Sony's Saga
Details continue to trickle out about the Sony Corp. data breach that has affected at least 77 million people — and in particular about whether a subset of those may have had their payment card details compromised.
Though the tech giant has maintained throughout its many disclosures it has not observed any concrete evidence of fraud on the cards of the people affected, it has offered to reimburse banks the cost of reissuing cards in connection with the breach. Several Sony customers have observed fraud or attempted fraud on their cards that they suspect is related to the breach, and a report from Reuters estimates the
Sony said card data connected to accounts with Sony's PlayStation Network was encrypted, though other data, including names, addresses and birth dates, was not.
At least one report said Sony may have had an opportunity to buy back a list of millions of compromised cards. "To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list," Patrick Seybold, Sony's senior director of corporate communications and social media,
Sony has not provided a detailed explanation for the cause of the breach, though it said it is responding by moving the PlayStation Network to new hardware. The PlayStation Network allows users to play games online and to purchase digital content such as games or movies for use on PlayStation hardware.
The file-sharing news site TorrentFreak described on April 26
The issue may have stemmed from a firmware update released in March for the PlayStation game console that could unintentionally provide online access to consoles that Sony had banned from its network. "It's not a feature built in by design, but one that users have learned how to exploit," the article said.
Banned consoles were allowed back online because Sony wasn't checking certain security information when this bug was exploited. "According to Chesh," the online handle of someone who works at a website about PlayStation hacking, "one of the items whose authenticity was never checked [by this firmware] was — unbelievably — credit card numbers," the article said. However, this only means that hackers could gain access to content without paying. It may not have been a two-way street that allowed valid card numbers to be exposed.
"Chesh himself admits that while the above information is true, he can't verify 100% if it's the absolute reason why Sony pulled the PSN offline," the article said.
Though many Sony customers provide payment card details for use with the PlayStation Network, it is not necessary to spend money to play most games online or to download certain content. Sony also sells PSN credit on cards in stores, allowing users to make online purchases without providing payment card details to Sony.
Mac Attack
Apple Inc.'s Mac computers are typically considered less risky than Windows computers because they receive less attention from virus writers,
The malware targets users of the Safari browser included on Apple's computers, according to the Apple news site The Unofficial Apple Weblog. The virus' author seeks to obtain credit card details by selling the user a MacDefender product, which it claims is the only product that can remove the infection.
Mac owners can defend themselves against this attack by instructing the Safari browser not to automatically open files that it considers to be trustworthy.
One perk for Mac users: The virus is much easier to remove than Windows viruses, due in part to the built-in protections in the Mac operating system. Users simply need to use the computer's Activity Monitor to stop running the application and then delete all its files.
Beware Bin Laden
Sohaib Athar, a Twitter user under the handle @ReallyVirtual, gained unintended Internet fame by tweeting about explosions and a nearby helicopter that turned out to be part of the raid on bin Laden's compound.
But don't follow him today, since The Washington Post is reporting Athar's blog server has been modified by hackers and now serves up malware.
Citing a report from the security company Websense Inc., the Post reported that users visiting Athar's website were prompted to install a malicious program called Windows Recovery. This bug hides users' files and requests that users provide payment details for an $80 purchase of what it calls a premium version of the Recovery program.
"Scammers often piggyback on trending topics to target as many people as possible," the Post said. Other scammers have tried to exploit curiosity about the raid by encouraging people to click on infected links to view purported videos of bin Laden's death.
Ripped Off
Alleged ATM thieves in Ireland removed a machine with such force that it
As a result of the ATM's violent removal, the floors and roof of part of the Bank of Ireland branch in Tinahely collapsed, the article said.
The machine itself may not have been the payoff the thieves were after — it was awaiting restocking after the run-up to the bank holiday weekend, the story said.
Six men are suspected of using a stolen digger to extract the ATM. A witness who runs a pub across the street from the crime scene reported that he came outside when he heard the branch getting damaged but was forced back inside at gunpoint, the newspaper's account said.
Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any
