No-tech security

Via funsec: Software controls at the Carson, CA treasurer’s office failed to prevent the installation of a keylogger on a laptop. Theives used the keylogger to acquire the username and password of an account able to make fund transfers, then transfered themselves half a million dollars.

They were caught when the treasurer noticed it in the ledger.

Since the incidents occurred, the city’s bank has tightened its security to prevent future similar attacks, she said. The new system requires the city to register the specific computers that will be used for online transactions, she said, while also asking a series of security questions that must be properly answered to gain access to the account.

“That’s in place now,” Avilla said. “It wasn’t in place last Wednesday and Thursday.”

An IT consultant who was brought in to help the city before the thefts is also assisting in evaluating security and what needs to be improved, she said.

A no-tech accounting process detected the event. Mitigation plan: implement further software controls and procedures.

Why would a Wookiee, an eight-foot tall Wookiee, want to live on Endor, with a bunch of two-foot tall Ewoks? That does not make sense! But more important, you have to ask yourself: What does this have to do with this case? Nothing. Ladies and gentlemen, it has nothing to do with this case! It does not make sense! Look at me. I’m a…