Saturday, August 27, 2011

First, think up a way to coordinate hundreds (thousands?) of simultaneous withdrawals. Second, see if anyone bothers to come up with a security “fix” to keep it from happening, and when they don't... Third, DO IT AGAIN!

Coordinated, Global ATM Heist Nets $13 Million

"An international cybercrime gang stole $13 million from a Florida-based financial institution earlier this year, by executing a highly-coordinated heist in which thieves used ATMs around the globe to cash out stolen prepaid debit cards. 'Prepaid cards usually limit the amounts that cardholders can withdraw from a cash machine within a 24 hour period. Apparently, the crooks were able to drastically increase or eliminate the withdrawal limits for 22 prepaid cards that they had obtained. The fraudsters then cloned the prepaid cards, and distributed them to co-conspirators in several major cities across Europe, Russia and Ukraine.' The attack is eerily similar to the 2008 attack on RBS WorldPay that stole $9.4M. The men who pleaded guilty to the RBS attack were arrested and charged in Russia, but were later given only probation."



Wednesday, they “strongly suspected” that data was accessed. If it turns out there was Identity Theft, this will make them look rather bad. Would it come back to bite them in future lawsuits?

http://www.databreaches.net/?p=20314

(update) ME: Voter database breach came from Millinocket, no information compromised

August 27, 2011 by admin

Eric Russell updates a report on a breach involving the Maine voter database:

The Secretary of State’s Office said Thursday that it appears no personal information was compromised during a potential security breach of Maine’s Central Voter Registration database.

The apparent breach was the result of malware — or malicious computer software — found on a workstation computer in the town clerk’s office in the northern Penobscot County town of Millinocket.

Read more on Bangor Daily News.



“It can't happen here!” “Why spend the money before we need it?” Perhaps there is a market for consultants with a plan and the resources to execute it?

http://www.databreaches.net/?p=20302

Few e-retailers are prepared to notify consumers of a loss of card data

August 27, 2011 by admin

Don Davis writes:

Only 21% of online retailers are prepared to notify consumers in the event of a data breach that exposes cardholder data, according to a new survey sponsored by insurance agency Jacobson, Goldfarb & Scott Inc.

61% of the 300 e-retailers surveyed said they were not prepared to notify consumers and 18% were not sure.

Read more on Internet Retailer.



A project for my Computer Security geeks...

Protecting a Laptop From Sophisticated Attacks

mike_cardwell sends in a detailed writeup of how he went about protecting a Ubuntu laptop from attacks of varying levels of sophistication, covering disk encryption, defense against cold boot attacks, and even simple smash-and-grabs. (He also acknowledges that no defense is perfect, and the xkcd password extraction tool would still work.) Quoting:

"An attacker with access to the online machine could simply hard reboot the machine from a USB stick or CD containing msramdmp to grab a copy of the RAM. You could password protect the BIOS and disable booting from anything other than the hard drive, but that still doesn't protect you. An attacker could cool the RAM, remove it from the running machine, place it in a second machine and boot from that instead. The first defense I used against this attack is procedure based. I shut down the machine when it's not in use. My old Macbook was hardly ever shut down, and lived in suspend to RAM mode when not in use. The second defense I used is far more interesting. I use something called TRESOR. TRESOR is an implementation of AES as a cipher kernel module which stores the keys in the CPU debug registers, and which handles all of the crypto operations directly on the CPU, in a way which prevents the key from ever entering RAM. The laptop I purchased works perfectly with TRESOR as it contains a Core i5 processor which has the AES-NI instruction set."



A summary of bad things that could happen to you!

http://www.bespacific.com/mt/archives/028129.html

August 25, 2011

Symantec Intelligence Report - August 2011

"Symantec Corp. announced the results of the August 2011 Symantec Intelligence Report, now combining the best research and analysis from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report. This month’s analysis reveals that once more spammers are seeking to benefit from fluctuations in the turbulent financial markets, most notably by sending large volumes of spam relating to certain “pink sheets” stocks in an attempt to “pump” the value of these stocks before “dumping” them at a profit. In a pump-and-dump stock scam, spammers promote certain stocks in order to inflate the price as much as possible so that they may then be sold before their valuation crashes back to reality. The spam for these scams tries to convince the prospective mark that the penny stock is actually worth more than its valuation, or that it will soon skyrocket. Most of these claims are either misleading or false. A successful pump-and-dump spam campaign will artificially drive up the price of the stock to a point where the scammers decide to sell their shares. This usually coincides with them ending the spam campaign, which in turn reduces the interest in the stock, helping to drive its valuation back to the original low price."



...now if we could only get someone to read it!

http://www.bespacific.com/mt/archives/028128.html

August 25, 2011

ACLU Guide to New Facebook Privacy Controls

"August 25, 2011 - Facebook is rolling out a series of changes to its privacy controls. We reviewed the changes in detail on Tuesday; now here’s how you can take advantage of these changes.

  • "Turn On “Profile Review” - One of the biggest changes to Facebook’s privacy controls is the option to review any content you’re tagged in (including photos, Places, and more) before that content is fed into your news feed. You can also review any tags that are added to photos or other content that you post yourself...."



Sounds more like a carrot.

Apple Puts $383 Million Handcuffs On CEO Tim Cook

"There are bonuses. And then there are bonuses. Apple's board, led by sadly frail-looking chairman Steve Jobs, signaled its long-term confidence in Tim Cook as the company's new leader, disclosing in a regulatory filing that it's awarding the new CEO one million restricted stock units that will vest over the next decade. Apple shares closed at $383.53 Friday. From the SEC filing: 'In connection with Mr. Cook's appointment as Chief Executive Officer, the Board awarded Mr. Cook 1,000,000 restricted stock units. Fifty percent of the restricted stock units are scheduled to vest on each of August 24, 2016 and August 24, 2021, subject to Mr. Cook's continued employment with Apple through each such date.'"



When I say there is a lot of data out there, I mean a LOT of data....

http://techcrunch.com/2011/08/26/ibm-assembles-record-120-petabyte-storage-array/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

IBM Assembles Record 120-Petabyte Storage Array

How did they do it? Well, the easy part was plugging in the 200,000 individual hard drives that make up the array. The racks are extra-dense with units, and need water cooling, but beyond that the hardware is fairly straightforward.

The problems come when you start having to actually index this space. Some filesystems have trouble with single files above 4 GB or so, and some can’t handle single drives larger than around 3 TB. This is because they just weren’t designed to be able to track so many files over so large a space. Imagine if your job was to name everyone in the world a different name — it’s easy at first, but after a billion or so you start running out of permutations. It’s the same way with file systems, though modern ones are much more forward-looking in their design, and I doubt you’ll have that problem again — unless you’re IBM Research.

120 petabytes of storage is an insane amount, eight times larger than the 15 PB arrays already out there, and they already had to deal with address space issues. In IBM’s huge array, tracking the location and calling data for its files takes up fully 2 PB of its own space. You’d need a next-generation file index just to index the index!



Just because you decide to get out of the business noes not mean you turn off the production line. Best Buy had a mere 200,000 – imagine how many are in the pipeline! Will they still be $99? (Is that enough above cost to make continued production possible?)

http://techcrunch.com/2011/08/26/more-hp-touchpads-at-best-buy/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

HP TouchPads Slated For Return To Best Buy?

It was widely reported that Best Buy was sitting on over 200,000 TouchPads before HP enacted their drastic price cut, but the fire sale has come and gone, and that would normally be that. Instead, a notice in Best Buy’s Employee Toolkit system shows that their contentious relationship with the TouchPad may not be over just yet.

The image, sent to Droid Matters by a Best Buy insider, indicates that Best Buy stores will once again begin to receive TouchPad shipments.


(Related) Perhaps the Chinese would be interested?

http://www.wired.com/epicenter/2011/08/samsung-says-it-wont-buy-hp/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Samsung Says It Won’t Buy HP’s PC Business, Making Spinoff More Likely



Dilbert has a cartoon to paste on every printer...

http://dilbert.com/strips/comic/2011-08-27/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+dilbert%2Fdaily_strip+%28Dilbert+Daily+Strip+-+UU%29


No comments: