“This summer the Norwegian National Security Authority (NSM) discovered for the first time targeted computer attacks directed against internal process and control systems to ensure supply of electricity and water. Similar attacks were discovered in Germany and Belarus. EU’s cyber-security unit, ENISA, will in late October or early November carry out the first ever pan-European cyber security exercise.”
Despite widespread awareness of the impact of cybercrime, cyber attacks continue to occur frequently and result in serious financial consequences for businesses and government institutions.
How a digital copier can become a treasure trove for an identity thief, because they have a hard drive which permanently store all images which have been digitally printed, scanned, faxed, emailed or copied on that printer. Storing images on the hard drive can be a huge threat to the security of an organization and a serious breach to the privacy law when these printers need maintenance, needed to be returned at end of a lease period or simply retired without erasing the data from the hard drive.
Due diligence of erasing the data before an identity thief gets their paws on it is squarely falls on the shoulder of the organization who owns the digital printer.
Below is the video which optimize the risk of digital copier
by Reader’s Digest Magazine, on Thu Aug 12, 2010 Interviews by Michelle Crouch
Former identity thieves confess the tactics they use to scam you.
1. Watch your back. In line at the grocery store, I’ll hold my phone
like I’m looking at the screen and snap your card as you’re using it.
Next thing you know, I’m ordering things online-on your dime.
2. That red flag tells the mail carrier-and me-that you have outgoing
mail. And that can mean credit card numbers and checks I can reproduce.
3. Check your bank and credit card balances at least once a week. I can
do a lot of damage in the 30 days between statements.
4. In Europe, credit cards have an embedded chip and require a PIN,
which makes them a lot harder to hack. Here, I can duplicate the
magnetic stripe technology with a $50 machine.
5. If a bill doesn’t show up when it’s supposed to, don’t breathe a sigh
of relief. Start to wonder if your mail has been stolen.
6. That’s me driving through your neighborhood at 3 a.m. on trash day. I
fill my trunk with bags of garbage from different houses, then sort
later.
7. You throw away the darnedest things-preapproved credit card
applications, old bills, expired credit cards, checking account deposit
slips, and crumpled-up job or loan applications with all your personal
information.
8. If you see something that looks like it doesn’t belong on the ATM or
sticks out from the card slot, walk away. That’s the skimmer I attached
to capture your card information and PIN.
9. Why don’t more of you call 888-5-OPTOUT to stop banks from sending
you preapproved credit offers? You’re making it way too easy for me.
10. I use your credit cards all the time, and I never get asked for ID.
A helpful hint: I’d never use a credit card with a picture on it.
11. I can call the electric company, pose as you, and say, “Hey, I
thought I paid this bill. I can’t remember-did I use my Visa or
MasterCard? Can you read me back that number?” I have to be in
character, but it’s unbelievable what they’ll tell me.
12. Thanks for using your debit card instead of your credit card.
Hackers are constantly breaking into retail databases, and debit cards
give me direct access to your banking account.
13. Love that new credit card that showed up in your mailbox. If I can’t
talk someone at your bank into activating it (and I usually can), I
write down the number and put it back. After you’ve activated the card,
I start using it.
During a routine maintenance check in late February a 7-Eleven employee in Martinez found something that didn’t belong inside one of his gas pumps: a debit and credit card skimmer. Local authorities switched the device for a decoy, waited for the crooks to…
“We ended up getting 11 skimmers all together all over the Bay Area, the Peninsula and the East Bay,”
PCI SSC has pre-announced the summary of changes for expected PCI 2.0 in October 2010. Based on summary report most of the changes are clarification or guidance.
According to Bob Russo, general manager of the PCI Security Standards Council.
“This version is 2.0, and the connotation is that there will be major changes, but that isn’t the case,” he told CSNews Online in a telephone interview. Most of the changes are “clarifications” such as combining requirements 10 and 11 for the PA-DSS (Payment Application Data Security Standard), which the council found redundant.
“The standard is pretty strong at this point and is maturing, so there are no major changes this time around,” Russo said in the interview. “Basically we are releasing clarifications and explanations on how to comply further down the line.”
Time will tell if PCI SSC will allow organizations to pick controls based on their enviroment or risk appetite during risk management. Basically most of the industry icluding some government agencies are following risk based approach to address secrity risks. Instead of saying Yes at each control, SSC should give small organization some flexibility to pick contols which fits their needs, we might see higher rate of compliance in small to medium size businesses. Also risk based approch will help larger organizations to tie up PCI DSS to their existing security management system.
Remember PCI DSS still addresses the cardholder data infrastructure of an organization. Let’s hope the future versions will involve some guidance for small to medium size companies how to address risks outside the scope of PCI DSS.
Identity theft that targets children is rising. Here are five steps to protect your family
By Alissa Figueroa
Identity theft has grown into a multibillion-dollar problem. And it’s not only adults who are targeted.
At least 7 percent of the reported cases of identity theft target children. The number could actually be much higher, since many families don’t discover theft until a child applies for credit.
And the problem is likely to get worse before it gets better, the Associated Press reports, as identity thieves steal children’s dormant Social Security numbers and use them to create phony lines of credit and rack up debt, sometimes for years.
The scam, which has popped up only in the last year, is difficult to guard against, says Linda Foley, cofounder of the Identity Theft Resource Center (ITRC), an organization that offers counseling and resources to identity theft victims. The ITRC has seen a notable jump in the number of children identity-theft cases in the last year, reaching about 9 percent of its caseload this month.
“There’s no way to protect your child completely,” says Ms. Foley. That’s partly because these thieves are likely using sophisticated programs that mine for dormant numbers through school or doctor’s offices databases, which often require that children’s Social Security numbers be provided. And partly because tactics for selling the numbers are constantly evolving, making this kind of theft difficult to track.
Since credit issuers do not keep track of the age of Social Security number holders, they cannot alert families when a child’s number is being used. That’s something Foley’s organization has been trying to change since 2005, and a protection she considers vital for preventing child identity theft on a large scale.
There is some advice that parents can follow, though, to reduce the risk of identity theft:
1. Be cautious with your child’s Social Security number. Always ask why an organization needs the number and when possible, do not give it out. Be careful about which individuals, even friends and family, have access to your child’s number. Many identity thieves know their victims. Destroy extra documents that list your child’s number.
2. Talk to your kids about identity theft. Teach children not to divulge their personal information on the telephone and online.
3. Do not check your child’s credit report unless you have reason to believe there’s a problem. A minor should not have a report unless someone has applied for credit using that child’s Social Security number. To order reports unnecessarily can establish a credit report, opening a door to thieves, according to the ITRC.
4. Watch for red flags. If you receive pre-approved credit card offers or calls from collection agencies, run a credit report on your child immediately to see if there has been fraud.
5. Contact an identity theft specialist if you suspect a problem. There are several resources for families concerned with issues of identity theft. Visit the ITRC’s website for facts and information, or call its hotline at (888) 400-5530. You can also find information on the Federal Trade Commission’s identity-theft-prevention website.
HP EZ Check Laptop Case – TSA Approved – Black Protect your laptop in this HP EZ Check Briefcase, carry it-and your accessories in style. This case has been tested and meets the new Transportation Security Administration (TSA) guidelines for carry-on luggage.
Now you can travel through airport screening checks more quickly as you can keep the notebook inside the bag when going through the X-Ray
Fits up to 16″ laptop
Pad and cushion your laptop with the durable materials and nylon zipper
Zip through airport security with the checkpoint friendly design
Store accessories like as your AC adapter, mouse, extra battery, or Ipod in the front zippered pocket
Carry easily with the padded shoulder strap
15.7 inches Length X 11 inches Height and 2 inches Wide
This book will provide you with the fundamental knowledge necessary to comprehend overall network security posture and the basic practices in vulnerability assessment. This book will prepare you to take and pass the EC-Council Network Security Administrator (ENSA) exam.
Proactive vulnerability assessment is key to any organisation’s security posture. Constant assessment for potential weakness is required to maintain a security edge. New vulnerabilities in operating systems, software, hardware, and even human elements are identified and exploited every day. This book will give you the information necessary to master this skill.
Contents of the Book:
Web Security
E-mail Security.
Authentication: Encryption, Cryptography and Digital Signatures
Virtual Private Networks
Creating Fault Tolerance
Incident Response
Disaster Recovery and Planning
Network Vulnerability Assessment
Key Features and Benefits: * Will provide you with the fundamental knowledge necessary to comprehend overall network security posture and the basic practices in vulnerability assessment. Helping you to ensure your organisation is well protected.
* Using this book, as well as the other four books in the Network Defense series, to prepare for the ENSA exam you can ensure yourself of the best chance possible of passing on your first attempt.
* Includes Hands-On Projects to encourage you to problem-solve and apply your knowledge. Helping you to ingrain the information in your mind in a practical way.
Book Details:
Paperback: 192 pages
Publisher: Course Technology; 1 edition (April 14, 2010)
Language: English
ISBN-10: 1435483596
ISBN-13: 978-1435483590
Product Dimensions: 10.7 x 8.5 x 0.6 inches
Shipping Weight: 15.2 ounces
The Department of Homeland Security is quietly creating teams of experts charged with assessing the cyber security needs of power plants in the U.S. The question is why the secrecy? When plants vulnerabilities are known facts in both security and hacker communities, perhaps it is time to pay attention or impossible to ignore anymore even by DHS.
By Jaikumar Vijayan
The Department of Homeland Security (DHS) is quietly creating specialized teams of experts to test industrial control systems at U.S power plants for cybersecurity weaknesses, according to a report published today by the Associate Press.
According to the Associate Press report, DHS has so far created four teams to conduct such assessments, according to Sean McGurk, director of control system security. McGurk told the news service that 10 teams are expected to be in the field next year as the program’s annual budget grows from $10 million to $15 million.