Risk
2/7/2014
07:07 AM
Dark Reading
Dark Reading
Quick Hits
50%
50%

No One Solution In The Cybersecurity War

Banks, and third parties they work with, face a dizzying array of security attacks like never before

In the fallout of the data breach that affected Target, Neiman Marcus, and other major retailers, many solutions have been proposed to ensure similar incidents don't happen in the future.

Many have claimed that a switch to EMV cards in the U.S. market would hinder future attacks such as these. In fact, Target CEO Gregg Steinhafel is one such advocate. In a CNBC interview shortly after the breach was made public he used the opportunity to push for EMV adoption in the U.S. Additionally, Target CFO John Mulligan told the Senate Judiciary Committee recently that the company is speeding up the process of implementing EMV-enabled POS terminals at its stores. He said the company's own credit cards would be EMV-enabled by the end of 2014, and all Target stores would be ready to accept EMV cards of any kind by January 2015.

But some warn that migrating to EMV cards won't be a catch-all solution to prevent all card fraud in the future. According to Dan Ingevaldson, CTO of security solutions provider Easy Solutions, EMV technology would not have prevented the Target fraud from happening. He says that the malware that affected Target was looking for account information in the memory inside point-of-sale (POS) devices, where it's unencrypted. Therefore, Ingelvadson says, the criminals would have been able to obtain this information even if it came from chip and PIN cards, since the stolen information was not directly taken off the cards themselves.

Read the full article here.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
shjacks55
50%
50%
shjacks55,
User Rank: Apprentice
3/7/2014 | 4:57:27 AM
re: No One Solution In The Cybersecurity War
I have a novel idea: let's just consider the Internet as insecure.
dmartin152
50%
50%
dmartin152,
User Rank: Apprentice
2/7/2014 | 6:41:14 PM
re: No One Solution In The Cybersecurity War
"EMV technology would not have prevented the Target fraud from happening.... the malware that affected Target was looking for account
information in the memory inside point-of-sale (POS) devices, where it's
unencrypted."

True. The criminals would still have the information. But they wouldn't be able to use it to fabricate a fraudulent duplicate that would be accepted.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4467
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.

CVE-2014-4476
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4477
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4479
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4480
Published: 2015-01-30
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.