Wednesday, May 27, 2009

Pretty fast response. Keystroke loggers are not the best way to steal data, but they work.

http://www.databreaches.net/?p=4305

Virus compromises Health Dialog Services employee data

May 26, 2009 by admin Filed under: Healthcare Sector, Malware, U.S

On May 12, Boston-based Health Dialog Services Corporation notified (pdf) the New Hampshire Attorney General’s Office that they had detected a virus on their network that compromised company data, including data stored in the Internet Explorer browser cache on employee computers. The virus was detected on May 5.

The company subsequently determined that the compromised data included personally identifying information that the employees typed while using IE on their computers such as social security numbers, names, addresses, credit card numbers and expiration dates, user names and passwords.

HDSC provided initial email notification to the employees with an offer of free services on May 6; with formal letters sent out on May 14. They report that 390 New Hampshire residents were being notified, but do not indicate how many employees from other states were also affected.



Update Did they wait until after the Visa deadline? Perhaps they own stock in Visa... Next time banks, replace the cards – it's cheap insurance.

http://www.databreaches.net/?p=4313

Rash of debit fraud due to Heartland Payment Systems breach

May 26, 2009 by admin Filed under: Financial Sector, Hack, ID Theft, Malware, U.S.

When Heartland Payment Systems announced a major breach on January 20, some banks and credit unions decided to replace cards proactively. Others decided to just monitor the cards flagged. Now, one week after the deadline for submitting claims to Visa, some banks may be regretting their decision not to replace cards. For example, consider this news report from Eyewitness News in Putnam, CT:

Hundreds of Putnam Bank customers had their debit cards canceled over the weekend after reports of widespread fraud.

[...]

Bank CEO Thomas Borner said Putnam Bank had been tracking reports of fraudulent charges all week and had to shut down hundreds of debit cards.

“At that point on Friday afternoon, as inconvenient as it was going to be, we really had no choice because some accounts were being overdrawn,” he said.

Earlier in the year, credit card processor Heartland announced that some Visa card numbers had been compromised.

“We absolutely know it was a third-party breach,” Borner said. “It has nothing to do with Putnam Bank.”

Customers were notified by mail, he said, but last week money started disappearing. All the affected cards were from Heartland, he said.

[...]

The charges were showing up around the country at places like Wal-Mart and at gas stations, they said, but none were in Connecticut.



Is this reasonable or just Texas? I wonder if this cuts the number of identity theft incidents in the state – I'd bet not.

http://www.databreaches.net/?p=4321

TX: Man sentenced to 25 years for identity-theft scheme

May 27, 2009 by admin Filed under: ID Theft, State/Local, Theft, U.S.

Here’s another case of a stiff sentence for ID theft. Billy Coats was sentenced to 25 years in prison after pleading guilty to fraudulently using or possessing identifying information. At the time of his arrest, Coats was found in possession of more than 200 personal-identification items as well as computer equipment to make fake IDs and checks.

He could have received a life sentence under a law passed in Texas that elevated his crime to a first-degree felony because he possessed more than 50 stolen documents.



I don't think they get it. They seem to forget that we live in a computer age and all of these “evil tasks” can be automated.

http://consumerist.com/5260257/credit-card-processors-launch-a-new-strategy-to-defeat-theft

Credit Card Processors Launch A New Strategy To Defeat Theft

By Chris Walters, 12:41 PM on Tue May 26 2009

This fall, credit card processors will being rolling out a new approach to preventing data theft, based on the assumption that it's impossible to thwart every attack. Instead of keeping 100% of criminals out, they'll segment and encrypt the data into such small chunks that it will no longer be a cost-effective crime.

… It involves new point-of-sale hardware that can encrypt each day's batch of credit card numbers separately, then shuttle each daily pack off to Heartland's data centers for archiving. [A day's take at a WalMart wouldn't be “tiny” (except when compared to what Heartland or TJX lost) Bob]

It's a better approach than what we currently have. For one thing, retailers will no longer have any reason to store credit card numbers. [Aren't they forbidden to do so under the PCI agreement? Bob] But it's not an ideal solution and there are some definite costs, as Schuman points out below. In fact, there's a much better end-to-end encryption solution that we could already be using but aren't simply because it's not as profitable for card companies like Visa and Mastercard. [“Damn the customers! Look at the bottom line!” Bob]

… First of all we really can't keep the bad guys out. Trying to do that is futile. Might as well let 'em in, and let them steal a certain amount of data, and let them go. A, they're going to anyway, and B., if you do it that way, you make sure they don't get enough data that they can profitably sell. If you do that, they're not going to steal it, or at least not very often, because they're not going to make money that way. [Reasonable if you are talking about physical theft, but this is electronic theft – you don't have to be at each WalMart store in the country to steal all the credit card data. Bob]

… They're not going to make any money off of that, and it's not cost-effective to break in at 50 different locations. [How expensive is a mouse click? Bob]



Are we starting to see some pushback?

http://www.pogowasright.org/article.php?story=20090527042206201

The Hidden Cost of Privacy

Wednesday, May 27 2009 @ 04:22 AM EDT Contributed by: PrivacyNews

Special interest groups and lawyers claim they are defenders of individual privacy. But all that red tape is causing more harm to consumers than good.

Source - Forbes.com

[From the article:

In a world of tight budgets and sacrificed programs, one sector has continued to grow with the speed and choking effectiveness of kudzu: regulations around privacy.



We don't want anything to interfere with our surveillance of you.”

http://news.cnet.com/8301-17852_3-10249834-71.html?part=rss&subj=news&tag=2547-1_3-0-5

Four states' DMVs frown on smiling

by Chris Matyszczyk May 26, 2009 10:22 PM PDT

… Well, perhaps you might rejoice that you don't live in Arkansas, Indiana, Virginia, or Nevada.

Those states--and perhaps more to come--have decided to enact a no-smiling policy on driver's license photos.

Their intentions are noble. You see, these states have invested in very fine software that compares photos on licenses to other photos already taken. No one wants to have their identity assumed by shifty people. So the software is a valuable method of prevention.



Hey kids! Want to be more popular?

http://www.techcrunch.com/2009/05/26/warning-twittercut-worm-plays-on-peoples-desire-for-more-followers/

Warning: Twittercut Worm Plays On Your Desire For More Followers

by MG Siegler on May 26, 2009

Everyone wants more Twitter followers. It’s kind of the name of the game. But if you see some tweets in your stream that proclaim: “OMG I just got over 1000 followers today from http://twittercut.com” — don’t be fooled, it’s a scam. The link takes you to a site that requests your Twitter login and pass. It then sends out this tweet to all your followers — a typical worm.



I wonder if I can get a 'desk copy' to evaluate?

http://news.softpedia.com/news/U-S-Military-Developing-Hacking-for-Dummies-Cyber-Warfare-Device-112483.shtml

U.S. Military Developing Hacking-for-Dummies Cyber-Warfare Device

Move some sliders, push a button and you're in

By Lucian Constantin, Web News Editor 25th of May 2009, 13:19 GMT

U.S. Defense Department officials were so impressed with the level of coordination between ground military ops and cyberattacks against strategical targets during the recent conflicts, that they are now looking for ways to weaponize hacking. Aviation Week glanced at such a device and reports that it is being designed to be easily used even by non-techy soldiers.



I can't work today! It's Mother's Day in Bolivia!

http://www.makeuseof.com/dir/earthcalendar-calendar-of-holidays-and-celebrations-worldwide/

EarthCalendar: Calendar of Holidays And Celebrations Worldwide

EarthCalendar is an online calendar of holidays and celebrations across the globe. You can either click ‘Today’ button and view holidays on this date or alternatively browse holidays by date, country, religion, view international holidays, lunar phases and eclipses for current and past year.

http://www.earthcalendar.net/index.php



Of course, I would never do this to those of you who read this via email.

http://www.makeuseof.com/dir/whoreadme-track-sent-email/

WhoReadMe: Track Sent Email & Get Alerts When They Read

WhoReadMe is an online email tracking service that lets you track sent emails and get real-time alerts when they viewed. The idea is simple WhoReadMe embeds a transparent tracking image with unique ID into your email. Once recipient opens your email, tracking image will be loaded and you will be alerted.

No comments: