http://www.databreaches.net/?p=9222
Ca: Debit-card fraud hits Guelph bank customers
December 30, 2009 by admin Filed under Breach Incidents, ID Theft, Non-U.S., Skimmers
Vik Kirsch reports:
TD Canada Trust customers stood in long lineups in at least one Guelph branch Tuesday to replace debit cards after cash was stolen from their accounts or as a precaution against this high-tech theft.
“The lineup was just incredible,” customer Irene Hayes said after replacing her debit card to guard against further theft. She said she had $400 missing from her account, but was assured by bank staff it would be replaced within a few days.
“At least we’re getting it back, but I’m sure there are people who are going to be in dire straits about this,” Hayes said, noting she talked to one person in line, a student who said he had several thousand dollars missing from a school tuition account.
Bank branch staff run off their feet Tuesday were too busy to comment. And while TD Canada Trust corporate spokesperson Tashlin Hirani couldn’t readily provide details, she noted in an email response that “debit fraud is a growing problem that impacts all banks and their customers.”
It’s often due to “a compromised merchant terminal or PIN (personal information number) pad” at a retailer such as a gas station, restaurant or grocery store, Hirani said.
Read more on GuelphMercury.com.
At first, they didn't want to name the restaurant. Now they won't name the (assumption follows) credit card processor. Clearly this is bigger than some local teenage hacker.
http://www.databreaches.net/?p=9235
Update AK: Source of stolen credit information was a restaurant
December 30, 2009 by admin Filed under Business Sector, Hack, ID Theft, U.S.
James Halpin reports:
The source of the debit and credit card data stolen from hundreds of Anchorage residents in a sophisticated hacking attack [If history is any indication, probably not. Either a default password was still being used or the data was transmitted unencrypted. Bob] was Little Italy, a family-owned restaurant in South Anchorage, its owner said Tuesday.
Police say anywhere from 150 to 1,000 card numbers were stolen and used in the attack, which started generating reports of fraudulent purchases about a month ago. The scammers, in what appears to be a nationwide, [Suggests more than one? Bob] organized effort, have spent thousands of dollars on the East Coast with the stolen data, according to police.
[...]
According to the owners, the hack was actually perpetrated against a third-party network run by a nationwide corporation they wouldn’t name.
Read more in the Anchorage Daily News.
[From the article:
Mike Messick, chief technology officer for Digital Securus, a local firm that has been helping examine the network at Little Italy, said his group found hacker programs on the point-of-sale terminals at the restaurant.
"So what the bad guys did was, instead of trying to intercept that encrypted transmission, which they knew was futile, they came in and they installed a hacker program on the point-of-sale machines that actually intercepted that card number as it was being swiped," Messick said.
Not the greatest article of all time, but an increasingly common perspective. I would even postulate that TSA believes they can keep things private by fiat.
We All Live In Public Now. Get Used To It.
by Erick Schonfeld on December 30, 2009
… It used to be that we lived in private and chose to make parts of our lives public. Now that is being turned on its head. We live in public, like the movie says (except via micro-signals not 24-7 video self-surveillance), and choose what parts of our lives to keep private. Public is the new default.
Stowe Boyd, along with others before him, calls this new state of exposure “publicy” (as opposed to privacy or secrecy).
A chain is only as strong as its weakest link. (See the TSA article, below) At least, that's how the TJX hacker operated.
Quantum Encryption Implementation Broken
Posted by timothy on Wednesday December 30, @04:37PM from the but-this-was-a-quantum-drawing-board dept.
I Don't Believe in Imaginary Property writes
"Professor Johannes Skaar's Quantum Hacking group at NTNU have found a new way to break quantum encryption. Even though quantum encryption is theoretically perfect, real hardware isn't, and they exploit these flaws. Their technique relies on a particular way of blinding the single photon detectors so that they're able to perform an intercept-resend attack and get a copy of the secret key without giving away the fact that someone is listening. This attack is not merely theoretical, either. They have built an eavesdropping device and successfully attacked their own quantum encryption hardware. More details can be found in their conference presentation."
This is increasingly typical. How can you distribute non-classified data and expect it to remain confidential? Are the procedures used by the DHS “agents” also typical? I fear they are.
http://www.wired.com/threatlevel/2009/12/dhs-threatens-blogger/
TSA Threatens Blogger Who Posted New Screening Directive
By Kim Zetter December 30, 2009 3:53 pm
Two bloggers received home visits from Transportation Security Administration agents Tuesday after they published a new TSA directive that revises screening procedures and puts new restrictions on passengers in the wake of a recent bombing attempt by the so-called underwear bomber.
… The document, which the two bloggers published within minutes of each other Dec. 27, was sent by TSA to airlines and airports around the world and described temporary new requirements for screening passengers through Dec. 30, including conducting “pat-downs” of legs and torsos. The document, which was not classified, was posted by numerous bloggers. Information from it was also published on some airline websites.
(Related) “We don't need no stinking journalists!” (or Bloggers!) Would this software have found and re-published the TSA security procedures? If so, who would you subpoena?
The Rise of Machine-Written Journalism
Posted by CmdrTaco on Wednesday December 30, @02:08PM from the hey-that's-my-job dept.
Hugh Pickens writes
"Peter Kirwan has an interesting article in Wired UK on the emergence of software that automates the collection, evaluation, and even reporting of news events. Thomson Reuters, the world's largest news agency, has started moving down this path, courtesy of an intriguing product with the nondescript name NewsScope, a machine-readable news service designed for financial institutions that make their money from automated, event-driven trading. The latest iteration of NewsScope 'scans and automatically extracts critical pieces of information' from US corporate press releases, eliminating the 'manual processes' that have traditionally kept so many financial journalists in gainful employment. At Northwestern University, a group of computer science and journalism students have developed a program called Stats Monkey that uses statistical data to generate news reports on baseball games. Stats Monkey identifies the players who change the course of games, alongside specific turning points in the action. The rest of the process involves on-the-fly assembly of templated 'narrative arcs' to describe the action in a format recognizable as a news story. 'No doubt Kurt Cagle, editor of XMLToday.org, was engaging in a bit of provocation when he recently suggested that an intelligent agent might win a Pulitzer Prize by 2030,' writes Kirwin. 'Of course, it won't be the software that takes home the prize: it'll be the programmers who wrote the code in the first place, something that Joseph Pultizer could never have anticipated.'"
[From the article:
Journalists remain artisans in an era of industrialisation. Inside newsrooms, the old craft methods remain dominant. Outside, across the vast expanse of the web, algorithms are automating the information industry.
Lots of money waiting behind these rules, and only a few hundred pages to digest!
http://www.phiprivacy.net/?p=1734
Meaningful use’ criteria released
By Dissent, December 31, 2009 7:58 am
David Burda writes on ModernHealthcare.com:
HHS issued two sets of much-anticipated federal regulations that significantly further the government’s healthcare information technology adoption agenda. The first set of regulations lists the “meaningful use” criteria that healthcare providers must meet to qualify for federal IT subsidies based on how they use their electronic health records. The second set of regulations lays out the standards and certification criteria that those EHRs must meet for their users to collect the money
Read more here.
Because it's a list and it's free!
http://www.pcmag.com/article2/0,2817,2356301,00.asp
Top 20 Free Blackberry Apps
For all my students who expect instant understanding.
The Neuroscience of Screwing Up
Posted by samzenpus on Wednesday December 30, @07:45PM from the nobody-is-right-all-the-time dept.
resistant writes
"As the evocative title from Wired magazine implies, Kevin Dunbar of the University of Toronto has taken an in-depth and fascinating look at scientific error, the scientists who cope with it, and sometimes transcend it to find new lines of inquiry. From the article: 'Dunbar came away from his in vivo studies with an unsettling insight: Science is a deeply frustrating pursuit. Although the researchers were mostly using established techniques, more than 50 percent of their data was unexpected. (In some labs, the figure exceeded 75 percent.) "The scientists had these elaborate theories about what was supposed to happen," Dunbar says. "But the results kept contradicting their theories. It wasn't uncommon for someone to spend a month on a project and then just discard all their data because the data didn't make sense."'"