SEARCH RESULTS
 
Showing 1-8 of 8 records
1
 
Expand article

.. and now - PIN stealing..

2008-06-19 10:38:00 by Random InfoSec Guy in Security Coin
 
Once the bad guys figured out how easy it was to sniff unencrypted ATM and card authorization traffic to steal track data, and after making a killing with stolen card numbers, they began setting their sights on bank PINs. PIN numbers - thanks to ANSI's TG3 - are encrypted with a half decent algorithm (and they are looking to strengthen that even...
 
Tags: pin, pin reaches, pin offsets, fake pin pads, atm location, atm, bank pins, atm crime spree, access
 
 
 
 
Expand article

Chip & PIN terminals vulnerable to simple attacks

The Article has images
2008-02-26 20:33:32 by Saar Drimer in Light Blue Touchpaper
Steven J. Murdoch , Ross Anderson and I looked at how well PIN entry devices (PEDs) protect cardholder data. Our paper will be published at the IEEE Symposium on Security and Privacy in May, though an extended version is available as a technical report . A segment about this work will appear on BBC Twos Newsnight at 22:30 tonight We were able to...
 
Tags: peds, popular peds, protect cardholder data, peds processor, pin, cardholder data, data, encrypt data, governmental certification bodies
 
 
 
 
Expand article

Attack and Defense: Securing ASP.NET 2.0 Apps

2008-03-13 03:44:00 by Keith Brown in Security Briefs
 
Thanks to all who attended this DevWeek talk today. Here's a link to the demos I did, along with the tamper-detection code I showed you. Enjoy
 
Tags: devweek talk, link, enjoy, demos, code
 
 
 
 
Expand article

E-discovery Is an Information Lifecycle Management Problem, Not a Security Problem

The Article has images
2008-03-23 18:16:00 by Richard Bejtlich in TaoSecurity
...tamper-proofing and virtuous handling procedures and be pure as the driven snow for presentation in court simply isn't true Enterprises are not law enforcement and the cases they are usually involved in are not criminal ones. ESI comprises business records, and as long as it is stored in accordance with policy and as part of the normal IT...
 
Tags: information, information security, information security magazine, security, information security article, e-discovery, article, security circles, true
 
 
 
 
Expand article

ATM Communication - How Secure ?

The Article has images
2008-03-21 12:34:00 by Random InfoSec Guy in Security Coin
A while ago, I attended a class on PIN and Key Management for Payment Networks. ANSI has laid out strict guidelines (in their ANSI X9 TG-3 standards checklist, ANSI documents X9.8 and X9.24) for how a customer's PIN should be kept secure: how they should be stored on the card (store only the difference/offset of the encrypted PIN value and the...
 
Tags: pin, pin offsets, atm, pin translation, natural pin, key, key management, atm communications, encryption key
 
 
 
 
Expand article

I Am IronKey, and I Can Encrypt Anything

2008-05-22 00:00:00 by HASH0x8b58074 in Network World on Security
 
The IronKey USB flash drive is one of the most secure devices I've ever worked with, but simultaneously tries to be--and achieves being--among the simplest to interact with in achieving that security. The product, from the eponymous company IronKey, comes in capacities from 1 GB to 8 GB that encrypts data five ways to Sunday while achieving...
 
Tags: eponymous company ironkey, tamper evident, government certification, secure devices, one-year subscription, encrypts data, prices start, sunday, onboard
 
 
 
 
Expand article

Attack and Defense: Securing ASP.NET 2.0 Apps

2008-03-13 09:44:00 by keith-brown in Security Briefs
 
Thanks to all who attended this DevWeek talk today. Here's a link to the demos I did, along with the tamper-detection code I showed you. Enjoy Updated (20 Mar 2008) with new link
 
Tags: link, devweek talk, mar, enjoy, demos, code
 
 
 
 
Expand article

Attack and Defense: Securing ASP.NET 2.0 Apps

2008-03-13 09:44:00 by keith-brown in Security Briefs
 
Thanks to all who attended this DevWeek talk today. Here's a link to the demos I did, along with the tamper-detection code I showed you. Enjoy Updated (20 Mar 2008) with new link
 
Tags: link, devweek talk, mar, enjoy, demos, code
 
 
 
 
 
Showing 1-8 of 8 records
1
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia