The Most Important Cybersecurity Story

by kartook on March 19, 2015

There’s no doubt what the most discussed cybersecurity story of the month is—withbelligerent attackers, sophisticated counterhacks, corporate lawyers threatening journalists, speculation about the potential involvement of a rogue nation state,entertaining sniping about movie stars, and even real-world threats, the Sony data breach has all the excitement of one of the action-packed films pilfered from the studio’s networks.

121212112

At the far other end of the computer security sexiness spectrum—lacking every single one of those elements, and garnering maybe 0.1 percent of the media attention devoted to Sony—was another incident. Security researcher Brian Krebs reported last week that thousands of devices used to process credit card payments in the United States stopped working on Dec. 7.

There was no attacker behind the incident, which affected a specific brand of credit card terminals manufactured by Hypercom, which is now owned by Equinox Payments. The culprit: an expired digital certificate, created in 2004 and valid for 10 years. Digital certificates provide a crucial security function by assigning public keys to be used for cryptographic purposes, including digital signatures and encryption. The authority that issues those certificates determines how long the assigned key will be valid—in this case, 10 years—before the certificate needs to be replaced or updated.

Except that Equinox apparently didn’t realize it needed to update the certificate that is used in several of its devices to validate applications run when the systems are rebooted. When Dec. 7 rolled around, the payment card terminals simply stopped working. (Actually, it seems the terminals only detect the expired certificate when they are rebooted, so stores that haven’t restarted their payment terminals yet this month may still be in for a surprise).

“Given the age of these devices we are unsure of the precise numbers [of terminals affected],” Equinox vice president for payment solutions Stuart Taylor said, adding that though many of the terminals can be updated “in the field,” some need to be physically sent to a repair facility.

Taylor noted that though newer Equinox devices have certificates valid through 2022, Equinox is now doing an “audit of all of the certificates in all of the models that are out there, to ascertain the full matrix of certificates and expirations.” Meanwhile, the company is working to repair the affected terminals, and encouraging any affected retailers to report problems at their certificate expiry help page. But the machines go through “very extended distribution channels,” so it can be difficult to track them all down, Taylor said.

“To our knowledge, there has been no data breach or systemic problem associated with the service outage,” he added.

This is a textbook boring security story—an incident without a villain (and without any movie stars), with a moral focused on the importance of remembering and being able to update legacy systems. Except it’s also a story with really serious consequences for retailers across the country that were suddenly unable to process credit card transactions, going into one of the biggest shopping seasons of the year. (Several of them, Krebs reports, were initially worried that the malfunctioning machines had been caused by an intentional attack.)

It’s a story about our own security infrastructure—the certificates and public keys we rely on to protect our digital communications—turning on us and taking out a crucial piece of our commercial infrastructure that can apparently only be slowly and painstakingly restored through onerous updating procedures. Equinox vice president of payment solutions Stuart Taylor told Krebs that a “subset” of the affected terminals cannot be updated in the field.

It’s a story about the age and fragility of the payment processing technology we use, and the challenges of trying to roll out updates to those old technologies that we continue to depend on in lots of critical sectors from health care to commerce to the military, and even the challenges of remembering that we need to roll out updates to those decade-old technologies.

You see where I’m going with this—it may be without movie stars, but it’s not a boring story at all. It has the potential to be intensely disruptive, and even a little scary. It’s an incident that gets at the heart of several of the most profound and pressing computer security challenges we face—and too rarely discuss. Not that these kinds of security scares never make headlines—back in 1999, we actually spent a fair bit of time worrying about the possibility that a lot of computers might all suddenly stop working when we hit Jan. 1, 2000. But then, of course, they didn’t, and the Y2K scare became a sort of computer security punch line.

So it seems a little strange—and a little scary—to be talking, 14 years later, about an incident where thousands of computers spontaneously shut down at a predetermined time because they were old and no one had thought about preparing them for the future. In fact, it almost starts to sound like a plausible movie plot

{ 0 comments }

Azure : Azure Storage Explorer 6 Preview 3

by kartook on February 5, 2015

Azure Storage Explorer 6 Preview 3

Open Source

  • Now being run as a full open source project.
  • Full source code on CodePlex.
  • Collaboration encouraged

Azure

 

 

 

Very some important things to know :

  • Create / Delete Queues
  • List Queue Messages
  • Pop top Queue Message / Create or Copy a Queue Message
  • Added a configurable Content Type table that sets ContentType when files are uploaded to blob storage
  • Improved container blob listings to include all artifacts
  • Added ability to upload table entities (CSV, JSON, XML)

Download this Tool 

 

{ 0 comments }

Cisco ASA with FirePOWER Services

January 28, 2015

Cisco ASA with FirePOWER Services Protect against advanced threats while reducing complexity and cost. The industry’s first adaptive, threat-focused next-generation firewall (NGFW), Cisco ASA with FirePOWER Services, delivers integrated threat defense across the entire attack continuum. It combines proven ASA […]

Read the full article →

Vmware workstation -11.0

December 4, 2014

Introducing Workstation 11 VMware Workstation™ 11 continues VMware’s tradition of delivering leading edge features and performance that technical professionals rely on every day when working with virtual machines. With support for the latest version of Windows and Linux, the latest […]

Read the full article →

Sharepoint 2013 App Fabric

September 22, 2014

Ste p : 1 Install all prerequisites directly from Downloded  prerequisites folder in the download sequence, EXCEPT AppFabric and CU 1 for AppFabric and AppFabric1.1-RTM-KB2671763-x64-ENU AppFabric requires special configuration, therefore installing it usual way is not be enough for SharePoint. Install […]

Read the full article →

Enable SSH (Secure Shell) in Ubuntu 14.04 ( Trusty Tahr)

August 19, 2014

Enable SSH (Secure Shell) in Ubuntu 14.04 ( Trusty Tahr) -How-to-Guide This tutorial shows you how to enable SSH in Ubuntu 14.04 ( Trusty Tahr) you may already know, SSH is a secure communication protocol that lets you remotely access […]

Read the full article →

How to Remove Members from a vCenter Single Sign-On Group

July 7, 2014

Remove Members from a vCenter Single Sign-On Group : You can remove members from a vCenter Single Sign-On group from the vSphere Web Client. When you remove a member (user or group) from a local group, you do not delete […]

Read the full article →

How to gnome-fall back at ubuntu 14.04 LTS

July 7, 2014

How to gnome-fall back at ubuntu 14.04 LTS The Classic, now called Flashback session was quite popular in old Ubuntu versions .Many People like to use this same as like old gnome .   Here is the way how to Install […]

Read the full article →

E-Book :Introducing Microsoft SQL Server 2014

July 3, 2014

E-Book :Introducing Microsoft SQL Server 2014 ( Free ) In this book, the authors explain how SQL Server 2014 incorporates in-memory technology to boost performance in online transactional processing (OLTP) and data-warehouse solutions. They also describe how it eases the […]

Read the full article →

How To Log Off of Server 2012 on RDP Session

July 3, 2014

Open Powershell and type PS C:\> PS C:\> logoff        

Read the full article →