Blog

User Emails Lost Before Launch of CurrentC

Emails were sent out last week to an undisclosed number of beta testers for CurrentC, the MCX alternative to Apple Pay (but also any company using NFC technology like Google Wallet), advising that unauthorized third parties had obtained their email addresses. The news came days after MCX retailers pulled in-store support for other third party payment systems. Not a huge breach, to be sure, but neither a great first branding step for a group that seeks to position itself as

Read More >

Home Depot – Right on Target? Not Quite.

The Home Depot breach could have been much, much worse. And the emerging details surrounding the breach have taken on a theatrical air. Similar Tactics, Different Haul In many ways, the breach perpetrated on Home Depot rings familiar to watchers of the Target breach. Point-of-Sale, or POS, machines were compromised by a version of the same BlackPOS malware used to infiltrate Target. Unlike that breach this attack had time to get nestled in as hackers skimmed data undetected from April

Read More >

The Target Breach Eight Months On – Who were the Biggest Losers?

Target was one of the largest victims of recent security breaches until the recent Home Depot breach this past September. Before we look at the Home Depot’s perfect security storm (tune back next week!), let’s review Target’s timeline. Timeline Target, like several other retailers was hacked not by approaching the central, well-secured network, but by coming up from the roots. Hackers installed malware on the Point-of-Sale machines in 1,800 stores using a program called BlackPOS – one that would later

Read More >

MITM

Bypassing Passwords with Man-in-the-Middle

Man-in-the-middle is a type of attack used by spy organizations and professional criminals alike to bypass passwords, steal login information, record private messages, move funds… Essentially, man-in-the-middle attacks can have an effect on any aspect of web-traffic. They are invisible and very difficult to detect. How it works: Normal web traffic should flow from a user’s computer (Point A) to a web app or service (Point B). The response then flows back. Man-in-the-middle attacks exploit the space between those points to

Read More >