by Avivah Litan | May 14, 2013 | 6 Comments
The recently disclosed $45 million ATM worldwide cashout heist (see bankinfosecurity.com ) points to many practical business and technology issues that payment system participants face. Here are just a few of them: a) One of the more troubling issues of these breaches is the difficulty in determining the points of the network chain that were [...]
Category: Uncategorized Tags:
by Avivah Litan | May 2, 2013 | Comments Off
Just when you think you understand the trends in DDoS attacks, you hear about a new twist. Today’s latest versions are business logic attacks against primary online ticket sellers – those companies hosting the event or the ticket sellers selling on their behalf at retail prices. As anyone who has bought tickets on Ticketmaster or [...]
Comments Off
Category: Uncategorized Tags:
by Avivah Litan | April 4, 2013 | 9 Comments
I may be naive and uninformed (I’m not a network security analyst), but it occurs to me that the DDoS vendors need better modeling to distinguish good and bad traffic. It appears that they are rule based and can’t fend off DDoS attacks they haven’t seen or thought about already and therefore programmed a solution [...]
Category: Uncategorized Tags:
by Avivah Litan | March 14, 2013 | 1 Comment
That’s a viable hypotheses after hearing that the attackers only used one third of the bandwidth they had staged for their latest round of attacks against U.S. banks last Tuesday. Reportedly, on Tuesday the total size of the DDoS attack was 190 gigabits at one time, with the largest attack against a single bank at [...]
Category: Uncategorized Tags:
by Avivah Litan | March 6, 2013 | 3 Comments
Yesterday I had yet another call with a mega-retailer on safeguarding VOIP communications in the enterprise, per the PCI requirements. The problem is, if you don’t encrypt your VOIP traffic when you implement the telecom system (so that your entire corporate network is not in scope of the PCI audit), you are left having to [...]
Category: Uncategorized Tags:
by Avivah Litan | February 28, 2013 | 5 Comments
I just got back from the RSA Security conference in San Francisco, an invigorating gathering of security professionals which frankly – at least for me – is always a fun crowd to be around. My main takeaway is that the crimes and infractions we should be focused on are either very low or very high [...]
Category: Uncategorized Tags:
by Avivah Litan | February 14, 2013 | Comments Off
I know it’s been written about before in the book Startup Nation but having just returned from a two week trip to Israel, where I met with about 60 hi tech security startups and Israeli enterprise users of their technology – I can’t help but reflect on the keys to Israel’s success in this field. [...]
Comments Off
Category: Uncategorized Tags:
by Avivah Litan | December 21, 2012 | 1 Comment
Today the OCC put out an alert to its banks on the recent spate of DDoS attacks. The regulators acknowledged the existence of different attacker groups – some politically motivated and others financially motivated. They are also acknowledging that these DDoS attacks have in fact led to or been associated with fraud and customer account [...]
Category: Uncategorized Tags:
by Avivah Litan | December 18, 2012 | 2 Comments
There has been much talk at the banks and in the press around DDoS attacks allegedly sponsored by Iran and praised by Hamas, and an upcoming “Project Blitzkrieg” threatening costly online theft at 30 U.S. banks. While many in the industry ‘poo poo’ these threats, I have heard now from a few senior credible sources [...]
Category: Uncategorized Tags:
by Avivah Litan | November 21, 2012 | Comments Off
Everyone is relieved about the temporary ceasefire between Israel and Hamas and hoping it will hold. Pale as it may sound when physical safety is compromised, there’s been a continuous flow of DDoS attacks against Israeli government and business websites during the Gaza crisis. The latest one I heard about was today’s attack against the [...]
Comments Off
Category: Uncategorized Tags:
