Friday, July 23, 2010

Opensource intrusion detection & prevention engine

The Open Information Security Foundation (OISF) has released version 1.0 of its open source intrusion detection and prevention engine – Suricata. The first stable release includes a number of improvements and new features over the previous development releases, such as support for DCERPC over UDP and the tag keyword. Unlike Snort, another popular open source network intrusion prevention and detection system, Suricata runs multi-threaded and offers a number of advanced configuration options.

The OISF is funded by several US agencies, such as the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology) and various members of the OISF Consortium, including a number of specialist IT security companies.

Tuesday, May 25, 2010

Facebook users prefer quitting the social network over privacy concerns.

A company called Sophos have claimed that numbers of Facebook users are having concerns about how the privacy is being maintained on the social networking site and how is it effecting them. Previously the company ran an online survey asking Facebook users if they would consider quitting Facebook over privacy concerns.

In response the survey concluded that sixty per cent of the users stated that thy would not hesitate to or would likely quit the social network if they had any lack of protection of their privacy. Sixteen per cent of the users stated that they had already quit the social network because they have had such issues in the past over privacy concerns. Only twenty per cent of the users stated that they would not quit the social network even having privacy concerns or it would be unlikely for them to quit.

In the past few weeks Facebook's use of user's data has been a very heated subject. The founder of Facebook Mark Zuckerberg in January justified in an interview that changes to the profile pages by claiming that previous concepts of privacy were simply outdated.

Earlier this month, the competition authority in the U.S, the Federal Trade Commission (FTC) announced that they have intended to take a closer look at Facebook's approach to data protection.

Facebook currently has more then 400 million users.

Friday, February 26, 2010

Credit card skimming attacks on pay-at-the-pump petrol stations

According to US media reports, criminals have launched large-scale attacks on petrol pumps with built-in card payment systems to gain access to card data. Similar attacks that involve the attachment of special skimming devices over the legitimate equipment to copy card data, have previously only targeted cash points. Attackers often obtain the PIN with a hidden camera or a secondary PIN pad placed over the machine's original keyboard.

In the current cases, skimming devices attached to petrol pump terminals are said to use Bluetooth to transmit the data to criminals operating near by. The attackers then use the skimmed details to forge cards and withdraw money from cash points. Approximately 180 petrol pumps with pay-at-the-pump functionality from Salt Lake to Provo are said to have been manipulated by the currently unknown perpetrators. Local police at one location say the modification to the pump was unnoticeable. The fraud was only detected when several attack victims could be traced back to having used the same petrol pump at a 7-Eleven station.

Petrol stations with pay-at-the-pump functionality are also becoming increasingly popular in Germany and in the UK there are a considerable number of installations. So far there have been no reports of successful skimming attacks on UK or German pumps.

Similar to existing terminals in retail outlets, many systems at petrol stations support EMV and encrypt the communication between the card's chip and the terminal to a certain degree to impede skimming attacks. However, the magnetic stripes, still included on most cards for compatibility reasons, allow the criminals to read out data they are looking for.

Whether the EMV method, or the magnetic stripe was used for making a payment is ultimately inconsequential to customers – they tend to get their money refunded regardless. The difference is only important for establishing liability in cases of misuse. If the card wasn't EMV enabled, liability rests with the card issuer, which is generally the bank. If, on the other hand, the card was EMV enabled but the terminal wasn't, liability rests with the retailer. However, UK researchers demonstrated only recently that the EMV process used with UK cards is also open to attacks.