Category Archives: Security

Security

Hotels Targeted (Again)

Leave a comment

I start my Top Ten Breaches presentation with data analysis and a review of what gets attention in the news. It does not always map to what I find when I look at the actual breach reporting databases.

Here is an example of what I like to dispel and clarify: Credit Card Hackers Visit Hotels All Too Often

A study released this year by SpiderLabs, a part of the data-security consulting company Trustwave, found that 38 percent of the credit card hacking cases last year involved the hotel industry. The sector was well ahead of the financial services industry (19 percent), retailing (14.2 percent), and restaurants and bars (13 percent).

The first question is what percentage of Trustwave customers are Hotels. Next question is whether payment card breaches are the only subject of the study (versus PII, etc). Then I would want to know, depending on the first two answers, the sample size…and so on.

It is plausible that Trustwave releases this kind of study to drive more business to their Hotel security and breach response team. The full set of data might show educational institutions and government agencies are breached more often, but Trustwave could isolate a data set most relevant to the services they sell (or it may just turn out to be the only data they have). Without reading the report it is hard to say what assumptions were made.

That is why I find the news better for anecdotes about the individual breaches. However, I find it odd in this case that the NYT reporter is quoting from ABC News instead of a primary source:

Last month, Destination Hotels and Resorts, a chain of luxury properties in the United States, notified customers that credit cards “may have been compromised.”

ABC News reported that Destination had been victimized by “an intense database attack that lasted over three months,” and quoted law enforcement authorities saying that losses, which totaled hundreds of thousands of dollars, averaged $2,000 to $3,000 on each of the estimated 700 credit card numbers stolen.

Food, Security

Fungus of Death

1 Comment

Scientists claim to have solved the mystery deaths in China

Families, who make their living by collecting and selling the fungi, eat the Little White as it has no commercial value – it is too small and turns brown shortly after being picked.

A campaign to warn people against eating the tiny mushrooms has dramatically reduced the number of deaths. There have been no reported deaths so far this year.

It is not just about the mushroom. The article ends with a twist.

…the toxins could be acting together with high concentrations of barium, a heavy metal, in the local water supply

Uh, that does not sound very good either. Will there be a warning about the water too? Barium is said to cause the symptoms blamed on the mushrooms.

All water or acid soluble barium compounds are poisonous. At low doses, barium acts as a muscle stimulant, while higher doses affect the nervous system, causing cardiac irregularities, tremors, weakness, anxiety, dyspnea and paralysis.

Some are not affected by it, apparently, while others are very sensitive, which must make the investigation difficult. This new killer mushroom discovery sounds much more interesting than yet another pollution story, but perhaps it will still bring attention to the need for better water quality.

Security

Zeus Bot v3 Alert

Leave a comment

CA warns that the bot has been revised to be more resistant to reverse engineering and more focused:

The latest Zeus bot configuration contains list of targeted financial institution from Spain, Germany, United Kingdom, and USA. The previous versions contains all the list of financial institutions from different countries around the world, while the new version only contains two targeted countries and currently paired as: Spain-Germany and UK-USA

One could guess that these targets are derived from the success of past bot versions. Attackers are evolving their product for better return margins.

Energy, Security

OPOC Motor Revolution

Leave a comment

What do you get when you cross a Volkswagen modern diesel engineer with an electric vehicle engineer from GM?

If you guessed a hybrid electric-diesel we have all been waiting for, you are wrong. No, this dynamic duo has reinvented the two-stroke engine using the horizontally-opposed piston concept from diesel engines of the early 1900s.

Interestingly, the OPOC engine design was conceived by Peter Hofbauer, the former Volkswagen powertrain engineer that designed the German automaker’s first high speed diesel engine. Additionally, EcoMotors’ CEO, Don Runkle, is a former employee of General Motors and one of the key men behind the EV1 all-electric car.

They call it the OPOC (Opposed Piston Opposed Cylinder)? Heh. Sounds like they have a sense of humor. I wonder if EcoMotors International will allow anyone to name a vehicle the Alypse.

The article suggests the OPOC will run diesel or gasoline. Who would bother with gasoline? That might be the biggest news of all. Small efficient diesel engines everywhere! Most excitement right now seems to be directed towards the efficiency of the engine (50% higher) and the big money backing the company ($23mil from Bill Gates and Vinod Khosla). Maybe they had to include gasoline in the business plan to get support.