT’s massive personal information leak.
The investigation found similar vulnerabilities at nine other KT websites, in addition to the main site, and discovered KT had not detected that hackers were accessing the site as many as 341,000 times a day.
Hackers collected personal information by adjusting customer account numbers using an ID and password from the Paros hacking program.
In order to gather as much personal information as quickly as possible, hackers were found to have created an automated program, which uses random numbers to search for customer service contract numbers.
[…]
# # #
Chicago’s Trustwave sued over Target data breach
http://www.chicagobusiness.com/article/20140325/BLOGS11/140329865
- By John Pletz
- On Technology
- Crains Chicago Business
- March 25, 2014
Trustwave Holdings Inc., a Chicago-based credit card security company, was sued alongside Target Corp. by banks who say they suffered financial damages when the retailer was hacked during the holiday shopping season.
Although the most serious allegations are leveled at Target, the suit alleges that Trustwave failed to identify deficiencies in the retailer’s IT systems. Trustwave’s software audits companies’ IT systems to make sure they comply with credit card security regulations.
The lawsuit is a blow to Trustwave, which according to the complaint says it has “performed more Payment Card Industry Data Security Standard (PCI DSS) Certifications than all other companies combined.”
It’s also the first time the company, which keeps a low profile and is loath to discuss its customers, has been publicly connected to the Target breach.
[…]
# # #
E-commerce security startup Forter lands $3M in funding from Sequoia Capital
- By Larry Barrett
- Between the Lines
- ZDNet News
- March 25, 2014
Forter, an Israeli security startup that provides online retailers with real-time e-commerce fraud prevention services, secured $3 million in Series A funding from Menlo Park, Calif.-based venture capital firm Sequoia Capital.
In the wake of catastrophic security breaches at major retailers, including Target and Neiman Marcus among many, many others, retailers online and off are scrambling to find more holistic and comprehensive security applications and processes to safeguard their customers’ credit and debit card accounts.
Forter’s founders, including CEO Michael Reitblat, first became acquainted with the prowess of behavioral data and cyber intelligence technology as intelligence officers in the Israeli Defense Force, before they went on to start Fraud Sciences, a fraud prevention company that was eventually acquired by PayPal in 2008 for $169 million.
Forter’s plug-and-play technology automates the review process by instantly analyzing customers’ profile and behavioral data in real time rather than relying on customer-provided data—which is often easy to falsify — to approve transactions.
[…]
# # #
Full Disclosure Mailing List: A Fresh Start
http://insecure.org/news/fulld
- March 25, 2014
Like many of us in the security community, I (Fyodor) was shocked last week by John Cartwright’s abrupt termination of the Full Disclosure list which he and Len Rose created way back in July 2002. It was a great 12-year run, with more than 91,500 posts during John’s tenure. During that time he fought off numerous trolls, DoS attacks, spammers, and legal threats from angry vendors and researchers alike. John truly deserves our appreciation and thanks for sticking with it so long!
Some have argued that we no longer need a Full Disclosure list, or even that mailing lists as a concept are obsolete. They say researchers should just Tweet out links to advisories that can be hosted on Pastebin or company sites. I disagree. Mailing lists create a much more permanent record and their decentralized nature makes them harder to censor or quietly alter in the future. Jericho from OSVDB and Attrition elaborates further in this great post.
Upon hearing the bad news, I immediately wrote to John offering help. He said he was through with the list, but suggested: “you don’t need me. If you want to start a replacement, go for it.” After some soul searching about how much I personally miss the list (despite all its flaws), I’ve decided to do so! I’m already quite familiar with handling legal threats and removal demands (usually by ignoring them) since I run Seclists.org, which has long been the most popular archive for Full Disclosure and many other great security lists. I already maintain mail servers and Mailman software because I run various other large lists including Nmap Dev and Nmap Announce.
[…]
# # #
Why Cyber War Will Not and Should Not Have Its Grand Strategist
http://www.au.af.mil/au/ssq/digital/pdf/spring_2014/Libicki.pdf
- Strategic Studies Quarterly (SSQ)
- The Strategic Journal of the United States Air Force
- Volume 8, Issue 1 – Spring 2014
- By Martin C. Libick
<
p>Even assuming the cyber domain has yet to stop evolving, it is not clear a classic strategic treatment of cyber war is possible, or, if it were, it would be particularly beneficial. The salutary effects of such classics are limited, the basic facts of cyberspace and cyber war do not suggest it would be as revolutionary as airpower has been, and if there were a classic on cyber war, it would likely be pernicious.
[…]