First, Apple. Today they released a patch for OS-X to fix Bash, the question is how complete is the patch. Everything that I've heard thus far is that the patches for various *nix distros are partial and that a further patch will be required. So I don't know where that stands. I was not able to find the patch in Mac's Update service, but the direct links in the article worked fine. No computer restart required.
http://krebsonsecurity.com/2014/09/apple-releases-patches-for-shellshock-bug/Now, Jimmy John's sandwich shop hack. 216 JJ's were compromised, the number of cards stolen is not mentioned in the article. Here's the problems, and I'm using the plural purposely. First, it was a service vendor, Signature Systems, that was compromised, so another 100 mostly mom & pop operations were also affected. They're spread all over the USA, no significant geographic clumping.
But the fun doesn't end there, oh no! Anyone who processes credit cards has to be certified to be PCI-compliant, there are different levels of certification depending on how what your credit card volume is. The auditor company who certified Signature Systems is the only auditor to have their accreditation CANCELLED by the processing card industry.
But wait, there's more! In addition to the auditor losing their certification and going out of business, one model of cash register system installed by Signature Systems was not certified as of late October 2013, and many systems were installed after that date! Even though lawsuits would be flying around regardless, these are going to be interesting because clearly Signature Systems was grossly negligent.
http://krebsonsecurity.com/2014/09/signature-systems-breach-expands/And finally, my wife and I had an interesting experience in Las Cruces last week. While we were in town, every time I used my card on my wife's account, it was declined. We called the bank and we had a very healthy balance in the account, unfortunately my wife left her wallet at home, so we had to use my cards. Fortunately my account's card worked fine. We thought maybe it was because we were 100 miles from home, but we're frequently in 'Cruces, so it was odd. When we got back to Alamogordo that night, it was declined yet again at a bookstore (three Eric Clapton CDs). As it happened, the clerk also worked at the issuing bank, and she said a whole bunch of cards had been cancelled because of the Home Depot breech. Checked my mail the next day and there was a brand new, bright shiny card. The old one met the shredder. I got my Amazon account reconfigured, received a text message from DirecTV and got them reconfigured, and I think I'm now good.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
