http://www.databreaches.net/?p=6030
Hackers Decrypt Encrypted Data?
July 8, 2009 by admin Filed under Business Sector, Hack, ID Theft, Non-U.S.
Meanwhile, in Manila, the Manila Bulletin Publishing Corp. reports:
The National Bureau of Investigation (NBI) started expanding its probe into the credit card fraud after uncovering that the arrested Nigerians who managed to hack the merchant website to get vital information of the credit card holders.
[...]
Last Friday, agents of the National Bureau of Investigation (NBI) arrested four Nigerians engaged in purchasing plane tickets through fraudulently acquired credit cards in an operation in Cavite.
[...]
Mallari said the arrested Nigerians and other syndicates engaged in the credit card fraud were able to hack the merchant website.
“Information in the merchant website is encrypted and the internet hackers managed to decrypt the info. Of course not all info in the merchant web can easily accessed by syndicates like the big companies, because they have measures to protect their clients but in some instances; the syndicates succeed in decrypting the info,” said Palmer.
The remainder of the story is a bit difficult for me to understand. If anyone would like to read the whole thing and then summarize, that would be nice
Small, but interesting. Sounds like an amusing project for my Math students... Identify the range of numbers your bank (any card issuer) uses and then generate a few dozen valid numbers. My usual 10% guarantees an “A” Best Practice would be a truly random number, but with hundreds of issuers, that could cause duplicates...
http://www.databreaches.net/?p=6021
ID Theft Case in Japan
July 7, 2009 by admin Filed under ID Theft, Malware, Non-U.S., Other
It’s unusual for me to see an ID theft report coming out of Japan. There was the report last year involving Yahoo! Japan, but other than that, I’m hard-pressed to think of any cases offhand. Today’s Yomiuri Shimbun, however, reports one such case:
The Metropolitan Police Department arrested Chizuru Asahi, 21….. She allegedly used other people’s credit card numbers she illicitly obtained through card-generation malware called CreditMaster. [Another useful crook-tool! Bob]
[...]
During a search of her house, the police seized eight credit cards issued under other people’s names.
Asahi was quoted by the police as saying, “We identified credit card numbers [originally issued] for more than 60 people based on these [eight] credit cards.”
[...]
This is the first time in Japan that a person has been charged in connection with a CreditMaster scheme, the Japan Credit Card Association said.
According to the association, credit card numbers are basically set sequentially based on a specific protocol created by individual credit companies.
The CreditMaster fraud scheme allows existing credit card numbers to be illicitly identified with computer software based on an existing number by making calculations based on the numb ter of the base card, excluding a specific set of numerals with which the credit card company can be identified.
(Related?) What do you bet that they also generate account numbers based on a simple algorithm...
http://www.databreaches.net/?p=6014
eMoney Transfer Customer Data Accessed
July 7, 2009 by admin Filed under Breach Incidents, Financial Sector, Of Note, U.S., Unauthorized Access
MoneyGram International has notified the Vermont Attorney General’s Office of a breach affecting some customers using MoneyGram Payment System’s eMoney Transfer system.
According to the letter dated June 29, during routine security checks, the company discovered that some customers’ accounts had been accessed by unauthorized individuals. The company insists, however, that there was no security breach on their end. The letter from Debra Guertin, MoneyGram’s Privacy Officer, said:
The access was not a result of breakdown in MoneyGram’s security controls. Although we have investigated thoroughly and contacted law enforcement, we do not know how the criminals obtained the customers’ login information.
The unauthorized access may have exposed the customers’ names, addresses, phone numbers, transaction history, and last four digits of a masked credit card number. As a preventive measure, the company blocked access to those accounts and wrote to affected customers to ask them to call in and change their password to unblock their accounts. Customers were also offered a discounted rate on a subscription to services through Equifax.
Three Vermont residents were notified of the breach. The total number affected was not reported.
Very slick. By routing through the victim's link, the bank would see the correct IP address of their customer.
http://it.slashdot.org/story/09/07/07/2051238/PC-Invader-Costs-a-Kentucky-County-415000?from=rss
PC Invader Costs a Kentucky County $415,000
Posted by kdawson on Tuesday July 07, @07:26PM from the don't-be-stupid-out-there dept.
plover recommends a detailed account by Brian Krebs in the Washington Post's Security Fix column of a complex hack and con job resulting in the theft of $415,000 from Bullitt County, Kentucky.
"The crooks were aided by more than two dozen co-conspirators in the United States, as well as a strain of malicious software capable of defeating online security measures put in place by many banks. ...the trouble began on June 22, when someone started making unauthorized wire transfers of $10,000 or less from the county's payroll to accounts belonging to at least 25 individuals around the country... [T]he criminals stole the money using a custom variant of a keystroke logging Trojan known as 'Zeus' (a.k.a. 'Zbot') that included two new features. The first is that stolen credentials are sent immediately via instant message to the attackers. But the second, more interesting feature of this malware... is that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim's bank account using the victim's own Internet connection."
Why would the cellphone companies need to know where you are? They could count the number of calls at each cell (without identifying users) if they needed to determine the load on their system. What business purpose is served by knowing who is where?
http://news.slashdot.org/story/09/07/07/2331254/Cellphones-Increasingly-Used-As-Evidence-In-Court
Cellphones Increasingly Used As Evidence In Court
Posted by kdawson on Wednesday July 08, @09:02AM from the we-know-where-you-were-last-summer dept. court privacy
Hugh Pickens writes
"The NY Times reports that the case of Mikhail Mallayev, who was convicted in March of murder after data from his cellphone disproved his alibi, highlights the surge in law enforcement's use of increasingly sophisticated cellular tracking techniques to keep tabs on suspects before they are arrested and build criminal cases against them by mapping their past movements. But cellphone tracking is raising concerns about civil liberties in a debate that pits public safety against privacy rights. Investigators seeking warrants must provide a judge with probable cause that a crime has been committed, but investigators often obtain cell-tracking records under lower standards of judicial review — through subpoenas, which are granted routinely, or through an intermediate type of court order based on an argument that the information requested would be relevant to an investigation. 'Cell phone providers store an increasing amount of sensitive data about where you are and when, based on which cell towers your phone uses when making a call. Until now, the government has routinely seized these records without search warrants,' said EFF Senior Staff Attorney Kevin Bankston. Last year the Federal District Court in Pittsburgh ruled that a search warrant is required even for historical phone location records, but the Justice Department has appealed the ruling. 'The cost of carrying a cellphone should not include the loss of one's personal privacy,' said Catherine Crump, a lawyer for the ACLU."
Reenforces a lots of my views. Politicians can't understand everything so they rely on the bureaucrats to tell them what their policy should be. (Presidents may change but bureaucracies live forever.)
http://www.pogowasright.org/?p=1552
Obama’s cyber plan raises privacy hackles
July 8, 2009 by Dissent Filed under Govt, Internet, Surveillance, U.S.
Andy Greenberg of Forbes discusses the initial concerns and reactions of privacy advocates to Obama’s cybersecurity plan. Concerns kicked into higher gear last week with news about NSA involvement in monitoring government traffic on private sectors and the Einstein 3 program. Greenberg reports:
While the concerns over privacy and the NSA are valid, they could hamper the progress of the Obama administration’s cyber plan, says James Lewis, director of the Center for Strategic and International Studies, which authored an influential paper aimed at shaping the president’s thinking on cyber issues. “We have technologies that would greatly improve cybersecurity, but their use wouldn’t be consistent with our laws on surveillance and privacy,” Lewis says, pointing to statutes such as the Electronic Communications Privacy Act of 1986, which disallows wiretaps without a warrant.
Lewis says these laws may need to be amended to allow effective government monitoring systems, but he notes that the scandal surrounding the Bush administration’s warrantless wiretapping practices may have precluded that kind of legislation.
Read more in Forbes.
[From the article:
… "It feels like the Bush administration all over again," says Pam Dixon, executive director of the World Privacy Forum. "Not enough people know the details about these programs to have a good public discussion. We all want good security of government systems, but you have to balance the cloak and dagger elements with civil liberties."
… But the plans involve two controversial players: The revamped monitoring technology would largely come from the NSA and initial tests would take place on AT&T's network, two ideas that bring to mind uncomfortable memories of the warrantless wiretapping programs that rattled civil libertarians under the Bush administration.
"The same folks are being potentially entrusted with cybersecurity who have already shown that they have no regard for the law," says Lee Tien, an attorney with the Electronic Frontier Foundation, a nonprofit group that sued AT&T for its involvement in those wiretapping programs. "It's troubling that the Obama administration would consider this sort of thing."
… But Stewart Baker, a former NSA general counsel in the Clinton administration, argues that given the frequency of hacker intrusions on government networks, there's little time to waste on vague privacy worries.
Tools for parents tracking their children?
http://www.killerstartups.com/Video-Music-Photo/muzkmesh-com-lastfm-lyricwiki-mashup
MuzkMesh.com - LastFM & LyricWiki Mashup
Mashups come in all sizes and colors. This one caught my fancy recently, if only because it combines three different services that have blended pretty well together. They are LastFM, LyricWiki and GoogleMaps.
By glancing at that list you can more or less guess what it does, and chances are you will guess right. You just supply a LastFM username to be provided with a list of the 10 last songs that were played by that person. Upon clicking on each one of the provided song titles the lyrics will be displayed for you to enjoy them, whereas a short band information is likewise provided. Note that Flickr is also part of the mashup, as you can see recent pictures with ease on the right-hand corner of the screen. For its part, GoogleMaps are employed to list forthcoming events.
This mashup offers you a sort of window into any person’s musical tastes. It is a good way to while away some idle hours, and all the information that is provided guarantees you will learn everything about any artist that crops up and whose name you didn’t even know to begin with.
(Related) A rose by any other name would be a petunia. (bin Ladin / Ben Ladin / Ben London )
http://www.pogowasright.org/?p=1486
Does the PASS ID Act Protect Privacy?
July 7, 2009 by Dissent Filed under Govt, Legislation, Surveillance, U.S.
Jim Harper of the Cato Institute takes aim at PASS ID and CDT’s praise for it. Here are a few snippets:
One of the more interesting privacy “protections” in the PASS ID Act is a requirement that individuals may access, amend, and correct their own personally identifiable information. This is a new and different security/identity fraud challenge not found in REAL ID, and the states have no idea what they’re getting themselves into if they try to implement such a thing. A May 2000 report from a panel of experts convened by the Federal Trade Commission was bowled over by the complexity of trying to secure information while giving people access to it. Nowhere is that tension more acute than in giving the public access to basic identity information.
The privacy language in the PASS ID Act is a welcome change to REAL ID’s gross error on that score. At least there’s privacy language! But creating a national identity system that is privacy protective is like trying to make water that isn’t wet.
Does PASS ID address “most of the major privacy and security concerns with REAL ID”? Not even close. PASS ID is a national ID, with all the privacy consequences that go with that.
Changing the name of REAL ID to something else is not an alternative to scrapping it. Scrapping REAL ID is something Senator Akaka (D-HI) proposed in the last Congress. Fixing REAL ID is an impossibility, and PASS ID does not do that.
You can read his entire commentary here.
(Related) Is it so difficult to identify the practices that threaten privacy? Perhaps what we need is a statement of “True Privacy” and then companies could document why they need to violate specific bits. For example: They do need your credit card number if that is how you choose to pay and they need an address to ship to. It would be harder to justify asking for your mother's maiden name...
http://yro.slashdot.org/story/09/07/07/181256/Four-Missed-Opportunities-for-Privacy?from=rss
Four Missed Opportunities for Privacy
Posted by kdawson on Tuesday July 07, @02:44PM from the squirming-to-head-off-regulation dept.
The NY Times has a blog posting on the occasion of the Internet advertising industry's release (PDF) of what it describes as tough new standards governing the collection and use of data about users' behavior. The Times' Saul Hansell describes these "new" standards as more of the same old status quo, and outlines four privacy-enhancing ideas, being discussed by Google, Yahoo, the FTC, and Congress, that the IAB has completely ignored. These principles are:
every ad should explain itself;
users should be able to see data collected about them;
browsers should help enforce user choices about tracking; and
some information (medical and financial) is simply too sensitive to track.
I can see a university library using a filter to keep students “on task” – another way of saying they want to spend resources on academic content only. But a public library should serve the needs of the taxpayers, right? Who do they think they are, politicians?
http://www.pogowasright.org/?p=1518
Can Libraries Refuse to Disable Filters?
July 7, 2009 by Dissent Filed under Court, Internet, U.S.
In the first legal challenge to Internet filtering practices enacted by relatively few libraries, the Washington Supreme Court is weighing whether the North Central Regional Library (NCRL), Wenatchee, can refuse to turn off filters at the request of adult patrons seeking constitutionally protected material.
At issue in Bradburn v. North Central Regional Library, which was the subject of an oral argument June 23 (see video linked below), are some knotty questions still facing libraries.
Read more on LibraryJournal.com. The article provides a number of links and resources on the case, as well as a lot of background. In addition, you may wish to read the amicus brief (pdf) filed by EFF and CDT.
Does this have application here? Should we move to Spain?
http://torrentfreak.com/judge-rules-p2p-legal-sites-to-be-presumed-innocent-090707/
Judge Rules P2P Legal, Sites To Be Presumed Innocent
Written by enigmax on July 07, 2009
After Spain virtually ruled out imposing a “3-strikes” regime for illicit file-sharers, the entertainment industries said they would target 200 BitTorrent sites instead. Now a judge has decided that sharing between users for no profit via P2P doesn’t breach copyright laws and sites should be presumed innocent until proved otherwise.
Death to Microsoft!?? Yesterday I included an article where Microsoft claimed their Browser-supporting operating system was still years away. Oops!
http://www.wired.com/epicenter/2009/07/google-announces-pc-operating-system-to-compete-with-windows/
Google Announces PC Operating System to Compete with Windows
By Ryan Singel Email Author * July 8, 2009 | * 3:02 am |
Google is releasing a lightweight, open-source PC-operating system later this year, the company announced Tuesday night, a move that threatens the very heart of Microsoft, long seen as Google’s biggest rival.
Chrome OS is intended to be a very lightweight, quick-starting operating system whose central focus is supporting Google’s Chrome browser. Applications will run mostly inside the browser, making the web — not the desktop — into the computer’s default operating system.
Tools & Techniques Useful for illustrating a “how to”
http://www.makeuseof.com/dir/screenjelly-capture-your-screen-on-video/
ScreenJelly: Capture Your Screen On Video & Share
ScreenJelly is a neat web utility that provides you with quick and hassle free way to capture your screen activity on video, and then share it via Twitter or email.
There is no installation or sign up, just go to the site and click “Record” button to start recording. Once finished, choose how you want to share it (Twitter, Email or Web), and spread it online. That’s it!
Similar web tools: ScreenToaster, FreeScreenCast, uTIPu and Screencast-O-Matic.
Tools & Techniques How to make those old fashioned newspaper thingies work on the web?
http://www.makeuseof.com/dir/todaysfrontpages-front-pages-of-newspapers/
TodaysFrontPages: See Front Pages Of Newspapers Around The World
TodaysFrontPages is another cool resource for news junkies. The application displays 793 front pages of newspapers published in 77 different countries. All pages are presented in their original, unedited form.
You can view pages in three different mods: Gallery, List and Map. In all cases front pages can be sorted by region (USA, North America, Asia, Caribbean, Europe, Middle East, Oceania, South America, Africa), zoomed in, printed out and saved as readable PDF.
www.newseum.org/todaysfrontpages
Global Warming! Global Warming! Sunspots are “cool” areas on the sun. More sunspots should equal less energy and therefore help decrease global warming. Except Al Gore claimed they were (partly) responsible for global warming – as was everything but voting for a Democrat.
http://science.slashdot.org/story/09/07/07/1858223/Sunspots-Return
Sunspots Return
Posted by kdawson on Tuesday July 07, @03:31PM from the try-this-proven-acne-cure dept.
We're emerging from the longest, deepest sunspot drought since 1913 (we discussed its depths here) with the appearance of a robust group of sunspots over the weekend. Recently we discussed a possible explanation for the prolonged minimum. The Fox News article quotes observer Michael Buxton of Ocean Beach, Calif.: "This is the best sunspot I've seen in two years." jamie found a NASA site where you can generate a movie of the recent sunspot's movement — try selecting the first image type and bumping the resolution to 1024. The magnetic field lines are clearly visible.
No comments:
Post a Comment