Optimal Security : the Lumension Blog

So, the Federal Trade Commission (FTC) has, for the fourth time (!) delayed enforcement of the so-called “Red Flags” rules, according to a statement posted on the agency’s website. Compliance enforcement is now scheduled for June 1, 2010 –- in case you’re keeping score at home, the previous dates were 01-Nov-08 (original), 01-May-09 (first delay), [...]

It certainly seems that not a week goes by without hearing about yet another attack on Facebook users. Last week it was a phishing scam driven by a botnet, and this week, we have two new and different phishing scams — one cleverly tricking users into revealing their passwords and another installing malware that quietly [...]

Willie Sutton is reputed to have said (although he didn’t, actually), when asked why he robbed banks, “Because that’s where the money is.” So, we’re not really surprised to learn that a new scam is on to liberate the contents of ATMs, and by more sophisticated means than the skimmers I’ve written about previously. Nope, [...]

I ran across an interesting post in the Consumerist about a guy who found a card skimmer attached to his local ATM. Apparently, he was alert enough to notice that something wasn’t quite right, and pulled it right off the machine … and discovered that it was designed to read the info off a card [...]

On Tuesday February 17th, President Obama signed the economic stimulus package that carves out $19B for modernizing health information systems.  The transition from paper to electronic or e-records in the healthcare industry has been happening for some time.  Although in small numbers, the process has been slow to ramp up based on technology considerations and [...]

The reported number of institutions impacted by the Heartland Payment Systems data breach continues to increase – it has already affected over 600 financial institutions. While we’ve heard plenty about the number of those impacted and have looked at the malware used to conduct this breach  - what hasn’t been discussed is the impact from [...]

Some time ago we wrote about the new Massachusetts Data Protection law, slated to come online in May this year (after being delayed from the start of 2009). As you may recall, this law  (201 CMR 17.00) is stricter than past laws, more specific than any state’s data security regulations to date, and more expensive [...]

Here’s another entry in one of my fundamental observations about computer security: in the end, it comes down to applying human intelligence.
A friend who works in the banking industry pointed this lovely advert out to me …

Needless to say, this made it onto the pages of failblog.com, entitled “Scam Fail” (see here). Bwa-ha-ha-ha-ha-haaaa.
But before we [...]

The last couple of weeks have been troubling, albeit not entirely surprising, to those of us in the security field who closely follow high-impact security breaches.
On January 20 credit card processor Heartland Payment Systems announced a massive external breach of its systems that is shaping up to be one of the largest exposures of personally [...]