Lifestyle, Photography, Technology, Cybersecurity, Nature, Wildlife Photography, Open-source software, Analogue Photography, 35mm Film Photography, Bird Photography, IndieWeb

Brian Krebs reporting on the Target data breach

A First Look at the Target Intrusion, Malware — Krebs on Security by Brian Krebs

The source close to the Target investigation said that at the time this POS malware was installed in Target’s environment (sometime prior to Nov. 27, 2013), none of the 40-plus commercial antivirus tools used to scan malware at virustotal.com flagged the POS malware (or any related hacking tools that were used in the intrusion) as malicious. “They were customized to avoid detection and for use in specific environments,” the source said.

That source and one other involved in the investigation who also asked not to be named said the POS malware appears to be nearly identical to a piece of code sold on cybercrime forums called BlackPOS, a relatively crude but effective crimeware product. BlackPOS is a specialized piece of malware designed to be installed on POS devices and record all data from credit and debit cards swiped through the infected system.

According the author of BlackPOS — an individual who uses a variety of nicknames, including “Antikiller” — the POS malware is roughly 207 kilobytes in size and is designed to bypass firewall software. The barebones “budget version” of the crimeware costs $1,800, while a more feature-rich “full version” — including options for encrypting stolen data, for example — runs $2,300.

Feasting on a buffet of industry neglect

... Large retailers and grocery stores that are members of the PCI Council have resisted toughening standards on the ground that some solutions would be costly to implement or result in slower transaction times that could frustrate customers and sales.

“They’re utilizing a ten-year-old system,” [Gartner analyst Avivah Litan] says, and to make changes would slow down the processing and create extra costs. “When it’s busy during Christmas, even three or four seconds per transaction means less money.”

The Target breach underscores that the industry needs radical change. “The only way to really beat this thing is to make the data unusable if it’s stolen and to protect it the entire time,” Litan says.Kim Zetter

Will Nest customer Data be Shared with Google?

Will Nest customer Data be Shared with Google?Techcrunch

Our privacy policy clearly limits the use of customer information to providing and improving Nest’s products and services. We’ve always taken privacy seriously and this will not change.Nest

That answer is a bit vague, but the concerns over the recent revelations of enormous data gathering efforts on the part of the NSA should definitely cause some to worry. Whether Google chooses to share information voluntarily, it’s still a big target for those looking to hoover up vast swaths of data about its users, and that will only be more likely as time goes on, not less.Techcrunch

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.