There are several options available for wireless connectivity

• WiFi – While it’s a potential option, there’s a large number of tools available to detect rogue wireless devices.
• Cellular – Offers the ability to move data easily yet requires an ongoing contract and can potentially be tracked by law enforcement.
• Bluetooth – Cheap, can be purchased as a standalone card and most importantly, can be difficult to locate and detect.

Just as Bluetooth skimmers have become more popular, they are also much more difficult for the average consumer to detect.   These devices can be hidden inside of gas pumps, point of sale terminals, and other pen entry devices (PEDs).  Common techniques include placing the skimmer inside of the gas pump electronics bay or removing PEDs from retail locations and replacing them with tainted versions modified to specifically skim payment card numbers and PIN information.  Notice the gas pump shown below and how there is no external sign of tampering.

Bluetooth Credit Card Skimmer Placement

Inside the gas pump’s electronics bay, the criminal places the Bluetooth skimmer inline with the card reader so it is system powered and may reside there for months without detection.  The hacker must only drive by the location once a week or so and inquire the Bluetooth device to retrieve the stolen credit card data.

What can be done to prevent and detect these types of crimes?  Some gas stations have started placing seals on gas pump card readers to detect tampering.  Credit card companies have urged retailers to scan for Bluetooth devices.  While its possible to scan for Bluetooth addresses, the BD_ADDR, a combination of 12 alphanumeric characters, is going to be very hard to identify if the device is in non-discoverable mode.  This means these devices are not easily detactable and that consumers must practice care any time they are using card readers.  Consumers should consider using credit cards instead of debit cards when possible.  Credit cards offer a much greater level of protection should the credit card data be skimmed or exposed.

Over the next 48 hrs, authorities are able to determine that you and your family are not guilty of breaking the law. It turns out that your neighbor has been using your wireless Internet connection to access the family’s personal files and ‘borrow’ your cable modem and Internet bandwidth to download illicit content that law enforcement officials detected and then tracked back to your IP address.

While this may seem far fetched just last year a Minnesota man was sentenced to 18 years in prison for hacking into his neighbors’ wireless network and framing them for distributing child pornography and email threats against Vice President Joe Biden and other officials. These threats are real and there are a few tips to keep your family’s important files, personal information, pictures, and home computer safe from cyber theft and prying neighbors eyes .

1.  Wireless or Not? – If you are not using wireless devices in your home, it’s best to either use a wired (not wireless) network router or change your network router’s configuration so that the wireless radio is turned off.  With your Wi-Fi connection turned off, it won’t be possible for your neighbor to ‘borrow’ your Internet connection without being in your house.

2.  Password protection – If you are using Wi-Fi, you should change the router’s password to something that only you know.  As an example many Linksys routers ship with a default password of “admin.” Good cyber security begins by changing any wireless pass-phrases from their factory defaults to something only you know.

3.  Availability – If you are not home to use your internet connection, does it really need to be available to others?  Some network routers have Time-of-Day settings that allow you to restrict network/Internet access on certain days and in certain time periods.  This limits outside visibility and access to your personal network.  If you have an older router without this option or just don’t want to have to set this up, you could always power down the router when it’s not needed.

4.  Newer security and firewall technology – Wireless routers manufactured more than 2-3 years ago contain only weaker encryption technologies such as WEP.  WEP is insecure and has been broken.  Wireless hackers can access a WEP protected network in just a few minutes. If you are using onlder wireless gear you should replacing these Wi-Fi routers with one that supports WPA2 and/or AES encryption.

5.  Location – When possible, you may be able to maximize the wireless signal within your house and simultaneously minimize your vulnerability outside the home just by placing your wireless router centrally within your house and as far away from external walls/windows as possible.  While placing the access point by the front window may seem okay you may be transmitting a strong signal to others in surrounding houses and or passers-by on the street.

Keep in mind that the same practices that apply to your home networking environment may be even more important when it come to your small/medium size business and that the overall goal is develop a defense in depth strategy.  While business networking environments are usually much more complex, it’s still critical layer in security controls to minimize risk and eliminate vulnerabilities.  Superior Solutions‘ expert IT professionals and cyber security specialists are ready to help your protect your business from cyber crime and network intrusions today.

Global Payment Systems, an international payment systems processor, just reported a data breach that put over 1.5 million card holder accounts at risk.  Cyber security experts estimate that, while this intrusion was the largest in almost 2 years, over 3.4 million credit card numbers were stolen in the last 12 months alone.  Visa, MasterCard, and other issuers in the credit card industry have worked to establish a set of rules for both merchants (consumer-facing businesses) and credit processors like Global Payments.  These Payment Card Industry (PCI) rules have been in place for over 5 years but their content and their application have been evolving and becoming more complex.  The latest PCI version 2.0 standards are even stricter and apply to smaller businesses than ever before.

In order to meet these new rules or guidelines, smaller businesses have to implement new payment devices, update their network infrastructure, and to provide evidence that they are protecting customer’s credit card data.  It’s important to understand that this data is valuable to both cyber criminals outside your company or small business and possibly to malicious insiders and disgruntled employees.  It is critical to implement third-party IT security assessments and to periodically test your company’s internal and external (internet) security defenses.  Here are a few key actions that your company and/or small business can take to protect your customer’s data and payment information:

• Establish regular communication with your credit card processor – Your credit card processor should publish regular security updates and provide key actions necessary to ensure that your business complies with the latest PCI guidelines/standards.
• Schedule regular vulnerability assessments of your internal Information Technology (IT) – This would include a review of IT security risks, cyber threats, anti-virus, IDS/IPS, and firewall protection.
• Educate your business leaders and employees on cyber security – Obtain training and establish security policies that will implement a culture of cyber security awareness.  Where applicable your IT Security resources should be trained to identify and prevent cyber intrusions and advanced persistent threats from both internal and external sources.

Superior Solutions has both the tools and the expertise to help you secure and enhance the integrity of your information technology resources.  Whether you are in need of a security assessment, PCI audit, or user security training we can help. Contact us today and we’ll work with you to implement the right security network service plan for your business.

There are many reputable online tax preparation web sites and packages – TurboTax Online, HR Block at Home, TaxAct, and others.  Any of these online tax web sites will need to collect personal information from you in order to complete the process and file your taxes with the IRS.  That personal information is extremely valuable to people looking to steal your identity and commit identity fraud.  The key question becomes:  How do you prepare your taxes online and keep your identity safe?

Tip #1 – “Never use a public computer to file your taxes”

Tip #2 – “Be on the alert for aggressive tax prep emails in your inbox”

Tip #3 – “If using online tax software, look for SSL encryption and security authentication services such as VeriSign”

Tip #4 – “Always use Internet security software and be sure to scan your computer before you begin your taxes to insure you do not have malware or spyware on your computer”

Tip #5 – “Don’t use public WiFi to file your taxes.  Hackers look for sensitive information on free WiFi networks.”

Tip #6 – “Make sure your anti-virus is up-to-date.  There are many free options available if you do not have anti-virus currently installed.”

Always be sure that you’re careful with any of your personal data when you go online. Superior Solutions is helping businesses everyday in an on-going fight with hackers and data thieves to protect themselves and their customers (you) from harm.  Contact us today to schedule your Security Vulnerability Assessment.

* You can find additional information on these online tax safety tips and more HERE.

While not everyone is a cyber security expert, online security is something you should be very aware of.  Just as you would not go into a dangerous part of town without some sort of protection, or would avoid it all together – it is best to avoid websites you can’t verify how safe they are.  With common anti-virus/anti-malware software programs and by simply looking at the address bar of your web browser to spot the lock symbol and https in the browser bar, you can be reasonably sure that you are not heading down the “Scary Alley” of viruses or cyber attackers.

Major (brand name) websites like Amazon.com, Barnes & Noble and others spend a lot of time and money on security features for their sites.  When a purchase is made, you can be reasonably assured that your credit information is secure from prying eyes who want to do damage to your credit and potentially steal your identity.  That is not to say that lesser known retailers online should not be patronized, rather you should look for the same quality security in any online retailer.

Look for the signage on the site displaying information like “Secured by SSL.”  You can also look for trusted names in the payment industry like VeriSign and their “VeriSign Trusted Seal” or Authorize.net.  Authorize.net is another verification service that has a distinctive label their userscan/will usually proudly display.   These two payment gateways allow you to stay on the website where you started shopping.  However, there are other third-party payment gateways like PayPal.  A third-party gateway usually means that you will be taken away from the website you were shopping to complete the sale and make a payment.  PayPal is also a trusted payment processor in the industry, but keep in mind that caution should be used whenever you are taken away from a website that you know and trust.

Superior Solutions will be looking into more online safety issues in the coming weeks.  Online security is a high priority for Superior Solutions and the company believes in educating the public at workshops and events throughout the country.  Please contact us for more information on how we can work with your business to secure your infrastructure to provide your customers and employees with the safest online experiences possible.

If you are looking to increase your cyber security skills you many want to consider the new CompTIA CASP certification.  This certification is targeted to security professionals who either have their CompTIA Security+ certification or are looking to achieve an advanced hand-on security certification. The official CASP study guide by Sybex is written by veteran IT security expert and author Michael Gregg. He details the technical knowledge and skills you need to pass the exam and helps prepare readers for the certification exam.  If you are looking for your next certification challenge this may be for you. When it comes to the safety and security of your online business or corporation there is really no room for compromise, only the best will do.  In today’s environment that requires addition training.

• Access Controls
• Security Operations and Administration
• Monitoring and Analysis
• Risk Response and Recovery
• Cryptography
• Networks and Communications
• Malicious Code and Activity

While the SSCP may not be quite as popular as the CISSP certification, it is a great certification for beginners and anyone working towards a position such as Network Security Engineers, Security Systems Analysts, or Security Administrators.  Check out the ISC2 website for more details.

The CAS-001 certification exam has 70 questions.  Exam candidates will be given 150 minutes for the test and the results are listed as pass/fail only.  No scaled score is returned and is somewhat similar to the scoring used for the CISSP exam.

We are currently finishing up the official Sybex CASP Study Guide and plan to have a CASP Training Course available by the end of this year.  The certification will test candidates on a wide range of security tools such as packet sniffers, vulnerable web applications, vulnerability assessment tools, port scanners, threat modeling tools, IPS, and live CDs such as Helix and Backtrack. We are excited about this training class as it offers cyber security professionals an upward path from many of the entry level certifications. Stay tuned for more!

While not trivial, the attack is made possible by setting up a GSM network and intercepting password authentication messages sent between the remote server and the automobile; this cell phone like attack, exploits the vehicle’s remote control system such as the ones used by General Motors, BMW, Mercedes, and others for unlocking and remotely starting cars.

To date, automotive systems have not been widely targeted, primarily because attackers like to go where there is access to money or sensitive data.  There’s no big monetary prize in attacking cars and trucks; however, many of these products are relying on security by obscurity and that’s never good.

If past cyber crime history is any guide to the future, then sufficient controls may not be added until something bad happens or there is a major security breach.  Automobile manufacturers can use more sophisticated parts to prevent these types of attacks; however, there’s the tradeoff of increased costs.

This fast-paced review of final tips is designed to give you insight in to what you need to guarantee success and pass the CISSP^® exam.  This one day boot camp will review the ten domains, discuss question types, and exam format. This course will improve your chances of passing the exam on the first try by focusing on the key areas of the exam. The topics will include:

Access Control, Application Security, Business Continuity and Disaster Recovery Planning, Cryptography, Information Security and Risk Management, Legal, Regulations, Compliance and Investigation, Operations Security, Physical (Environmental) Security, Security Architecture and Design, and Telecommunications and Network Security.

This high-energy seminar covers key terms and concepts that will help round out your knowledge of the (ISC)² common body of knowledge. This special one day review course for the ISC2 CISSP Certification will be presented by Michael Gregg, author of “CISSP Exam Cram 2nd Edition.”

Attendees:

• Anyone preparing for the CISSP exam
• Professionals in related fields:
• System Administrators (counts toward MCSE + Security Elective)
• IT Audit
• Business Continuity Planning / Disaster Recovery Planning
• Information Systems
• High-Tech Crime
• Physical Security
• IT security professionals, IT students, and those new to IT / IT security / audit.

Signup at: http://www.acteva.com/booking.cfm?bevaID=221384