It’s all good though
People keep designing, building, deploying insecure shit and I keep spending my days fixing it or breaking it
LOL at the guy balancing money on his head
AGREED. This industry can be extremely fun and extremely frustrating at times.
Wah wah wah wah
Fuck where am I going to buy fake flowers, wicker baskets and yarn now?
Sent from my MotoX using Tapatalk
Can we stop calling it a security breach? It really is a joke at this point, there is no real security obviously. People will be begging for biometric scans before you know it. “we only accept cash, thumb or your iris scan, thank you.”
I am assuming there is already a biometric scan for iphones. (?)
Actually there is very little threat to the average consumer assuming you actually look at your credit card bill month to month.
Losing a credit card the bank will dump all the fraudulent charges and life goes on.
People run into the issue with Credit/Debt cards linked to a checking if it gets stolen and the account goes negative it has a larger impact but is still fixable by the bank.
But for example if your healthcare provider loses your SSN/other info its a much bigger issue since they won’t reissue a new SSN.
Oddly enough healthcare is the most jacked up when it comes to security
Yes,
Biometrics are a joke. There’s more to security than “ooops we forgot to lock this thing down”. Budgets, Management, Policies, Ease of Use.
Healthcare is always doing their best to try and move AWAY from storing SSNs though. If doctor’s office asks for your SSN, you should be questioning them why and doing everything you can to NOT provide it to them.
Our Data Security Standards prohibit storing SSNs unless an exception is granted. And that is rare (but SOMETIMES necessary).
Justin is correct, things that CANNOT be changed should NEVER be used for security. Biometrics and SSN are the most common. If your thumbprint is compromised, you are fucked. If your password is compromised, at least you can change it.
MFA is a good way to protect yourself, at the moment. If it’s correctly implemented, it will work well enough for most people. There needs to be demand for it, though. And since the consumers take on almost zero risk, the consumers don’t care to demand it.
Just wait until the credit card companies start pushing back on retailers. This mess that the retailers are causing for the credit card companies is going to come back and bite them in the ass.
I doubt credit card companies will push back they could do a lot to lessen the exposure mandate chip and pin, encryption at swipe, etc but they don’t.
Also have you looked at a medicare card lately? 
I think you’re going to be surprised by the first statement. They COULD do more to lessen the exposure, but it would cost them money (which might end up saving them money). I think what we’ll start to see will be credit card companies pushing the merchant to take the monetary loss on the fraudulent transactions. In the end, that’s the best solution for the CC companies. Then they minimize their losses due to fraud, they avoid having to roll out costly technology AND they keep consumers protected all the same. After all, shouldn’t the merchant be taking some responsibility for security too? We already enforce PCI compliance for technology. But when it comes to physical security of the card, the merchant is allowed to turn a blind eye. Case in point, I can walk into any store I want and use my wife’s CC without question. Her name is Tracy, which COULD be a male name too, so most people wouldn’t question it. If they asked for ID every time, they might start to prevent some of the fraud transactions. Not every, but enough to start reducing the amount of money that CC companies are losing every day.
I’m guessing the reason they don’t is fraudulent in person transactions are less of an issue now due to this thing called the internet.
You would be surprised at the number of companies who are not PCI compliant and have no issues paying the huge fine per month while they “fix” things because its cheaper for them to be “fixing” and paying the fine vs actually getting it done and i’m talking fines up into the millions per month.
I have done security assessments for a couple of the major credit card companies and payment processors based on the issues I have come across and public breaches like Heartland and Global payments I find it hard the credit card industry can push tighter security standards on normal companies that are not even in the business of security.
When you look at how much money moves across credit card companies per minute the loses even at the level of the Target hack are nothing.
Interesting insight… I still think something will change. I hope it’s some sort of chip/MFA, but I just don’t think the demand is there.
I agree that with Internet transactions that you can’t quite do as much with ID checking. However, I do know that most merchants are going to be skeptical of shipping addresses that don’t match billing addresses… I’m not sure what that means on the backend, though.
When I was a kid… CC use was definitely more scrutinized, today is a joke. I remember my parents writing a note that said I could buy one particular item with their card. lol (That was back in the “mom and pop store” days.)
Keep in mind; It does impact consumers one way or the other because the cost of security or loss is passed on.
The reason banks & card processing companies don’t really care is fractional reserve lending IMO. If money was real to them they might keep a closer eye on things. There should be a standard of regulation & harsh penalties when it comes to financial security IMO. While banks simply write off fraudulent charges, the customer faces loads of stress & wasted time. For your sake (and mine when I finally move to sec sector) I hope they keep things loose as a $2 whore. LOL
-
-
- Updated - - -
-
Money was more/less the real deal back then. This was the reason they actually repo’ed things bought on revolving credit, rather than just cars/large items like they do today.
It was the real deal, people actually paid off their CC balance every month too!
Yahoo email account passwords stolen
NEW YORK (AP) – Usernames and passwords of some of Yahoo’s email customers have been stolen and used to gather personal information about people those Yahoo mail users have recently corresponded with, the company said Thursday.
Yahoo didn’t say how many accounts have been affected. Yahoo is the second-largest email service worldwide, after Google’s Gmail, according to the research firm comScore. There are 273 million Yahoo mail accounts worldwide, including 81 million in the U.S.
It’s the latest in a string of security breaches that have allowed hackers to nab personal information using software that analysts say is ever more sophisticated. Up to 70 million customers of Target stores had their personal information and credit and debit card numbers compromised late last year, and Neiman Marcus was the victim of a similar breach in December.
“It’s an old trend, but it’s much more exaggerated now because the programs the bad guys use are much more sophisticated now,” says Avivah Litan, a security analyst at the technology research firm Gartner. “We’re clearly under attack.”
Yahoo Inc. said in a blog post on its breach that “The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.”
That could mean hackers were looking for additional email addresses to send spam or scam messages. By grabbing real names from those sent folders, hackers could try to make bogus messages appear more legitimate to recipients.
“It’s much more likely that I’d click on something from you if we email all the time,” says Richard Mogull, analyst and CEO of Securois, a security research and advisory firm.
The bigger danger: access to email accounts could lead to more serious breaches involving banking and shopping sites. That’s because many people reuse passwords across many sites, and also because many sites use email to reset passwords. Hackers could try logging in to such a site with the Yahoo email address, for instance, and ask that a password reminder be sent by email.
Litan said hackers appear to be “trying to collect as much information as they can on people. Putting all this stuff together makes it easier to steal somebody’s identity.”
Yahoo said the usernames and passwords weren’t collected from its own systems, but from a third-party database.
Because so many people use the same passwords across multiple sites, it’s possible hackers broke in to some service that lets people use email addresses as their usernames. The hackers could have grabbed passwords stored at that service, filtered out the accounts with Yahoo addresses and used that information to log in to Yahoo’s mail systems, said Johannes Ullrich, dean of research at the SANS Institute, a group devoted to security research and education.
The breach is the second mishap for Yahoo’s mail service in two months. In December, the service suffered a multi-day outage that prompted Yahoo CEO Marissa Mayer to issue an apology.
Yahoo said it is resetting passwords on affected accounts and has “implemented additional measures” to block further attacks. The company would not comment beyond the information in its blog post. It said it is working with federal law enforcement.
If you’re not using a email provider with two factor authentication you’re asking for problems.
I am starting to focus more and more on selling data breach coverage to any of my clients. Most of the older agents are behind the 8 ball when it comes to reviewing their books to add these coverages and businesses are shelling out major bucks when they get hacked.
Most people don’t even realize how much it costs a business, when hacked, to notify their customers, restore their files and apply extra security measures.
Target’s most recent one:
The Target breach alone compromised the data of as many as 110 million Americans — roughly one of every three people in the country.
In 2012, the latest year for which widely accepted statistics are available, 621 confirmed data breaches compromised 44 million individual records. That’s according to Verizon’s annual Data Breach Investigation Report, considered by many to be the definitive measure of data intrusions in the industry.
+1
Love it, especially good if you use one 1 email for everything.
I couldn’t imagine trying to sell that to someone my guess would be you know way more then the customer or they know way more then you and understand the risk and numbers game.