Home The News
The News
Payment processor Heartland reports breach PDF Print E-mail
Written by Geek Mad Scientist   
Tuesday, 20 January 2009 16:55

Heartland Payment Systems, which processes payroll and credit card payments for more than 250,000 businesses, reported Tuesday that consumer credit card data was exposed in what may be the largest security breach ever.

In a statement that coincided with President Barack Obama's inauguration events, Heartland said the breach occurred last year but that it found evidence of the intrusion last week and immediately notified law enforcement and credit card companies.

Robert H.B. Baldwin Jr., president and chief financial officer of Heartland, told CNET News he did not know how many credit and debit card accounts may have had their information exposed. The company handles 100 million transactions per month but does not know exactly how many unique cards or consumers that translates to, he said.

"The question is what percentage of transactions did the malware capture," Baldwin said.

He also would not say when the malware arrived in its system. "We have suspicions as to when, but can't nail that down. We're still working on how" the malware got there, he added. "We believe the intrusion is contained."

"We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice," Baldwin said in the statement.

No merchant data, cardholder Social Security numbers, or unencrypted PINs, addresses, or telephone numbers were exposed, the company said.

Heartland was alerted in the late fall to suspicious activity surrounded processed card transactions by Visa and MasterCard and hired forensic auditors who uncovered malicious software that compromised data in the company's network, Baldwin said.

The company said it will implement a system to flag anomalies in real time and created a Web site to provide information on the breach to customers, who will not be held responsible for fraudulent charges.

Sphere: Related Content
Last Updated on Tuesday, 20 January 2009 16:59
 
DTV deadline PDF Print E-mail
Written by Geek Mad Scientist   
Monday, 19 January 2009 14:47

The debate over flipping the switch for Digital TV on February 17th is still up in the air. I don't understand the dilemma. There are still 9 million DTV converter boxes waiting to be purchased and approximately 33.5 million digital-to-analog TV converter boxes have been shipped into the U.S. marketplace.

So ,what's the big deal? Consumers who receive broadcasts via over the air analog signals will need to add a converter box, a new digital TV or a multichannel TV service in order to continue viewing TV programming when broadcasters turn off their terrestrial analog TV signals (currently scheduled for Feb. 17, barring a delay).

“While the Congress works out the last-minute issues surrounding the waiting list for government coupons, the NTIA program has resulted in sales of nearly 20 million coupon-eligible converter boxes,” stated Myra Moore, Digital Tech Consulting principal. “And our research shows that as many as 4 million additional boxes have been sold to consumers without coupons … We believe there is ample supply of nearly nine million boxes in retail warehouses and store shelves ready for an onslaught of last-minute buyers.”

The firm said sales of converter boxes started off modestly at 1.3 million units in the first quarter of last year, and grew 49 percent in the second quarter, 64 percent in the third quarter, and nearly 100 percent in the crucial fourth-quarter selling period.

During the last three months of 2008, nearly 15 million converter boxes were shipped into distribution channels as broadcasters, consumer electronics interest groups and others ramped up myriad public education programs, Digital Tech said.

DTC’s top market share leaders by brand include RCA, Magnavox, Insignia and Zenith.

“If anything, the market for digital-to-analog converter boxes has been even stronger than our original forecast of 30 million units — which some considered too generous. Of course, the cost-relieving coupon program as well as some consumers buying boxes without coupons has helped to boost sales. ” Moore noted.

Moore said that even with the ample supply, DTC expects retailers and manufacturers to carefully manage demand planning to insure that there isn’t a glut of converter boxes left after the majority of consumers have purchased the boxes they need.

“While it is expected that converters will be available throughout 2009, most demand will fall off precipitously after next month’s analog switch-off,” DTV said.

All things considered, just bite the bullet and flip the switch. Does everyone really need TV? Only if your a media zombie.

 

Sphere: Related Content
Last Updated on Monday, 19 January 2009 15:55
 
VHS is dead, long live VHS PDF Print E-mail
Written by Geek Mad Scientist   
Friday, 26 December 2008 10:13

The VHS era is coming to an end, as the last major supplier of the format's tapes stopped shipping them to retailers in October. "It's dead, this is it, this is the last Christmas, without a doubt," said Ryan J. Kugler, president and co-owner of Distribution Video Audio. "I was the last one buying VHS and the last one selling it, and I'm done. Anything left in warehouse we'll just give away or throw away."

It had to happen, with people demanding higher quality video for thier movie watching and the space wasting form factor, VHS' death toll was ringing for years now. So this is it, 2008 saw the end of a several video formats HD-DVD and VHS. Now let's see if standard DVD can last out 2009 against Blu-ray DVD.

 
GURP Drive is a success PDF Print E-mail
Written by Geek Mad Scientist   
Monday, 22 December 2008 08:38
thank you
 
We wanted to thank everyone that participated in making our first GURP drive a success! Your commitment to saving the environment gives us all hope that the world can be a better place. We would also like to thank all those who supported Agape Children's Services, in giving to the foster children you have given them hope.
 
Keep looking for our next GURP drive!
Last Updated on Tuesday, 06 January 2009 16:52
 
Don't panic it's Microsoft, or IE exploits PDF Print E-mail
Written by Geek Mad Scientist   
Wednesday, 17 December 2008 15:19

Microsoft Investigating Reports of New IE7 Exploit

Importatnt Update!!!

Microsoft has released a Security Update to IE7 check it out here!

 

Microsoft said it is investigating reports that a new exploit is going around that takes advantage of an unpatched security hole in Internet Explorer 7.

ie7small.jpg

The SANS Internet Storm Center, which tracks hacking trends, said today that while the exploit does not appear to be widely in use at the moment, that situation is likely to change soon, since instructions showing criminals how to take advantage of this flaw have been posted online.

SANS emphasizes that this vulnerability is not one that was fixed in the massive bundle of patches that Microsoft issued yesterday. It is not clear what steps users can take to protect themselves against this threat, other than to browse the Web with something other than IE, such as Mozilla Firefox or Opera. This appears to be the type of vulnerability that could be used to give attackers complete control over an affected system merely by convincing users to browse to a specially-crafted hacked or malicious Web site.

According to SANS, the exploit works against fully-patched Windows XP and Windows 2003 systems with Internet Explorer 7.

In a statement e-mailed to Security Fix, Microsoft said once it is done with its investigation, the company "will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves."

The remainder of Microsoft's statement reads:

"Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-PCSAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at: www.ic3.gov.

Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at: www.microsoft.com/protect."

Security Fix will continue to keep a close eye on this investigation as it unfolds.

Update, 7:12 p.m. ET: Security volunteer-led group Shadowserver.org has released details about the dozens of Chinese domains being used to serve up this exploit (I hope it goes without saying: Don't visit any of the domains listed at the Shadowserver writeup).

Reston, Va. based security firm iDefense tonight published further details that suggest this exploit was accidentally released by "knownsec," a Chinese information security team that apparently thought the vulnerability had already been patched by Microsoft. The advisory suggests this exploit has been known and actively used by attackers since October.

From iDefense's advisory (PDF):

"According to knownsec, earlier this year a rumor emerged in the Chinese underground about an IE7 vulnerability and in October it began to be traded privately. In November it got into underground black market and was traded for about $15K. Later in December, it emerged and people sold the exploit second or third hand for about $650. Finally, someone purchased those second hand exploits to develop and deploy a Chinese gaming Trojan."

Perhaps the inadvertent disclosure of this flaw is why Microsoft included in its statement today the following tidbit:

"To minimize risk to computer users, Microsoft continues to encourage responsible disclosure. By reporting vulnerabilities directly to a vendor, it helps ensure that customers receive comprehensive, high-quality updates while reducing the risk of attack."

Update, Dec. 11, 10:04 a.m. ET: Microsoft has officially acknowledged this vulnerability. It issued this security advisory late last night.

Update, Dec. 12, 1:04 a.m. ET: Microsoft has revised its security advisory about this vulnerability, saying it affects all supported versions of Internet Explorer, not just version 7. There are indications that a large number of legitimate, hacked Web sites are being seeded with this exploit code through SQL injection vulnerabilities. I would strongly advise readers to avoid surfing the Web with IE at least until Microsoft has patched this flaw. If Microsoft sticks to its regular schedule of issuing updates to fix security flaws on the second Tuesday of each month, that means that unless Redmond deviates from that schedule, the earliest we can expect a patch for this flaw is Jan. 13, 2009.

Sphere: Related Content
Last Updated on Friday, 19 December 2008 10:57
 
More Articles...
«StartPrev123NextEnd»

Page 2 of 3
Copyright © 2010 Geek Sheet. All Rights Reserved.
  
Add to Technorati Favorites
feed image
feed image