Tuesday, January 28, 2014

We Are Compromised for We Are Many


[Updated on, January 29, 2014]

According to Kreb's on Security the attackers leveraged a local admin account named "Best1_user" present on PoS terminals to gain entry.  The account is a default administrative account installed by the PoS maker.  The PoS maker notes the password to the account is unimportant since it cannot be used for logon.  Hum...

[Original Post, January 28, 2014]

2013 has been a busy year for cyber criminals according to Marble Security.  Marble's snappy info-graphic is eye popping.  I notice the number of compromised Target accounts appears somewhat conservative, new estimates are around 110 million (Target notes 70 million).  If you want to see the letter's Target is sending to customers you can look at mine (click to expand image).

Digging a little further into the disclosure web site referenced in the email, there are two main areas of action for Target.
  • A $5 million dollar contribution to a new security coalition educating the public on phishing attacks
  • Free credit report for compromised accounts
Educating the public on phishing scams is responsible since information leaked during the breach will undoubtedly be use for Spear Phishing their customers.  Spear Phishing is a technique used by attackers to target individuals with highly personalized emails making them an effective vehicle for malware delivery.  Finally, you are offered a free credit report but only you register to receive it. Target notes on their site they are making some internal improvements but they are not specific.

"We are committed to making this right and are investing in the internal processes and systems needed to reduce the likelihood that this ever happens again. We have retained a leading third party forensics firm who is conducting a thorough investigation of this incident." [Target]

I noticed Brian Krebs has some detailed news on his security web site (A Closer Look at the Target Malware, Part II).  Apparently PoS terminals (credit card readers) were sending captured personal data to attacker systems for later use and abuse.  Sigh...

--Milton


Wednesday, January 1, 2014

Self-Censorship on Social Media

Have you ever typed a sentence into a web page and just prior to clicking Enter you change your mind, soften your message, or perhaps you decided not to post the message at all?  Apparently the messages you choose not to post are now interesting to companies, see Self-Censorship on Facebook.

I Tweeted about disclosure concerns around self-censorship a couple of years ago.  I noticed I had the habit of rethinking my posts as I typed.  It's entirely human nature to type as you think.  However, most people don't realize with the dynamic nature of the Internet and web pages your posts are sent to service providers as you type, one character at a time.  Pressing the Enter key or clicking the Post button tells the service provider you want to post the message and make it visible to your friends or public.  Even if you choose not to post your message, your service provider knows your original post.  In some ways, this behavior makes the unedited original post more interesting to service providers or government agencies working cooperatively with service providers.  It's possible the unedited original posts may be interpreted as your true thoughts on a subject.

The lesson learned, don't type your thoughts as you go into web pages (I write this as I type into Blogger).  I realize this is not very practical advice for all your posts but perhaps for the most controversial.  Instead use a tool like Notepad, TextMate, TextWrangler, or even Word, to draft your message.  Once you develop an acceptable message and decide to post, use your operating systems paste functions to paste into the target web page and post.  This keeps your original thoughts private.  The posts you decide not to send is nobody's business except your own.

Happy New Year!

--Milton

Share It!