We
know how to detect breaches like this. We just don't bother to look.
Nicole
Perlroth reports:
Home Depot confirmed on Monday that hackers had broken into its
in-store payments systems, in what could
be the largest known breach of a retail company’s computer network.
The retailer said the exact number of customers affected was still
not clear. But a person briefed on the investigation said the total
number of credit card numbers stolen at Home Depot could top 60
million. By comparison, the breach last year at Target, the largest
known attack to date, affected 40 million cardholders.
Read
more on NY
Times.
[From
the article:
The
breach may have affected any customer at Home Depot stores in the
United States and Canada from April to early last week, said Paula
Drake, a company spokeswoman. Customers at Home Depot’s Mexico
stores were not affected, nor were online shoppers at HomeDepot.com.
Personal identification numbers for debit cards were not taken, she
said.
Home
Depot has not yet confirmed other details.
The
retailer operates 1,977 stores in the United States and 180 in
Canada. That is about 400 more than Target had when it was
compromised. Target’s
breach went on for three weeks before the company learned
about it, while the attack at Home
Depot went unnoticed for as long as five months.
…
Buried in the malware used in the Home Depot attack were links to
websites that reference the United States role in the conflict in
Ukraine.
…
Studies have found that retailers, in particular, are unprepared for
such attacks. A joint study by the Ponemon Institute, an independent
security research firm, and DB Networks, a database security firm,
found that a majority of computer security experts in the United
States believed that their organizations lacked the technology and
tools to quickly detect database attacks.
Only
one-third of those experts said they did the kind of continuous
monitoring needed to identify irregular activity in their databases,
and 22 percent acknowledged
that they did not scan at all.
(Related)
Reuters
reports:
At least five states have launched a joint probe into the data breach
on the payment-card processing systems of Home Depot, even as the
retailer works to determine the impact on its customers in the United
States and Canada.
The coordinated effort was disclosed on Tuesday, a day after Home
Depot confirmed suspicions that its payment processing systems have
been breached.
A spokeswoman for Connecticut Attorney General George Jepsen told
Reuters that California, Connecticut and Illinois would lead the
multistate effort. New York and Iowa said they would participate.
Read
more on CNBC.
Don't
use a password on more than one site.
RT
reports:
A database of what appears to be some 5 million login and password
pairs for Google accounts has been leaked to a
Russian cyber security internet forum. It follows similar leaks of
account data for popular Russian web services.
The text file containing the alleged compromised accounts data was
published
late on Tuesday on the Bitcoin Security board. It lists 4.93 million
entries, although the forum administration has since purged passwords
from it, leaving only the logins.
[...]
The leak comes just days after similar leaks affected Mail.ru
and Yandex, both popular Russian internet services.
The previous leaks contained 4.66 and 1.26 million accounts
respectively.
Read
more on RT.
Note
that this is not evidence that Google, Mail.ru, or Yandex were
hacked, and the two Russian firms deny they were, while Google says
it is investigating. As Mohab Ali points out on Twitter this
morning: “According to reddit comments, people who found their
email addresses found the passwords they used in other websites not
gmail.”
@BrianHonan
According to reddit comments, people who found their email addresses
found the passwords they used in other websites not gmail.
— Mohab Ali (@0xAli) September
10, 2014
We
have a similar problem. You can lead a student to technology, but
you can't make them think.
Convincing
Employees to Use New Technology
All
of our companies are digital now – or quickly becoming that way.
Almost any enterprise you can think of, no matter the industry or
sector, is trying (or being pressured by competitors) to use new
technology to harness the vast new oceans of data being generated by
smartphones, sensors, digital cameras, GPS devices, and myriad other
sources of information originating from customers and markets.
No comments:
Post a Comment