For those of you that weren’t aware, this past weekend the long-running Defcon convention (historically started with only “hard core” hackers in attendance, but now huge numbers of information security pros and law enforcement attend) was held in Las Vegas.
Some MIT students, Zack Anderson, R.J. Ryan and Alessandro Chiesa, were scheduled to talk about “Anatomy of a Subway Hack,” detailing a school project they did, and received an “A” on, that showed how the Massachusetts Bay Transportation Authority (MBTA) cards could be hacked to basically change a $1.25 MBTA fare card to a $100 fare card.
Well, the MBTA got wind of this…actually the MIT students contacted them in July to tell them about this security flaw, as well as let them know they were giving a presentation about it…and filed an injunction last Friday to keep the MIT students from giving their presentation on Sunday.
But guess what? Yep…I bet you can see this coming…
Posts Tagged ‘security training’
What Happens On The Internet Stays On The Internet…No Matter What A Judge Says!
Tuesday, August 12th, 200840+ Million Credit Cards Stolen Using Wardriving…This Is Nothing New, Folks!
Wednesday, August 6th, 2008Okay, lots and LOTS has already been written about the DoJ press release yesterday, “Retail Hacking Ring Charged for Stealing and Distributing Credit and Debit Card Numbers from Major U.S. Retailers: More Than 40 Million Credit and Debit Card Numbers Stolen.”
But, I still want to put a few thoughts out about this…
40+ Million Credit Cards Stolen Using Wardriving…This Is Nothing New, Folks!
Wednesday, August 6th, 2008Okay, lots and LOTS has already been written about the DoJ press release yesterday, “Retail Hacking Ring Charged for Stealing and Distributing Credit and Debit Card Numbers from Major U.S. Retailers: More Than 40 Million Credit and Debit Card Numbers Stolen.”
But, I still want to put a few thoughts out about this…
Whose PII Is Covered Under the EU Data Protection Directive?
Tuesday, August 5th, 2008I got a great question from a business friend of mine, and I wanted to provide my answer here, too, because it is something all multi-national organizations need to think about. Eric Nelson, who heads Secure Privacy Solutions asked, “If a company collects and manages PII from another country, e.g., India or the U.S., and transfers that PII to the E.U. for some type of processing or storage or even just transit, does the E.U. Data Directive apply once that PII leaves a country within the E.U.?”
Privacy Concerns Of Google Walking Directions
Monday, August 4th, 2008Last Friday afternoon I got a message from a Popular Science reporter, John Brandon, asking me if I thought that the Google walking directions feature created any privacy concerns. I was finishing a client deliverable at the time, but indicated I would answer him later in the day…which I did take the time to do late in the evening instead of doing other, more recreational, things. I heard no ackowledgment or response with him about the information I provided, but he did write an article about Google walking directions that was published today, “Google Walking Directions: a Privacy Concern?”
John did just confirm to me that he had received my message but too late to include in the article.
Here is the information I provided…
Privacy Concerns Of Google Walking Directions
Monday, August 4th, 2008Last Friday afternoon I got a message from a Popular Science reporter, John Brandon, asking me if I thought that the Google walking directions feature created any privacy concerns. I was finishing a client deliverable at the time, but indicated I would answer him later in the day…which I did take the time to do late in the evening instead of doing other, more recreational, things. I heard no ackowledgment or response with him about the information I provided, but he did write an article about Google walking directions that was published today, “Google Walking Directions: a Privacy Concern?”
John did just confirm to me that he had received my message but too late to include in the article.
Here is the information I provided…
New Website Seal For Companies Participating In The EU Safe Harbor Program
Sunday, August 3rd, 2008Something I’ve been spending a lot of work on this summer is creating management tools to help information security and privacy practitioners do their jobs more effectively and efficiently. In the past three months I’ve had over a dozen CISOs and CPOs call me and ask if I had specific types of tools to help them with their information security, privacy and compliance efforts and iniatives. One of the tools will help them with managing their programs and processes for, along with the many complex issues involved with, transferring personally identifiable information (PII) with any of the 27 European Union (EU) contries to the U.S. and other countries. One of the areas involved with tackling this issue is whether or not to participate in the Safe Harbor program.
So, I was very interested to read that the U.S. Commerce Department announced a new certification mark/seal for organizations to put on their websites to show that they have self-certified compliance with the Safe Harbor Framework requirements.
