Wi-Fi for SMB - Things to Consider
I came across a good little article [^1] earlier in the week about setting up guest Wi-Fi and I think it should really hit home with many small business owners. Simply throwing up a wireless access point and connecting it to the rest of your network so guests can have internet access is a great way to cause yourself a whole lot of pain. Not only does doing something like that have harsh PCI compliance ramifications, your systems are wide open to anyone connecting to your Wi-Fi. Depending on the range your access point allows you could have a data breach without the attacker even setting foot on your property giving any physical controls you may have in place a zero chance of working.
Weekly Wrap Up Oct, 3 2014
This week's wrap summarizes the Jimmy John's data breach and the breach on Japan Airlines.
Shellshock! Bash Vulnerability.
This past Wednesday, September 24th a vulnerability in bash was announced and I wanted to give a quick summary or run-down of the situation and how it may effect some of us. The vulnerability allows code execution in bash simply by setting certain specific environment variables. The vulnerability was originally found by Stephane Schazelas, and later Travis Ormandy disclosed a secondary exploit that manages to circumvent the initial patch. Given the fact this vulnerability revolves around using bash shells it has been given the name "shellshock". It has also been assigned two separate CVE numbers, CVE-2014-6271 for the original vulnerability and CVE-2014-7169 for the secondary variation.
Many of you may be familiar with bus factor, lottery, truck factor, and/or bus/truck number. For those that aren't though, I wanted to take a small moment to explain it. The concept is quite simple. This "factor" is nothing more than a scary way of labelling the number of developers a project could stand to lose (get hit by a bus) before the project couldn't continue. People have various events in their lives that permit or prevent them from performing certain tasks. As with software development someone's ability to keep working on a project could be taken away by changing jobs, getting a promotion, winning the lottery and quitting, or the more tragic getting hit by a bus/truck.
Old vs New: A Comparison of Magnetic Stripe and Chip-and-PIN
I was doing some poking around on the internet recently, reading various stories about different network breaches and loss of credit card numbers and I was reminded of the semi-recent Target breach and how they're making a push to switch to chip-and-PIN cards. This made me think it would be a good idea to do a a write up on the differences between chip-and-PIN and traditional magnetic stripe credit cards.