Posted on 01/16/2014 8:40:12 AM PST by BlueMondaySkipper
Last weekend, Target finally disclosed at least one cause of the massive data breach that exposed personal and financial information on more than 110 million customers: Malicious software that infected point-of-sale systems at Target checkout counters. Todays post includes new information about the malware apparently used in the attack, according to two sources with knowledge of the matter.
(Excerpt) Read more at krebsonsecurity.com ...
After the congress critter declared the Target problem to be like the Obama care problem,I am certain the hack was done by the treacherous tyrant in the White House to make himself look good.
Emily Litella? I remember that too, but it was still two words.
Easy, I only Write Checks for Bills, and pay CASH for everything else. I make NO electronic Transactions of ANY KIND EVER. I should also point out the obvious, when you Use CASH ONLY, you will find yourself not Wasting Money on trivial Bullshit that you really don’t need. Abstinence works every time it is Tried.
Well, to each his own I guess. I have bounce protection and fraud protection from my bank, so there is really nothing to worry about, for me.
That was a thorough monkey hammering they took. If they weren't patching them before, they will be shortly.
That’s hackers’ goal was the data, not to bilk cardholders directly. The way these large scale credit card scams generally work is the hackers steal the information, package it in bundles, and then resell it to criminals on the black market. These criminals then run the false transactions.
CA....
That could be a minor annoyance. I might have to call the 800 number and tell them I haven't been to Estonia or wherever. They might need to issue me a new card. But there would be no dent in my bank account and no bounced checks. They are unusually efficient about removing fraudulent or disputed charges.
In any case, at Target, I use the house REDcard because they give a 5% discount.
I was thinking Rosanna Rosanadanna, but it has been a while...
Don't I know it! I don't know how I even remembered the Emily Litella character. It just popped into my head. But she was the one who used to go off on the rants because she misunderstood a word.
The bad guys were logging in remotely to that [control server], and apparently had persistent access to it, a source close to the investigation told KrebsOnSecurity. They basically had to keep going in and manually collecting the dumps.
Its not clear what type of software powers the point-of-sale devices running at registers in Targets U.S. stores, but multiple sources say U.S. stores have traditionally used a home-grown software called Domain Center of Excellence, which is housed on Windows XP Embedded and Windows Embedded for Point of Service (WEPOS).
If the malware was an attack on Windows XP Embedded/Windows Embedded for PoS" it'll be the first case I've heard of, though likely not the ONLY case out there.
XP Embedded happens to run quite a few ATM machines in the U.S. I was part of a large project for a big Chicago Based Bank (now B of A) back in 2003 which converted legacy mainframe based 3270 ATM's with Windows XP Embedded.
My guess is right about now there's a whole lotta banks double-checking their ATM security .....
Its not that clever. Buffer overflows have been used since Sendmail came out in the 1980s. Its old hat now. Sendmail ran as root. Guess what file they went after? That's right. Send your stuff straight to the passwd file.
Never let anyone code using gets() and you'll take care of mot of those.
I was thinking that everyone certainly is speaking negatively of Target’s system until I suddenly remembered that POS also means “point of sale”.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.