That Sears website exploit we posted about a couple of weeks ago was funny, mainly because it seemed more embarrassing for Sears than a true security risk. However, an independent security researcher had also discovered a more significant issue with the site—it allowed for an unlimited number of gift card verification attempts via an external script, so a criminal could use the site as a brute force method to identify valid gift cards for Sears and Kmart.
security
Bank Of America Asks Armless Man For Thumbprint
By 9.1.09
A Florida man was unable to cash a Bank of America check because the bank required a thumbprint, and he had no arms.
Skimmers Rig Door Instead Of ATM
By 8.31.09
Last week, a customer in Long Beach, New York, discovered a skimmer attached to the outside of a local ATM branch instead of on specific machines. We’ve talked a lot about being wary of any suspicious add-ons at the ATM, but in this case the criminals were collecting card info as people swiped to enter the building—although they still had pinhole cameras set up to record PINs next to each keypad.
Ameriprise Website Riddled With Security Vulnerabilities For At Least Five Months
By 8.21.09
[Note: The original headline for this post mistakenly identified Ameritrade as the subject of the post. It is actually Ameriprise Financial. I deeply regret the error.] Since March of this year, security expert Russ McRee of HolisticInfoSec.org has sent 6 messages to Ameriprise Financial warning them of easily exploitable security holes on their website. They ignored every request, while at the same time reassuring customers that “No one without the proper web browser configuration can view or modify information contained on our systems.”
Hackers Indicted For Stealing 130 Million Credit Card Numbers
By 8.18.09
130 million is a large number, but that’s how many credit card numbers a group of three hackers are alleged to have stolen from five different companies including 7 Eleven, Hannaford, and Heartland Payment Systems says the Department of Justice.
Marriott Drops "It's Your Fault" Claim In Rape Case
By 8.17.09
After it broke last week that Stamford Marriott Hotel & Spa was claiming it was the fault of the victim and her two toddlers that she was raped in their parking garage, the hotel has decided to withdraw the claim. They also apologized for the rape in a general sort of way—but not for subpoenaing her friends and professional acquaintances who otherwise would not have known about the crime.
Should You Keep Your Own Chickens?
By 8.6.09
We’re gonna say “nope.” But since we’re all here, let’s look at the recent New York Times article over the subject and consider whether the current “chicken boomlet” is right for you.
Hackers Discover Data-Stealing ATM At Convention
By 8.4.09
Nobody knows yet whether it was planted by an attendee, or if the ATM had been there for some period of time before the event, but hackers at last week’s DefCon conference in Las Vegas discovered a rogue unit that was designed to capture customers’ credit card data with each use.
Hacked Company: Notifying Customers Of Breach Is A "Burden"
By 7.27.09
Network Solutions, an e-commerce company, just experienced a data breach that resulted in them compromising 573,000 credit and debit card accounts. The company has begun to notify merchants of the breach so they can tell their customers, but gosh, it’s just so hard.
Buy Safely Online With Virtual Credit Cards
By 7.27.09
Before buying from potentially unscrupulous merchants, call up your credit card company and ask for a virtual credit card number. The disposable numbers expire after a single use, preventing merchants from signing you up for added or recurring charges. Virtual numbers are available to Citi, Discover, PayPal, and Bank of America customers.
ADT: Sign Up Or Thieves Will Kill Your Dogs With Oven Cleaner
By 7.19.09
Leo thought that letting his two dogs greet an approaching ADT salesman would be enough of a hint that he didn’t want their security services. Nope! The well-trained salesman sensitively barked: “You know what they are doing to dogs now, don’t you? They’re spraying oven-cleaner into their face, killing them in 20 seconds!”
State Department Admits RFID Passports Are Insecure
By 7.18.09
The State Department is advising travelers using super-secure RFID-enabled passports to buy a “radio-opaque” holster, because it turns out that RFID chips aren’t so super-secure after all. Don’t fret if “radio-opaque sheath” isn’t on your holiday shopping list, this is thankfully one of those rare problems that you can solve with a hammer…
Frontier's Computer System Lands Unaccompanied Minor In Security Room For An Hour
By 6.30.09
Ok, here’s a crazy idea: if you’re an airline, and you have a form with room to list two adults who are authorized to pick up an unaccompanied minor, wouldn’t it make sense to have room for both names in your computer system? Because whoever is running Frontier Airline’s system doesn’t seem to think so! Kayla’s mother spent a frantic hour, IDs in hand, trying to prove that she was authorized to meet her 13-year-old daughter at the gate. The form accompanying her daughter clearly had both her and Kayla’s father listed, but the computer listed only the father’s name. While Frontier sorted out the confusion, Kayla spent an hour waiting in Denver Airport’s security room.
Yahoo! Still Exists, Says Internets Are Safer Than They Used To Be
By 6.26.09
A Congressional panel is looking into drafting new online privacy laws, but Yahoo says such legislation isn’t necessary because the e-industry has done such a bang-up job of regulating itself.
Company Offering Paid Security Lines For Special People Fails
By 6.23.09
Members of the service, called “Clear”, paid as much as $199 a year and underwent background checks in order to access awesome security lines at participating airports. These security lines apparently led to the same checkpoints as everyone else uses. The company claims to have signed up 260,000 travelers.
Traveler Detained For Carrying "Too Much" Cash Sues TSA
By 6.22.09
Back in March, Steve Bierfeldt was pulled aside while going through the security line at Lambert-St. Louis (Missouri) International Airport, taken to a room, and questioned for half an hour about the box of cash he was trying to check through. Bierfeldt, who works for a Ron Paul organization, recorded the conversation. Now with the help of the ACLU he’s suing the TSA.
AT&T Has A Message About Your iPhone Shipment
By 6.19.09
Bill thinks that AT&T might have a message for him. “Here is a rather unfortunate captcha I received tonight when I logged in to AT&T Wireless to check on the shipping status of my new iPhone 3GS,” he wrote. AT&T, do you serve captchas to your mother with that mouth?
