In this article we will try to understand what constitutes a data breach, what are the laws in various countries relating to data breach disclosures, what are the laws in various countries relating to data breach penalities, what are the prevalant regime of data breach penality in practice.
Continue reading “Understanding Data Breaches, notification laws and related penalities”
Tech Terminology De-mystified – Big Data
Big data usually includes data sets with sizes beyond the ability of commonly used software tools to capture, curate, manage, and process the data within a tolerable elapsed time. Big data sizes are a constantly moving target, as of 2012 ranging from a few dozen terabytes to many petabytes of data in a single data set. The target moves due to constant improvement in traditional DBMS technology as well as new databases like NoSQL and their ability to handle larger amounts of data. With this difficulty, new platforms of “big data” tools are being developed to handle various aspects of large quantities of data.
Continue reading “Tech Terminology De-mystified – Big Data”
Top 4 Precautions Businesses should take against Cyber Crime – Phishing
It will be a cliche to say that cyber crime has been on the rise in India. So, instead of re-hashing/ lamenting about it, we will look at a few ways in which businesses can protect themselves against cyber crime.
Continue reading “Top 4 Precautions Businesses should take against Cyber Crime – Phishing”
$45 Million Heist – Card Data Stolen – Banks to be Alert
45 Million USD was withdrawn using cloned pre-paid cards in 2 seperate but reportedly connected operations. Hackers first got into the systems of the card processors and extracted magnetic strip card data and PIN numbers. Cards were then cloned using the stolen data and dispatched to “cashers” around the world. Hackers also raised or removed balances and withdrawal limits associated with these cards. So, the “cashers” had in their possession essentially ‘unlimited cards’ which they could use to withdraw any amount of cash. At the designated time, “cashers” all over the world struck ATM machines and began to relentlessly withdraw cash from ATMs. The New York cell of “Cashers” alone was responsible for 2.8 Million USD. Incidentally, Mastercard pre-paid card data was stolen in both operations. It is reported in the media that, at some stage, Mastercard alerted the US Secret Service.
Continue reading “$45 Million Heist – Card Data Stolen – Banks to be Alert”
WiFi Protected Setup PIN brute force vulnerability
US-Cert has put out a vulnerability note during December 2011 regarding a brute force attack against wireless routers. The vulnerability was first discovered by Stefan Viehböck and was subsequently independently reported by Craig Heffner. Craig and his team have now released their tool “Reaver” over at Google Code which helps with the brute force attacks.
Continue reading “WiFi Protected Setup PIN brute force vulnerability”
Are QR codes safe to use?
QR – Quick Response – codes look like this:
The new Common Weakness Scoring System – CWSS
When a security analysis of a software application is performed, such as when using an automated code auditing tool, developers often face hundreds or thousands of individual bug reports for weaknesses that are discovered in their code. In certain circumstances, a software weakness can lead to an exploitable vulnerability. For example, a buffer overflow vulnerability might arise from a weakness in which the programmer does not properly validate the length of an input buffer. This weakness only contributes to a vulnerability if the input can be influenced by a malicious party, and if that malicious input can copied to an output buffer that is smaller than the input.
Continue reading “The new Common Weakness Scoring System – CWSS”
Operation Shady RAT
McAfee revealed a 5 year cyber-espionage campaign it called “Shady Rat” which it claims have affected upto 72 organisations in 14 countries. Organisations affected by the Shady Rat are said to have lost emails, design plans, strategy documents etc. McAfee reports that this is a hack of unprecedented propotions and that advanced persistent threats are to blame.
Lessons from the Sony Playstation Network Hack
Sony Playstation’s network was hacked into about a week ago. Read on for a CIO’s checklist.
Continue reading “Lessons from the Sony Playstation Network Hack”
Tech Terminology Demystified – Identity Theft
Identity theft is a form of fraud or cheating of another person’s identity in which someone pretends to be someone else by assuming that person’s identity, typically in order to access resources or obtain credit and other benefits in that person’s name. The victim of identity theft (here meaning the person whose identity has been assumed by the identity thief) can suffer adverse consequences if he or she is held accountable for the perpetrator’s actions. Organizations and individuals who are duped or defrauded by the identity thief can also suffer adverse consequences and losses, and to that extent are also victims.
Continue reading “Tech Terminology Demystified – Identity Theft”