What Happens in Vegas…
Is (Hopefully) Shared Back Home!

By Robin Tatam, Director of Security Technologies

On September 22 and 23, almost 70 IBM i security professionals converged on the Rio All-Suite Hotel and Casino in Las Vegas for the 2011 IBM i Security Event of the Year. The conference brought together a veritable “Who’s Who” of guest speakers, with years of combined security experience on the platform. Speakers included John Earl of Townsend Security, Patrick Botz of Botz & Associates, and Jeff Uehling of IBM. Tom Garcia, founder and CEO of InfoSight, gave an alarming keynote speech on Security in a Web 2.0 World.

One highlight of the event was a presentation by ethical “hacker” Sabino Marquez on social engineering. He showed attendees a number of eye-opening ways that private data can be compromised without any real technical breach.

Other sessions of interest included an Introduction to IBM i Security, Biometric Authentication, Security Best Practices, and Encryption. We also held a series of sessions on the PowerTech product line to help participants become more familiar with our auditing and security solutions. An Ask-the-Experts panel gave attendees the opportunity to discuss their security concerns with all the speakers at once.

Of course, we also made time for some fun and prizes at an evening reception, and with a conference-wide Great Security Mystery game, a variation of the game of “Clue” with an IBM i security theme.

Altogether, the Security Event was a great success and we truly enjoyed meeting and talking with all the participants.

—————————————————————————————-

Beware of Skimming—It’s Closer Than You Think

By Robin Tatam, Director of Security Technologies

If you’ve been following security news this year, you’re probably familiar with the methods that thieves use to steal information. One of the most frightening techniques is “skimming,” the act of collecting credit card data as the card is swiped through a magnetic reader. This means that criminals are intercepting credit and debit card transactions long before the data is able to be secured in the database.

One method used by skimmers is a concealed physical modification to an ATM or point of sale (POS) device. Despite the use of PCI-approved POS devices, these devices have been brazenly swapped out with compromised devices that then pass the card number and PIN information to a nearby perpetrator.

The technology has advanced to where even a diligent employee or consumer is sometimes unable to detect its presence. Keyboard overlays may even supply the associated PIN number over a Bluetooth connection. Sadly, this means that you could very well be the unwitting victim of credit card fraud even before the ATM has had time to dispense your cash.

Anyone Can Be A Target
Often, it’s the smaller retailers who are the targets for this type of attack. One reason might be that they typically have fewer staff, making it an easy task to distract those that are working. Unattended checkout lanes allow an accomplice to move in and tamper with a POS device. No amount of database and server technology can prevent this form of social engineering attack. Even in countries that have migrated toward chip-based cards and readers, thieves have been known to disable the chip-reading sensor, forcing the card owner to swipe the card on the device.

A recent case in the news here in Minnesota illustrates another strategy. It involved a 16-year-old girl who was stealing credit card information from customers who used the drive-thru window at the local McDonald’s where she worked. She hid the skimming device behind the window and copied the information when the customers handed her their card. The thefts weren’t discovered until customers began noticing unauthorized charges to their accounts.

How Do You Defend Against Skimming?
Analyzing card use may be the best way to detect this type of crime, but that means card issuers are forced to work in a reactive mode. One thing is certain: the increasing frequency and sophistication of these types of attacks are going to have card issuers working hard to develop more sophisticated prevention and detection measures.

So, how do you defend yourself against skimming attacks? The best defense is still to be aware of the practice and pay attention when you use your debit or credit card. Look carefully at the ATM or POS device and if something doesn’t seem right, walk away. It’s better to be cautious than be the victim of theft.

—————————————————————————————-

IBM i Solution Edition for Help/Systems

Purchase any software solution from Help/Systems (Robot Automated Operations Solution); PowerTech (IBM i security solutions); SEQUEL Software (data access/analysis and productivity software); Bytware (anti-virus and monitoring solutions for IBM i) and enjoy big discounts on training, services, and IBM POWER7 systems.

For details, contact your local IBM Business Partner, or Doug Fulmer at dougfulmer@helpsystems.com, or visit our IBM i Solution Edition web page.

—————————————————————————————-

Q & A with Paulie Culin

Dear Paulie,
Before we run a Compliance Assessment, we’d like to know what it creates on our system and how we can remove it when finished??

A: The PowerTech Compliance Assessment installs and runs directly from a PC. The executable program creates a PowerTech program group on your PC and FTPs the product to your system, where it runs the assessment and opens the results in a web browser. The product does not change any system values or attributes.

The Compliance Assessment creates the following objects at install:

Object	Type	Library
PTCA01	*LIB	QSYS
PTCAADM	*USRPRF	QSYS
PTCAOWN	*USRPRF	QSYS
PTCAADM	*AUTL	SYS
PTCADTA	*AUTL	QSYS
PTCAOWN	*AUTL	QSYS
PTCAPGM	*AUTL	QSYS
PTCAADM	*MSGQ	QUSRSYS
PTCAOWN	*MSGQ	QUSRSYS

To remove the objects, simply enter the Delete Licensed Program (DLTLICPGM) command for product 1PTCA01

Learn more with PowerTech Webinars and online training.

Request a demo.