A photo-essay on the NYC Subway can be found here. It really highlights the change in safety and security that is felt now. I frequently rode the subway in the 1970s and 80s and today’s experience is radically different. These photos really capture it.
Visa USA has released a best practices document for Payment Applications
As part of their due diligence, acquirers, merchants and agents should ensure that the payment application companies they use have passed a rigor of mature software processes including the Visa Top Ten Best Practices for Payment Application Companies, Version 1.0.
The top two problems are insecure remote access and vendor defaults.
A researcher from Kaspersky says their honeypot in Japan is seeing a large number of attacks attributed to China and South Korea. Does this correlate to other honeypots or is there a regional bias?
A few months ago we set up a new honeypot (http://www.mwcollect.org) in our Japanese research centre in Tokyo. The honeypot is mainly used to collect malicious Windows executables, which it does pretty well by emulating shellcode when it finds network exploits. A side effect of using the honeypot to listen on all ports is that we get statistics (as well as unexpected data) coming in on various network ports of the host, which has a global IP address. […] Take a minute to compare it to the previous graph! You can see that the number of MSSQL attack attempts is mirrored by attacks coming from China. And recently, South Korean hosts have joined this massive attempt to exploit the service.
Tempting to say that the Chinese and South Koreans are attacking the Japanese honeypot when in fact the source is probably elusive and mostly irrelevant.
Another massive spill, this one in Michigan. I remember process and security engineering used to look up to the oil and gas industry. Models for information security often borrowed concepts like fail-safe monitoring. Diagrams and images of oil rigs and pipelines were used to illustrate risk in terms of care and dilligence. The theory was the risk was so high for them, they had developed extensive controls. The BS7799 standard was even developed in a large part by oil companies, if I remember correctly, involved in the high-risk high-reward North Sea and Middle East operations.
The oil companies clearly have a very different public image these days. Oil spill update: State of emergency declared as 800,000 gallons of leaked oil begins flowing through Kalamazoo County.
County officials said they began an emergency response at about 6 p.m. Monday after news spread that a 30-inch oil pipeline in Marshall sprung a leak and released oil into the Talmadge Creek, which feeds into the Kalamazoo River. Houston-based Enbridge Energy Partners said the pipeline has been shut down but that did not happen before more than 800,000 gallons flowed into the creek.
The rate of flow must have been very high but a 30-inch pipeline still would take a while to lose almost a million gallons. Loss prevention has large body of scientific study for the oil and gas industry. What was the delay in detection and response? Maybe things have shifted so far now in the management of energy and risk that they could learn a thing or two from information security.