DtR Episode 119 - NewsCast for November 17th, 2014

Send the hosts a message - try it now!

Note: The hashtag for the show on Twitter has changed, please connect with us using #DtSR going forward. Thanks!

Topics covered

• Update: Home Depot breach (Hint: apparently it was a 3rd party entry point)
  • Story: http://www.computerworld.com/article/2844491/home-depot-attackers-broke-in-using-a-vendors-stolen-credentials.html
  • Apparently as a reaction, all execs are being switched to iDevices (blame Windows? and why only execs?) - http://www.imore.com/home-depot-switches-execs-iphones-macbooks-it-blames-windows-massive-breach
  • Also, they lost ~53 Million email addresses too - http://online.wsj.com/articles/home-depot-hackers-used-password-stolen-from-vendor-1415309282
• American Express is pushing tokenization to their payment ecosystem, this is big news but leaves a lot more questions and concerns than answers (for example- what about chip & pin (sign)? )-
  • Story: http://threatpost.com/american-express-brings-tokenization-to-payment-cards/109137
  • Check out the standard itself: http://www.emvco.com/download_agreement.aspx?id=945
• Flaw found (in a lab) in the VISA EMV protocol, but is it realistic to do this kind of "immense fraud" in outside the lab, in real life?
  • Story: http://www.cio.com/article/2842994/flaw-in-visa-cards-could-ring-up-a-very-large-fraud.html
• The FTC further exerises its (Constitutional?) powers to take down fake "Support call scammers" and is on track to some public fanfare-
  • Story: https://nakedsecurity.sopho

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast