by Jesper Kråkhede, Sweden
Posted in Business, Compliance, Security Architecture on Nov 27th, 2009
New laws are emerging in Europe that has its origins in US. Those state that companies and organizations that experience a breach where information is lost have to go public in one way or another. This means that public humiliation and loss of face will be a cost to take into account and also the […]
Posted in Compliance on Mar 24th, 2009
Finally skimming has reached unmanned gas stations in Sweden. I have wondered the last years why the criminals decide to go for the ATM: s that has camera surveillance when there are so many unmanned gas stations and other units in Sweden. Hopefully this will force all gas companies to start changing all their payment […]
Posted in Compliance on Mar 18th, 2009
Read an interesting article about how card readers where manipulated either in production process or just afterwards making the signs of manipulation almost undetectable unless the readers where weighed. This of course means that there still is a lot of money to make in the area of credit card scams and that working towards being […]
Posted in Compliance, Security Architecture on Feb 11th, 2009
A rather interesting phenomenon has surfaced recently: skimming using a mobile phone. It is very simple to do this. Just take a picture of the front and back of the card and your done. The information printed on the card is enough to make purchases on for example poker sites and such where money easily […]
Posted in Compliance on Oct 13th, 2008
I read a very interesting article today regarding a very interesting manipulation of payment terminals. The fraud was very complicated and had an international reach. From a PCI DSS perspective this is more or less not handled today. Yes, the terminals should be PED approved but what if the supplier has a security breach or […]
Posted in Compliance on Jul 20th, 2008
I was on vacation in Turkey just recently and just for fun brought all my credit cards with me just to see how the shops respond to cards. I could state that the tourist shops in Turkey are 100 % PCI DSS compliant because they do only accept cash. In every store I was pointed […]
Posted in Compliance on Jun 9th, 2008
In an article today in a Swedish newspaper there was an interesting story about a rather large site that was used to test CVV-codes. Someone was able to make test purchases for small amounts and test the CVV-code. As the CVV code is only three digits it is rather simple to brute force the CVV-code. […]
Posted in Compliance, Security Architecture on Mar 4th, 2008
Last week there was a credit card incident in Sweden at a large retailer. Sometime during the day a few cashiers noticed something strange with the EFT-terminals. A further inspection revealed that the terminals had been manipulated to capture and send the credit card information to a wireless unit. The police said that persons behind […]
Posted in Compliance, Computer Forensics, Security Architecture on Feb 23rd, 2008
Encrypting the hard drive on a computer has for long been a way to secure the contents of a laptop. Today I saw an video and read a rather disturbing whitepaper here on how to break different encryption schemes like Microsoft Bitlocker, Truecrypt and Applecrypt by simply rebooting the computer with an attached USB drive […]
Posted in Compliance on Dec 31st, 2007
Susan Bradley, a Microsoft Small Business Server MVP, wrote a blogentry regarding if you could get a SBS server compliant. She concludes that it is more or less impossible due to requirment 2.2.1 Implement only one primary function per server (for example, web servers, database servers, and DNS should be implemented on separate servers) and […]