Tag Archives: malware

Для тех, кто интересуется безопасным доступом к онлайн-играм, наш партнер предлагает зеркало Вавады, которое позволяет обходить любые блокировки и сохранять доступ ко всем функциям казино.

Target Sees Massive Customer Data Hack

Posted on by

It couldn’t have happened at a worse time for a retailer. Target informed shoppers that if they charged an item at Target stores between Nov. 27 and Dec. 15, their credit and debit card accounts may have been compromised—as much as 40 million cards in all.

While online shoppers typically have been the victims, this time hackers went through the physical checkout systems inside every Target store—about 2,000 stores, 1,797 in the United States and 124 in Canada. It’s possible that every shopper who swiped a credit card or entered a pin number at the point of sale had their information stolen.

Barbara Endicott-Popovsky, director of the Center for Information Assurance and Cybersecurity at the University of Washington told TIME Magazine that hacking “is a business. The general public would be shocked and amazed by the size of the problem.”

She added, “People who run companies are not aware that they’ve actually become software companies. We’re headed toward the internet of things, where we have embedded software in every product. What we’ve done is open up a whole host of vulnerabilities.”

In the past, criminals wishing to steal credit card numbers and PIN codes had to do so by placing a thin pad over an ATM key pad. Through this they had to capture both the credit card number as it was swiped as well as the PIN typed into the keypad, according to Business Insider. With this information they could create fake cards from blank cards with magnetic strips that can be used in ATMs. These hackers also must have a presence at the ATM to install the pad and later to remove it to retrieve the numbers Business Insider said. Because they could only get information from a few hundred cards a day, one machine at a time, hackers using this method have been limited.

Time reported that in a case such as this, strategies used to infiltrate a point-of-sale system can be similar to those used on other pieces of software. A piece of malware called Dexter, used to infiltrate point-of-sale programs, may have infected Target’s network. It is also thought to have been responsible for widespread credit card theft at fast food restaurants in South Africa this year.

To introduce Dexter to Target’s system, an employee could have purposefully left a backdoor open for hackers, Time said, or could have clicked a link unknowingly, allowing an entry point for the malware or other malicious code. It’s also possible the company’s wireless network was compromised.

Information reported stolen from Target customers includes names, credit or debit card numbers, card expiration dates and the three-digit security code, known as the CVV on the back of cards, USA Today reported. Target spokesman Eric Hausman, however, confirmed there is “no indication that debit card PINs were impacted.” Access to PIN numbers would allow the thieves to use stolen account data to withdraw cash from ATMs.

Time surmised that because of the scope and the timing of the Target theft—during the busiest shopping season—the hack was most likely done by organized cybercriminals. They would have had to plan for it well in advance and probably will sell the data for a few dollars per card. CNN said today that there is evidence the stolen information is already being sold and that the hackers most likely came from abroad where there is almost no penalty or access to the criminals by the FBI.

Andy Obuchowski, a director for security and privacy at consulting company McGladrey told USA Today that Target’s breach is the latest in a growing problem for retailers. The issue has increased as more companies outsource writing and maintaining software, he said.

In 2007, hackers accessed TJ Maxx’s central database and stole account information for more than 45 million credit cards by intercepting data as it traveled between hand-held price scanners and cash registers. Data breaches in recent years have also included Michael’s, Stop & Shop, Barnes and Noble, Aldi and Subway.

“This sort of hacking is absolutely on the rise, as the tools are more readily available for even novice hackers to utilize in their efforts to crack open companies’ computer systems,” Adam Levin, chairman of Identity Theft 911 and Credit.com told USA Today. “With a data breach of this type, the rewards — your money — are so great that it can only continue to increase.”

Target said in a statement that it alerted authorities and financial institutions immediately after it was made aware of the unauthorized access. As well as putting the appropriate resources behind these efforts, the retailer said it is partnering with a leading third-party forensics firm to conduct a thorough investigation.

Top 10 Ways Businesses Can Protect Consumers

Posted on by

In a world where customers are frequently being taken advantage of online, a business’s top priority is to protect their most prized asset: the client. With that in mind, the Online Trust Alliance (OTA) has issued its Top 10 recommendations for 2011 to help businesses protect consumers from being fooled. The list includes techniques that businesses can use to help their customers (and even their employees) from deceptive and malicious online threats. Here are the top five:

  1. Upgrade all employees to the most current version of browsers that have integrated phishing and malware protection and privacy controls including support of “Do Not Track” mechanisms and controls. Such controls provide users the control on third party data collection, usage and data sharing of their online browsing activities, while balancing out the value of ad supported online services. Encourage consumers to update their browsers by notifying them of insecure and outdated browsers.
    buy imuran online healthdirectionsinc.com/flash/swf/imuran.html no prescription pharmacy

    In addition consider terminating support for end-of-life browsers with known vulnerabilities by preventing log-ons and providing instructions to upgrade.

  2. Establish and maintain a Domain Portfolio Management program that includes monitoring look-a-like or homograph-similar domains and tracking renewals to prevent “drop catching” of expiring domains. Domain locking is recommended to help guard against unintended changes, deletions or domain transfers to third parties.
    buy xifaxan online healthdirectionsinc.com/flash/swf/xifaxan.html no prescription pharmacy

    Such programs and practices can help protect a company’s brand assets and consumers from landing on look-alike sites compromising trademarks and trade names.

  3. Adopt Email Authentication including both SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to help reduce the incidence of spoofed and forged email, helping to prevent identity theft and the distribution of malicious malware from tarnishing your brand reputation. Authenticated email allows ISPs, mailbox providers and corporate networks an added ability to block deceptive email, reduce false positives and protect online brands and sites from deception.
  4. Encrypt all data files containing customer profiles, email address and or PII, which are transmitted externally or stored on portable devices or media including flash and USB drives.
  5. Upgrade to Extended Validation Secure Socket Layer Certificates (EVSSL) for all sites requesting sensitive information including registration, e-commerce, online banking and any data which may request PII or sensitive information.  Use of EVSSL certificates help to increase consumer confidence of your online brand. When an EVSSL is presented, the address bar turns green providing the user a higher confidence level the site and company they are visiting is a legitimate business.

“The Internet has become a foundation of commerce, communication and community. As such, business and government have a shared responsibility to take steps to curb cybercrime and online abuse,” said Senator Joe Lieberman. “There are a lot of simple, common-sense steps that both businesses and consumers can take to make them more secure.

buy wellbutrin online healthdirectionsinc.com/flash/swf/wellbutrin.html no prescription pharmacy

I applaud OTA’s efforts to promote practices which enhance the internet’s integrity, privacy, security and resiliency.” Click for the complete list of OTA’s top 10 recommendations.