NESP consultants had a very thorough understanding of the PCI-DSS requirement. (The word ‘encyclopedic’ comes to mind.) This was very helpful in areas where the written standard leaves room for interpretation. In those situations, they helped us to assess our risk and to develop practical solutions.
They brought strong operating systems and networking expertise. They quickly earned the respect of, and collaborated effectively with, our technical staff. Consistently their recommendations were technically sound.
The U.S. Secret Service is warning financial institutions about a new scam involving the temporary theft of chip-based debit cards issued to large corporations. In this scheme, the fraudsters intercept new debit cards in the mail and replace the chips on the cards with chips from old cards. When the unsuspecting business receives and activates the modified card, thieves can start draining funds from the account.read more
It’s Wednesday, and this week I have a particularly good selection of articles for your perusal!
On this week’s Training Talk: Active Killers
Tomorrow evening, April 5, be sure to tune into Training Talk on Personal Defense Network. My special guest expert this week is Joshua Gideon, and we’ll be talking about active killers: what can we do to stop them? We’ll be looking at the factors that motivate mass killers, some of the “red flags” that might …
A story published here last week warned readers about a vast network of potentially malicious Web sites ending in “.cm” that mimic some of the world’s most popular Internet destinations (e.g. espn[dot]cm, aol[dot]cm and itunes[dot].cm) in a bid to bombard hapless visitors with fake security alerts that can lock up one’s computer. If that piece lacked one key detail it was insight into just how many people were mistyping .com and ending up at one of these so-called “typosquatting” domains.
On March 30, an eagle-eyed reader noted that four years of access logs for the entire network of more than 1,000 dot-cm typosquatting domains were available for download directly from the typosquatting network’s own hosting provider. The logs — which include detailed records of how many people visited the sites over the past three years and from where — were deleted shortly after that comment was posted here, but not before KrebsOnSecurity managed to grab a copy of the entire archive for analysis.read more
Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants by the same name, leaked millions of customer records — including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number — for at least eight months before it was yanked offline earlier today, KrebsOnSecurity has learned.
The data available in plain text from Panera’s site appeared to include records for any customer who has signed up for an account to order food online via panerabread.com. The St. Louis-based company, which has more than 2,100 retail locations in the United States and Canada, allows customers to order food online for pickup in stores or for delivery.read more
It must be said that I’m not really a travel bug. Don’t get me wrong; I’m no hermit, but I don’t have the intense wanderlust many people do. I can appreciate it, even envy it to an extent, but I’ve never had it.
So it was something of an oddity for me to be reading an interview with globetrotter Anthony Bourdain titled “All the Things You’re Doing Wrong When You Travel”. It’s an interesting piece, full of little tidbits …
A story published here this week revealed the real-life identity behind the original creator of Coinhive — a controversial cryptocurrency mining service that several security firms have recently labeled the most ubiquitous malware threat on the Internet today. In an unusual form of protest against that story, members of a popular German language image-posting board founded by the Coinhive creator have vented their dismay by donating tens of thousands of euros to local charities that support cancer research.
On Monday KrebsOnSecurity published Who and What is Coinhive, an in-depth story which proved that the founder of Coinhive was indeed the founder of the German image hosting and discussion forum pr0gramm[dot]com (not safe for work). I undertook the research because Coinhive’s code primarily is found on tens of thousands of hacked Web sites, and because the until-recently anonymous Coinhive operator(s) have been reluctant to take steps that might curb the widespread abuse of their platform.read more
Take care when typing a domain name into a browser address bar, because it’s far too easy to fat-finger a key and wind up somewhere you don’t want to go. For example, if you try to visit some of the most popular destinations on the Web but omit the “o” in .com (and type .cm instead), there’s a good chance your browser will be bombarded with malware alerts and other misleading messages — potentially even causing your computer to lock up completely. As it happens, many of these domains appear tied to a marketing company whose CEO is a convicted felon and once self-proclaimed “Spam King.”read more
Another Wednesday, another collection of great articles to inform and educate about self defense, family protection, and preparedness!
Jump on in, the GPS water is fine!
There was a time when I was a die-hard GPS hater, but as the technology improved (and I learned how to use it most effectively) I changed my mind. There are times when compass triangulation doesn’t work, and times when GPS doesn’t work, so knowing how to do both (and how to …
For at least a decade I’ve subscribed to the idea that a teacher needs to be open to change, and that in fact one of the best ways to gauge the quality of a teacher is to ask what he (or she) has changed their mind about. If they’re learning, if they’re growing, they’ll experience evolution in their viewpoint. If they’re evolving, they should be able to point to something they teach now that they didn’t used to, or …read more
Multiple security firms recently identified cryptocurrency mining service Coinhive as the top malicious threat to Web users, thanks to the tendency for Coinhive’s computer code to be used on hacked Web sites to steal the processing power of its visitors’ devices. This post looks at how Coinhive vaulted to the top of the threat list less than a year after its debut, and explores clues about the possible identities of the individuals behind the service.read more