What you need to know for your personal cyber security life…
Fourth in a series of daily current and topical computer threats that may affect your online, or even offline, digital and real life. Why cybersecurity on SurvivalRing? Because EVERYTHING you do in your life everyday is a part of the cyber world…even your offline plans. So, be aware, and pay attention. The bad guys WILL eventually get around to YOU…personally.
# # #
Target Got Hacked Hard in 2005. Here’s Why They Let It Happen Again
By Kim Zetter
A gang of shadowy hackers tears through the systems of big-box retailers, making off with millions of credit and debit card numbers in a matter of weeks and generating headlines around the country.
Target and Neiman Marcus last week? Nope. This oh-so-familiar attack occurred in 2005.
That’s when Albert Gonzalez and cohorts — including two Russian accomplices — launched a three-year digital rampage through the networks of Target, TJ Maxx, and about half a dozen other companies, absconding with data for more than 120 million credit and debit card accounts. Gonzalez and other members of his team eventually were caught: he’s serving two concurrent sentences for his role, amounting to 20 years and a day in prison, but the big-box breaches go on.
The latest string of hacks attacking Target, Neiman Marcus, and others raise an obvious question: How is it that nearly a decade after the Gonzalez gang pulled off its heists, little has changed in the protection of bank card data?
Target got off easy in the first breach: A spokeswoman told Reuters an “extremely limited” number of payment card numbers were stolen from the company by Gonzalez and his gang. The other companies weren’t as lucky: TJX, Hannaford Brothers grocery chain, the Dave & Busters restaurant chain, Office Max, 7-Eleven, BJ’s Wholesale Club, Barnes & Noble, JC Penney, and, most severely, Heartland Payment Systems, were hit hard.
# # #
s Will Make Up 98% of Mobile Devices on New DOD System
By Aliya Sternstein
January 17, 2014
A Pentagon system intended to secure a mix of brand name smartphones for warfighters will primarily support BlackBerrys when the tool starts launching later this month, according to Defense Department officials.
About 80,000 BlackBerrys and 1,800 Defense-owned Apple and Android-based phones and tablets will begin being hooked up to the new management system on Jan. 31, officials announced on Friday.
A transition from tethered workstation computers to mobile information access that began in 2012 is contingent on this system functioning. The $16 million project aims to ensure users — potentially 300,000 of them – don’t compromise military data on their phones or corrupt defense networks when on-the-go.
Popular devices expected to go online include the iPad 3 and 4, iPhone 4S and 5, Samsung 10.1 tablets and Samsung 3S, and Motorola RAZR devices.
# # #
Top ‘good guy’ hackers to tackle biggest cyber challenges yet
By David Shamah
The Times of Israel
January 20, 2014
Hackers — even the “good guy” breed — tend to be a shadowy bunch, keeping their identities as secret as they can. But on January 28, the identities of some of the best hackers in Israel will be unveiled, as they try to win an all-expense paid trip to the U.S., to see how security giant Symantec does cyber-defense
The hackers, 50 of them, will be participating in the biggest-ever simulated “hack attack,” in the Israeli version of the Symantec Cyber Readiness Challenge – a worldwide and ongoing event in which “white hat hackers” (those who use their hacking powers to help, not hinder) will attempt to get to the bottom of a simulated “industrial espionage” attack against a large corporation.
By putting participants in the hacker’s shoes, said Symantec, it enables them to understand their targets, technology and thought processes so they can ultimately better protect their organization and themselves. Symantec, which makes anti-virus and security software, works in countries around the world, where it holds similar challenges, seeking out the best white-hat hackers, sometimes hiring them as well, the company said.
A hacker contest is like any other one, in that it has goals, rules, milestones, and points awarded. In the contest, hackers must conduct a cyber-investigation of an attack against a company’s site, figuring out who hacked them and how they did it, by counter-hacking shady Internet sites and servers. Points will be given for degree of success in hacking into the suspects’ servers, and for achieving 40 milestones (such as getting access to passwords, installing spyware, etc.). The winner of the contest will get an opportunity to talk to and work with top Symantec security personnel at the company’s headquarters in the U.S., all expenses paid.
# # #
Two coders closely tied to Target-rel
By Jeremy Kirk
IDG News Service
January 20, 2014
A Los Angeles security company has named a second individual living in Eastern Europe whom they suspect coded malicious software that was modified and used against Target.
The information comes from an analysis of “cyberprints,” or a collection of data and postings on underground password-protected forums where stolen card data and malware are sold, said Dan Clements, IntelCrawler’s president, in a phone interview Monday.
IntelCrawler named a 17-year-old Russian teenager on Friday it suspects created the Kaptoxa malware, also known as BlackPOS, which intercepts unencrypted payment card details just after a card is swiped at a point-of-sale terminal.
On Monday, it revised the post and named a second individual. Clements said the revised post reflects new information that indicates the two individuals used the same nickname, “ree4,” in forum postings dating back to March 2013.
# # #
Internet users ditch “password” as password, upgrade to “123456”
By Jon Brodkin
Jan 20 2014
An annual list of the most commonly used passwords, a source of both humor and sadness to the human race, shows a change at the top for the first time in three years.
SplashData, a maker of password management software, started analyzing passwords leaked by hackers in 2011 and for the first two years of its study found that “password” was the most commonly used password, ahead of “123456.”
The two switched places in 2013, according to the latest list released over the weekend. The new rankings were influenced by a hack on Adobe that revealed 130 million passwords protected only by reversible encryption. Security firm Stricture Consulting Group was able to reveal the top 100 passwords from the Adobe hack, and “123456” came in first by a long shot. Stricture found 1.91 million uses of “123456” compared to 446,162 uses of “123456789” and 345,834 uses of “password.” Only 43,497 people used the password for Druidia’s air shield and President Skroob’s luggage.
SplashData said it pulled from the Adobe list and others in making its top 25. The rankings were “compiled from files containing millions of stolen passwords posted online during the previous year,” SplashData said in its announcement. The SplashData list isn’t a carbon copy of the Adobe one, but the Adobe influence is clear, given that SplashData’s 10th-most-common password is “adobe123.”
# # #