+1,
But again people are going cash-only these days because of the economy, and they are thinking that the debit card is tied to the available cash they have on hand which is tied to their bank account. It takes one nice XSS/CSRF attack via a malicious webpage while you are viewing your bank-system and whamo, they just stole your money, hijacked your cookie on your machine to replay to the server to access your account, and steal your money accordingly. Its pretty sick what the web application attacks can do these days, it isnt just about waiters stealing CC Card numbers with card swiping machines anymore, its organized crime behind a lot of these attacks, and they want only one thing, your money... Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, September 03, 2010 12:46 PM To: NT System Admin Issues Subject: Re: [ISN] Russian Trojan blamed for credit card losses at US diner I've been trying to convince my wife we need to go all credit card. One of my concerns has always been something like this, and it hits our checking account. Once that happens, you're really in trouble. A credit card theft like this is much more manageable. I know a lot of people who use a debit card at restaurants. That just freaks me out. Who knows if that waiter isn't also scavenging CC numbers? It's unlikely, but it's one of those cases that when it happens, you're going to be in a mess for a while, more so if your checking account is involved. On Fri, Sep 3, 2010 at 12:40 PM, Kurt Buff <kurt.b...@gmail.com> wrote: Which is why I also forward this to work, and will be showing it to our Senior Staff. They think I'm a paranoid freak, and I think that they need to know that they are lambs being led to slaughter if they ignore this. Kurt On Fri, Sep 3, 2010 at 08:56, Andrew S. Baker <asbz...@gmail.com> wrote: > And, that organized crime has moved the malware scene beyond the "look at > me!!!" stage. They longer they stay undetected, the greater the ROI. > > ASB (My XeeSM Profile) > Exploiting Technology for Business Advantage... > > > On Fri, Sep 3, 2010 at 11:11 AM, Carl Houseman <c.house...@gmail.com> wrote: >> >> Problem here, everyone seems so surprised that the infection was not >> detected by antivirus, and presumably, had no noticeable side effects on >> computer operation. It needs to get into the public discourse and become >> common knowledge that AV is not enough. >> >> Carl >> >> -----Original Message----- >> From: Kurt Buff [mailto:kurt.b...@gmail.com] >> Sent: Friday, September 03, 2010 10:21 AM >> To: NT System Admin Issues >> Subject: Fwd: [ISN] Russian Trojan blamed for credit card losses at US >> diner >> >> The full article indicates that Seattle and San Francisco area >> businesses also might have been victim of this attack. >> >> >> ---------- Forwarded message ---------- >> From: InfoSec News <ale...@infosecnews.org> >> Date: Thu, Sep 2, 2010 at 23:28 >> Subject: [ISN] Russian Trojan blamed for credit card losses at US diner >> To: i...@infosecnews.org >> >> >> http://news.techworld.com/security/3237726/russian-trojan-blamed-for-cre dit-card-losses-at-us-diner/ >> >> By John E Dunn >> Techworld >> 01 September 10 >> >> Hundreds of lunchtime customers of a diner in the US city of Memphis are >> believed to have had funds stolen from their debit and credit cards >> after PCs at the venue became infected with malware. >> >> Large numbers of customers reported having had funds taken after using >> Jason's Deli in recent weeks, which prompted an investigation by the US >> Secret Service, part of the Department of Homeland Security. >> >> After establishing that staff were not involved, police discovered that >> a computer system used by to verify credit cards had been infected with >> unidentified new-variant malware, which had logged and forwarded the >> data to criminals believed to be in Russia. >> >> "The computers received a virus that was unknown before this event," >> said Special Agent Rick Harlow of the US Secret Service in a news >> conference. "No antivirus program that we ran against it found it," he >> said. >> >> [...] >> >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
