Credit Card Hacker And ID Theft Forum Overlord Sentenced To 13 Years Prison

Credit Card Hacker And ID Theft Forum Overlord Sentenced To 13 Years Prison

Max Vision, the security consultant who was first sent to prison in 2001 for messing with the Pentagon, has now been sent to 13 years in prison for “stealing nearly two million credit card numbers from banks, businesses and other hackers,” reports Wired. The FBI took a renewed interest in Vision in 2006 after he successfully made a power grab on several competing black market ID theft websites. “I’ve changed,” Vision wrote in a letter to the court, and although he faced life in prison, he was given the shorter sentence partly because he’d cooperated with the government. With good behavior he’ll be back out in 2018. [More]

28-Year-Old Pleads Guilty To Stealing Over 130 Million Credit And Debit Card Numbers

28-Year-Old Pleads Guilty To Stealing Over 130 Million Credit And Debit Card Numbers

Albert Gonzelez pleaded guilty today to “conspiracy to engage in wire fraud for his role in stealing more than 130 million credit and debit card numbers from Heartland Payment Systems,” reports Boston.com. [More]

State Job Website Has Great Opportunities For Self-Starting Identity Thieves

State Job Website Has Great Opportunities For Self-Starting Identity Thieves

CBS 5 exposed a “gaping hole” in the code of California’s state-run employment website that allows anyone who views the site to access and modify other users’ resumes and personal info simply by changing some numbers in the URL.

Founder Of FlyersRights Says Delta Hacked Her Email Account

Founder Of FlyersRights Says Delta Hacked Her Email Account

Kate Hanni, the founder of the passenger advocacy group FlyersRights.org, has filed a lawsuit against Delta Airlines in which she claims they hacked her email account and acquired personal email messages sent between her, some journalists, and a guy who was at the time working for Metron, a company hired by the FAA to investigate Delta.

Ameriprise Bans "Customer Advisor" For Posting Link To Consumerist

Ameriprise Bans "Customer Advisor" For Posting Link To Consumerist

Hey, we helped get an Ameriprise customer banned from the financial company’s consumer advisory panel! Sorry about that, Brendan.

Another Sears.com Security Hole Discovered

Another Sears.com Security Hole Discovered

That Sears website exploit we posted about a couple of weeks ago was funny, mainly because it seemed more embarrassing for Sears than a true security risk. However, an independent security researcher had also discovered a more significant issue with the site—it allowed for an unlimited number of gift card verification attempts via an external script, so a criminal could use the site as a brute force method to identify valid gift cards for Sears and Kmart.

Ameriprise Website Riddled With Security Vulnerabilities For At Least Five Months

Ameriprise Website Riddled With Security Vulnerabilities For At Least Five Months

[Note: The original headline for this post mistakenly identified Ameritrade as the subject of the post. It is actually Ameriprise Financial. I deeply regret the error.] Since March of this year, security expert Russ McRee of HolisticInfoSec.org has sent 6 messages to Ameriprise Financial warning them of easily exploitable security holes on their website. They ignored every request, while at the same time reassuring customers that “No one without the proper web browser configuration can view or modify information contained on our systems.”

Apple Blames Jailbreaking For Recent AT&T Visual Voicemail Outages

Apple Blames Jailbreaking For Recent AT&T Visual Voicemail Outages

Apple’s not through with their blitz against jailbreaking, with this newly updated support doc that says, among other things, that the recent Visual Voicemail outages from AT&T were caused by—and happened to—hacked iPhones.

Hackers Smack Down Latest iPhone Firmware, Unlock New Phones

Hackers Smack Down Latest iPhone Firmware, Unlock New Phones

For as long as there have been iPhones, there’s been the requirement to sign up for AT&T service. And as long as that requirement has been around, there have been hackers who release downloads that unlock your phones and free them to access other services.

Apple Wants To Make Jailbreaking Worthy Of Jail Time, $2500 Fine

Apple Wants To Make Jailbreaking Worthy Of Jail Time, $2500 Fine

[it] would have the right to claim statutory damages of up to $2,500 “per act of circumvention.” People who jailbreak phones, might even be subject to criminal penalties of as long as five years, if they circumvented copyright for a financial gain.

Did Turkish Police Beat Information Out Of A Suspect In The TJ Maxx Credit Card Case?

Did Turkish Police Beat Information Out Of A Suspect In The TJ Maxx Credit Card Case?

Christopher Soghoian over at Cnet is reporting that Turkish police may have used violence to get the encryption keys of one of primary ringleaders in the TJ Maxx credit card theft investigation. The suspect, Maksym Yastremskiy, is apparently a “major figure in the international sale of stolen credit card information.”

Online 'Security Questions' Can Be Too Easy To Crack

Online 'Security Questions' Can Be Too Easy To Crack

The ease with which a student was able to reset Sarah Palin’s Yahoo email password highlights a vulnerability of so-called “challenge questions” designed to verify your identity: if the questions are about personal details from your life, there’s a risk that somewhere out there on the web, that info is visible to the public. That might be a realistic risk only for public figures, but it’s also possible that friends or family members could answer your questions with a little guesswork. If you want better security, make up fake answers that you’ll remember.

http://consumerist.com/2008/08/21/gmail-recently-rolled-out-a/

Gmail recently rolled out a change to its settings, where now you can permanently turn on SSL encryption. Do it now—your personal data will thank you for it. Besides, it’s going to get a lot easier to hack Gmail sessions very soon, because some guy is planning on releasing a hacking tool to the public in order to force Google to implement better security. [monkey_bites]

Here's What The World Of ATM Hacking Looks Like

Here's What The World Of ATM Hacking Looks Like

Wired has been covering the ongoing investigation into recurring ATM pin thefts from Citibank accounts, and their latest article tracks how Ukrainian immigrants, a ringleader back in Russia, a hacked company named Fiserv that runs Citibank-branded ATMs in 7-Elevens, and an online payment service that also offers money laundering for a small fee all come together to steal your money. It’s an amazing look at how the U.S. tries to combat the threat of ATM-related theft.

18-Year-Old Says He Hacked Comcast Because He's "Tired Of Their Shitty Service"

18-Year-Old Says He Hacked Comcast Because He's "Tired Of Their Shitty Service"

Here’s a technique we’ll not be adding to our list of fun ways to escalate your complaint: The 18-year-old who recently hacked Comcast and took down the company’s homepage and webmail told Wired that it was Comcast’s own fault… The hacker, known as EBK, called Comcast to let them know they’d been hacked. The manager scoffed and hung up:

Manager Photographs Teenagers And Says They Are Banned From The Apple Store For Life

Manager Photographs Teenagers And Says They Are Banned From The Apple Store For Life

Whatever you do, don’t download any fun 3rd party programs to the iPhones at the University Avenue Apple store in Palo Alto, California. You may be detained for 2 1/2 hours, then photographed and told that other Apple stores will be ” on the lookout” for you.

http://consumerist.com/2008/05/29/okay-who-decided-it-would/

Okay, who decided it would be funny to hack Comcast? DSLReports says, “Though there’s no indication that user privacy is jeopardized, you may want to avoid using Comcast webmail until things have been completely cleared up. [DSLReports]

Redbox Shows Businesses How To Properly Handle A Data Breach

Redbox Shows Businesses How To Properly Handle A Data Breach

Redbox rents DVD movies via vending machine in drugstores and supermarkets throughout the country, and on Friday they announced that they’d found credit card skimmers attached to three of their kiosks. What’s surprising is that they ‘fessed up so quickly, and in a highly public manner—they’ve got the text “SECURITY ALERT” at the top and bottom of their website, and the email they sent to their members is detailed, forthright, and helpful, and reposted in its entirety—along with photos of sample card skimmers—on their site. Attempts at identity theft no longer surprise us, but a competent handling of the issue by a company is pretty amazing.