| "Sources now tell KrebsOnSecurity that in a conference call with
| financial institutions today, officials at MasterCard shared several
| updates from the ongoing forensic investigation into the breach at the
| nationwide home improvement store chain. The card brand reportedly
| told banks that at this time it is believed that only self-checkout
| terminals were impacted in the breach, but stressed that the
| investigation is far from complete."
| Hope the links works for you.
That works. Thanks. I'll keep an eye on the news.
there's more than one, but the ones that are here are tryin to fuck shit up,
but we're doin are best not to let it happen
when is someone goin to "86" Reid? : )
I feel your pain. Switch to cash, wherever possible.
I am a PCI consultant (credit card security). In my State (NV), PCI
compliance is already the law. Merchants are liable when they don't
comply with PCI. I only know of one that does. The rest BLOW IT OFF.
Law or no law, it does no good.
The credit card processors won't crack down on the merchants because
they want their processing fees.
If you really want to make things happen, make the card processors
100% liable. That is the only way they will crack down on merchants
who just don't care.
I have had merchants tell me straight to my face that they are not
going to go through any expense just to take credit cards. And, also
right in front of my face, pencil whip the forms. And under the law
in this state, they become totally liable. And, THEY JUST DON'T CARE.
The only way the merchants will get serious is when they can't
find a card processor that will take their business. Right now,
they way it stands, they have processors beating down their doors
for their business.
And some of those processors tell the merchants the most ignorant,
incredible bull shit about security it makes my head spin. The
card processors don't care either. They just want the processing fees.
It occurred to me you want to know who the bad one are.
I only know that Pay Pros is a good one and they take
security very, very seriously. They rest, I wouldn't
give them a second look, especially the ones doing
credit cards for Quick Books.
| I'm a Windows person and hard to convince to convert but the more I have
| to work with open source software at work, the more comfortable I get
| with the *nix.
Linux is no miracle. The Bash bug currently in the news
has been there for 22 years, and so far I've yet to find or
be told of any reasonably usable Linux firewall that will
selectively block outgoing processes. It's designed to be
a server and Linux/OSS is a kind of religion for far too many
people. So there tends to be an attitude that you don't
have to worry about software calling home because it's
just calling "nice churchgoing folks" like yourself. That's
not security. Nor is the similar Apple attitude that Lord Jobs
wouldn't let the Apple faithful suffer by getting infected
with bugs. There's no untouchable operating system. Macs
just allow one to be a bit more lazy... for the time being...
and assuming that you don't mind Apple themselves spying
As Todd pointed out, Win7 is getting attacked slightly more
than XP, which no longer gets patches. But what the Microsoft
marketing dept and the lapdog media don't mention is that
nearly all risks are not actually in the operating system. Script,
Flash, Silverlight, Acrobat plugins, MS Office files, Java, rigged
ZIP attachments.... those are the risks. (In addition to "phishing".)
The attack venues are browsers, email programs, and other
software that goes online. Many people think Win7 is safer than
XP, but that's just default settings. You can run as a restricted
user on XP just as you can on Win7, if that's what you want.
And I'd far rather be using the latest Firefox on XP as Administrator
than using Internet Explorer on Win7 with UAC enabled.
But if you use interactive websites and allow the items listed
above -- especially script -- then you're always at risk on any
computer. Script in webpages turns them into software programs
running on your computer. There's no way to make that entirely
There was an interesting, ironic story this week about how the
IRS is paying out billions in scam IRS refunds, to people who are
filing dummy forms in the name of real people -- or at least real
SS numbers. The IRS apparently thought online filing was slick,
economical and futuristic. Apparently they thought it was inherently
more dependable than paper filing. So they don't require any sort
of paperwork for online filing. You can file your taxes with no W2
or 1099 form!
The one thing in your original post I would be inclined to
comment on is the part about privacy policies. They mean
nothing. Virtually all of them include a "mickey mouse clause"
that says the policy may be changed at any time unilaterally.
Most also claim unrestricted rights to your files and data. They
usually say your files and data will only be used "to provide and
improve the service", but that's flimsy language. If they sell
their database to marketers, then invest that money in the
service, then your private info was arguably sold to improve
the service. We have webmail companies that claim the right
to read your private correspondence, promising it's "anonymized".
There's no such thing as anonymized. And their privacy policies
are usually claiming co-ownership of your files. That's not a
So as far as corporate privacy policies go, they should all be
read to be saying, "If you give us *any* private information we
will try our best to make money from it. You give us that right
in giving us the information." Then decide what you want to
Even if there were a company trying to be honest, things
change. Leaders change. Businesses change. (Google ran
an honest business at one time. Remember?) A business might
be sold. Some of the issues are hard to even know: CVS is selling
out their customers to drug companies. Even if you happen to
have heard that, do you have a choice about shopping at CVS? If
so, can we be sure that Walgreens is not selling their database?
Linux is not bug free. But there attitude is different than
Windows. When the discover them, they fix them. Microsoft
only fixes things when it causes them embarrassment in
the public arena. And Linux has somewhere to report bugs,
which they actually fix, rather than letting them pile
up until the have an unmanageable house of cards, like
Windows Frankenstein (w8).
Mayayana is correct in the above.
The bad guys are lazy. They want the easiest way to break
into your system. And that would be to trick the user
instead of trying to hack portions of the operating system.
A good security feature is to turn off Java and Flash.
Use HTML5 plugins in Firefox for You Tube, if you must.
Also, Internet Explorer (IE) "is" part of the operating
system and is very easy to exploit. Firefox and Chrome
are just programs. That is why IE is so dangerous to run.
UAC does nothing except annoy the user. The bad guys
and many legitimate guys have long been able to get
around it. M$ actually admitted to this. I turn
UAC off for my and my customers sanity.
Here is a great tip for Windows users. Enable your
Administrator account with a strong password. Then
remove your Administrators privileges from your
user account. Only run the Administrator's
account when you know you want to install something,
then get right back out.
Windows tip: Clean out your accursed junkware. I love
Computers are like air conditioners.
Thanks, Doctor. For prescribing surgery
to people, after not reading the messages.
I was being a bit absurd in the last post,
to make a point. But you made it better
than I did.
Christopher A. Young
Learn about Jesus
bob haller;3288380 Wrote:
> I have now had 5 cards wiped out because stores dont bother keeping
> their systems secu(
> I think congress should pass some consumer protection laws, to penalize
> merchants who have data breaches:(
> Require the merchant to pay 100% of the costs to replace every card,
> plus give the consumer 100 bucks a pop for the inconvenience....
> I espically hate all the pre authorized transactions like ez pass. I
> just got the target mess fixed and now I have to start all over again...
> of course congress, espically the republicans could care less about the
> common person. Their only concerns are getting more bucks to run for
> reelection from big business.
> I am sick and tired of spending days straitening out hassles like this:(
WHy not they make some customized card that help you to use easily for
working in any environment. Mostly companies made their customised card
for security and other things.
'What your stock broker doesn’t want you to see'
> WHy not they make some customized card that help you to use easily for
> working in any environment. Mostly companies made their customised card
> for security and other things.
> (http://easypcinvestor.com /)
Or you can use any other way that help you to increase the security of
your home like biometric and other devices.
HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.