Holy gaping financial vulnerability batman!
This one is juicy (cryptome.org):
We present an attack on hardware security modules used by retail banks for
Social engineering dupes cracker?
A funny story from the Register.
A Nottingham schoolgirl managed to turn the tables on a cracker who'd pinched her father's credit card details by tricking him into revealing his identity online.
A quiet week and suddenly everything I read is post-worthy. The NYTimes has 2 good ones in the Tech section. A piece on electronic disruption weapons, which will likely be employed in Iraq. And this request for hackers to behave during the potential conflict.
GOVERNMENT officials have warned for some time that pro-Iraqi hackers might take aim at computers in the United States as international tensions rise. But now officials are also trying to discourage Americans who might be tempted to mount attacks on the computers and Web sites of Saddam Hussein's supporters.
Hack the vote
Salon's running an interesting article on the inherent weaknesses of computerized voting - namely their ability to be cracked.
"Computerized voting equipment is inherently subject to programming error, equipment malfunction, and malicious tampering. It is therefore crucial that voting equipment provide a voter-verifiable audit trail, by which we mean a permanent record of each vote that can be checked for accuracy by the voter before the vote is submitted, and is difficult or impossible to alter after it has been checked. Many of the electronic voting machines being purchased do not satisfy this requirement. Voting machines should not be purchased or used unless they provide a voter-verifiable audit trail; when such machines are already in use, they should be replaced or modified to provide a voter-verifiable audit trail. Providing a voter-verifiable audit trail should be one of the essential requirements for certification of new voting systems."
If you get the chance, yesterday's WSJ had an interesting article on the security challenges facing modern architects and engineers.
CC theft update
It's up to 8 million cards, the FBI's investigating and the name of the processing company has been released.
In what is believed to be the biggest credit card hacking incident so far, Omaha-based Data Processors International, which processes transactions involving Visa, MasterCard, American Express and Discover Financial Services for merchants, said in a statement that it had "recently experienced a system intrusion by an unauthorized outside party."
Blogger down yesterday
Major CC breach
CNN reports that a cracker has accessed over 2 million valid accounts from Visa and Mastercard.
The hacker breached the security system of a company that processes credit card transactions on behalf of merchants, Visa and MasterCard said.
Whew - that's a big one...
Good thing I didn't get my gf any flowers for V-day this year:
In a terse e-mail statement today, Downers Grove, Ill.-based FTD acknowledged the problem and called it "a brief technical issue in which a limited number of customers may have been able to view a subset of another customer's data...