Risk
2/7/2014
07:07 AM
Dark Reading
Dark Reading
Quick Hits
50%
50%

No One Solution In The Cybersecurity War

Banks, and third parties they work with, face a dizzying array of security attacks like never before

In the fallout of the data breach that affected Target, Neiman Marcus, and other major retailers, many solutions have been proposed to ensure similar incidents don't happen in the future.

Many have claimed that a switch to EMV cards in the U.S. market would hinder future attacks such as these. In fact, Target CEO Gregg Steinhafel is one such advocate. In a CNBC interview shortly after the breach was made public he used the opportunity to push for EMV adoption in the U.S. Additionally, Target CFO John Mulligan told the Senate Judiciary Committee recently that the company is speeding up the process of implementing EMV-enabled POS terminals at its stores. He said the company's own credit cards would be EMV-enabled by the end of 2014, and all Target stores would be ready to accept EMV cards of any kind by January 2015.

But some warn that migrating to EMV cards won't be a catch-all solution to prevent all card fraud in the future. According to Dan Ingevaldson, CTO of security solutions provider Easy Solutions, EMV technology would not have prevented the Target fraud from happening. He says that the malware that affected Target was looking for account information in the memory inside point-of-sale (POS) devices, where it's unencrypted. Therefore, Ingelvadson says, the criminals would have been able to obtain this information even if it came from chip and PIN cards, since the stolen information was not directly taken off the cards themselves.

Read the full article here.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
shjacks55
50%
50%
shjacks55,
User Rank: Apprentice
3/7/2014 | 4:57:27 AM
re: No One Solution In The Cybersecurity War
I have a novel idea: let's just consider the Internet as insecure.
dmartin152
50%
50%
dmartin152,
User Rank: Apprentice
2/7/2014 | 6:41:14 PM
re: No One Solution In The Cybersecurity War
"EMV technology would not have prevented the Target fraud from happening.... the malware that affected Target was looking for account
information in the memory inside point-of-sale (POS) devices, where it's
unencrypted."

True. The criminals would still have the information. But they wouldn't be able to use it to fabricate a fraudulent duplicate that would be accepted.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0192
Published: 2015-07-02
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.

CVE-2015-1914
Published: 2015-07-02
IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine.

CVE-2015-1916
Published: 2015-07-02
Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider.

CVE-2015-3157
Published: 2015-07-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE-2015-3202
Published: 2015-07-02
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report