Cyber Security Today: Nov. 7, 2018 — Stop swiping credit cards, problems with self-encrypting hard drives, another Adobe Struts patch

Security researchers urge people to stop swiping their credit cards problems found with self-encrypting SSD hard drives and another patch for Adobe Struts needs to be installed

Welcome to Cyber Security Today. It’s Wednesday November 7th. To hear the podcast click on the arrow below:

Cyber Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Several years ago credit card issuers began distributing cards with a special chip that prevents them from being copied. However, that doesn’t mean the credit card numbers can’t be stolen. A new report this week from a consulting firm called Gemini Advisory figures in the last 12 months over 41 million credit card numbers from chip-enabled U.S. credit cards were stolen. Why? Largely, says Gemini, because many Americans still swipe their credit cards along the side of a card reader, rather than insert their cards in the bottom of a card reader and punch in a PIN number. Swiping a card reads the data on the black stripe on the back of the card, which is very insecure. Inserting a chip card from the bottom is safer because the data is better protected. How safe? Consider this: In Canada, where chip-enabled credit cards have been in user longer than the U.S., only 490,000 credit card numbers were stolen. So remember: Insert your card, never swipe down the side. If a retailer says their machine won’t allow you to insert your card, walk away, pay with cash or pay though your smart phone.

Encrypting a hard drive is a good idea if you have sensitive personal data. Some new solid state hard drives even come with hardware-based encryption capability. But researchers at Radboud University in the Netherlands say they’ve discovered flaws in some self-encrypting hard drives from Samsung and a brand called Crucial. The safest way to encrypt a hard drive is to use separate software-based encryption, they say. However, be careful if you want to use Windows BitLocker. On these solid-state drives BitLocker will use the hardware-based encryption, unless you turn that feature off. The Hacker News points out another alternative: A free open source software called VeraCrypt.

Attention IT administrators: Does your company use the Apache Struts development framework? Well, it may have to be patched. A security company called Tenable spotted a vulnerability in a file upload library. It’s in versions older than 2.3.36. See the Tenable site for more details, or go to ITWorldCanada.com, look for today’s podcast and the link is in the text.

Finally, if you have a recent Android smart phone be on the lookout for a new security update. Unless you have a Google phone, your handset maker and your carrier have to approve of the patch so it may take a week. You can find out if you’re device is still getting updates by going into your settings. Under “About Phone” you’ll see the last time a security patch was installed.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Alexa Flash Briefing. Thanks for listening.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast