Hackers have breached the database of online dating site PlentyOfFish.com, exposing personal and password information on nearly 30 million users, including its founder and administrators. In response, the company has implied that the editor of KrebsOnSecurity.com was involved in an elaborate extortion plot.
Getting hacked is no fun. Learning that you’ve been hacked when a reporter calls is probably even less fun. But for better or worse, I have notified dozens of companies about various breaches over the years, and I’ve learned a few things about how victims respond. Usually, when the company in question responds by implicating you in an alleged extortion scheme, two things become clear:
1) You’re probably not going to get any real answers to your direct questions about the incident, and;
2) The company almost certainly did have a serious breach.
Media attention to crimes involving ATM skimmers may make consumers more likely to identify compromised cash machines, which involve cleverly disguised theft devices that sometimes appear off-color or out-of-place. Yet, many of today’s skimmer scams can swipe your card details and personal identification number while leaving the ATM itself completely untouched, making them far more difficult to spot.
The most common of these off-ATM skimmers can be found near cash machines that are located in the antechamber of a bank or building lobby, where access is controlled by a key card lock that is activated when the customer swipes his or her ATM card. In these scams, the thieves remove the card swipe device attached to the outside door, add a skimmer, and then reattach the device to the door. The attackers then place a hidden camera just above or beside the ATM, so that the camera is angled to record unsuspecting customers entering their PINs.
Microsoft warned today that hackers have published instructions for attacking a previously unknown security hole in all versions of Windows that could be exploited to siphon user data or trick users into installing malicious code.
As many readers no doubt know, the Egyptian government on Thursday severed the nation’s ties with the rest of the Internet, in an apparent effort to disrupt political protests calling for an end to the 30-year rule of Egyptian leader Hosni Mubarak.
I’ve been tweeting new developments as they arise, but I wanted to point to a few of the more dramatic graphs that different sources have drawn up to show the precipitous decline in Internet traffic and connectivity from Egypt as leaders there sought to isolate phone and computer networks from the rest of the world.
Peter Bennett first suspected his own Web site might have been turned into a spam-spewing zombie on Nov. 11, the night he discovered that a tiny program secretly uploaded to his site was forcing it to belch ads for rogue Internet pharmacies.
Bennett’s site had been silently “infected” via an unknown (at the time) vulnerability in a popular e-commerce software package. While most site owners probably would have just cleaned up the mess and moved on, Bennett — a longtime anti-spam vigilante — took the attack as a personal challenge.
With all of the media and public fascination with threats like Stuxnet and weighty terms like “cyberwar,” it’s easy to overlook the more humdrum and persistent security threats, such as Web site (in)security. But none of that should excuse U.S. military leaders from making sure their Web sites aren’t trivially hackable by script kiddies.
A lawsuit headed to court this week over the 2009 cyber theft of more than a half-million dollars from a small metals shop in Michigan could help draw brighter lines on how far banks need to go to protect their business customers from account takeovers and fraud.
Recently, I found a guy on an exclusive online scammer forum who has hawking variety of paraphernalia used in ATM skimmers, devices designed to be stuck on the outside of cash machines and steal ATM card and PIN data from bank customers. I wasn’t sure whether I could take this person seriously, but his ratings on the forum — in which fellow members leave feedback for others based on positive or negative experiences with previous transactions — were positive enough that I figured he must be one of the relatively few guys on this particular forum who was actually selling ATM skimmers, as opposed to just scamming other scammers.
A software vulnerability at a Web hosting provider let hackers secretly add dozens of Web pages to military, educational, financial and government sites in a bid to promote rogue online pharmacies.
Microsoft today released security updates to fix at least three vulnerabilities in its Windows operating systems, including one labeled “critical,” the company’s most serious rating. However, none of the patches address five zero-day flaws that can be used to attack… Read More »