Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Fresh Target Breach Cards Hitting Black Market
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
anon2815515591
50%
50%
anon2815515591,
User Rank: Apprentice
1/14/2015 | 12:36:06 PM
Re: Target Breach: the gift that keeps giving
Remember if you log on to a site that sells stolen data a) the FBI may be watching and you may get wrapped up in the hoopla, and B) If they are the unscrupulous type and sell peoples cards do you think it would be easy for them to also monitor who connects and inject malware into the systems that are connecting??

Just a thought, I would make sure you use a public wifi connection not your house and also use a computer that is ready for the scrap heap then pull the hard disk out and junk it...DONT use the computer you surf the web for on a day to day or you may get something you didnt ask for.
catvalencia
50%
50%
catvalencia,
User Rank: Apprentice
7/5/2014 | 4:01:32 AM
Re: Target Breach: the gift that keeps giving
That's absolutely right. Such scenarios of financial pain and horror might cause you to wonder how you can keep yourself from becoming a credit card theft victim. One answer is to use payday loans rather than credit cards in emergency situations where you need quick cash, as the process does not generally expose you to potential identity theft. However, having a small number of credit cards can be beneficial to your FICO score (indicating diversity in your credit portfolio, which creditors like to see), so perhaps a better long-term answer would be how to make credit card usage less dangerous.
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Apprentice
3/4/2014 | 7:13:21 PM
Re: Target Breach: the gift that keeps giving
That's an excellent question: upgrade to what? Some of the most secure forms of transfer payments that I have heard about concerns NFC and mobile wallets -- card security has a lot of limitations. I think cards can be utilized by the average consumers for another good decade or so, if somehow payments required the users to enter a pin, so in the event that 40 million card information has been stolen then all a user would have to do to make their card secure again is to assign a new pin.

Upgrade is a process that we should not be overlooked, I have heard that some small retailers have been issued to upgrade their OS from XP (not because of the Target Breach, but because XP won't we officially supported) by their payment solution providers.  
WKash
50%
50%
WKash,
User Rank: Apprentice
3/3/2014 | 9:19:05 PM
Protected
Interesting how credit card groups are saying you're protected if your card gets stolen. I just went through a fresh example of that -- and at least got what was promised:  Someone made off with my AMEX card.  I didn't discovere it for four days, by which time, the person ran up $2457 in credit cards purchases, mostly small stuff, where a credit card scan is all that's required.  Fortunately, AMEX credited all 30 charges.  But I would probably have not been as fortunate if I hadn't reported it.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Moderator
3/3/2014 | 5:14:10 PM
Re: Target Breach: the gift that keeps giving
I agree. Financial institutions keep saying it's too expensive to change -- but surely all the costs associated with a breach like this approach the cost of changing over. Viewed as an upgrade, then it might be more palatable. And if banks do it voluntarily, then the government won't force it on them at some point.
Michael Endler
100%
0%
Michael Endler,
User Rank: Apprentice
3/3/2014 | 3:50:50 PM
Re: Not Only Credit Cards
I wonder if it's the same "Microsoft Windows software" guy who called me twice last month.

"Hackers are trying to hack into your PC, really bad," he said. I proceeded to ask him which PC, which seemed to really confuse him. "What do you mean?" he asked. "I have more than one," I replied, at which point he hung up.

The next time, I decided to tell him he was full of BS, at which point he told me that if I wanted to let hackers take over my computer, it was on me. He hung up again.

If I weren't certain some people have fallen for it, the calls would have been pretty funny.
rradina
50%
50%
rradina,
User Rank: Apprentice
3/2/2014 | 8:55:59 PM
Re: Target Breach: the gift that keeps giving
Upgrade to what?  You cannot just change the card without changing the pin pads too.  You can add a chip in the card but as long as the local "Roach Coach" uses a Square plugged into an iPhone, old payment methods have to be allowed.  How are on-line sites more secure with new cards?  3-D Secure?  That doesn't require new cards.
Li Tan
50%
50%
Li Tan,
User Rank: Apprentice
3/2/2014 | 8:29:35 PM
Re: Target Breach: the gift that keeps giving
I completely agree. The major issue is not about card itself but mainly the security process. Nowadays the card with magnetic strip is in use not upgraded to IC chip yet. Keeping your card with the reach of your eyesight help nothing to prevent security breach. Instead some solid process must be in place.
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Apprentice
3/2/2014 | 9:56:42 AM
Re: Target Breach: the gift that keeps giving
I think the cost of a card itself is not a big deal (even when multiplied by 40 million). The logistics of sending all those cards out and getting them activated is what's causing the apprehension. Since the breach has taken place and eventually new cards have to be issued, now would be a nice time to upgrade card security in the processes. By viewing this whole process as an upgrade to security rather than a containment exercise, better results can be gained.
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Apprentice
3/2/2014 | 9:41:12 AM
Re: Bottom line advice?
Great advice and anyone who has been exposed to the breach window should call up the bank and say "that there is a 60% chance their card will be misused".
Page 1 / 2   >   >>


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.