Inharmonious
In an attack reminiscent of the one that targeted the media watch site Gawker.com in December, eHarmony.com, the online dating site in Pasadena, Calif., suffered a hacker attack that
The vulnerability was actually caused by an SQL injection tied to a third-party library the site uses for content management. This could be an important concern for banks, which frequently use third-party vendors for site management. The break-in is also significant to bankers because their customers frequently use the same log-ins for bank accounts that they use for their nonfinancial accounts.
Hackers have already started offering access to the information they've stolen for $2,000 to $3,000, Krebs wrote. He reported that eHarmony executives said there was no evidence so far that accounts had been compromised.
"The SQL dump contained screen names, e-mail addresses and hashed passwords for account login on the Advice site. Once we learned about the nature of the exploit, we obviously closed it on the network layer and offered the third-party vendor help with patching the software, as we do not have access to their source code," said Joseph Essas, the chief technology officer at eHarmony, according to Krebs. The company is urging some users to change their passwords, Krebs reported.
Going Mobile
To stop card-not-present fraud in online commerce, the payments industry could use mobile devices with
The blog cited recent data from the U.K. Cards Association, which found that card-not-present fraud grew to 60% of total fraud losses in 2009, from 16% in 1999. Part of what drove the increase was the United Kingdom's migration from magnetic stripe to chip and PIN technology in 2009. As it became harder for criminals to commit fraud in face-to-face transactions, they migrated to online commerce.
Mobile commerce has some potentially superior security features, such as dropping magnetic stripe technology in favor of chip technology and software that can be put within the mobile devices. But the U.K. was also able to drive down card-not-present fraud online by 19% in 2009 by adding layers of screening.
Trojan War
Bank customers may protect their computers with the latest anti-virus software, but a new study from Eurostat, a European Union statistics agency, found that one-third of computer users still had viruses despite the fact that 84% had installed anti-virus tools.
Zdnet.com reported on Feb. 9 that
Lock It Down
The Federal Trade Commission has released a list of safety tips for users of Wi-Fi hotspots, and the tips may also be useful to bankers who want to educate their customers on
The FTC warns consumers that public hotspots are frequently not secure and that they should try to use ones that are secured according to WPA and WPA2 standards. (If the hotspot merely asks for a password, or says it is secured according to WEP, it is best to proceed as if it is not secured at all, the FTC said.)
Consumers should also try to send data through websites encrypted with the https protocol. Such sites typically show the security lock in the browser and other parts of the web page. The FTC also recommended that users never use the same log-ins and passwords for multiple sites because this can lead to simultaneous break-ins if credentials are stolen.
Unlimited Refills
The Starbucks Corp. application that lets users
The application lets users pay for their items using an image of a bar code, which links to the consumer's Starbucks account as well as the in-store register, where the bar code is scanned.
If scammers get brief access to a user's phone, they can take a screenshot of the bar code and transfer that image to other phones, the story said. With this image, they can charge coffee purchases to another user's account.
Having only the bar code image would not let the scammers add funds to the user's prepaid account, even if the app is tied to an outside bank account for this purpose.
Zip Car
Officers who stopped two drivers in Lee County, Fla., for allegedly driving with illegally tinted windows and failing to maintain a lane made another discovery: a zip drive that reportedly contained information
Officers reported smelling marijuana and did a background check on the drivers, reportedly discovering a narcotics conviction on one driver's record. That led them to search the car.
Manual Amador, 48, and Deyvi O'Connor, 32, were arrested and charged with one count each of possession of a forged or counterfeit credit card, the report said.
Hit and Run
An apparently failed automated teller machine theft in Montreal led to thousands of dollars in property damage —
The damage occurred at a strip mall on Sunday morning when someone smashed a backhoe into the plate glass windows of an ATM vestibule. But the backhoe got stuck in the debris from the collision. The perpetrator, caught on surveillance cameras, escaped in a blue truck, UPI reported, citing the Montreal Gazette.
Further damage was caused by flooding from activated sprinklers. The ATM belonged to National Bank of Canada.
Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any
