Category Archives: A Little Sunshine

Includes investigative blog posts meant to shine a light on the darker corners of the Internet.

The Great EMV Fake-Out: No Chip For You!

February 16, 2016

Many banks are now issuing customers more secure chip-based credit cards, and most retailers now have card terminals in their checkout lanes that can handle the “dip” of chip-card transactions (as opposed to the usual swipe of the card’s magnetic stripe). But comparatively few retailers actually allow chip transactions: Most are still asking customers to swipe the stripe instead of dip the chip. This post will examine what’s going on here, why so many merchants are holding out on the dip, and where this all leaves consumers.

Fraudsters Tap Kohl’s Cash for Cold Cash

February 11, 2016

70 Comments

Scam artists have been using hacked accounts from retailer Kohls.com to order high-priced, bulky merchandise that is then shipped to the victim’s home. While the crooks don’t get the stolen merchandise, the unauthorized purchases rack up valuable credits called “Kohl’s cash” that the thieves quickly redeem at Kohl’s locations for items that can be resold for cash or returned for gift cards.

IoT Reality: Smart Devices, Dumb Defaults

February 8, 2016

66 Comments

Before purchasing an “Internet of things” (IoT) device — a thermostat, camera or appliance made to be remotely accessed and/or controlled over the Internet — consider whether you can realistically care for and feed the security needs of yet another IoT thing. After all, there is a good chance your newly adopted IoT puppy will be:

-chewing holes in your network defenses;
-gnawing open new critical security weaknesses;
-bred by a vendor that seldom and belatedly patches;
-tough to wrangle down and patch

Safeway Self-Checkout Skimmer Close Up

February 3, 2016

85 Comments

In Dec. 2015, KrebsOnSecurity warned that security experts had discovered skimming devices attached to credit and debit card terminals at self-checkout lanes at Safeway stores in Colorado and possibly other states. Safeway hasn’t disclosed what those skimmers looked like, but images from a recent skimming attack allegedly launched against self-checkout shoppers at a Safeway in Maryland offers a closer look at once such device.

Sources: Security Firm Norse Corp. Imploding

January 30, 2016

206 Comments

Norse Corp., a Foster City, Calif. based cybersecurity firm that has attracted much attention from the news media and investors alike this past year, fired its chief executive officer this week amid a major shakeup that could spell the end of the company. The move comes just weeks after the company laid off almost 30 percent of its staff.

FTC: Tax Fraud Behind 47% Spike in ID Theft

January 28, 2016

48 Comments

The U.S. Federal Trade Commission (FTC) today said it tracked a nearly 50 percent increase in identity theft complaints in 2015, and that by far the biggest contributor to that spike was tax refund fraud. The announcement coincided with the debut of a beefed up FTC Web site aimed at making it easier for consumers to report and recover from all forms of ID theft.

Skype Now Hides Your Internet Address

January 25, 2016

34 Comments

Ne’er-do-wells have long abused a feature in Skype to glean the Internet address of other users. Indeed, many shady online services that can be hired to launch attacks aimed at knocking users offline bundle so-called “Skype resolvers” that let customers find a target’s last known location online. At long last, Microsoft says its latest version of Skype will hide user Internet addresses by default.

Guy Who Tried to Frame Me In Heroin Plot Pleads Guilty to Cybercrime Charges

January 20, 2016

52 Comments

A Ukrainian man who tried to frame me for heroin possession has pleaded guilty to multiple cybercrime charges in U.S. federal court, including credit card theft and hacking into more than 13,000 computers.

The Lowdown on Freezing Your Kid’s Credit

January 20, 2016

35 Comments

A story in a national news source earlier this month about freezing your child’s credit file to preempt ID thieves prompted many readers to erroneously conclude that all states allow this as of 2016. The truth is that some states let parents create a file for their child and then freeze it, while many states have no laws on the matter. Here’s a short primer on the current situation, with the availability of credit freezes (a.k.a “security freeze”) for minors by state and by credit bureau.

Hyatt Card Breach Hit 250 Hotels in 50 Nations

January 15, 2016

42 Comments

If you stayed, ate or played at a Hyatt hotel between Aug. 13 and Dec. 8, 2015, there’s a good chance your credit or debit card data was stolen by unknown cyber thieves who infiltrated many of the hotel chain’s payment systems. Its its first disclosure about the scope of a breach acknowledged last month, Hyatt Hotels Corp. says the intrusion likely affected guests at 250 hotels in roughly 50 countries.