The Field Report
There are 18,000 banking institutions in the U.S., and somebody has to blog about their breaches, concerns and security successes.
Banking Information Security Blogs
Comments (1)
Read All Posts (33)
CISO Witnesses Hack Like No Other
March 3, 2010 - Eric Chabrow
Here's what Maley told attendees to an RSA Conference panel on state cybersecurity on Wednesday:
"We saw thousands of hits on our Department of Transportation driver license exam scheduling site coming out of Russia, the same thing over and over, scheduling driver license exams. It was encrypted traffic, and we were trying to figure out what the heck is going on. Were they trying to test our systems? What exactly were they up to? The answer was, we really didn't know."
Authorities eventually discovered that the hacker who used a proxy server in Russia to mask his identity owned a driving school in Philadelphia, and exploited a vulnerability in the driving test scheduling system to allow the scheduling of more tests than the allotted time slots. It could take upward of six weeks to schedule a driving test in Philadelphia. Said Maley:
"What he was doing was saying (to potential customers), "You go over across the street, to John's driver training, and it's going to take you six to eight weeks to get your test. We can get you in tomorrow."
Maley asked: Is this hack insidious? Does it rise to a crime of theft of services? These are questions Maley said he and other Pennsylvania officials continue to sort out.
 |
 |
 |
 |
|
 |
This article and speech is one of the many reasons Mr. Maley was just fired from his position with the Commonwealth of Pa. Take what he has to say with a grain of salt since he is more interested in personal gains. CISOs do not give security information like this out at a national conference.
Posted by PRRFan on March 9, 2010 @ 9:17 AM
Latest Tweets & Mentions
Posts By Category
- ACH
- Agencies
- Anti-Money Laundering
- Application Security
- ARRA/HITECH
- ATM
- Authentication
- Bank Secrecy Act
- Banking Today
- Biometrics
- Budgeting & Funding
- Business Continuity & Disaster Recovery
- Check
- Cloud Computing
- Collaboration & Interagency
- Committees and Testimonies
- Compliance
- Confidence In Banking
- Congress
- Cybersecurity
- Data Loss
- Debit, Credit, Prepaid Cards
- Defense Department
- Emerging Technology
- Encryption
- Endpoint Security
- FACTA
- Federal Deposit Insurance Corp
- Federal Reserve Board
- Federal Trade Commission
- FFIEC
- FinCEN
- First Party
- Fraud
- Governance & Standards
- Governance, Risk & Compliance
- Government Accountability Office
- Gramm-Leach-Bliley Act
- GRC
- Homeland Security Department
- HR
- ID & Access Management
- ID Access & Management
- Identity Theft
- Identity Theft Red Flags Rule
- Incident Response
- Information Security Compliance
- Information Sharing
- Insider
- Insider Threat
- IT Audit
- Law Enforcement
- Laws, Regulations & Directives
- Leadership & Management
- Legislation
- Messaging
- Mobile & Wireless
- Mobile Banking
- Mortgage
- National Credit Union Admin.
- Network & Perimeter
- Network/Perimeter
- Office Comptroller of Currency
- Office of Management & Budget
- Office of Thrift Supervision
- Pandemic Preparation
- Payments
- PCI DSS
- Phishing
- Physical Security
- Privacy
- Remote Capture
- Risk Assessment
- Risk Management
- Sarbanes-Oxley Act
- Security Leadership
- SIM & SEM
- SIM/SEM
- Skimming
- Social Engineering
- Social Media
- Staff & Recruitment
- Storage
- Technology
- Training & Education
- Unified Threat Management
- Vendor Management
- Virtualization
- Web Security
- White House
- Wire
Authors & Blogs
The Agency Insider
From the FDIC to the NCUA, banking institutions take guidance from myriad government agencies and regulations. Here's where we make sense of it all.
Secure Marketspace
A look into how the security and privacy concerns of consumers and citizens impact institutions and government agencies.
Information Technology Risk Management
Not all risks are created equal. Understand, manage and transfer risks, as necessary. Ignore none.
-
-
The Public Eye
Keeping tabs on federal government efforts to protect citizens' privacy
-
Industry Insights
Insights and opinions from the thought-leaders who represent the industry’s services and solutions providers.
Career Insights
Insights from advisors, consultants and practitioners who know what it takes to be a successful security professional
The Fraud Blog
Tracking fraud incidents and trends wherever -- and however -- they occur.
Recent Comments
"While it is only a slight benefit, I always use my debit card as a credit and NEVER dilvulge my PIN. I also recommend..."
Read Post | Jump to Comments"This just seems a reiteration of any other "it's time for EMV" post bobbing around the web. By the number of accounts..."
Read Post | Jump to Comments"Great post. An eye-opener in terms of looking outside manufactured technology for authentication, but, instead,..."
Read Post | Jump to Comments
