by Jesper Kråkhede, Sweden
Posted in Methodology, Security Architecture on Apr 4th, 2013
A lot of public and financial services in Sweden utilise e-identity for authentication of users. In a newspaper in Sweden today there was an article (in Swedish) about a new way of committing fraud using this. In short fraudsters have managed to acquire an e-identity by applying for a bank account, possibly using false ID. […]
Posted in Security Architecture on Mar 20th, 2013
ATMs are wonderful machines! You insert a plastic card and it returns your card and a bunch on money. As they today are pressure sensitive you could also access internet and play games on it as shown in this video. About two years ago I was involved in creating a PCI DSS compliant security architecture […]
Posted in Methodology, Security Architecture on Mar 20th, 2013
The average time to spot a breach is 210 days. That is a terrible high number as the damage to an organisation probably is a lot higher. A hacker having 210 days to walk around inside the digital vaults in any company surely opens up for tremendous losses of information and assets. One of the […]
Posted in Security Architecture on Feb 20th, 2013
One of the more common questions I get is if their security is enough. In conjunction with that I get a perfectly matched risk analysis and a bunch of defined security mechanisms. Still, my answer quite often is: No, sadly it isn´t. It is quite easy to create good security for a single entity but […]
Posted in Business, Security Architecture on Jan 29th, 2013
I found a Swedish article today regarding how easy it is to put someone in personal bankruptcy in Sweden. As you may know Sweden is an open country where information is easy to find. To file an application for personal bankruptcy the only thing you need is to personally leave a birth certificate to the […]
Posted in Security Architecture on Jan 28th, 2013
It may come to a bit of a chock for you but internet is hostile! Yes, just put an unprotected server out there and it will be scanned within minutes and hacked quite soon afterwards. Still, this does not stop Barracuda Networks to include unprotected backdoors into their hardware. Using the account ‘product’ it was […]
Posted in Business, Security Architecture on Dec 8th, 2012
For South Carolina’s Department of Revenue it at least is worth far more than the $100 000 they wanted to pay for a CISO. The position was vacant for 11 month and during that time they were breached for a total cost of $12 000 000. That would be the salary for the CISO for […]
Posted in Methodology, Security Architecture on Nov 29th, 2012
The common user sometimes asks why people bothers with finding new vulnerabilities and creates Trojans. For a number of years ago that was maybe a valid question but today the answer is very easy: Money. And there is a lot of money to make in malware. A recent Java exploit was marketed for a five-digit […]
Posted in Security Architecture on Oct 31st, 2012
Some months ago I wrote a post regarding You3, a model to classify risks with regards to the targeting profile. Looking at bank attacks today we see that they are a lot more targeted and that they remain undetected for a lot longer. The real question is: why are the harder to detect? The most […]
Posted in Security Architecture on Oct 30th, 2012
During the last years we have seen numerous scams where different scammers try to trick us out give them money. Isn´t it Microsoft Security Department calling it´s a mover trying to get you to ship your table to UK. Whatever currently is the most successful scam. Ransomware has been a minor problem in the past […]