Feb. 9th, 2014

thewayne: (Cyranose)
Some interesting stuff. First up, Target. They were hit by a piece of malware called BlackPOS, in this post Brian Krebs interviews two computer security experts who fought BlackPOS at another unnamed retailer. The story is quite interesting, it's amazingly sophisticated software. For example, the software is equipped with anti-forensic modules. They watched it infect a laptop in their lab, realize that there was no card swipe machine connected to it, then erase itself. In doing so, it deployed the anti-forensic modules and left no trace of itself behind for analysis.

http://krebsonsecurity.com/2014/02/these-guys-battled-blackpos-at-a-retailer


Next, still Target. It would appear that one attack vector was through their HVAC contractor (heating/ventilation/air conditioning). Understandably, they want their HVAC people to be able to remote in to their infrastructure to make adjustments, do updates, etc., to save money and energy. Unfortunately either they were given far too much permission on the network or the attackers were able to escalate privileges to improve their access. Privilege escalation is a common thing to try: if you're able to get the network access of a peon and escalate the privileges to that of the CEO or head network admin, then you get to have all sorts of fun.

http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/


And finally, taxes. In 2012, the US Internal Revenue Service issued $4,000,000,000 in fraudulent refunds to thieves who did some basic identity theft and filed fraudulent returns in people's names, had the returns sent to different addresses, then disappeared. The solution? File your returns ASAP and get them in before the bad guys do. The thieves need full information to file these fraudulent returns, and probably also need to do some electronic forgery to transmit the supporting documents. And this is the exact level of information stolen by the Experian subsidiary by those Vietnamese hackers who were paying via electronic funds transfers from China.

http://krebsonsecurity.com/2014/02/file-your-taxes-before-the-fraudsters-do/


You can't win, and you can't quit the game. The best solution is to pay cash whenever possible, failing that, pay with a credit card as they offer you the best electronic theft protection.
thewayne: (Cyranose)
Generally speaking, the republic that cannot be made out through the swarm of czars and bureaucracies plaguing its landscape, is rather like like a dog you can't see for its fleas. The only difference is, although you'd do something to treat the dog, you certainly wouldn't bankroll its parasites.

With a republic, it is rather the reverse.

http://www.gocomics.com/pibgorn/2014/02/09

August 2025

S M T W T F S
     12
34 56789
10111213141516
17181920212223
24252627282930
31      

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Aug. 10th, 2025 07:53 pm
Powered by Dreamwidth Studios