Black Hat 2016, Las Vegas, NV
We had the chance to sit down with Chris Carlson, vice president of product management for Qualys and talk a little about what Qualys is up to and where they are moving to in the security market. For many Qualys is a name that brings vulnerability management and reporting to mind. This is due to the fact that this has been their bread and butter for a number of years. Now they are moving into new verticals in the market to expand on their knowledge in this arena. One of the highlights of the talk was in coving their Cloud Agent which brings a whole new set of features to the Qualys product line.
There is a report that over the holidays several retailers disabled the EMV (Chip and Pin) functionality of their card readers. The reason for this? They did not want to deal with the extra time it takes for a transaction. With a standard card swipe (mag-swipe) you are ready to put in your pin and pay in about three seconds. With EMV this is extended to roughly 10 seconds. Of course when you add in all of the other items that retailers throw in (are you are rewards member?) your checkout time can be lengthened quite a bit.
Just when you thought it was safe to use your credit card we are hearing rumblings of a breach at Hilton. According to Brian Kerbs and some of our own sources a payment card breach has taken place and the only unique feature about this was that all of the affected cards were used at a Hilton Property. This is not just the regular Hilton Logo properties, but also includes Embassy Suites, Doubletree, Hampton Inn and Suites, Waldorf Astoria Hates and Resorts, and potentially others. The exact timing of the breach is unclear at the moment, but could go as far back as November 2014.
Almost two weeks ago we wrote an editorial about how security issues are more about the corporate culture than just weak passwords. In it we described a problem that exists in far too many companies where executives and/or vendors are the ones that are setting the security policies instead of the IT or IT security teams. This situation can be exceptionally frustrating when you are trying to keep the “bad guys” out, but not everyone really believes that this is how things work. Now, after New York Times article describing how the Home Depot ignored their own security staff, people might be forced to finally get the bigger picture.
It won’t happen to me is the battle cry of far too many companies these days when it comes to security. We have watches this mind set over the course of the last two years as businesses try to get out of the expense (time and money) needed to update or properly protect their companies and customers from data theft. One of the very recent and troubling ones is the Backoff malware that has hit an estimated 1,000 US businesses. Even Dairy Queen has been hit and consumer payment card data stolen.