Current Events: $9 million ATM scam

Posted on February 13, 2009 by elenau

 

The FBI is investigating an ATM scam that has occurred within a 30 minute period on November 8th. About 130 different ATM machines have been accessed to withdraw a total of about $9 million dollars. The scam hit 49 cities worldwide, including Moscow, Chicago, New York, Hong Kong and Montreal.

The FBI says that the operation was very well coordinated, and at this time no suspects have been identified.

The description of the attack follows. First, the computer system of the payment processing company called RBS WorldPay was hacked.

“One service of the company is the ability for employers to pay their employees with the money going directly to a card, called payroll cards, a lot like a debit card that can be used in any ATM.”  The hacker was able to access the system and steal all the information needed to create the duplicates of the ATM cards. Continue reading

Posted in Current Events, Privacy | 6 Comments

Current Event : Privacy is a joke

Posted on February 13, 2009 by kosh

How many of you have received letters from your banks about a ‘revised’ privacy policy? Have you even bothered to read through this revised policy information? And the .000001% percent of you that have, have you ever found anything objectionable and done anything about it?

Welcome to the new joke called ‘Privacy’. No, I’m not talking about the most intimate information that you already have on facebook (which by the way, facebook now owns and has the rights to share). I’m talking about the numerous merchants/banks/credit companies that you do business with but never really cared about what they do/could do with your information. When you read phrases like ‘shared with affiliates’ and ‘shared with third parties’, have you wondered what the difference between these two are? And besides, have you wondered why on earth, banks would need to share your information with other people in the first place?

Most of us Almost all of us never think twice about how our information is freely passed around(for money of course) in the open market for ‘agencies’ to analyze. Such information is then sold by VISA to other marketing companies for ‘market analysis’ and ad campaign management. I have a friend who works for VISA and he was able to pull up every purchase I’ve ever made on the credit card and all he needed was my credit card number which is easily available (how many of you shred your old credit cards?).

And guess what!!?? you have no control over who they share it with because well, first of all, you never really read their privacy document. Even if you read it when you got the credit card, you never really read it the numerous times that they sent you the revised privacy policy. Now again, to the .00001% that read the document every time, you have no control over how VISA decides who their affiliates/partners and third parties are.

Concerned yet? Privacy in the current state is nothing but a big joke.

The only viable solution seems to be a universal privacy declaration/document issued by the government that the companies can be held responsible to. As much as we all hate a big brother state, trusting a bunch of greedy banks/credit companies/vendors is much worse.

Posted in Current Events, Privacy | Tagged , , | 3 Comments

Current Events: Monster.com data breach

Posted on February 13, 2009 by dravir

 

According to MSNBC (http://www.msnbc.msn.com/id/29017452/), Monster.com along with USAJobs.com (which monster’s parent company runs) was breached, resulting in the theft of user ID’s, passwords, email addresses, names and phone numbers.  The number of records stolen was not disclosed, nor were any details concerning how the thief obtained access to their databases.

Continue reading

Posted in Current Events | 1 Comment

Private information ***LIKE NEW***

Posted on February 13, 2009 by Frung

Ever considered ‘recycling’ your computer without thoroughly wiping your hard drive first? Don’t. A recent study suggests that up to 40% of hard drives that end up on eBay and aren’t explicitly marked as erased may contain easily recoverable data from previous owners.

Continue reading

Posted in Current Events, Physical Security, Privacy | 3 Comments

Current Event: Safety of Encryption from future Quantum Computers

Posted on February 12, 2009 by sunetrad

All of us feel a certain kind of safety when we are dealing with credit cards, online banking and any other transaction or process which should be secure because we know that our personal information is protected by cryptographic systems. Yes there are occasions where these security measures are circumvented by exploiting other weaknesses in the system or by just stealing private information. However we take comfort in the idea that these cryptographic systems are unbreakable given feasible computing time and resources. However, a recent article talks about the threat of ‘Quantum Computers’ which could potentially compromise the security of these systems used by businesses and banks around the world.

The laws of Quantum Physics say that a subatomic particle can exist in two states at the same time before you look at it. Similarly in a Quantum computer, a bit can be both zero and one at the same time. A string of eight bits can therefore represent all numbers between 0 to 255 at the same time. Scientists say that a Quantum computer can solve a problem in months that would take conventional computers millions of years. For example, public key encryption which is widely used on the Internet creates codes by multiplying two prime numbers together. What makes the code hard to break is that working backward from the product of the two primes is extremely hard. A Quantum computer would be able to solve this problem in a feasible amount of time because it will be able to look at multiple solutions at the same time.

In the article, Professor Oded Regev of the Tel Aviv University’s school of Computer Science stresses the importance of the development of a new cryptographic system that will be able to maintain its integrity even when Quantum Computers will be available. Several reasons for this are the security of bank and financial information, medical records, and digital signatures that would become visible if an attacker hacked into this RSA encrypted data. The article predicts that Quantum computers will be a reality in the coming decade which would make it easy to crack the RSA cryptosystem. Hence the article emphasizes the need to start thinking of systems that could replace RSA.

http://www.sciencedaily.com/releases/2009/02/090205110609.htm

Posted in Miscellaneous | 2 Comments

Current Event: Tracking BitTorrent

Posted on February 12, 2009 by nhunt

The Air Force Institute of Technology recently announced a new technique for “detecting and tracking illegal content transferred using the BitTorrent file-trading protocol.” The authors claim their technique differs from previous attempts, because it is does not change any of the traffic going over the network.

The tool examines the first 32 bits of the file’s header to identify BitTorrent traffic on the network. Once a connection has been identified as a BitTorrent transfer, the file’s hash is compared against a blacklist of known “contraband files.” These blacklisted files are described as “pirated movies, music, or software, and even child pornography.” Rather than disrupting the transfer, this tool simply logs the network addresses involved, presumably for later prosecution.
Continue reading

Posted in Current Events, Miscellaneous | 5 Comments

Security Review: Poker Game

Posted on February 12, 2009 by Father_Of_1000000

A game of poker can be played for fun or money. The game itself uses low tech equipments, and the two main ones are a standard deck of cards and playing chips of different colors to represent different amounts of money. Depends on the type of poker game, the dealer usually shuffles the card and deals out the cards to the players. Then the players would bet chips to play against each other. The goal is to garner as much money (in chips) as you can. I’m going to use the terms chips and money interchangeably.

Continue reading

Posted in Physical Security, Security Reviews | Tagged , | 2 Comments

Current Event – Mexico Plans to Fingerprint Cell phone Users

Posted on February 12, 2009 by tchan

According to a recent article, Mexico plans to start fingerprinting all cell phone users. A new law will give Mexico cell phone providers a year to create a database with their customer’s information including fingerprints. Providers would also have to store information such as text and voice messages and logs of a customer for one year. Currently, anyone can purchase a prepaid cell phone with a certain amount of minutes without any identification. This would change as new and existing cell phone users would have to be fingerprinted and entered into a database that would allow officials to match cell phones and messages to a customer.
Continue reading

Posted in Current Events, Privacy | 3 Comments

Illegal file transfer using BitTorrent protocol

Posted on February 12, 2009 by devynp

BitTorrent has been popularly used for transferring files illegally because it reduces a vast amount of networking bandwidth that would have been required. The way it works is that users can connect to each other directly to send and receive files. The tracker generally does not have any information about the contents of file being transferred because the users directly connect one-to-one. There’s no one server that serve all users. Also, the uploading and downloading process happen at the same time, allowing it to use the bandwidth efficiently.

Because of the speed and no cost transfer, BitTorrent protocol has been used by people to transfer files, such as movies, music, and softwares illegally.

It is hard to prevent the development of such smart protocol. People have all sort of things in mind to develop. The creator of BitTorrent apparently has a creative mind to create such protocol that use bandwidth efficiently, and allow people to share files with one another, rather than downloading from a central server.

Illegal file sharing can negatively affect a lot of people. The entertainment industry will be at lost because people wouldn’t go out to the store to buy a CD. The consumers will download those files almost instantly and for free, without caring about the consequences of their illegal download. As a result entertainment industries are losing profits, and soon, they would collapse. In the long run, the companies will lose incentive to create/improve new products and, in the worst case, the consumers may not be able to enjoy such entertainment anymore.

To prevent the illegal file sharing issues, the government can enforce copyright laws stringently. The consequences of illegal downloads may be enforced through campaigns. A more recent technique is found, that is to sniff illegal file transfers . This tool can detect such transfers and keeps a record of the transfer as an evidence. The nice thing is that the tool works silently; it will not slow down the network traffic.

Posted in Current Events | 1 Comment

Current Event – FAA, Kaiser Permanente Security Breaches; Tens of Thousands of Names Compromised

Posted on February 10, 2009 by cxlt

FAA

In another of a long line of high-profile security breaches both in and out of the government recently, the Federal Aviation Administration has announced that in the course of a breach of their computer system, over 45,000 employee names – and presumably, personal information – were compromised. The systems were thankfully not connected to the air traffic control system or other critical operations systems.

The FAA is said to be following up with potentially affected individuals one by one.

Similarly, healthcare giant Kaiser Permanente reported on Sunday that nearly 30,000 employee names, addresses, Social Security numbers, and dates of birth were stolen. The breach was a chance discovery – the files containing the data were found in the possession of one Mia Garza, who was arrested on unrelated counts of stolen property and fraud. It is unclear how she came to possess the data, and thus it is entirely possible that copies of it are still in the hands of malicious people. As she was arrested on December 23rd of last year, it has clearly been quite some time since the breach occurred.

According to Kaiser, existing security policy included restricted access to sensitive information by ACL and encryption of data on electronic devices, including cell phones – both measures that sound wise. It is still entirely possible that the issue was policy not in fact being followed – Kaiser does not know what caused to the loss of data.

Due to the lack of detail surrounding both of these events, they serve simply as a reminder of how broadly security breaches can affect people on a personal scale. In just a few weeks, companies and government agencies ranging from the above to RBS WorldPay – an event in which 1.5 million people’s financial information and 1.1 million Social Security numbers were stolen – Heartland Payment, which processes over four billion payments a year, and even security specialists Kaspersky have all suffered high-profile data breaches.

Hopefully all these attacks will remind other organizations to take a long, hard look at their security systems.

Posted in Current Events | 3 Comments