Suspect identified in Heartland Payment Systems breach
Posted January 23rd, 2009 by admin
Evan Schuman at Storefront Backtalk is reporting that the Secret Service has identified an overseas suspect in the Heartland Payment Systems breach.
Evan also has some other updated info on the breach:
The processor first learned of the breach (when alerted by Visa and Mastercard) in late October/early November, said Heartland spokesman Jason Maloni. Previously, the only comment had been that it had been alerted in late Fall, which could have been as late as Dec. 20.
Maloni also revealed that when the sniffer software had been discovered by Heartland, the application had already been deactivated, presumably by the cyber thieves who had planted it. “It was inactive when we found it,” Maloni said.
Maloni said he didn’t more about the application’s inactive status, such as whether it had been fully terminated or whether it could have been merely dormant, programmed to awaken at some future point. If the Trojan had been deactivated, that could mean that the thieves learned they were being hunted and shut off many such applications to try and make it more difficult for investigators to discover their location.
Read more here.
[From the article:
Carr [Heartland’s CEO Bob] also took the opportunity to push the industry for more openness and data-sharing when it comes to cyber assaults. “I have talked to many payments leaders who are also concerned about the increasing success and frequency of cyber crime attacks,” Carr said. “Up to this point, there has been no information sharing, thus empowering cyber criminals to use the same or slightly modified techniques over and over again. I believe that had we known the details about previous intrusions, we might have found and prevented the problem we learned of last week.” [Think Homeland Security should do this? We could pay for it with increased fines... Oh, wait. We don't fine anyone. Bob]
Again? Help Wanted: Must know something about securing those computer thingys...
Monster.com Reports Theft of User Data
Posted January 24th, 2009 by admin
Deja vu all over again…
Nancy Gohring of IDG News Service reports:
Monster.com is advising its users to change their passwords after data including e-mail addresses, names and phone numbers were stolen from its database.
The break-in comes just as the swelling ranks of the unemployed are turning to sites like Monster.com to look for work.
The company disclosed on its Web site that it recently learned its database had been illegally accessed. Monster.com user IDs and passwords were stolen, along with names, e-mail addresses, birth dates, gender, ethnicity, and in some cases, users’ states of residence. The information does not include Social Security numbers, which Monster.com said it doesn’t collect, or resumes.
Monster.com posted the warning about the breach on Friday morning and does not plan to send e-mails to users about the issue, [“Screw 'em. Besides, we can't afford the postage.” Bob] said Nikki Richardson, a Monster.com spokeswoman. The SANS Internet Storm Center also posted a note about the break-in on Friday.
USAJobs.com, the U.S. government Web site for federal jobs, is hosted by Monster.com and was also subject to the data theft. USAJobs.com also posted a warning about the breach.
Read more on PC World
Comment: It’s nice to see that both Monster.com and USA Jobs posted alerts with links to the notices from their home page. I wish more entities would post alerts on their home page.
[Zero facts! Another fine example of saying nothing and worse than nothing.
Monster.com has been checking for misuse of the stolen information but hasn't yet found any
What did they expect to find? “Oh look, This valid userid and password are being entered by someone else? Or perhaps they are scanning your dossier for indications your identity has been stolen? Bob]
Hey! Let us help you avoid your government's censorship!
Hey! Let us help you identify everyone avoiding your censorship! (We don't erase data so you can erase troublemakers?)
China's anti-censor software pimps user data
Friday, January 23 2009 @ 10:59 AM EST Contributed by: PrivacyNews
Harvard researchers have accused the developers of tools for dodging the Great Firewall of China of selling data harvested by the software, potentially giving the authorities in Beijing an easy way to identify dissidents.
As well as selling aggregate usage data, software developers were also offering to sell detailed surfing histories of individual surfers for a fee, something that poses an even greater privacy risk, according to an analysis by Hal Roberts from The Berkman Center for Internet Society at Harvard University.
Source - The Register
Speaking of tracking (I'm pleased that including the original article in my blog had this effect.)
White House acts to limit YouTube cookie tracking
Friday, January 23 2009 @ 06:29 PM EST Contributed by: PrivacyNews
Just 12 hours after this blog highlighted the privacy problems associated with the White House's use of embedded YouTube videos, the Obama team rushed to deploy a technical fix that significantly protects the privacy of many (but not all) of the site's visitors.
Since its launch three days ago, President Obama's White House Web site has included several embedded YouTube videos. While this certainly demonstrates that the 44th president is Web 2.0 savvy, the decision to embed YouTube videos has also enabled the Google-owned video-sharing site to sneakily collect data on the millions of people who visit Whitehouse.gov--even those users who never click the "play" button to actually watch one of the videos.
Source - Cnet
Next they could ask for the records of everyone on MySpace and see if they can establish a crime. Bragging about downloading a song, robbing a bank, or playing hooky. Who knows, they might find Governors paying for sex, or hackers tapping credit card computers! (It would be cheaper for society if we just executed sex offenders and we are in a recession.)
Conn. AG to MySpace: Turn over sex offender data
Posted by Elinor Mills January 23, 2009 4:10 PM PST
The Connecticut attorney general's office on Friday served MySpace a subpoena demanding that MySpace hand over the identities of registered sex offenders it claims the social-networking site discovered and subsequently removed from its roster of members.
Connecticut Attorney General Richard Blumenthal also told CNET News that his office is reviewing independent research about registered sex offenders said to still populate the site. Blumenthal declined to comment on whether he plans to take further action.
… From deleted profile information, officials can see whether sex offenders have violated parole by joining a social network and whether they have been communicating with minors on the site.
… A report issued last week by the Internet Safety Technical Task Force concludes that minors are less vulnerable to sexual predation than previously believed.
Interesting. Who do we know in Maui that could host a seminar? (Are they actually saying Judges are stupid and we want to put one of our lackeys in their chambers to make sure they 'do the right thing?')
New bill approaches patent reform 'part and parcel'
Posted by Stephanie Condon January 23, 2009 2:24 PM PST
… Rep. Adam Schiff (D-Calif.) and Rep. Darrell Issa (D-Calif.) reintroduced legislation this week that would start a 10-year pilot program to educate district judges on patent issues. Judges from courts that meet certain criteria would be able to opt into the program, which would provide funds for them to pursue educational opportunities such as patent seminars. The participating courts would also be assigned a clerk with expertise in patent law or the technical issues associated with patent cases. The bill authorizes $5 million a year to carry out the program.
What a great
cover story Research Project! I only wish he gave us the URLs that host these downloads so we would know which site to avoid.
Piracy: More Oscar-contending films end up online
Posted by Greg Sandoval January 23, 2009 2:59 PM PST
… Andy Baio, an independent journalist and programmer, says he has tracked how quickly pirated copies of Oscar-nominated films appear on the Web for the past six years. He logs whether the copies were recorded with handheld cameras or copied from DVDs.
… That may be true, but of this year's 26 Oscar contenders, which were announced on Thursday, 24 are available online in DVD quality, Baio wrote on his site, Waxy.org.
… He says it took longer on average than in years past for pirated copies to be made from the screeners and then make their way online: six days.
A question for all of those Legal Scholars who read my blog: Should we require full disclosure of attacks (network or otherwise) that impact Internet service? (I suspect it would be useful to know if a given vendor was brought to its knees by 10,000 computers or 10,000,000.)
Network Solutions Under Large-Scale DDoS Attack
Posted by Soulskill on Friday January 23, @10:08PM from the but-they're-so-friendly dept. The Internet Security
"CircleID is reporting a large-scale DDoS attack affecting all of Network Solutions' name servers for the past 48 hours, potentially affecting millions of websites and emails around the world hosting their domain names on the company's servers. The NANOG mailing list indicates that it is due to a very large-scale UDP/53 DDoS which Network Solutions has also confirmed: 'There is a spike in DNS query volumes that is causing latency for the delay in web sites resolving. This is a result of a DDOS attack. We are taking measures to mitigate the attack and speed up queries.""
Quotable Statistics! (We know your age and where you live and work)
Internet users worldwide surpass 1 billion in December
Posted by Dawn Kawamoto January 23, 2009 4:35 PM PST
… Global Internet usage reached over 1 billion unique visitors in the month of December, with 41.3 percent coming from the Asia-Pacific region, according to a report released Friday by comScore.
The study looked at Internet users over the age of 15, who accessed the net from their home or work computers in the month of December.
Warning: Another Bob rant! Rather than admit their plan has flaws (gross underestimation of the cost involved, unrealistic time estimate, take your pick) now they want to “delay” the conversion date without mandating that broadcasters not convert as originally scheduled. Typical.
Campaign to delay DTV transition gets a boost
Posted by Marguerite Reardon January 23, 2009 3:00 PM PST
It looks as though the digital TV transition will likely be delayed now that a group of Senate Republicans agreed to a plan that would push it back to June 12.
… Under the new deal, the transition date will be delayed until June 12. But TV stations will be allowed to switch to digital signals before that date
Is the distinguished Senator from Iowa confusing “all men are created equal” with “all employees are interchangeable and therefore equally disposable?” or is it just “damn furriners!”
Senator Prods Microsoft On H-1B Visas After Layoff Plans
Posted by Soulskill on Saturday January 24, @08:18AM from the checking-their-priorities dept. Microsoft Businesses Government United States
"US Sen. Charles Grassley (R-Iowa) told Microsoft this week that US citizens should get priority over H-1B visa holders as the software vendor moves forward on its plan to cut 5,000 jobs. 'These work visa programs were never intended to allow a company to retain foreign guest workers rather than similarly qualified American workers, when that company cuts jobs during an economic downturn,' Grassley wrote in a letter sent Thursday to Microsoft CEO Steve Ballmer. The letter asked Microsoft to detail the types of jobs that will be eliminated and how those cuts will affect the company's H-1B workers."
Reader theodp adds, "On Friday, Microsoft coincidentally announced it would postpone construction of a planned $500 million data center in Grassley's home state of Iowa, although work on data centers in Chicago and Dublin will continue."
Another technological innovation!
January 23, 2009
New Kind of Official Presidential Portrait Released
"Today we are releasing the new official portrait for President Barack Obama. It was taken by Pete Souza, the newly-announced official White House photographer. It is the first time that an official presidential portrait was taken with a digital camera. You can see the portrait [and] download a copy."
[No doubt everyone who downloads the portrait will want to immediately upload it to http://www.stickyfan.com/ Bob]
Hours of fun! “Potholes being created ahead” “Your tax dollars being flushed” “We'll rip up this road every two years – strong union”
Hacking programmable road signs
Posted by Daniel Terdiman January 23, 2009 1:16 PM PST
… According to the blog i-hacked.com, some programmable road signs are easily messed with, largely because they often have unlocked instrument panels, a text-entry system that is easily accessed, and are often protected with uncomplicated, or unchanged default passwords.