Wednesday April 27, 2011
I haven't been able to access any online content lately on my PS3 and now I know why.
Sony released an official statement on their blog yesterday informing gamers that there had been a massive data breach involving PlayStation Network (PSN) users' personal information. Sony has since shut down the Playstation Network while an outside security firm investigates the breach.
With regards to the big question of whether or not credit card information was stolen in the breach, Sony stated: "While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility."
For full details on exactly what data may be involved, see Sony's response regarding the PSN data breach
Thursday April 21, 2011
In something that would appear to be a plot element in an episode of CSI, researchers have discovered that there is a database file on your iPhone that captures your location and stores it so that someone who accesses this file could literally retrace your steps to see where you have been.
According an article on Macrumors.com, forensic investigators have known about the availability of this file for some time. Investigators likely use this data to check suspect's alibis to see if they hold up. They no longer need to ask questions such as "Where were you the night of 12th" now they just say "hand over your iPhone so we can pull the consolidated.db location tracking file"
If you are curious about how much location data is captured in the location tracking file, you can download an app developed by the researchers who discovered it. Their app will let you pull this file off of an iPhone backup file made in iTunes and show you your travel history on a map. Scary stuff, right?
The big question is why does apple feel the need to store this data? Is this a law enforcement partnership? Are they planning on selling this data for targeted marketing? Enquiring minds want to know. We're looking at you, Steve.
Monday April 18, 2011
File this one under physical security. I know it's not really network security related, but this is just too cool not to share. I thought I had seen everything in the security world until I stumbled upon a new type of theft deterrent called a "security fog".
It's literally what it sounds like. A special type of fog generator, similar to those used at rock concerts, is placed in the area you want to protect. When an alarm is triggered, the room fills with a thick dense fog that effectively blinds would-be thieves. The theory is "if they can't see it, they can't steal it".
Judging by the videos at FlashFog Security's website it appears to be an extremely thick and rapidly deployed fog that is supposed to hang around for about 45 minutes before clearing up. The fog is supposedly safe around electronics, food, and people and does not leave any residue on anything. The system also features a blinding strobe light that will further annoy the bad guys.
Monday April 11, 2011
The recent Epsilon data breach involving millions of customer's names and e-mail addresses is a gold mine for cybercriminals planning targeted phishing attacks.
Why is this so? The main reason: now that the bad guys have names and emails for customers from big names like Verizon, Best Buy, Chase, Citi, Marriott, and many others, they can use this information to specifically target individuals to try and obtain credit card numbers, social security numbers, and other personal information.
Normally phishing attacks are a little easier to spot because you might get a phishing e-mail for a bank you don't even use because most phishers just "shotgun" out their phishing messages to anyone and everyone. The information gained in the Epsilon hack is for actual customers and correlates names with e-mails. Phishing messages created using the Epsilon information will look much more official and convincing, which may result in a higher percentage of successful attacks.
Suggested Reading:
Protect Yourself From Phishing Scams