“Privacy, Terrorism, Blowback, and Crime” – Where to start? April 10, 2012
Posted by Chris Mark in Industry News, Laws and Leglslation, terrorism.Tags: al qaeda, Chris Mark, fox news, mark consulting group, Raptor, security, terrorism
add a comment
There is an interesting story on the front page of Foxnews this morning where a self-proclaimed patriot hacker who calls himself “The Raptor” is “…waging his own war on terror..” by taking down online forums used by Al Qaeda sympathizers. Certainly, known, and admitted terrorist organizations are not in the public interest. This blog is not justifying their position their tactics, or anything else they do.
The purpose of this post is to question the value of an individual (if you believe his tweets) taking unilateral action and then basking in the attention given to his actions. While vigilante actions may have a visceral appeal to many (including this author, at times) do actions such as this exacerbate the situation? Additionally, one has to ask whether he is right in taking unilateral action? As an American my gut reaction is to applaud the person but upon closer review, I don’t know if his actions are positive or altruistic.
In espionage there is a term called Blowback that refers to the unintended consequences of a covert action. (more…)
Chinese MalWare Attacks Tracked to Individual March 30, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy.Tags: Chris Mark, cybercrime, cyberespionage, cybersecurity, LuckyCat, mark consulting group, PCI DSS, security
add a comment
According to a report on Foxnews today, TrendMicro has traced a MalWare attack aimed at Tibetan activists in Japan and India to a Chinese graduate of Sichuan University. The LuckyCat campaign has been active for about a year and compromised over 230 computers in 90 separate attacks. You can read the TrendMicro report here. According to TrendMicro: “The Luckycat campaigns targets include the aerospace, military, energy, shipping and engineering industries, as well as Tibetan activists and organizations. Given its technical similarities, Luckycat is believe to be a continuation of ShadowNet, also known as GhostNet, a Chinese cybercrime campaign that has been targeting Tibetan activists as well as the Indian government since 2009, Trend Micro said.”
2012 – Another “Massive” Credit Card Breach March 30, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy.Tags: Chris Mark, data breach, fraud, InfoSec, mastercard, PCI DSS, security, visa
add a comment
According to Krebsonsecurity, the payment card industry has been wracked by yet another massive data breach. The story says that Visa and MasterCard are alerting companies to a US processor that was breached. This, according to reports, is a breach of Track1 and Track2 data. For those unfamiliar with credit cards, track1 and track 2 data is what is known as “magnetic stripe data” and is used to counterfeit cards as it contains the sensitive authentication data necessary for retail (card present) transactions. This is the most dangerous and valuable data to criminals.
As stated on the site: “In separate non-public alerts sent late last week, VISA and MasterCard began warning banks about specific cards that may have been compromised. The card associations stated that the breached credit card processor was compromised between Jan. 21, 2012 and Feb. 25, 2012.”
Risk 101 and my new $500 Million Fortune- Goodbye Work! March 29, 2012
Posted by Chris Mark in Risk & Risk Management.Tags: Chris Mark, jackpot, lottery, mega millions, risk, risk management, security
add a comment
I have written a number of posts on risk and probability in the past. You can read them here. As I was on the phone with a good friend last night talking about buying our Mega Millions lottery tickets for the very first time, I was struck by how amusing the whole situation was. My wife and I were talking with our friends about a strategy to buy lottery tickets. I was talking about buying lottery tickets for the very first time! First, they don’t sell MegaMillions in Utah, and I have never played the lottery. Why? I recognize that the chances of winning are infinitesimally small. (~1 in 176 million) So what changed last night?
The MegaMillions lottery approached $500 million for the jackpot! Can you believe it? I am going to be $500 million richer in the next few days! I just feel it. I have the winning numbers! Odds be damned! Goodbye GlobalRiskInfo.com and hello life of luxury on my new super yacht Risky Business! (I even have it picked out and named) (more…)
BitDefender: “Anonymous is ‘good’ for security” – REALLY?! March 28, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation, Risk & Risk Management.Tags: bitdefender, Chris Mark, cybersecurity, mark consulting group, PCI DSS, security, slutwalk
add a comment
A March 14th, 2012 article on ZDNetAsia sums up one of the major problems with security. Specifically, it is the victims that are consistently blamed for the crime and the belief (very arrogant, I might add) that companies simply don’t care about security and this is why they are victimized. According to the article:
“Alexandu Catalin Cosoi, chief security researcher at BitDefender, for one, said that hacktivist group Anonymous has been “good” for security. This is because even though it had disclosed people’s personal information publicly online, the security breaches it organized had a positive impact, he added. Now, more companies are willing to secure their networks and private data, which is good news, he stated.” (more…)
Global Security, Privacy, & Risk Management 