Wednesday, June 22, 2011

Interesting and possibly big. They know they have a problem but so far don't see the connection. Not normal. Note: Card Verification Value (CVV or CVV2)

http://www.databreaches.net/?p=19109

Debit Breach Hits Ohio Accounts

June 21, 2011 by admin

Jeffrey Roman reports:

June 21 Update: The recent breaches that affected dozens of Northeast Ohio banks and credit unions were most likely caused by the interception of CVV2 card security codes, says Mike Urban, senior director of fraud product management at FICO.

It’s not a skimming situation,” Urban says of the breaches which started in April. “Likely, it was related to one or several attacks on a card-not-present merchant.”

The fraudsters, using stolen debit details, hit accounts with fraudulent signature-based transactions used for online and over-the-phone purchases.

Based on the number of organizations hit, tens of thousands of accounts may have been exposed.

Read more on BankInfoSecurity.

[From the article:

Fraudulent purchases, some of which neared $4,000, at Walmart, AutoZone and CVS were reported. Other transactions were initiated overseas, including some in Germany and the Philippines.

… CVV data can be captured when a magnetic stripe is skimmed. CVV2 data, on the other hand, is used for authenticating online or over-the-phone purchases. "[The CVV2] number is not on a magnetic stripe," Urban says. "When you're skimming, you can compromise the CVV stripe. But you don't get the CVV2, which is on the signature bar."

… "I'd be interested in knowing what the connection, besides location, these CUs [and banks] have with each other," he says "Shared ATM network or processor? There must be a single point of compromise, versus a fraudster just focusing on CUs in a particular location."



This sounds funny. Could the FBI really be this ham-handed? I doubt it. Although, if this is one of their warrant-less grabs, there was no detailed list of items to seize.

FBI Seizes Servers In Virginia

"The FBI has seized servers belonging to several clients of a hosting company in Reston, VA, disrupting service for many other clients. 'In an e-mail to one of its clients on Tuesday afternoon, DigitalOne’s chief executive, Sergej Ostroumow, said: “This problem is caused by the FBI, not our company. In the night FBI has taken 3 enclosures with equipment plugged into them, possibly including your server — we cannot check it.” Mr. Ostroumow said that the FBI was only interested in one of the company’s clients but had taken servers used by “tens of clients.” He wrote: “After FBI’s unprofessional ‘work’ we can not restart our own servers, that’s why our Web site is offline and support doesn’t work.” The company’s staff had been working to solve the problem for the previous 15 hours, he said.'"



“Shame on you!” is unlikely to be sufficient.

http://www.pogowasright.org/?p=23502

Canada’s privacy commissioner scolds Staples, eHarmony

June 21, 2011 by Dissent

Jeff Davis reports:

Staples Business Depot received a slap on the wrist from the federal privacy commissioner Tuesday for failing to protect customers’ personal information.

The business-supplies company was found to have been selling used data storage devices — such as computers, hard drives and USB sticks — without first wiping them clean of data.

[...]

Also criticized in Tuesday’s report was online-dating site eHarmony, which was found not to be giving users a clear option of permanently deleting their profile information from the site.

Read more on Canada.com,

Related, from the Office of the Privacy Commissioner of Canada:



Unlikely this would pass in the US. Too much money involved.

http://www.pogowasright.org/?p=23511

Dutch parliament passes legislation on cookies opt-in

June 22, 2011 by Dissent

The lower house of the Dutch parliament has passed legislation requiring websites to get visitors permission before installing tracking cookies. The controversial legislation went through various versions before passing, from requiring permission for all cookies to mandating an opt-in only for third-party cookies that collect personal information or pass that information on to third parties. In the end all cookies will be subject to the Law on the Protection of Personal Information, meaning they can be questioned by the privacy regulator CBP and in court.

Read more on Telecompaper.



For my Disaster Recovery class. If you can recover from a Zombie caused business interruption, you can handle most anything...

http://www.wired.com/dangerroom/2011/06/army-gets-how-to-guide-for-zombie-invasion/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Army Gets How-To Guide for Zombie Invasion

One day in the not-too-distant future, a mindless horde of cannibalistic killing machines will come shambling through the streets of America. And when that day comes, the U.S. Army will be on it faster than you can scream “BRAAIIIINNSS!”

Lucky for us, the Army Zombie Combat Command has put together a nifty manual on how to identify, fight, and kill those murderous mobs of the undead. Soldiers can now add the FM 999-3 Counter-Zombie Operations at the Fireteam Level to their arsenal – “the primary doctrinal reference on conducting fire team sized infantry operations in a Zombie infested environment in the United States.”

[NOTE: This is a Cloud hosted document and the owner has used up all his download bandwidth. Fortunately, you can grab a copy at Scribed:

http://www.scribd.com/doc/57881693/FM-999-3-Counter-Zombie-Operations-at-the-Fireteam-Level-v1-1



For my Intro to IT class...

Tuesday, June 21, 2011

How to Use Google Bookmarks

One of the parts of the Google Across the Curriculum workshop that I ran today was about using Google Bookmarks. For most of the participants in today's workshop using a web-based bookmarking service instead of a browser-based service was a new and welcome concept. The slides below were the basis for the hand-outs that today's participants received. For more more Google tools tutorials like this one, check out my Google Tutorials page.

If you're wondering about the benefits of using a social bookmarking service, watch Common Craft's explanation below.


No comments: