Page 1 of 2 12 LastLast
Results 1 to 15 of 21
  1. #1
    iNET Interactive
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    677
    Thanks
    11
    Thanked 63 Times in 50 Posts

    A few security lessons from the Target breach




    TOP STORY


    A few security lessons from the Target breach


    By Susan Bradley

    The Target breach points out some facts of life on the Web: We're all targets (pun intended) of cyber thieves.

    Fortunately, there are steps we can take to protect ourselves. Here's how to protect yourself from the next big breach.

    The full text of this column is posted at http://windowssecrets.com/top-story/...target-breach/ (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.
    Last edited by Tracey Capen; 2014-01-22 at 18:56.

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    New Lounger
    Join Date
    Dec 2009
    Location
    Taunton, Somerset, UK
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    POS and Embedded OSes

    I think you'll find that a large proportion of POS systems (I'm not up on ATM software) actually use a POS specific version of the relevant Embedded OS. We use POSReady 2009 which actually is supported to 2019 - and is based on XP Embedded. The moot point however is that I reckon AV vendors will stop pattern file distribution well before then.

  4. #3
    Lounger
    Join Date
    Dec 2009
    Location
    Nolensville, TN
    Posts
    28
    Thanks
    1
    Thanked 1 Time in 1 Post
    Perhaps the best way to prevent POS issues is to use cash if at all possible. Inconvenient, and you sometimes get odd looks, but I got through years of international travel, and a purchase at Target during the period in question, with no problems. By contrast, I have a credit card used only for on line purchases. It has been compromised, and reissued twice in the past 5 years.

  5. The Following User Says Thank You to Tregonsee For This Useful Post:

    MrJim (2014-01-23)

  6. #4
    New Lounger
    Join Date
    Oct 2008
    Posts
    1
    Thanks
    0
    Thanked 2 Times in 1 Post
    I have read a lot about the Target scam, and understand that they were not using the most effective preventive software. That is probably understandable, if not acceptable, for a big merchandiser. I have, however, read very little about the other really big theft from Adobe. At least 20 million card numbers stolen (including mine). One might imagine that a big software tech company -- pdf, Acrobat, Photoshop, etc. -- might at least be up to date on its security software!!! Target has taken its lumps; Adobe has been largely ignored. Why?

  7. The Following 2 Users Say Thank You to dmoerman For This Useful Post:

    bobprimak (2014-01-25),MrJim (2014-01-23)

  8. #5
    New Lounger
    Join Date
    Jan 2014
    Posts
    1
    Thanks
    0
    Thanked 1 Time in 1 Post
    In addition to monitoring your credit card statements, many credit card companies will allow you to set up alerts when charges over a certain amount is charged. Set this limit low and you will be notified almost immediately when any charge is made. A lot of times I get an email before I even leave the store telling me about a charge I just made. This acts like a proactive approach to monitoring your credit cards and allows for very fast fraud detection.

  9. The Following User Says Thank You to Grandalf For This Useful Post:

    MrJim (2014-01-23)

  10. #6
    New Lounger
    Join Date
    Apr 2012
    Posts
    2
    Thanks
    3
    Thanked 1 Time in 1 Post
    The article missed my favorite safeguard: freeze your credit. (Google "security freeze", and follow the links to the official sites of Experian, Equifax and TransUnion.)

  11. The Following User Says Thank You to MrJim For This Useful Post:

    bobprimak (2014-01-25)

  12. #7
    New Lounger
    Join Date
    Dec 2009
    Location
    NJ USA
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Excellent info, thanks. It mentioned checking your credit report from Experian, etc. but you're limited to 3 free reports per year. Better yet is to sign up for a credit monitoring service that sends you an email for every event in your credit. I've been using www.creditsesame.com which is free and recommended by AARP and also includes free credit scores.

  13. #8
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Vancouver, BC, Canada
    Posts
    119
    Thanks
    2
    Thanked 7 Times in 7 Posts
    Interesting article for a Canadian. I hadn't realized the chip cards had not been rolled out in the US. They were gradually replaced on expiry a few years ago here. A lot of places don't take cheques anymore either.

    Fully agree on the travel credit card. In fact I've shifted to using one almost entirely for credit transactions. Especially for travel and online. It became clear using a credit card was essentially taking a debt against future earnings and was limiting my choices. You have to research them a bit though as there can be weird fees or deletion of funds after X months. But mine is a single small annual fee. Period. No interest or other borrowing costs as it's not a credit card. But it behaves just like one at terminals.

    As a related point, I mostly use Interac or cash locally. It's a small fee to the retailer, unlike the fee + % credit cards take. For some shops, the credit card takes more profit than they do. The credit card companies have been pushing to get into the Interac market. I do not support that - again because of the excess hit to the retailer. When you add up the real costs of using credit, you'll probably find it's a much higher expense than you realized. Whose convenience is it really?

  14. #9
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,297
    Thanks
    138
    Thanked 112 Times in 96 Posts
    Quote Originally Posted by Grandalf View Post
    In addition to monitoring your credit card statements, many credit card companies will allow you to set up alerts when charges over a certain amount is charged. Set this limit low and you will be notified almost immediately when any charge is made. A lot of times I get an email before I even leave the store telling me about a charge I just made. This acts like a proactive approach to monitoring your credit cards and allows for very fast fraud detection.
    Alerts are nice, but they only offer after the fact notifications when something untoward has already happened. I prefer methods which close the barn door before the horses get out, so to speak.
    -- Bob Primak --

  15. #10
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,297
    Thanks
    138
    Thanked 112 Times in 96 Posts
    Quote Originally Posted by erniejay856 View Post
    Excellent info, thanks. It mentioned checking your credit report from Experian, etc. but you're limited to 3 free reports per year. Better yet is to sign up for a credit monitoring service that sends you an email for every event in your credit. I've been using www.creditsesame.com which is free and recommended by AARP and also includes free credit scores.
    fine print alert -- this service only monitors one of thr three credit reporting companies. If you want all three, it's not free. I am also an AARP member, and I've checked into this and other offers. They're good, but there's always some catch which ends up costing more money than not using the "discounted services" offered through AARP. My membership is for political influence, not for any of their discounts.
    -- Bob Primak --

  16. #11
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,297
    Thanks
    138
    Thanked 112 Times in 96 Posts
    At Target, my policy has always been to pay cash for small purchases, and reserve the credit card for amounts which would not be convenient or safe to carry around as cash.

    But it wasn't at Target that I got burned on a credit transaction. At another retailer not noted for good POS security, I used my card and it appears some info was skimmed during the transaction. The card never left my sight, so the method must have been pretty clever. Shortly after the card transaction, I noticed that there was an Apple iTunes Account opened of which I was entirely unaware, and it was billing my bank account. The timing and other details were too close to be coincidence.

    Apple was partly to blame, as they never match personal info with bank account info submitted when opening iTunes accounts linked to bank accounts. And the banks also don't cross-reference when approving automatic withdrawals. The same sort of breach happened to me when I was banking with another bank, and I eventually closed all my accounts with them because the bank was so uncooperative with the fraud investigation.

    Both breaches happened at well-known national chain retailers not mentioned in the Target news reports. Sleight of hand seems to be part of the basic skill set at some retailers and some grocers.

    So it doesn't take malware to cause a breach. All it takes is one dishonest cashier with a little tech knowledge or a corrupt insider contact, and a vulnerable system can be thrown wide open. People with our social behaviors are still the weakest security link.

    In all fairness, very small numbers of retail cashiers are dishonest in my experience. Most are hard working and have few benefits. I have no intention of smearing all with the same brush.
    Last edited by bobprimak; 2014-01-25 at 13:17.
    -- Bob Primak --

  17. #12
    New Lounger scottls's Avatar
    Join Date
    Feb 2012
    Posts
    13
    Thanks
    1
    Thanked 1 Time in 1 Post

    Exclamation A Pic Freeze (all 3!), is the Best way to Protect you from Identity Scams...!

    Years ago I read a Security article, that Highly Recommended putting a Pic Freeze on All-3 credit information and information management services! I did as they recommended, for a small fee (they mail you a Secure un-lock PW).

    What a Pic Freeze does is Lock Any changes to your Credit info (by 3d parties, other than Banks/CC...), unless you temp un-lock it for a limited time to only a user you allow (a small fee).

    If you are applying for a loan/CC/..., you only have to temp unlock 1 agency, and then notify them to check your info....- Then I log on/call & Lock it again!


    It surprises me that you Never hear about this Effective Security Service anymore (Google- Pic Freeze !)!?
    Win 7 Pro (x86). Kaspersky Internet Security 2013, and no other active anti-malware.
    Free on-demand- MBAM (no Pro/Context!).
    i5-2500 CPU @ 3.67GHz, WD VelociRaptor sata6 10k rpm/64mb cache HDD's (WOW!).

  18. #13
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,719
    Thanks
    78
    Thanked 335 Times in 303 Posts
    Quote Originally Posted by scottls View Post
    Years ago I read a Security article, that Highly Recommended putting a Pic Freeze on All-3 credit information and information management services! I did as they recommended, for a small fee (they mail you a Secure un-lock PW).

    What a Pic Freeze does is Lock Any changes to your Credit info (by 3d parties, other than Banks/CC...), unless you temp un-lock it for a limited time to only a user you allow (a small fee).

    If you are applying for a loan/CC/..., you only have to temp unlock 1 agency, and then notify them to check your info....- Then I log on/call & Lock it again!


    It surprises me that you Never hear about this Effective Security Service anymore (Google- Pic Freeze !)!?
    I'm not sure that PIC Freeze is the right terminology; unless you're talking about telephone companies and long distance service charges, since PIC is a telephone term:

    What is a PIC (Primary InterExchange Carrier) Freeze?

    How to Prevent Long Distance Slamming with a PIC Freeze

    Bruce

  19. #14
    New Lounger
    Join Date
    Jan 2014
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I, too, am a Canadian who is used to the Chip cards. I feel so much safer using them than the old technology of swipe the card and sign the receipt. HOWEVER, in May and June 2012, my wife and I visited 15 States (all the way to Nevada) and, although I used my credit cards at least once every day, was quite taken aback to discover that the very technologically advanced USA had not heard of Chip technology! I was taking a risk using my credit card, but, fortunately, nothing untoward happened. Maybe you Americans had better start badgering your credit card companies to get into the 21st Century!

  20. #15
    New Lounger
    Join Date
    Dec 2009
    Location
    New Knoxville, OH, USA
    Posts
    11
    Thanks
    1
    Thanked 0 Times in 0 Posts
    A coworker of mine has a great plan. He uses a debit card tied to an account which generally maintains only the minimum balance to keep it open. (He's got a second credit union which allows him to keep the account open with only a penny or two in it.) Then when he makes a purchase, he transfers sufficient funds to the account for the debit card.

    I think that's a pretty clever means of limiting damage. If the card is compromised, the thief only gets a few cents at most.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •