Mostly security news today, May 6, 2016.
- A site called pwnedlist.com got pwned. I guess people need to be taught more in-depth testing techniques when building their websites.
- ATM Skimmers are on the rise. Again. I figured, with Brian Krebs’ extensive coverage, that ATM makers would harden their stuff enough to make major pushes into ATM manipulation a non-starter. Never underestimate laziness or cost-cutting. On the other hand, since it is raw money at stake, never underestimate a thief’s creativity and industrial drive. If only they would use that motivation to become legal entrepreneurs.
- The VA’s new electronic system failed to implement audit logs. It’s so critical, so how did Audit Logs get left out? (By the way, if you want to implement audit logs, expect about four times your current data, added onto your existing data requirements, for a total of 500% existing data storage. Storage is cheap, but not free.)