[SecurityRatty] tag: verizon

Major Industries Drop The Ball On Data Security

Fri, 03 Oct 2008 10:10:17 +0000

Verizon, recently analyzed "four years of data from over 500 cases worked by the Verizon Business Investigative Response team," to produce a report that gives an in-depth look into how data breaches are occurring in four major industry groups: financial services, food and beverage, retail, and technology services.

Outsourcing Aids Many Data thefts, Verizon Says

Thu, 02 Oct 2008 00:55:00 +0000

The reliance of restaurant chains and retail stores on outside companies to handle credit-card processing and other information-technology functions is partly to blame for a rash of consumer data breaches over the last few years, according to data sleuths at Verizon Communications.

Does patch management need patching?

Tue, 30 Sep 2008 20:00:00 +0000

According to a recent estimate from Verizon, 90% of successful exploits these days involve vulnerabilities for which a patch has been available for six months or longer.

How carriers batten down the hatches for hurricanes

Wed, 03 Sep 2008 20:00:00 +0000

Picture what would happen if the multitude of hardhat-wearing network technicians you see in a typical Verizon commercial got swept up in a "Wizard of Oz"-style twister. In other words, think about how spread out telecom carrier infrastructure is and about how many different bases telcos have to cover to protect it all during natural disasters.

Open Letter to Verizon Wireless

Mon, 25 Aug 2008 11:43:00 +0000

After receiving no support from agents at the Verizon Wireless store or by agents on the phone, I decided to write them and make it an open letter. It’s no secret that Verizon has a great network, but it’s also no secret that their phone selection stinks. I don’t want to leave them and am hoping that whatever little bad press I can cause will encourage them to resolve the issue. If not, I’m tapping out. For 3 years I have hated my phone and loved their network. I’m ready to feel mediocre about both. Here it goes:

I am currently without a phone and would appreciate a speedy reply.

I have been a Verizon Wireless customer for over 5 years and my monthly bill easily averages over $200 during that time frame. While I love your network, I have been completely unsatisfied by your selection of phones. It is a stretch to say that my last phone worked—it had a feature called a battery that allowed me to switch from the car charger to my office charger without dying. And I waited—under duress—until I was allowed to purchase a new phone with the discount.

My current phone has a wonderful battery life, but this is the 4th time the charger has snapped off in the phone. The phone is fine, but I keep paying $30 for new chargers. I refuse to purchase another or wait until February when I will be eligible for a new phone. You sold a phone with a design flaw, and I’m not even asking for a refund or a free phone. Just allow me to take a chance on a new one at the 2 year contract renewal rate.

If not, I will gladly pay the early termination fee and leave Verizon. On general principle, I will spend more money canceling my account with you than I would likely receive as a discount on a new phone. As a customer, I consider it unacceptable that you sell inferior phones and leave me with no recourse.

The first time I waited haplessly to become eligible for a new phone. I will not suffer a second time. If you don’t like the fact that you will end up losing money by allowing me to purchase a new phone early, I suggest you take it up your vendors who supply you with awful products. I can promise you that we will both lose more money if you don’t.

Sincerely,

Eric Marvets

Scammers using Verizons name to bilk consumers

Thu, 21 Aug 2008 20:00:00 +0000

Verizon today released a statement warning consumers to be on the lookout for shady letters telling them that they have won a special sweepstakes and that a firm named “Verizon Financial” has authorized a payment to them of $750,000.

Verizon helps customers get a knack for NAC

Tue, 12 Aug 2008 03:00:00 +0000

Verizon Business is offering to help its customers deploy and manage network access control (NAC) technologies that grant users access to networks based not on their IP addresses, but on a combination of their identities, end points and behaviors.

Summarizing Zero Day's Posts for July

Fri, 08 Aug 2008 10:35:52 +0000

Different audience provokes different approach for communicating a particular event. In case you aren't reading ZDNet's Zero Day, where I blog next to Ryan Naraine and Nathan McFeters - join us.

Also, consider subscribing yourself to my personal RSS feed, or Zero Day's main feed in order to read all the posts. Here's a quick summary of my posts for last month :

01. Blizzard introducing two-factor authentication for WoW gamers
02. Sony PlayStation's site SQL injected, redirecting to rogue security software
03. 300 Lithuanian sites hacked by Russian hackers
04. Antivirus vendor introducing virtual keyboard for secure Ebanking
05. Gmail, Yahoo and Hotmail's CAPTCHA broken by spammers
06. Storm Worm's Independence Day campaign
07. Approximately 800 vulnerabilities discovered in antivirus products
08. $1 Million prize offered for cracking an encryption algorithm
09. U.K's most spammed person receives 44,000 spam emails daily
10. Storm Worm says the U.S have invaded Iran
11. Gmail, PayPal and Ebay embrace DomainKeys to fight phishing emails
12. Verizon, Telecom Italia, and Brasil Telecom top the botnet charts in Q2 of 2008
13. XSS worm at Justin.tv infects 2,525 profiles
14. Remote code execution through Intel CPU bugs
15. Ringleader of cybercrime group to be offered a job as cybercrime fighter
16. Spam coming from free email providers increasing
17. Kaspersky's Malaysian site hacked by Turkish hacker
18. Georgia President's web site under DDoS attack from Russian hackers
19. 75% of online banking sites found vulnerable to security design flaws
20. McAfee debunks recent vulnerabilities in AV software research, n.runs restates its position
21. Click fraud in 2nd quarter of 2008 more sophisticated, botnets to blame
22. How OpenDNS, PowerDNS and MaraDNS remained unaffected by the DNS cache poisoning vulnerability
23. DNS cache poisoning attacks exploited in the wild
24. The Neosploit cybercrime group abandons its web malware exploitation kit
25. OS fingerprinting Apple's iPhone 2.0 software - a "trivial joke"
26. HD Moore pwned with his own DNS exploit, vulnerable AT&T DNS servers to blame

Wee-Fi: Research on Digital Divide; NYC May Opt for Fiber for Housing Projects

Tue, 29 Jul 2008 10:40:02 +0000

Participate in a research survey on the role of wireless to shrink the digital divide: Gwen Shaffer, a Temple University (Phila.) doctoral student, is looking for responses from many kinds of stakeholders in building networks that have a purpose, at least in part, to extend Wi-Fi access. She notes that this could include community networks, non-profits, and for-profit firms like Fon. Personal information will not be collected, and she's looking to conduct in-depth interviews with some participants.

New York City considers plan to bring fiber to public housing residents: Wireless networks are definitely out in the recommendations of a private consultant to the city's Broadband Advisory Committee, ComputerWorld reports. They may opt to use $4m in a fund from Verizon and a potential $8m from the two incumbent cable operators.

The Perfect Storm

Thu, 17 Jul 2008 03:15:00 +0000

Its time to get your raincoats and lifeboats - the perfect storm is finished brewing - it is about to rain down upon us.

This may sound dramatic but I think that I may not be conveying the amount of pain that Information Security is about to receive. We will certainly have to step up our game.

Symantec and Verizon have done some interesting research into the underground hacker community and their findings are rather interesting. A bit scary too.

There is an entire community of totally different players that all work together to get from the point where a nerdy kid finds a vulnerability to where a hacker uses that to get into a PC, steal personal information and credit card details, sell them or use them and move on.

So far, it seems, that the community has been quite lazy and have just discarded company information to get to the credit card information and personal information (ID numbers, social security numbers, addresses etc).

This has provided us in Information Security with a perfect opportunity. We have been able to observe how hackers work while they have been taking information that is not our own. Companies that have credit card information have been the ones that were most under attack but those that don't handle credit card information have largely been ignored by hackers except for some members of staff who have been caught out but then they have only lost their own personal information.

There just really isn't a (black/underground) market for information that is not credit card or personal finance related.

However, it was always my feeling that the credit card/personal finance market would become saturated at some stage and the loosely-bound-but-still-very-organised-and-co-ordinated underground market would start to look elsewhere.

Essentially, the infrastructure is there for wide-scale information theft but the will wasn't there. I have thought this for a while my question was always - when will the will be there? When will Jack-the-hacker decide that credit card theft is no longer worth his time and start to deal in company information ?

Adrian Lane from Securosis thinks that the falling prices in the underground economy is humorous. I disagree. I look at it as very scary and the final puzzle-piece.

I think that the perfect storm is about to be unleashed.