__/ [ ed ] on Monday 02 April 2007 22:25 \__
> On Mon, 02 Apr 2007 20:58:21 +0100
> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> wrote:
>
>> __/ [ Doug Mentohl ] on Monday 02 April 2007 19:22 \__
>>
>> > 'US discount retailer TJX, owner of UK retailer TK Maxx, revealed
>> > in a regulatory filing on Wednesday that at least 45.7 million
>> > payment card details had been stolen by hackers'
>> >
>> > 'David Litchfield .. said that companies should give technical
>> > details of hacks so the security community could learn how to
>> > combat similar breaches in the future'
>> >
>> > "TK Maxx has not specified how it was done,"
>> >
>> > "It could have been any number of vulnerabilities. [The hackers] are
>> > supposed to have had access for two years, so we're looking at a
>> > vulnerability from two years ago ? take your pick."
>> >
>> > "You always hear of breaches ? 50,000 credit card numbers stolen,
>> > 100,000 security numbers. That's not interesting ? we need to know
>> > how they did it. We need to know they were running XYZ system,
>> > exploiting XYZ flaw, using such and such a rootkit ? that's what we
>> > need to know. Why people don't talk about this is beyond me ? it
>> > will teach people what not to do,"
>> >
>> > http://news.zdnet.co.uk/security/0,1000000189,39286573,00.htm
>>
>> Now, that's some serious blunder. It comes to show how the choice of a
>> system, made by /other/ people, can actually hurt all of us. Needless
>> to say, when making a purchase, they will never warn the customer,
>> saying how likely the credit card details are to be stolen through
>> malware. How many such stories never get reported? How often does
>> data get stolen without the breach being detected or without the
>> business admitting a known failure, which could lead to class action
>> lawsuits/
^ typo. Question mark.
> what's important is that card owners contact their banks and request
> that no over seas transactions are to take place. then one by one,
> track down things like amazon.com that can legitimately take a payment.
And if time and trouble are gauged, then the cost of the whole cockup is
great. It's not just the customers, but also the people on the other end of
the line.
> otherwise things like card readers are going to get the required
> details to clone, apparently it's much harder to make the transactions
> in the uk than abroad now that everything is chip n pin.
Today it might be credit card details, but tomorrow it could be any piece of
data that's stored remotely. Money is not people's only 'bread and butter'.
Remember the story about a reporter who accidentally received his Microsoft
dossier?
--
~~ Best wishes
One person' diction is another's verbiage
http://Schestowitz.com | GNU is Not UNIX | PGP-Key: 0x74572E8E
roy pts/3 Mon Apr 2 08:50 - 08:50 (00:00)
http://iuron.com - proposing a non-profit search engine
|
|
