Security researchers urge people to stop swiping their credit cards problems found with self-encrypting SSD hard drives and another patch for Adobe Struts needs to be installed
Welcome to Cyber Security Today. It’s Wednesday November 7th. To hear the podcast click on the arrow below:
Several years ago credit card issuers began distributing cards with a special chip that prevents them from being copied. However, that doesn’t mean the credit card numbers can’t be stolen. A new report this week from a consulting firm called Gemini Advisory figures in the last 12 months over 41 million credit card numbers from chip-enabled U.S. credit cards were stolen. Why? Largely, says Gemini, because many Americans still swipe their credit cards along the side of a card reader, rather than insert their cards in the bottom of a card reader and punch in a PIN number. Swiping a card reads the data on the black stripe on the back of the card, which is very insecure. Inserting a chip card from the bottom is safer because the data is better protected. How safe? Consider this: In Canada, where chip-enabled credit cards have been in user longer than the U.S., only 490,000 credit card numbers were stolen. So remember: Insert your card, never swipe down the side. If a retailer says their machine won’t allow you to insert your card, walk away, pay with cash or pay though your smart phone.
Encrypting a hard drive is a good idea if you have sensitive personal data. Some new solid state hard drives even come with hardware-based encryption capability. But researchers at Radboud University in the Netherlands say they’ve discovered flaws in some self-encrypting hard drives from Samsung and a brand called Crucial. The safest way to encrypt a hard drive is to use separate software-based encryption, they say. However, be careful if you want to use Windows BitLocker. On these solid-state drives BitLocker will use the hardware-based encryption, unless you turn that feature off. The Hacker News points out another alternative: A free open source software called VeraCrypt.
Attention IT administrators: Does your company use the Apache Struts development framework? Well, it may have to be patched. A security company called Tenable spotted a vulnerability in a file upload library. It’s in versions older than 2.3.36. See the Tenable site for more details, or go to ITWorldCanada.com, look for today’s podcast and the link is in the text.
Finally, if you have a recent Android smart phone be on the lookout for a new security update. Unless you have a Google phone, your handset maker and your carrier have to approve of the patch so it may take a week. You can find out if you’re device is still getting updates by going into your settings. Under “About Phone” you’ll see the last time a security patch was installed.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Alexa Flash Briefing. Thanks for listening.