Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Fresh Target Breach Cards Hitting Black Market
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
anon2815515591
50%
50%
anon2815515591,
User Rank: Apprentice
1/14/2015 | 12:36:06 PM
Re: Target Breach: the gift that keeps giving
Remember if you log on to a site that sells stolen data a) the FBI may be watching and you may get wrapped up in the hoopla, and B) If they are the unscrupulous type and sell peoples cards do you think it would be easy for them to also monitor who connects and inject malware into the systems that are connecting??

Just a thought, I would make sure you use a public wifi connection not your house and also use a computer that is ready for the scrap heap then pull the hard disk out and junk it...DONT use the computer you surf the web for on a day to day or you may get something you didnt ask for.
catvalencia
50%
50%
catvalencia,
User Rank: Apprentice
7/5/2014 | 4:01:32 AM
Re: Target Breach: the gift that keeps giving
That's absolutely right. Such scenarios of financial pain and horror might cause you to wonder how you can keep yourself from becoming a credit card theft victim. One answer is to use payday loans rather than credit cards in emergency situations where you need quick cash, as the process does not generally expose you to potential identity theft. However, having a small number of credit cards can be beneficial to your FICO score (indicating diversity in your credit portfolio, which creditors like to see), so perhaps a better long-term answer would be how to make credit card usage less dangerous.
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Apprentice
3/4/2014 | 7:13:21 PM
Re: Target Breach: the gift that keeps giving
That's an excellent question: upgrade to what? Some of the most secure forms of transfer payments that I have heard about concerns NFC and mobile wallets -- card security has a lot of limitations. I think cards can be utilized by the average consumers for another good decade or so, if somehow payments required the users to enter a pin, so in the event that 40 million card information has been stolen then all a user would have to do to make their card secure again is to assign a new pin.

Upgrade is a process that we should not be overlooked, I have heard that some small retailers have been issued to upgrade their OS from XP (not because of the Target Breach, but because XP won't we officially supported) by their payment solution providers.  
WKash
50%
50%
WKash,
User Rank: Apprentice
3/3/2014 | 9:19:05 PM
Protected
Interesting how credit card groups are saying you're protected if your card gets stolen. I just went through a fresh example of that -- and at least got what was promised:  Someone made off with my AMEX card.  I didn't discovere it for four days, by which time, the person ran up $2457 in credit cards purchases, mostly small stuff, where a credit card scan is all that's required.  Fortunately, AMEX credited all 30 charges.  But I would probably have not been as fortunate if I hadn't reported it.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Moderator
3/3/2014 | 5:14:10 PM
Re: Target Breach: the gift that keeps giving
I agree. Financial institutions keep saying it's too expensive to change -- but surely all the costs associated with a breach like this approach the cost of changing over. Viewed as an upgrade, then it might be more palatable. And if banks do it voluntarily, then the government won't force it on them at some point.
Michael Endler
100%
0%
Michael Endler,
User Rank: Apprentice
3/3/2014 | 3:50:50 PM
Re: Not Only Credit Cards
I wonder if it's the same "Microsoft Windows software" guy who called me twice last month.

"Hackers are trying to hack into your PC, really bad," he said. I proceeded to ask him which PC, which seemed to really confuse him. "What do you mean?" he asked. "I have more than one," I replied, at which point he hung up.

The next time, I decided to tell him he was full of BS, at which point he told me that if I wanted to let hackers take over my computer, it was on me. He hung up again.

If I weren't certain some people have fallen for it, the calls would have been pretty funny.
rradina
50%
50%
rradina,
User Rank: Apprentice
3/2/2014 | 8:55:59 PM
Re: Target Breach: the gift that keeps giving
Upgrade to what?  You cannot just change the card without changing the pin pads too.  You can add a chip in the card but as long as the local "Roach Coach" uses a Square plugged into an iPhone, old payment methods have to be allowed.  How are on-line sites more secure with new cards?  3-D Secure?  That doesn't require new cards.
Li Tan
50%
50%
Li Tan,
User Rank: Apprentice
3/2/2014 | 8:29:35 PM
Re: Target Breach: the gift that keeps giving
I completely agree. The major issue is not about card itself but mainly the security process. Nowadays the card with magnetic strip is in use not upgraded to IC chip yet. Keeping your card with the reach of your eyesight help nothing to prevent security breach. Instead some solid process must be in place.
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Apprentice
3/2/2014 | 9:56:42 AM
Re: Target Breach: the gift that keeps giving
I think the cost of a card itself is not a big deal (even when multiplied by 40 million). The logistics of sending all those cards out and getting them activated is what's causing the apprehension. Since the breach has taken place and eventually new cards have to be issued, now would be a nice time to upgrade card security in the processes. By viewing this whole process as an upgrade to security rather than a containment exercise, better results can be gained.
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Apprentice
3/2/2014 | 9:41:12 AM
Re: Bottom line advice?
Great advice and anyone who has been exposed to the breach window should call up the bank and say "that there is a 60% chance their card will be misused".
Page 1 / 2   >   >>


44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9405
PUBLISHED: 2020-02-26
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.
CVE-2020-9406
PUBLISHED: 2020-02-26
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
CVE-2020-9407
PUBLISHED: 2020-02-26
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.
CVE-2020-9398
PUBLISHED: 2020-02-25
ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection.
CVE-2015-5201
PUBLISHED: 2020-02-25
VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows r...