More on Heartland

Many experts continue to speculate on why it took so long for Heartland to identify and disclose the breach. According to the Storefront Backtalk report, the payment processor revealed the breach was first discovered in late October or early November, whereas previous statements indicated that it was only in the fall. The company has had two outside forensics teams and the Secret Service working on the problem for more than two months, and yet the “sniffer” software used to collect the data was located only last week.

Heartland Breach

Heartland Payment Systems acts as a payment gateway for credit card transactions for over 250,000 businesses. At some point a sniffer was installed in their data center intercepting all transactions. Some media outlets are calling this the “largest data breach ever”. They process “100 million credit card payments a month and more than 4 billion transactions per year” but currently have no idea when the malicious software was installed.

Conn. Teacher Cleared of Felony Endangerment in Pop-Up Case

The case against Connecticut substitute teacher Julie Amero has finally come to a close.  Prosecutors dropped the felony charges against her, but the agreement called for a guilty plea to a misdemeanor charge of disorderly conduct and surrender of her state teaching credential. Amero had previously been convicted of endangering minors and faced 40 years […]

Study Finds Security Policy Adherence Problems

A Cisco-commissioned study found that employees at businesses in 10 countries around the world are often unaware of their companies’ security polices, or the employees ignore the policies because they hinder productivity.  When surveyed about whether their companies had security policies, there was a 20 to 30 percent gap between responses from IT professionals and […]

Massive World Bank Comprimise

FoxNews (not one of my normal news sites… I promise) just posted a story entitled “World Bank Under Cyber Siege in ‘Unprecedented Crisis’“. The details are fairly chilling and include some amazingly upbeat quotes like… “While it remains unclear how much data has been pilfered from the bank, it’s a lot. According to internal memos, […]

Network Security Monitoring with Arpwatch

Arpwatch is an amazingly useful tool that promiscuously listens on a specified interface for arp broadcasts.  It takes what it learns and saves the the output in a database for later reference in the following format. mac_address ip unix_date/time hostname It will take any changes/additions and log them to /var/log/messages as well as optionally emailing […]