Today, travel industry giant Sabre Corp. disclosed what could be a significant breach of payment and customer data tied to bookings processed through a reservations system that serves more than 32,000 hotels and other lodging establishments.
Just another card data breach.
Today, travel industry giant Sabre Corp. disclosed what could be a significant breach of payment and customer data tied to bookings processed through a reservations system that serves more than 32,000 hotels and other lodging establishments.
0 Comments
I hope this new security feature will not be required to withdraw cash from ATM. I guess you know what I am thinking about...
The owner of the Holiday Inn and Crowne Plaza hotel brands has disclosed that payment card-stealing malware has struck about 1,200 of its franchisees' properties. Headquartered in Denham, U.K., IHG operates more than 5,000 hotels across nearly 100 countries. Here is the list of Hotels in Dallas, TX that have been affected by the credit card data breach: Crowne Plaza
Dallas Downtown 1015 Elm Street Dallas TX 75202 September 29, 2016 December 29, 2016 Holiday Inn Express Dallas Central Market Center 1521 Inwood Road Dallas TX 75247 September 29, 2016 November 14, 2016 Holiday Inn Express Dallas East - Fair Park 8703 East RL Thornton Freeway Dallas TX 75228 September 29, 2016 October 18, 2016 Holiday Inn Express Dallas/Stemmons Fwy(I-35 E) 2287 West Northwest Highway Dallas TX 75220 September 29, 2016 December 29, 2016 Holiday Inn Express North Dallas at Preston 6055 LBJ Freeway Dallas TX Another brick in the wall...
Video game giant GameStop Corp. [NSYE: GME] says it is investigating reports that hackers may have siphoned credit card and customer data from its website — gamestop.com. The company acknowledged the investigation after being contacted by KrebsOnSecurity. “GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website,” a company spokesman wrote in response to questions from this author. “That day a leading security firm was engaged to investigate these claims. Gamestop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified,” the company’s statement continued.
This article was originally published in The Analogies Project on May 16, 2016
Modern technologies allow a single person to write an application code and publish it on the Web so it will be accessible by millions of users worldwide. Most people know those tools very well: Amazon Web Services, Google Cloud Platform, just to name a few. But technological revolution is not limited just to geeks’ world. The publishing industry went through dramatic changes during recent years, and as a result, a single person is now able to write the manuscript and put it in print – meaning real print like paperback or even hardcover and not just PDF or Kindle. CreateSpace and Lulu are just two examples of such self-publishing platforms. In both cases, the final result looks like a professional product, at least at first glance. Detailed examination, however, will show a big difference in quality between a self-published and traditionally produced book. I am not against self-publishing at all. In fact, I published my first booklets using Kindle Direct Publishing, and I am still very proud of it. The question is what you are trying to achieve. If you are looking for fast results, and you are an extremely self-disciplined person, familiar with the process of professional publishing, self-publishing might work for you as it works for some best-selling authors. But if you are looking for 100% quality assurance as well as even wider and appreciative audience, professional publication most definitely will provide better results. “Writing is a solitary occupation, while publication is a group exercise.” – Madeleine Robins A whole team of experts, including a copy editor, content editor, technical editor, production editor, proofreaders, layout editor, cover designer, sales and marketing will make sure your book eventually looks, reads and sells much better than a self-made amateur creation. Those professionals, besides just doing their job, will communicate with you. They will scrutinize and polish your manuscript, word by word, line by line, paragraph by paragraph, and find and fix tons of misspellings and inaccuracies. You will check their work as well, and accept or sometimes reject their changes, to make sure they did not distort the original content. Such level of scrutiny is almost impossible to achieve by self-publishing, when an author interacts just with computer programs. In addition, a professional publisher will open the door to an even wider audience and additional markets by using their “tricks” that are not available to self-publishing authors – for example, book translation contracts. The pitfalls of self-deployment of application code might seem similar to those of book self-publishing (bugs and forgotten open ports in lieu of misspellings and inaccuracies), but the implications are even worse because the application security is at stake. In fact, various aspects of security are at stake. First of all, confidentiality. When developers deploy their own code, it is never tested for security vulnerabilities. Even if there is a well-established testing process in place, developers, if they have free access to production environment, will always try to find a way to install a patch or change the configuration without testing. And this line of code or open port will make a hacker’s day. There is another important confidentiality which is often overlooked: insider threat. If a single person has ultimate access to the entire process, from writing the source code to modifying the production environment, such a person essentially has the keys to the kingdom. She or he can implement virtually any backdoor, without fear of ever being caught. In a proper operational setup, where developers can modify the source code but cannot deploy it, and DevOps, on the other hand, can modify the production servers but cannot change the application code, creating backdoors becomes much more difficult task which requires collusion between two or more people. Such setup is called dual control. And finally, availability threat. This is probably the least obvious area which for some people does not even look like a security subject – mistake! The availability threat is even more real than the confidentiality one. Imagine a situation when there is a serious bug found in production which must be resolved as soon as possible. Developers find the problem and now they know how to fix it. As a first instinct, the easiest and fastest way to do it, especially during an emergency, is to give the developer access to production servers to finish the work and get back to normal. This is a completely wrong approach. What happens with the next release? There is a good chance that the fix will not be included because the developer forgot. It would never happen if the fix was delivered by DevOps because the update will go through a full release process. Such a condition is called separation of duties. Without implementing dual control and separation of duties in development operations, application security looks like a cheap self-published book: you can read it and understand the text, but there are a lot misspellings and inaccuracies. It’s easy to find self-published books at Amazon by just looking at the price: professional publishers cannot afford to sell their products for $0.99. Sooner or later, hackers will find a “self-published” app on the web using their tools. Thieves always look for the low-hanging fruit.
About The Analogies Project
The aim of the Analogies Project is to help spread the message of information security, and its importance in the modern world. By drawing parallels between what people already know, or find interesting (such as politics, art, history, theatre, sport, science, music and every day life experiences) and how these relates to information security, we can increase understanding and support across the whole of society. Why I Joined The Analogies Project I started writing about application security after I realized there is so little information available publicly so I had to conduct my own researches while it was obvious that other people have done the same things already. The problem still exists because most publications are aimed to expert audience. However, information security is not a theoretical science but rather the art of combining computer technology with human communication and psychology. Basic security principles are simple, they just need to be explained in layman’s terms.
Finally, PCI DS Council noticed that two factor authentication could resolve a lot of security problems and prevent a lot of breaches.
Recently, I had a discussion about information security, and somebody asked me “how’s bitcoin actually related to information security?”
Here is how bitcoin is linked to information security. First, bitcoin is an alternative payment system, which was created in order to resolve security problems of online payments, and theoretically can replace plastic cards everywhere, not just online. I hope everyone knows about security problems of payment card industry. If by any chance you don’t, read Hacking Point of Sale. Second, bitcoin and its own security based on cryptography, which is one of the most important subjects of information security. If you want to know more about bitcoin cryptography - read Bitcoin for Nonmathematicians. And finally, bitcoin is currently one of the main methods of payment on darknet marketplaces where bad guys sell results of bad information security: our stolen credit cards, medical records, bank accounts, etc. If you want to know more about darknet and data breaches… Well, perhaps I should start writing a book about it.
It did not take too long before another card data breach occurred, this time at Kmart.
The security experts report that beginning in early September, the payment data systems at Kmart stores were purposely infected with a new form of malware (similar to a computer virus). This resulted in debit and credit card numbers being compromised. |
Books
Recent Posts
Categories
All
Archives
October 2024
|