Exploiting Heartbleed vulnerability

Seems the whole InfoSec world is talking about the Heartbleed (CVE2014-0160) vulnerability in OpenSSL the last 24 hours.  Being an empirical person I wanted to try it out for myself.  There is a patch available, but they take a long time to get deployed to many web servers. The vulnerability...

Read More

Preventing POS data breach

Background Espresso? Sure why not! With so many people talking about Point of Sale (POS) data breaches and so many of them happening over the known history of computer crime you have likely been lead to believe that POS is a hard thing to secure and that sophisticated crooks are chasing POS systems...

Read More

RAM scraping/dumping in the payment card industry - or being a target

There's too much talk and not enough information about this topic in my opinion.  Many people and experts are getting spun up about the Target breach.  It's a lot of cards and from a major US brand, but we've been down the road before and with the same type of malcode.  I haven't seen...

Read More