breach

Cutting through the fluff around the Target PIN breach

Dave Farquhar security , , , , , , ,

OK, so Target is back in the news, and it’s nowhere nearly as bad this time but there’s some posturing and some fluff in the news, so I’ll take it upon myself to demystify some of it. Some of it’s PR fluff, and some of it’s highly technical, so I’ll cut through it.

I’m just glad–I guess–to be talking about this stuff outside of a job interview. Like I said, this time the news isn’t nearly as bad as it could be. Read more

What I’m doing to protect myself after the Target data breach

Dave Farquhar Saving money, security , , , , , , ,

As you’ve probably heard, Target had a bad month. Between the days of 27 November and 15 December, about 40 million credit card numbers were stolen, making it one of the biggest breaches of its kind in history. As far as we know, the card number and security code were stolen, but debit-card PINs and addresses were not.

Target says they have contained the breach and are cooperating with credit card companies and authorities. Cringely has some analysis, but it has more for people like me to think about how we do things at work than it does for consumers.

And, well, as luck would have it, I shopped a lot at Target between the days in question. And I used both my credit and debit card during that time. Here’s what I’m doing, some of which may be counter-intuitive.

Read more

CISPA is trying to solve a legitimate problem

Dave Farquhar security , , , , , ,

I read yet another anti-CISPA piece today. I’m not comfortable trying to read it and decide whether it’s a good or bad piece of legislation, but I do understand the problem it’s trying to solve.

Those who have tried to paint CISPA as the new SOPA or PIPA are misunderstanding the problem CISPA is trying to solve. CISPA isn’t supposed to be about stopping the scourge of teenaged boys using the Internet to copy music and movies. It’s actually chasing something nefarious.

Let me give you an example.
Read more