Monday, May 21, 2007

This is London... and Estonia.

One more story to prove that the credit card industry is still very vulnerable (and as a result, we are too).'s+biggest+credit+card+fraudsters+jailed+for+over+five+years+each/

When the PCI standard will be a norm for every company that processes and stores credit card numbers? And how many new government regulations are required to make the online shopping safe? There are so many new technologies and solutions to improve the safety of the online transactions (like "use once" credit card numbers) ... so, when can we say that the online shopping is relatively safe? Why the adoption of new technologies is so slow?

Reading weekly SANS e-mails, I see more and more cases when the online crooks are getting jailed. However, killing several roaches does not destroy their colony. The online theft became an attractive business, and the story above proves it. Want to get the lifestyle of the kings? Steele or buy several credit card numbers, and enjoy your travels in the first class seats!

The vulnerability of the corporate networks is an issue that was discussed 1000 times online, in the press, and even on TV. While the online security is important for every company that has connectivity to the Internet, the companies that process credit card transactions must have double security. The protection must cover wide range of attacks including the DoS.

I was not surprised to read about the latest DoS attack on the Estonia's government and non-government sites (banks, newspapers) by the Russian hackers when Estonia removed a Soviet war memorial statue in the capital city of Tallinn. Ethnic Russians protested the statue's removal with riots and protests broke out on April 27. If you don't know, in the middle of the 20th century the Russians occupied three Baltic countries and made them the tree Soviet Republics (of 15 total). Since then, there is a mix of Russians and Estonians, Litanies, and Latvians who had to co-exist together for more than 60 years quietly hating each other. Since the republics became the separate countries again (after the fall of the Soviet Union), the nationalists in those countries began the movement for the clean country. Even the well respected people who contributed a lot for the prosperity of the countries were dismissed and forgotten only because they were Russian descent.

While I can understand the basis for that hate, I don't approve any nationalists who do separate people only by their nationality. There are thousands of decent people who have a different descent but take pride to be a part of the country, and contribute as much as they can; and there are some that hate the country they live in, ignore the traditions, and even plot the disasters. Then, I would weed them out.
It relates not only to those 3 Baltic countries but to the U.S. as well. Who knows how many Al-Qaeda cells are hidden inside of our country? Who knows how the sophisticated equipment and advanced skills in the cyber security will be used? We are the same vulnerable as Estonians not only from outside but from inside...

Thursday, May 10, 2007

Old Topic but still viable (my comments)

I have been reading the article "Certifieable" at Below is a link to my comments.

Tuesday, May 1, 2007

Kaspersky published the tutorial about keyloggers

I found a good article about keylogger software from It is a "must" for security professionals and can be useful to educate the end-users. It is written by a russian computer professional, the Deputy Director of the company's Research and Development team. The article is very detailed and, beyound the treats, suggests the countermeasures:

The article has the following chapters:

Why keyloggers are a threat
How cyber criminals use keyloggers
Increased use of keyloggers by cyber criminals
Keylogger construction
How keyloggers spread
Protection from keyloggers

The second part is coming soon.