August 25, 2008
Sale now on! Retailers give away your money!
It doesn’t take much to impress me (seriously, I’m a big fan of eighties pop music). So if I were a retailer and a couple of guys in uniforms with ID badges and a little toolkit turned up and told me they were servicing my PIN card device, I’d probably believe them.
And I’d be wrong to. An international gang posing as bank engineers turned up at various retailer's premises and switched their card payment terminals with ones capable of skimming bank cards. It’s thought that thousands of cards have been involved in the scam with large sums of money already stolen using cloned cards in Canada. (Link)
Earlier in the week another gang, thought to be from the UK, targeted stores on the east coast of Ireland using the same modus operandi.
Detective Inspector Denis Heneghan suggested nothing earth-shattering when he said:
“Retailers should verify that anybody coming in claiming to be carrying out work on payment terminals is who they say they are. Payments systems technology should also be able to alert the retailer every time a terminal is disconnected and reconnected. Every time that happens an explanation should be sought.”
In essence, it doesn’t differ greatly from what many security experts have been saying to email providers over the years: it’s your job to protect your customers. The job of serving the customer, whether they bought a bottle of wine or use your IT services, doesn’t end when you clear their cheque.
As regards tracking down the culprits, the police have images of the suspects from in-store CCTV cameras. But based on my experience of these they are likely to be hunting for dark, grainy individuals who walk at one frame per second.
Free speech lives!
The next time you’re sat down in front of the TV, chewing on a pipe of Pringles and aimlessly searching for an episode of Desperate Housewives, don’t be fooled in to thinking that life is dull and uneventful. There’s always something going on somewhere.
Three Massachusetts Institute of Technology (MIT) undergraduates were a few weeks ago forbidden by a judge to share details with a hacker convention in Las Vegas of a flaw they discovered in the electronic payment system of Massachusetts Bay Transit Authority (MBTA). However, on appeal, US District Judge George A. O'Toole overturned the ban, rejecting the objections of the MBTA. (Link)
After the initial ruling the Electronic Frontier Foundation (EFF) had called the order an “illegal prior restraint” on their client’s free speech:
“Basically, what the court is suggesting here is that giving a presentation involving security to other security researchers is a violation of federal law. As far as I know, this is completely unprecedented and it has a tremendous chilling effect on sharing this sort of research.”
However, the new ruling, which was not based on restraint of free speech but rather that their work did not represent a violation of the Computer Fraud and Abuse Act, was hailed by the EFF.
“A presentation at a security conference is not some sort of computer intrusion. It's a protected speech and vital to the free flow of information about computer security vulnerabilities.”
The research specifically identifies vulnerabilities that the MBTA have announced could take five months to fix. It probably didn’t help the student’s cause when the trailer for their talk included the tag line “Want free subway rides for life?”
The irony in the lawsuit (because every good legal story needs some irony) is that the information they are trying to restrain has been online for weeks.
It gets a bit sanctimonious at this point though with EFF attorney Cindy Cohn saying:
“They (MBTA) brought an action against three college kids rather than address the problems in their own house."
Ok, I’m bored now. Where’s the remote?
How dare people imitate soldiers!
Maybe I’m having a bad week but there are a few stories out there which have me rolling my eyes a bit. The latest is a story about how appalled a North Wales housewife is after getting an email from someone looking to transfer $25m in to her account. Yes, it’s an old trick. Only this time it’s not the widow of a Nigerian warlord – it’s a member of the good old armed forces. (Link)
The email described how the money had been found in Taliban enclosures in Iraq and that this stranger was willing to give her 40% of the haul. But Stephanie Ditchburn, who is 40 and seemingly sharper than a very sharp knife owned by country music singer Kevin Sharp, was not falling for that.
“I was furious when I received this email. How dare people imitate soldiers!"
It’s a fairly compelling argument alright. I wonder if she feels as angry when she receives scam emails (called 419 fraud) that runs down the good names of the Beninese and Burkinabé?
Stephanie doesn’t strike me as someone you should take anti-spam advice off though.
"I normally reply with a message to say 'stop sending me these spam emails,' but they keep on coming.”
From Chapter One of the book entitled Spam 101: never reply to these emails. It confirms that your account is active and will only result in more spam.
But you do wonder who these awful spam people will pretend to be next.
“Hi. It’s The Hoff! Listen, don’t tell anyone but I’ve just received $25m in back-royalties for Knight Rider. Because I fear a backlash from anyone with good taste (lol!), I’m looking for somewhere to lodge it until the heat is off. Be a dear and send me your bank details will you?”
“Dear Mr Hoff. I think it’s disgraceful that you should be looking to profit from a program that was kitsch in its day, never mind in 2008. Please take your money and your middle-aged mullet and go away! Kind regards, Stephanie Ditchburn (40).”
|
