Network Endpoint Security News - Watch Your End

Reports suggest that TJX, the parent company of T.J.Maxx (known as T.K.Maxx in the UK) may have broken Visa and Mastercard payment rules by holding onto customer data for too long, worsening the effect of the security breach first announced on January 15.

Information stolen included data from the magnetic stripe on Visa cards which shows the cardholder’s card number, the card’s expiration date, and the card verification value (CVV), a three- or four-digit code on a card that’s used to verify the card’s authenticity. According to some reports, data held by the retailer went back to 2003, way beyond what is recommended by the credit card issuers.

Some reports state that stolen card details have already been used to make fraudulent purchases - illustrating that this particular theft presents much more than a ‘theoretical’ risk to affected consumers. Seventy-seven percent of the fraudulent transactions committed using stolen TJX customer information are being committed in the United States.

More on InformationWeek

Half of UK companies could be at risk from USB-borne spyware and malware, thanks to employee naivety, a new research study has revealed. An IT consultancy sent out USB sticks posing as party invites to finance directors in 500 firms to guage security awareness.

It seems many recipients were taken with the offer of ‘For Your Chance to Attend the Party of a Lifetime’, and some 47 percent of targets inserted the USB drive into their machines. In the media sector, the hit rate was over 65 percent.

Thankfully, on this occasion it seems the USBs harbored nothing more sinister than a tracking code, but they could have so easily infected target PCs with malware. It’s perhaps especially worrying when you consider that the recipients were not ’shop-floor’ workers, but finance directors with access to huge amounts of senstive data.

More on Computing.co.uk

A new service has been launched which claims to allow consumers to check whether they are the victim of ID theft. Called ‘StolenID Search’, the online website takes a credit card or social security number, then trawls its database of more than two million known compromised records to check for matches.

Of course, the two million or so records in the database is probably a drop in the ocean compared to the actual figure, but many consumers may be attracted by the idea of a quick check.

There is also an argument that searches such as this will prompt more commercial and public sector organizations to revise their attitudes towards data theft, becoming both more concerned with preventing data leakage and quicker to report it when they suspect a breach has occurred.

Despite the site being promoted as a responsible security-conscious service, there have been a number of criticisms about potential data leaks from the database and how they might actually aid further criminal activities.

Twenty-six tapes containing taxpayer data from the IRS are missing from City Hall in Kansas City. The tapes were shipped to the City Hall as part of an information sharing agreement. The files have been missing since December. Neither the City officials or IRS officials are commenting on the issue. Whether there was any sort of encryption or other security protection is not clear.

Source: CNET News.com

An interesting article over at IT Security discusses the rise and sophistication of organized crime in Eastern Europe, which they are calling Mafia 2.0 (of course). The cost of computer-related fraud in the UK alone is in excess of $4 billion (USD) annually, this includes small sums scammed out of people via email, blackmail, extortion to theft of large sums of money from coporations.

They discuss some of the top computer-related crimes that are currently occuring. In addition to the usual suspects such as credit card fraud, phishing, botnets, wi-fi spying and packet sniffing, they focused what they call “insider trading” where organized crime are hiring and training employees to get inside target companies to steal information and passwords to key systems.