http://www.databreaches.net/?p=5559
AL: Major Credit Card Security Breach, Thousands Affected
June 12, 2009 @ 8:26 pm by admin Filed under: Breach Incidents, Financial Sector, Hack, ID Theft, U.S.
A major credit card security breach is affecting thousands of people tonight. We have confirmed several credit card companies are canceling accounts and issuing new credit and check cards.
[...]
NBC 15 News contacted Visa to try to find out where the security breach happened.. A Visa representative told us: For security, the bank does not disclose that information to its customers. They always are going to refer you to Visa, but unfortunately at Visa we don’t have access to anyone’s information. It can only be accessed through the bank. Officials with Bank of America, a Visa cardholder, would not talk either. The bank says letters are already in the mail en route to their affected customers.
Read more of this somewhat puzzling report on MSNBC. I’m not sure if this is new or more fall-out from Heartland. On June 4, there were reports out of Georgia on new fraudulent charges on cards that were reportedly due to the Heartland breach.
The manufacturer tells them to change the password before doing anything else. Computer Security classes point to this as a common point of failure. Auditors always look for default passwords. So, don't be surprised when the ethically-challenged try it themselves – because it works!
http://it.slashdot.org/story/09/06/13/0132214/Default-Passwords-Blamed-In-55M-PBX-Hacks?from=rss
Default Passwords Blamed In $55M PBX Hacks
Posted by ScuttleMonkey on Saturday June 13, @03:27AM from the god-sex-love dept. security court
An anonymous reader writes
"The Washington Post is reporting that the US Justice Department has indicted three residents of the Philippines for breaking into more than 2,500 corporate PBX systems in the United States and abroad. The government says the hackers sold access to those systems to operators of call centers in Italy, which allegedly made 12 million minutes of unauthorized phone calls through the system, valued at more than $55 million. The DOJ's action coincides with an announcement from Italian authorities today of the arrest of five men there who are suspected of funneling the profits from those call centers to terrorist groups in Southeast Asia."
How malware works. This type of tool would also be quite useful in a cyberwar...
http://it.slashdot.org/story/09/06/12/2144243/The-Birth-and-Battle-of-Conficker?from=rss
The Birth and Battle of Conficker
Posted by ScuttleMonkey on Friday June 12, @09:12PM from the criminals-on-the-bleeding-edge dept.
NewScientist has an interesting look back at the birth of the Conficker worm and how this sophisticated monster quickly grew to such power and infamy.
"Since that flurry of activity in early April, all has been uneasily quiet on the Conficker front. In some senses, that marks a victory for the criminals. The zombie network is now established and being used for its intended purpose: to make money. Through its peer-to-peer capabilities, the worm can be updated on the infected network at any time. It is not an unprecedented situation. There are several other large networks of machines infected with malicious software. Conficker has simply joined the list. The security community will continue to fight them, but as long as the worm remains embedded in any computer there can be no quick fixes."
Sounds like old fashioned agency bashing to me.
NSA Ill-Suited For Domestic Cybersecurity Role
Posted by Soulskill on Friday June 12, @04:13PM from the not-enough-l33t-to-english-translators dept. privacy government security politics
Hugh Pickens writes
"Former CIA counterterrorism analyst Stephen Lee has an interesting article in the Examiner asserting that the National Security Agency is 'a secretive, hidebound culture incapable of keeping up with innovation,' with a history of disregard for privacy and civil liberties. Lee says that for most of its sixty-year history, the NSA has been geared to cracking telecom and crypto gear produced by Soviet and Chinese design bureaus, but at the end of the cold war became 'stymied by new-generation Western-engineered telephone networks and mobile technologies that were then spreading like wildfire in the developing world and former Soviet satellite countries.' [Not true. Bob] When the NSA finally recognized that it needed to get better at innovation, it launched several mega-projects, tagged like 'Trailblazer' and 'Groundbreaker,' that have been spectacular failures, costing US taxpayers billions. More recently, the NY Times reported that the NSA has been breaking rules set by the Obama administration to peer even more aggressively into American citizens' phone traffic and email inboxes. Whistleblower reports portray NSA domestic eavesdropping programs as unprofessional and poorly supervised, with intercept technicians ridiculing and mishandling recordings of citizens' private 'pillow talk' conversations. [Harmless, and very entertaining. Bob] Lee concludes that 'if the Federal government must play a role, then Congress and President Obama should turn to another agency without a record of creating mistrust — perhaps even a new entity. Meanwhile, NSA should focus on listening in on America's enemies, instead of being an enemy of Americans and their enterprises.'"
This would be an interesting exam question for my Computer Security class.
How Should a Constitution Protect Digital Rights?
Posted by Soulskill on Friday June 12, @04:55PM from the digital-guns-and-bombs-don't-work-so-well dept. government
Bibek Paudel writes
"Nepal's Constituent Assembly is drafting a new constitution for the country. We (FOSS Nepal) are interacting with various committees of the Assembly regarding the issues to be included in the new constitution. In particular, the 'Fundamental Rights Determination Committee' is seeking our suggestions in the form of a written document so that they can discuss it in their meeting next week. We have informed them, informally, of our concerns for addressing digital liberties and ensuring them as fundamental rights in the constitution. We'd also like to see the rights to privacy, anonymity, and access to public information regardless of the technology (platforms/software). Whether or not our suggestions will be incorporated depends on public hearings and voting in the assembly later, but the document we submit will be archived for use as reference material in the future when amendments in the constitution will be discussed or new laws will be prepared. How are online rights handled in your country? How would you want to change it?"
Read on for more about Bibek's situation.
I already tell my students about Walphra, perhaps you should tell yours? “Use all the tools you can find to learn & understand, but remember that they won't be there when you sit for the final.”
Wolfram Alpha Rekindles Campus Math Tool Debate
Posted by Soulskill on Friday June 12, @06:25PM from the why-is-my-calculator-smarter-than-me dept.
An anonymous reader sends in a story about how Wolfram Alpha is becoming the latest tool students are using to help with their schoolwork, and why some professors are worried it will interfere with the learning process. Quoting:
"The goal of WolframAlpha is to bring high-level mathematics to the masses, by letting users type in problems in plain English and delivering instant results. As a result, some professors say the service poses tough questions for their classroom policies. 'I think this is going to reignite a math war,' said Maria H. Andersen, a mathematics instructor at Muskegon Community College, referring to past debates over the role of graphing calculators in math education. 'Given that there are still pockets of instructors and departments in the US where graphing calculators are still not allowed, some instructors will likely react with resistance (i.e. we still don't change anything) or possibly even with the charge that using WA is cheating.'"