Dairy Queen Data Breach Impacts Arizona Business Owners

After a few weeks of speculation, Diary Queen has confirmed that nearly 400 locations were compromised in a recent data security breach. Among the 400 locations affected, 9 were local Arizona businesses.

Wi-Fi for SMB - Things to consider

Weekly Wrap Up | Oct 10, 2014

Schneier Says Incident Response is Failing

Key Details

  • Hacking attacks are inevitable, so organizations need to move from protection and detection towards breach management
  • Proper response can make the difference in surviving a breach
  • "A sufficiently motivated, funded and skilled hacker will always get in"
  • 90's were about protection, 00's about detection, and this decade is about response.
  • Security is a mix of people, processes, and technology

Lessons Learned

With most organizations not investing enough in protection and detection, it becomes more critical that they take response seriously. With the growing demand for skilled security professionals, and incident response being a highly specialized and technical niche in security, it might prove difficult to find people qualified when needed. It is crucial in this threat landscape of "When" not "If" you get breached that all organizations think about how to respond to a breach, have a plan, and practice the plan. Key to success is making sure those involved understand their role and can respond quickly.

Weekly Wrap Up Oct, 3 2014

Jimmy John's Data Breach

Shellshock! Bash vulnerability.

This past Wednesday, September 24th a vulnerability in bash was announced and I wanted to give a quick summary or run-down of the situation and how it may effect some of us. The vulnerability allows code execution in bash simply by setting certain specific environment variables. The vulnerability was originally found by Stephane Schazelas, and later Travis Ormandy disclosed a secondary exploit that manages to circumvent the initial patch. Given the fact this vulnerability revolves around using bash shells it has been given the name "shellshock". It has also been assigned two separate CVE numbers, CVE-2014-6271 for the original vulnerability and CVE-2014-7169 for the secondary variation.