Target, home depot card security:(

Page 2 of 3  
On 09/27/2014 01:28 AM, Cheryl wrote:

The thing I love about open source is that if you write a respectful letter to the author, you can usually get bugs fixed. Try that with Microsoft! ("How many copies did you buy? HAHAHAHAH")
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 09/27/2014 01:28 AM, Cheryl wrote:

me, I'm

off their

The certain amount of time is now too short for that to make a major diff erence -- last year, a tech reporter downloaded a list of 16,000 encrypted passw ords and was able to decipher 47% of them in a few hours. The article says th is:
"While Anderson's 47-percent success rate is impressive, it's miniscule w hen compared to what real crackers can do, as Anderson himself made clear. To prove the point, we gave them the same list and watched over their shoulders as they tore it to shreds. To put it mildly, they didn't disappoint. Even the lea st successful cracker of our trio—who used the least amount of hardw are, devoted only one hour, used a tiny word list, and conducted an interview througho ut the process—was able to decipher 62 percent of the passwords. Our top cracker snagged 90 percent of them."
That's from: http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out -of-your-passwords/1/

e to work

*nix.
That's pretty much how I made the leap 6 years ago — the only thi ng I'd do differently would be to use live CDs/DVDs to try out a bunch of different distros, not believe claims that only the one with a big PR budget is user-friendly. :-)
You might want to try BSD first if you're really concerned about security . Linux is being changed under-the-hood in ways that will make it easier fo r government orgs like the NSA to tamper with it without being caught, and I'm finding it less stable, so I'm thinking of switching to PC-BSD myself.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Saturday, September 27, 2014 1:31:09 AM UTC-4, Cheryl wrote:

eir systems secure:(


Good luck with that. Few people have the time or fortitude to find and read the legal fine print where companies spell that out. And it's not like I'm going to not shop at HD, Target or Walmart because of their privacy policies.
Agree with the rest of your advice.
And most of all, make

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 9/27/2014 1:31 AM, Cheryl wrote:

Baah, I'll show you guys. Wait till I get the four million pounds sterling that nice general from King Nambu Nambu's tribe promised me. Right before I gave him my bank account and routing numbers.
Such a nice general.
Darn shame the English deposed the king and burned down the Parlaimentary building in Nigeria.
. Christopher A. Young Learn about Jesus www.lds.org .
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I wasn't referring to RFID, which is so incredibly stupid on a credit card. How hard is it to actually swipe the card instead of waving it?
I was referring to Chip and PIN cards:
http://www.forbes.com/sites/tomgroenfeldt/2014/06/23/more-secure-credit-cards-with-chips-coming-to-the-u-s/
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

RIGHT! Democrats don't need to do that because they've already stolen enough to fund their campaigns. Their main impetus is tossing the Great Unwashed a few crumbs so the GU will continue to vote for them so they can steal more.
--

dadiOH
____________________________
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I think you may be missing the big picture here. Consider...
Now, with non RFID card. Bad guy sticks a gun in your face, demands you go to an automatic teller, withdraw money and give it to him and if you don't he is going to inflict serious harm on you.
Now, WITH RFID card. Bad guy steals code, makes a card, goes to automatic teller and withdraws money ALL AT NO RISK TO YOU!
IOW, the good credit card folks are working hard to keep us safe.
--

dadiOH
____________________________
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
|I have now had 5 cards wiped out because stores dont bother keeping their systems secure:( |
I'm a contractor, shopping at HD at least once a week, but I didn't know how seriously to take the latest breach. It's been going on since Spring and I haven't had any problems.
I'm curious what you've done. Did you have your cards reissued? Is there a cost for that? Do you just call them and say you've shopped at HD, and they'll sens you a card with a new number?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thursday, September 25, 2014 9:48:55 AM UTC-4, Mayayana wrote:

Couple nights ago on the news they said that the first instances of the stolen card info being used had just started to occur. Last week they were showing it being offered in traunches on a website in Russia. The trauches you could buy were named "American Sanctions 10, 11, 12, etc. Gives you a good idea of who and what is behind it.
An interesting question is why the card issuers don't just send out new cards. I can only speculate that they figure that will cost more than all the time and money spent investigating and covering losses that occur. But I would think it would be more cost effective to just issue new cards. Maybe they are doing that, IDK. And unlike Bob, I don't think it's such a big deal if they issue me a new card. The only issue I see is having to change any online places where you have it saved, use it for recurring charges, etc. Not that much work, IMO.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 09/25/2014 09:59 AM, trader_4 wrote:

We had new cards issued -- free of charge -- more than a decade ago by a bank when we showed that purchases made supposedly with our card were made at places where we were not at the time.
We had new cards issued more recently because we had used a card at TJMaxx, which had suffered a data breach. Replacement cards were sent without us requesting them -- and free of charge.
Haven't shopped at Target in ages.
Have shopped at HD within the last couple of months but haven't seen any suspicious charges on our card.
We got "chipped" cards in preparation for a trip to Europe. I don't know how much more complicated it would have been to make purchases with a card without a chip.
We have a store-branded RFID-equipped MasterCard for our supermarket, but that's the only place I've ever noticed that an RFID card can be used.
I read recently that Australia is on the way to "contactless" payments -- payments using a smartphone rather than a card, for example.
Perce
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Believe me, they suffer in lost sales. Home Depot and Target appear to have been particularly lax and didn't even do some of the minimum system scanning required by the Visa and MC. HD may suffer greivously because of that lack of compliance. It has and will continue to cost them dearly in sales. Egghead went out of business shortly after they experienced a massive breach. Fortunately these massive attacks have awakened the industry from its stupor and more companies are doing aggressive testing.
A new problem has begun to appear - people using your checking account number to make electronic debits. Apparently the banks are pretty lax about who they will allow to debit your account. Every time you write a check, you hand out your account number to a potential hacker.

They've only recently decided to force them to acknowledge that they have been compromised. That data has been kept quite secret for a long time and its only through the efforts of independent security analysts like Brian Krebs that they've been outed. He's the one that fingered Target and if you recall, they denied, denied, denied for as long as they thought they could get away with it.

It will never happen. In the US we only manage by crisis and now there have been enough huge breaches that we'll move to a much safer "chipped card" system. Merchants have long balked at paying the cost to upgrade their systems but these latest mega breaches are forcing their hand. Europe's card fraud rates have been much lower than ours because they went to chipped cards years ago.

I use cash nowadays at stores and especially restaurants (where the card leaves your physical possession - a real invitation to trouble). It used to be that I wouldn't use cards on-line but retailers like Amazon seem to be able to keep their card systems secure. Other than them, I only use sites that take Paypal because I have a little keyfob code generator from them. Stealing my password won't do a hacker much good because each transaction requires a number generated from the keyfob. So far, so good!

Don't forget to thank the Supreme Court for deciding that money equals free speech.
Its both parties, actually. Look at Obama, who campaigned on getting us out of the Middle East but it hurling us right back into that stinkhole/sinkhole. Russia, China, Saudi Arabia and Europe have the most to lose from ISIS but they're quite content to let poor, dumb old Uncle Sam do all the heavy lifting and fight their battles for them. How can we be against welfare for US citizens while we funnel billions of dollars to defend the interests of countries that wouldn't take the time to whizz on us if we were on fire? Time for them to get off the US welfare rolls, too. What a dolt Obama is.
All it takes, it seems, to get America worked up to a money-splurging frenzy is to behead a few people. The terrorists must be laughing their asses off at how little it takes to push us to into a blind revenge-driven fury. If we let them alone they would not have a common enemy and would eventual fight amongst themselves and take care of the problem for us. But NOOOO. We've got to make the US a target that unifies every terrorist faction in the world. So Obama's as dumb as a post and is doing exactly what he laced into George Bush for doing. Obama took us out of the frying pan and into the fire.

It's a bitch, I agree. Its a great reason to go back to untrackable, unhackable cash. Its also pretty hard to spend more money than you have with cash. Cards make that a LOT easier to do since the pain doesn't come until 30 days later. I still carry one card in my wallet for emergencies, but I if I am going shopping, I make a list and go to the bank first. I've found a number of places will give a 2 to 5% discount for cash.
SH
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| >I have now had 5 cards wiped out because stores dont bother keeping their systems secure:( | > | | They do bother.
Not necessarily: http://www.businessweek.com/articles/2014-09-18/home-depot-hacked-wide-open
I've also seen articles critical of Target's security. The problem seems to be that they just don't have a lot to lose, and like most individuals, they see security issues as abstract until a problem happens.
I don't know of any reason they even need to store credit card data. Once the payment has gone through it's none of their concern. Which points to a second unnecessary security risk: companies that hold data they shouldn't for purposes of datamining.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Here's another one:
http://arstechnica.com/security/2014/09/home-depot-ignored-security-warnings-for-years-employees-say/
This wasn't just a successful hack. It was an fullscale intrusion that wasn't noticed for 6 months.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thu, 25 Sep 2014 08:23:18 -0700, Percival P. Cassidy

and you keep your RFID card where? oh, so you DO put it in an old Altoid metal box so it can't be scanned by others. ok.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 09/25/2014 11:43 AM, RobertMacy wrote:

I just read that the range is 2 to 4 inches. I know that I have to hold the card pretty close to the terminal for it to register.
Perce
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| and you keep your RFID card where? oh, so you DO put it in an old Altoid | metal box so it can't be scanned by others. ok.
I have one RFID charge card that I never asked for. There's an icon on the back that indicates it. One can then look at the card on edge to find a tiny bump. I sliced open the bump and removed the tiny RFID chip, with no noticeable damage to the card.
One can also use something like an aluminum cover. I made a simple one by folding a piece of aluminum in half, so that it fits in my wallet.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| One report was that the HD breach took place on cards used at the self | check out machines. | | I don't use those aisles, myself.
Nor I. I'd be interested to see a link for that if you find it. I was assuming that the break was into the main database.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Better yet, pay in cash. That's what I do for just about everything purchased locally.
--
-----------------------------------------------------------------------------
Roger Blake (Change "invalid" to "com" for email. Google Groups killfiled.)
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

A lobotomy?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

FUCK THAT!!!!! We have enough californicators and yankee MOFO here in Tejas. I'd like them to stay where the fuck they already are
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Related Threads

    HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.