A weekly roundup of all the things that go bump on the net

A weekly roundup of all the things that go bump on the net

A weekly roundup of all the things that go bump on the net

This Week InSecurity - Home Depot Breach A Doozy. Your Thermostat Could Be Hacked. Home Depot Security Lead Gets A New Home.

hdlogoAs the world wakes up to the realization that Home Depot was indeed the biggest data breach so far (at least as far as credit and debit card exposure is concerned), Home Depot customers are waking up to the realization that someone's been shopping on their cards.

Banks and merchants are now reporting that fraudulent purchases using stolen Home Depot cards are beginning to surface, with thieves binging on everything from high end electronics to groceries. Which is exactly what we expected, given that these cards were being sold out in the open in a kind of hacker's Bazaar of the Bizarre.

So no surprise then that all kinds of thieves would buy and use them. And that can be anything from buying expensive electronics that can quickly be turned into cash, to simply paying the bills.


This Week InSecurity - Son of Target, Dumb Breach Responses, Not Again Korea, Phone Death Comes to California

Call it Son of Target, but the malware that took down Target and turned it into the biggest data breach in history (so far) didn't stop at the big box. Investigators now say the same malware was used to attack the point of sale systems at more than 1,000 other businesses.

Fingers of blame are quickly settling on a small group of half a dozen vendors of retail POS systems who apparently haven't been doing a very good job at protecting their systems. Poor passwords and sloppy admins take the most blame, as they do with many if not most hacks.

Speaking of hacks, here's a perfect example of the kind of brick-headed thinking that leaves so many businesses exposed. When Community Health Systems, a massive healthcare company based in Franklin Tennessee, announced that Chinese hackers had managed to break into the hospital's networks and steal the personal information, including Social Security Numbers, of more than 4.5 million patients, the hospital put out a statement that included the comment "we have no reason to believe that this data would ever be used."


This Week InSecurity - Russian Hackers, Bored Teenagers, Global Credit Card Fraud

bored teenagerIt will undoubtedly go down as one of the most spectacular data heists ever. Or at least until the next big one. Which is probably not far off. I'm talking about how researchers in Milwaukee discovered a treasure trove of more than 1.2 billion stolen passwords and usernames, along with half a billion email addresses, on the servers of a group of Russian hacking buddies.

While many focused on the need for almost everyone on the planet to immediately change their passwords, I found a couple of things in the story to be even more troubling. It was all about how easy the entire heist was. The hackers were apparently able to break into more than 400,000 websites around the world because security on those websites was just so lax.

And the hackers were able to find and target all those websites by using a botnet – a network of thousands of hijacked personal computers. And how were they able to hijack so many personal computers? Because security on those computers was just as lax as the security on the exploited websites.


1.2 Billion Password Hacker Haul Exposes The Creepy Side Of Consumer Security

creepyBy now you've probably heard about the massive haul of 1.2 billion user credentials discovered on the servers of a group of young Russian hackers (if you haven't heard of it, then welcome to the planet and sorry for the mess).

Just to remind you, a tiny and virtually unknown security company in Milwaukee Wisconsin called Hold Security gained instant global fame when they announced in early August that for months they had been monitoring a young group of hackers that had amassed more than 1.2 billion stolen usernames and passwords, and nearly half a billion email addresses, that they were using for spamming and other crimes.

Even more disturbing, the hackers had stolen the information from nearly half a million compromised websites. And the hackers had attacked those websites by hijacking thousands of poorly protected personal computers.


The Top 10 Most Common Identity Theft Myths

giftEvery year around this time we see the same experts dole out the same identity theft prevention tips. And yet, identity theft keeps getting worse. Maybe it's because we have to take a step back, and start by exposing some of the myths that can lead to consumer apathy about identity theft. If we help consumers to better understand the reality of identity theft, they might better appreciate these tips and apply them more often.

So here goes:

Subscribe to this RSS feed