Shoulda, woulda, coulda
http://www.pogowasright.org/article.php?story=20080831053305830
Could this chip have prevented the TJX breach?
Sunday, August 31 2008 @ 05:33 AM EDT Contributed by: PrivacyNews
TJX Cos. is urging banks and other retailers to embrace a multibillion-dollar technology that uses a tiny computer chip to stop criminals from using stolen debit and credit cards.
In one of the first interviews by a top TJX executive following a record security breach, vice chairman Donald G. Campbell told the Globe that the US payment system should follow countries in Europe and Asia that have rolled out credit and debit cards embedded with computer chips. If the cards were in use worldwide, he said, the technology would have ruined a scheme in which thieves stole as many as 100 million account numbers from TJX since 2005, by making the numbers harder to reuse.
Source - http://www.boston.com/business/technology/articles/2008/08/31/could_this_chip_have_prevented_the_tjx_breach/ Boston Globe
[From the article:
... TJX estimates it spent $202 million related to the breach including security reviews and settling consumer lawsuits - a number reduced from an earlier estimate of $256 million by insurance payouts and other factors. [I've see numbers both lower and higher... Bob]
... As part of a settlement with Visa Inc. last year, TJX agreed to speak out more about security improvements. [No stipulation that their “speaking out” needed to make sense. Bob]
... A central question is how much spending is worth it to offset losses to fraud. David Robertson, publisher of The Nilson Report, a trade newsletter that tracks the payment industry, estimates that $1.24 billion was lost to fraud in 2007 in the United States, up from $1.14 billion in 2006. But in both years, that works out to just 5.7 cents for every $100 that customers charged on their credit cards. Worldwide fraud was $5.68 billion, or 4.8 cents per $100 spent.
... Brian Triplett, a security executive for the biggest payment network, Visa Inc. of San Francisco, said the company's statistics also show low levels of fraud, roughly one in every 10,000 transactions.
Related?
http://news.slashdot.org/article.pl?sid=08/08/31/0057217&from=rss
Pitfalls of Automated Bill Payment
Posted by kdawson on Sunday August 31, @03:11AM from the marching-through-the-hiccups dept. The Almighty Buck
theodp writes
"A few months ago, the NY Times' Ron Lieber extolled the virtues of allowing utilities, phone, and credit card companies to pull whatever you owe from your bank account. Big mistake. Lieber's readers fired back, telling him he was out of his mind for suggesting that they give billers unfettered access to their credit cards and bank accounts. Now Lieber goes through five of the glitches that can occur with any of the various methods of setting up automatic payments: 'You can give each biller permission to pull the full amount from your bank account. You can use the online bill system at your bank to push payments out automatically each month. Or you can charge every bill to your credit card and give only that card company permission to pull money from your bank account when the credit card bill is due. Each of these methods has its potential shortcomings...'"
What kind of payment automation do you use, and why?
Either I'm not using as much as I thought, or I've (accidentally) hacked my way around the limits...
http://torrentfreak.com/qwests-unofficial-250-gb-data-cap-080829/
Qwest’s Unofficial 250 GB Data Cap
Written by Ernesto on August 29, 2008
Today, Comcast officially announced a 250 GB cap, while threatening to disconnect users who exceed this limit more than once. Comcast is taking the heat once again, but they are not the only ISP that limits its users. Other ISPs, Qwest being one of them, have exactly the same policy - and the same threats.
... Qwest’s approach is quite aggressive to say the least. When customers reach the magic limit, their web traffic is is redirected to an “excessive use” page. The page informs the customer that they “noticed extremely high usage” on their Qwest Broadband account. The notification blocks all HTTP access from your computer, making it impossible to access any website. In order to proceed and release the block on your system, customers must acknowledge notification on this web page, and agree to a new service agreement. [How dare you take advantage of our promise of “unlimited Internet!” Bob]
There are no other options, no personal phone calls, no further explanation what acceptable use is, or how customers can track their usage. The new service agreement, dated August 12, 2008 (pdf), allows Qwest to limit your use in any way they see fit, and even terminate your service when the customer exceeds the (invisible) limit again. Note that Qwest does not specify how much bandwith customers are allowed to use.
Surveillance as a hobby?
http://www.pogowasright.org/article.php?story=20080830132935104
UK: Watching the Watchers
Saturday, August 30 2008 @ 01:29 PM EDT Contributed by: PrivacyNews
... Right under Big Brother's nose, a new class of guerrilla artists and hackers are commandeering the boring, grainy images of vacant parking lots and empty corridors for their own purposes. For about $80 at any electronics supply store and some technical know-how, it is possible to tap into London's CCTV hotspots with a simple wireless receiver (sold with any home-security camera) and a battery to power it. Dubbed "video sniffing," the pastime evolved out of the days before broadband became widely available, when "war-chalkers" scouted the city for unsecured Wi-Fi networks and marked them with chalk using special symbols. Sniffing is catching on in other parts of Europe, as well as in New York and Brazil, spread by a small but globally connected community of practitioners. "It's actually a really relaxing thing to do on a Sunday," says Joao Wilbert, a master's student in interactive media, who slowly paces the streets in London like a treasure hunter, carefully watching a tiny handheld monitor for something to flicker onto the screen.
Source - Newsweek
[From the article:
Eerily, baby cribs are the most common images. Wireless child monitors work on the same frequency as other surveillance systems, and are almost never encrypted or secured.
Given that sniffing is illegal, [In the US too? Bob] some artists have found another way to obtain security footage: they ask for it, in a letter along with a check for £10. In making her film "Faceless," Austrian-born artist Manu Luksch made use of a little-known law, included within Britain's Data Protection Act, requiring CCTV operators to release a copy of their footage upon the request of anyone captured on their cameras. [in the US too? Bob]
... In some cases video sniffing has morphed into a form of hacking, in which the sniffer does more than just watch. Using a transmitter strong enough to override the frequency that most cameras use, sniffers can hijack wireless networks and broadcast different images back to the security desk. MediaShed used the device to broadcast an Atari-style videogame animation of a spaceship flying over its town to unsuspecting security guards. A group of sniffers in Oldenburg, Germany have been devising a way to sniff and hijack all at once, using the cameras mounted behind the counters at fast-food joints to watch employees. They've broadcasted McDonald's to Burger King, Burger King to KFC, and so on.
Research in real time...
http://tech.slashdot.org/article.pl?sid=08/08/30/1858240&from=rss
Wikipedia Edits Forecast Vice Presidential Picks
Posted by kdawson on Saturday August 30, @04:34PM from the keep-watching-the-skies dept. The Internet United States Politics
JimLane writes
"The Washington Post reports on the findings of Cyveillance, a company that 'normally trawls the Internet for data on behalf of clients seeking open source information in advance of a corporate acquisition, an important executive hire, or brand awareness.' Cyveillance decided 'on a lark' to test its methods by monitoring the Wikipedia biographies of Vice-Presidential prospects. The conclusion? If you'd been watching Wikipedia you might have gotten an advance tipoff of Friday's announcement that McCain was selecting Sarah Palin. 'At approximately 5 p.m. ET (Thursday), the company's analysts noticed a spike in the editing traffic to Palin's Wiki page, and that some of the same Wiki users appeared to be making changes to McCain's page.'" [“Let's delete that bit where they say they hate each other...” Bob]
The article goes on to say that watching Wikipedia pages for the Democratic VP hopefuls would have tipped Obama's choice of Biden, as well. NPR also has coverage (audio).
Related? (The use of the Internet, not McCain & Palin v. terrorists) This is similar to how Jane's (http://www.janes.com/) got its start.
http://it.slashdot.org/article.pl?sid=08/08/30/208209&from=rss
Tracking the Terrorists Online
Posted by kdawson on Saturday August 30, @05:36PM from the lurking-with-intent dept.
Anti-Globalism points out a story at the German magazine Spiegel profiling two small US companies that monitor terrorist networks online — IntelCenter and SITE Intelgroup.
"[Founders of the two companies] Venzke and Devon are two of the most prominent 'terror trackers' worldwide. In the United States, and increasingly in other countries, the term refers to a community of people who spend their days analyzing traces that al-Qaida and affiliated organizations leave behind, especially on the Internet. The two Americans are essentially digital trackers in the age of globalized terrorism. IntelCenter and SITE Intelgroup are the companies that Venzke and Devon, respectively, have founded. They enjoy a strong reputation within the relatively small community of terrorism experts. Beyond that, though, they are virtually unknown..."
[From the article:
The two companies exert tremendous influence, worldwide and around the clock. News agencies, intelligence services and law enforcement organizations from the entire Western world are among Devon's and Venzke's clients. SITE and IntelCenter deliver their product -- information -- via e-mail, telephone or fax, or directly to clients' PDAs or mobile phones.
Almost every statement by Osama bin Laden published on the Internet, to name only one example, is first made public by SITE and IntelCenter.
... Of course, every intelligence service worth its salt also pursues cyber jihadists on its own. But SITE and IntelCenter are often faster, and their products are also sent to departments that lack these capabilities.
... [and just in case you think there's no money in this... Bob] Venzke's catalog illustrates this approach. It contains services that he offers to government agencies only, such as the 24/7 "Hostage/Kidnapping Profiling and Incident Monitor" -- at a cost running up to more than $500,000 (€323,000) a year.
Security throught obscurity! Is this related to the terrorist tracking story? How did the Credit Card companies learn of the show? Of course it is realted to the TJX story – seems those chips might not be as secure as they suggest.
http://hardware.slashdot.org/article.pl?sid=08/08/30/2036259&from=rss
CC Companies Scotch Mythbusters Show On RFID Security
Posted by kdawson on Saturday August 30, @06:40PM from the next-comes-guns-and-money dept.
mathfeel passes along a video in which Mythbusters co-host Adam Savage recounts how credit card companies lawyered up to make sure the Discovery channel never, ever airs a segment on the flaws in RFID security.
"Texas Instruments comes on [a scheduled conference call] along with chief legal counsel for American Express, Visa, Discover, and everybody else... They [Mythbusters producers] were way, way outgunned and they [lawyers] absolutely made it really clear to Discovery that they were not going to air this episode talking about how hackable this stuff was, and Discovery backed way down being a large corporation that depends upon the revenue of the advertisers. Now it's on Discovery's radar and they won't let us go near it."
“We don't need no stinking logic!” This type of organizational stupidity should be stomped on fast and hard!
http://news.slashdot.org/article.pl?sid=08/08/30/238223&from=rss
Appeals Court Rules US Can Block Mad Cow Testing
Posted by kdawson on Saturday August 30, @07:45PM from the please-pass-the-lentils dept.
fahrbot-bot tips a story of mad cow disease, a private meat packer that wants to test all of its beef for the disease, and the USDA, which controls access to the test kits and just won an appeals court ruling that the government has the authority to block testing above and beyond the 1% the agency performs. Creekstone Farms Premium Beef sought to test 100% of its beef, in order to reassure its export markets, especially Japan and South Korea, that its beef is safe. Large meat packers opposed any such private testing, because they feared they would be forced into 100% testing and would have to raise prices. The appeals court ruled, 2 to 1, that under a 1913 law, test kits that are used only after an animal is killed still constitute "diagnosis" and "treatment" — this for a disease that has no treatment and is 100% fatal — and therefore fall under the USDA's authority to regulate.
Hacking leads to entrepreneurship?
MySpace Cofounder Tom Anderson Was A Real Life “WarGames” Hacker in 1980s
by Michael Arrington on August 30, 2008
Late last year we discovered that MySpace cofounder Tom Anderson, arguably the most popular individual on the Internet with 240+ million MySpace friends (he is added by default to every MySpace account) was actually 37 years old, not the 32 that he continues to claim on his MySpace page.
Now we’ve learned a much more colorful part of Anderson’s history: In 1985, when he was fourteen and in high school in Escondido, California, Anderson was subject to one of the largest FBI raids in California history after hacking into a Chase Manhattan Bank computer system and subsequently showing his friends how to do it.
No comments:
Post a Comment