If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Ars Technica)   Turns out Target and Neiman Marcus weren't the only retailers who gave up your financial information to hackers. They were just the only two that thought enough to tell you   (arstechnica.com) divider line 58
    More: Followup, Neiman Marcus, Target, hacking tool, plain text  
•       •       •

13705 clicks; posted to Main » on 14 Jan 2014 at 1:47 PM (34 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



Voting Results (Smartest)
View Voting Results: Smartest and Funniest

2014-01-14 01:55:31 PM
8 votes:
The federal government spends a lot of money to physically MAKE money.
We might as well go back to using it more often, in my opinion.

Cash for groceries, cash for gasoline, cash for purchases under $500 (or whatever you feel safe carrying from the bank teller to the point of sale), cash in restaurants.

Somebody makes money off of cashless transactions. My bet is that if consumers rebelled and suddenly started using more cash, security measures would improve.
2014-01-14 02:43:17 PM
3 votes:

TV's Vinnie: CSB Time!

Just to give people some advice, use an extra layer of protection like having a Paypal debit card instead of your own bank's debit card.

When my card got hacked somehow (I suspect it was that time I bought a game from Steam), I started seeing that Permanently Disabled Jockeys sh*t and followed by more charges with each one growing larger than the last.

Luckily I was online and got an email alert (PP will send an email every time you make a purchase) that showed all these weird purchases. I called up PP and even though they couldn't do anything about it until it was charged and sent to my bank account, it did buy me some time to (A) have these charges flagged by PP so that they can refund the stolen amounts to me, and (b) the bank was cool to waive fees and  let me make any stop payments on these particular amounts coming in from Paypal since they know they were fraudulent.  During that lag I just used cash only and waited about a week for my whole new card with new number to arrive in the mail.

The only charge that the vendor tried to hold onto like a pit bull was some phone recharge vendor in Egypt. This vendor was well-known by Paypal as a jerkface so they didn't take much time to render the dispute in my favor. I sent the asshole an email thru an anonymous email generator to do a Nelson "HA HAAAAA!" at him.


You're telling people to use paypal and you think that you're credit card was compromised because of usage on steam?
www.quickmeme.com
2014-01-14 02:28:47 PM
3 votes:

TV's Vinnie: Just to give people some advice, use an extra layer of protection like having a Paypal debit card instead of your own bank's debit card.


Um, your security and financial safety advice includes using paypal?  They are horrible in both areas.  Are you just...trolling or something?
2014-01-14 02:11:43 PM
3 votes:
It really is time for these US retailers to step out of the 1980's and provide some cards with a secured chip in them. Magnetic strips are just begging for trouble.
2014-01-14 04:25:17 PM
2 votes:

JSTACAT: a solution.

use a savings acct that has no card or check ability attached.
x-fer online to a debit card that has overdraft protection disabled.
keep a very small amt in there [few pennies], x-fer just before a purchase and get cash back for any excess.
if anyone tries to tap in, the transaction will be rejected.
sour grapes are sour


You can also do like I do:  credit card with a low limit ($500 or so).  I just pay it off when I know I need to.  If there's anything fraudulent on there, at least they can't do TONS of damage.  And, the bank I have the card through is really good when it comes to stuff like this.  Like, unusually-paranoid good.

/so far
2014-01-14 04:18:58 PM
2 votes:

Three Crooked Squirrels: jonny_q: Three Crooked Squirrels: I got an e-mail from Target saying that I might me one of the many that had their info stolen. They are offering a year of free credit monitoring through Experian. So I went and signed up for the coverage. But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.

you might be ok:
https://corporate.target.com/discover/article/free-credit-monitoring -a nd-identity-theft-protecti

I actually didn't use the link in the e-mail. I backed out and accessed the offer directly from Target's website, so I was pretty sure I was OK. But when I originally got the e-mail, I was thinking that it would be a pretty good way to dupe people into giving up more sensitive information if any nefarious individuals wanted to do so.


You get a gold star for that.  It's amazing how many people Click The F*%#ing Link (tm)... :/
2014-01-14 04:16:22 PM
2 votes:

jonny_q: Three Crooked Squirrels: I got an e-mail from Target saying that I might me one of the many that had their info stolen.  They are offering a year of free credit monitoring through Experian.  So I went and signed up for the coverage.  But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.

you might be ok:
https://corporate.target.com/discover/article/free-credit-monitor ing -a nd-identity-theft-protecti


Yep.  Always verify the domain.  That's the shiat in bold up thar.  If it instead had said "target.com.12.158.13.6" (or similar), then you'd have been in big doo-doo.
2014-01-14 03:41:12 PM
2 votes:
Speaking of scary, stupid, lack of CC security...

I used to work for an online retailer.  That is to say, their only storefront is web based.
When I first got there, I was astonished to see that all the CC information for all their transactions (about $150k per day), were saved in tables on the web DB.  No encryption, no attempt to mask them.  Granted, direct access to the database was difficult without VPN, but any web-based interface could read the records with no problem at all.

We redid the entire system.  For starters, we started encrypting the card numbers.  Then we set it up to delete all the data in that table every day, just to be safe.  The final step was to move the CC authorization and so on, to a completely outside vendor.  I can only assume that was nothing more than a tactic to place the responsibility on someone else.

Is this how most online retailers are doing this sort of thing nowadays?
See, I really wouldn't know, because I very, very, rarely do any sort of online shopping.  Don't trust it.
2014-01-14 02:44:42 PM
2 votes:
I guess I can understand people wanting to use cash/debit cards if they don't have the self control to make sure the number on their credit card statement is smaller than the number on their bank statement, but if you use a credit card for everything this isn't a big deal.

Phone the company, they cancel all the fraudulent charges, and send you a new card, no big deal. The biggest hassle is remembering to update the card number with all my auto-pays.

I don't even know what the APR is on my cards, I'm sure it's something stupid...
2014-01-14 02:43:23 PM
2 votes:
As someone who works in the hosting industry, I'm going to say that anecdotally, I'd say over half the companies that take online payments are not PCI compliant. A lot nowhere close.

Little scary.
2014-01-14 02:43:02 PM
2 votes:
2014-01-14 02:27:11 PM
2 votes:

jonny_q: Three Crooked Squirrels: I got an e-mail from Target saying that I might me one of the many that had their info stolen.  They are offering a year of free credit monitoring through Experian.  So I went and signed up for the coverage.  But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.

you might be ok:
https://corporate.target.com/discover/article/free-credit-monitoring -a nd-identity-theft-protecti


I actually didn't use the link in the e-mail.  I backed out and accessed the offer directly from Target's website, so I was pretty sure I was OK.  But when I originally got the e-mail, I was thinking that it would be a pretty good way to dupe people into giving up more sensitive information if any nefarious individuals wanted to do so.
2014-01-14 02:23:16 PM
2 votes:
CSB Time!

Just to give people some advice, use an extra layer of protection like having a Paypal debit card instead of your own bank's debit card.

When my card got hacked somehow (I suspect it was that time I bought a game from Steam), I started seeing that Permanently Disabled Jockeys sh*t and followed by more charges with each one growing larger than the last.

Luckily I was online and got an email alert (PP will send an email every time you make a purchase) that showed all these weird purchases. I called up PP and even though they couldn't do anything about it until it was charged and sent to my bank account, it did buy me some time to (A) have these charges flagged by PP so that they can refund the stolen amounts to me, and (b) the bank was cool to waive fees and  let me make any stop payments on these particular amounts coming in from Paypal since they know they were fraudulent.  During that lag I just used cash only and waited about a week for my whole new card with new number to arrive in the mail.

The only charge that the vendor tried to hold onto like a pit bull was some phone recharge vendor in Egypt. This vendor was well-known by Paypal as a jerkface so they didn't take much time to render the dispute in my favor. I sent the asshole an email thru an anonymous email generator to do a Nelson "HA HAAAAA!" at him.
2014-01-14 02:14:30 PM
2 votes:

Phony_Soldier: I just got off the phone with Wellsfargo. I've got fraudulent charges. One of them is for Christian Mingle via Paypal or some shiat:

WTF is this:

CHKCARDPAYPAL *CHRSTIANMGL 4029357733 UT


Biggest tipoff that your card got hacked is when you first start to see a dollar amount made out to some bullsh*t charity like "Permanently Disabled Jockeys" (yes, I kid you not). That's the hacker testing the card in a  tiny, unnoticable way and if it comes back to them as usable, then you're gonna start finding out that you gave everyone in Nigeria a free PS4 and recharged the phones for everyone in Egypt.
2014-01-14 02:13:02 PM
2 votes:
As I said to a co-worker a couple of weeks back:  I'm waiting for the Walmart shoe to drop.  I kinda expect they wouldn't say anything if they didn't have to, they'd keep it quiet to try to kill the competition.
2014-01-14 01:59:39 PM
2 votes:

Huck And Molly Ziegler: Cash for groceries, cash for gasoline, cash for purchases under $500 (or whatever you feel safe carrying from the bank teller to the point of sale), cash in restaurants


It did a ton of good for me when I had to buckle down and get my financial shiat together.  Actually HANDING a merchant something physical make you less likely to spend the cash.
2014-01-14 01:58:04 PM
2 votes:
Also:
Think of how many companies that have been hacked / had their data stolen (either back hackers or employees) and don't even KNOW it.
2014-01-14 01:51:31 PM
2 votes:

Phony_Soldier: I just got off the phone with Wellsfargo. I've got fraudulent charges. One of them is for Christian Mingle via Paypal or some shiat:

WTF is this:

CHKCARDPAYPAL *CHRSTIANMGL 4029357733 UT


Apparently some Christian decided the Jesusy thing to do was to steal someone's credit card information in order to find the love of his fraudster life.
2014-01-14 01:40:02 PM
2 votes:
I got an e-mail from Target saying that I might me one of the many that had their info stolen.  They are offering a year of free credit monitoring through Experian.  So I went and signed up for the coverage.  But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.
2014-01-14 12:12:02 PM
2 votes:
Isn't there a certain number of persons data lost that it is required by law to notify the public, or is that only with compromised health information?
2014-01-14 07:38:04 PM
1 votes:
Not surprising. There is no authentication. No security. Credit cards are basically like holding up a sign that says "Hey, I'm Joe" printed in Comic Sans.
2014-01-14 06:04:47 PM
1 votes:

durbnpoisn: Here's a good question I would really love to know the answer to...

So, the hackers steal the cards, and the info to use them.  Then they sell them online.
Who are the buyers?  Like, what sort of Google search do you use to buy other people's credit info?  What sort of sites or forums actually allow that sort of information?  How can anyone, buyer or seller, do this without totally getting busted?

//ok, that's more than one question...


Here's a good break down that should answer some of your questions:  http://krebsonsecurity.com/2013/12/whos-selling-credit-cards-from-tar g et/
2014-01-14 05:52:03 PM
1 votes:

DeathByGeekSquad: Phony_Soldier: I just got off the phone with Wellsfargo. I've got fraudulent charges. One of them is for Christian Mingle via Paypal or some shiat:

WTF is this:

CHKCARDPAYPAL *CHRSTIANMGL 4029357733 UT

1) Could be verification.  They used to do iTunes for verification.
2) Alternatively, it could be as simple as utilizing a paid account to enable spamming of other profiles in further phishing/malicious attacks.


Interesting.
/I just got back from going to Wells Fargo and getting a new "instant" card.
2014-01-14 05:48:19 PM
1 votes:

Phony_Soldier: I just got off the phone with Wellsfargo. I've got fraudulent charges. One of them is for Christian Mingle via Paypal or some shiat:

WTF is this:

CHKCARDPAYPAL *CHRSTIANMGL 4029357733 UT


1) Could be verification.  They used to do iTunes for verification.
2) Alternatively, it could be as simple as utilizing a paid account to enable spamming of other profiles in further phishing/malicious attacks.
2014-01-14 05:08:28 PM
1 votes:

schatz: Honest question: is it safer to use your debit card at small, local businesses (as opposed to a large retail chain)?


A large retail chain would be a more likely target for "hackers" because they play the numbers game. A local business has pretty much the same security protocols with a lot less targets so they are less likely for them to go after.
2014-01-14 05:00:01 PM
1 votes:

Three Crooked Squirrels: I got an e-mail from Target saying that I might me one of the many that had their info stolen.  They are offering a year of free credit monitoring through Experian.  So I went and signed up for the coverage.  But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.


My mother did the same thing for my grandfather's account. As far as I can tell it is legit, but keep in mind that you are legally able to obtain a copy of all three reporting agency's reports for free annually. The website for that is www.annualcreditreport.com. Note that they don't require you to enter a credit card to access the information (cuz it's a government-sponsored website). If you are worried, next month go to the site and check to see if anything has changed. It won't cost you a penny and you will also be able to see Equifax and TransUnion reports, too.
2014-01-14 04:53:54 PM
1 votes:

KyngNothing: dletter: Isn't there a certain number of persons data lost that it is required by law to notify the public, or is that only with compromised health information?

I think it's actually your bank's responsibility to notify you, Target is required to notify the banks (since they wouldn't necessarily have your contact info).

When I got the notification from my bank, it didn't say WHERE my information was compromised, just that it was, so you could just assume it was lost at Target, when it was really somewhere else.


Oh no, my bank flat-out told me it was Target that notified them. All for less than $5.

/joke's on the hackers cause I ain't got no money
2014-01-14 04:42:19 PM
1 votes:
JSTACAT: a solution.

use a savings acct that has no card or check ability attached.
x-fer online to a debit card that has overdraft protection disabled.
keep a very small amt in there [few pennies], x-fer just before a purchase and get cash back for any excess.
if anyone tries to tap in, the transaction will be rejected.
sour grapes are sour

Can't, Federal limits on transfers between Savings and Checking, 6 per month. Because terrorists. I'm not kidding.

/could work with 2 checking accounts, one to hold the funds and the other to service transactions
2014-01-14 04:30:20 PM
1 votes:

xanadian: durbnpoisn: The final step was to move the CC authorization and so on, to a completely outside vendor. I can only assume that was nothing more than a tactic to place the responsibility on someone else.

Accept, mitigate, or transfer risk.  Pretty much SOP.


It's also because if you don't process the numbers, you don't need to be PCI compliant.

Fail PCI once and you'll pay more for your processing and be given time to get your systems up to scratch. Fail it a second time, and good luck processing any CC info. They don't usually give you. 3rd bite of the apple.
2014-01-14 04:26:53 PM
1 votes:

durbnpoisn: Speaking of scary, stupid, lack of CC security...

I used to work for an online retailer.  That is to say, their only storefront is web based.
When I first got there, I was astonished to see that all the CC information for all their transactions (about $150k per day), were saved in tables on the web DB.  No encryption, no attempt to mask them.  Granted, direct access to the database was difficult without VPN, but any web-based interface could read the records with no problem at all.

We redid the entire system.  For starters, we started encrypting the card numbers.  Then we set it up to delete all the data in that table every day, just to be safe.  The final step was to move the CC authorization and so on, to a completely outside vendor.  I can only assume that was nothing more than a tactic to place the responsibility on someone else.

Is this how most online retailers are doing this sort of thing nowadays?
See, I really wouldn't know, because I very, very, rarely do any sort of online shopping.  Don't trust it.


See it all the time :-(

All it takes is a SQL injection attack. It still amazes me that SQL injection is still the most common vector for CC number breaches.
d3
2014-01-14 04:11:52 PM
1 votes:
My understanding is that Target didn't even know or notice they'd been hacked. One of the big banks regularly scouts underground sites for stolen cards of their customers. When they found a batch the common denominator was they had all been used at Target. Then the bank contacted Target.
2014-01-14 03:58:11 PM
1 votes:

JSTACAT: a solution.

use a savings acct that has no card or check ability attached.
x-fer online to a debit card that has overdraft protection disabled.
keep a very small amt in there [few pennies], x-fer just before a purchase and get cash back for any excess.
if anyone tries to tap in, the transaction will be rejected.
sour grapes are sour


Although ridiculously inconvenient that might work if the bank didn't charge a huge overdraft fee when that happens. Disabling overdraft protection wouldn't do anything.

I believe there are some credit cards that let you issue temporary "cards" with limited balances.
2014-01-14 03:51:16 PM
1 votes:

Three Crooked Squirrels: I got an e-mail from Target saying that I might me one of the many that had their info stolen.  They are offering a year of free credit monitoring through Experian.  So I went and signed up for the coverage.  But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.


yup. have fun.
2014-01-14 03:46:30 PM
1 votes:
a solution.

use a savings acct that has no card or check ability attached.
x-fer online to a debit card that has overdraft protection disabled.
keep a very small amt in there [few pennies], x-fer just before a purchase and get cash back for any excess.
if anyone tries to tap in, the transaction will be rejected.
sour grapes are sour
2014-01-14 03:28:04 PM
1 votes:
Janusdog:

You're just lucky and it had nothing to do with Paypal. How you even got anyone to help is amazing.

I know that Omaha is where the Paypal HQ is, and it's just a local phone call for me.

As for going back to Target because "now they're on it"...um, no. It will take weeks to fix their infrastructure. They might have plugged the most obvious hole but no way you'd catch me there using a card anytime soon.

I'm starting to consider either paying nothing but cash for all local stuff, or making a bank withdrawal each month and buying prepaid credit cards.

Why we don't use European card standards is beyond me. Oh, sorry, that'll cost job creators money. As opposed to this, where the only hurt they'll feel is if banks sue for violation of PCI rules.

Much like the way US food companies always let the foreigners have all the cool new types of food and we 'Merkins are stuck with the same old sh*t.
2014-01-14 03:20:19 PM
1 votes:

TV's Vinnie: was that time I bought a game from


That is funny that you mentioned Steam. I just purchased Shadowrun Returns last night and noticed the fraudulent charges this morning.  (The last time I bought a game from Steam was over a year ago.)
2014-01-14 03:18:07 PM
1 votes:

TV's Vinnie: IamAwake: TV's Vinnie: Just to give people some advice, use an extra layer of protection like having a Paypal debit card instead of your own bank's debit card.

Um, your security and financial safety advice includes using paypal?  They are horrible in both areas.  Are you just...trolling or something?

No, I'm not. As I described my own personal scenario, I was able to enact Damage Control quickly and easily.


You're just lucky and it had nothing to do with Paypal. How you even got anyone to help is amazing.

As for going back to Target because "now they're on it"...um, no. It will take weeks to fix their infrastructure. They might have plugged the most obvious hole but no way you'd catch me there using a card anytime soon.

Why we don't use European card standards is beyond me. Oh, sorry, that'll cost job creators money. As opposed to this, where the only hurt they'll feel is if banks sue for violation of PCI rules.
2014-01-14 03:06:12 PM
1 votes:

thornhill: TV's Vinnie: Just to give people some advice, use an extra layer of protection like having a Paypal debit card instead credit card instead of your own bank's debit card.

Corrected.

When your debit card number gets stolen that can jack up your bank account for a few days, which can become really problematic if you've written checks from it, auto pay bills via ACH, etc.

When it's your credit card, your bank account is never affected.


And not everyone is able to obtain a credit card (yeah, I sound poor. Whatevs.). Tried having one using Capitol One. Never, ever going to go through that bullsh*t ever again.
2014-01-14 02:49:24 PM
1 votes:

Clutch2013: Three Crooked Squirrels: I got an e-mail from Target saying that I might me one of the many that had their info stolen.  They are offering a year of free credit monitoring through Experian.  So I went and signed up for the coverage.  But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.

It's funny, and a little scary, just how some sophisticated some of those fake e-mails are getting. My parents are continually asking me if one's real or not.

One trick my not-terribly-computer-literate ass has learned is to check the hyperlinks in all of these things. I'll search them through Google, if I need to. Generally, though, if the hyperlink has a .ru anywhere in the address, instant delete. If it's a bunch of number salad that a search doesn't return any satisfactory results, instant delete.


Probably safest to tell them to just not click any links in an e-mail. Have them type in the URL to the site themselves, or click through from Google. I'm surprised it's not common practice to never send links in emails by now, similar to how it's a bad sign if someone e-mails your password to you...

Even something seemingly innocuous could go someplace bad... http://mybank.com/
2014-01-14 02:40:43 PM
1 votes:

TV's Vinnie: Just to give people some advice, use an extra layer of protection like having a Paypal debit card instead credit card instead of your own bank's debit card.


Corrected.

When your debit card number gets stolen that can jack up your bank account for a few days, which can become really problematic if you've written checks from it, auto pay bills via ACH, etc.

When it's your credit card, your bank account is never affected.
2014-01-14 02:34:00 PM
1 votes:

Clutch2013: Three Crooked Squirrels: I got an e-mail from Target saying that I might me one of the many that had their info stolen.  They are offering a year of free credit monitoring through Experian.  So I went and signed up for the coverage.  But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.

It's funny, and a little scary, just how some sophisticated some of those fake e-mails are getting. My parents are continually asking me if one's real or not.

One trick my not-terribly-computer-literate ass has learned is to check the hyperlinks in all of these things. I'll search them through Google, if I need to. Generally, though, if the hyperlink has a .ru anywhere in the address, instant delete. If it's a bunch of number salad that a search doesn't return any satisfactory results, instant delete.


Anything offering or asking me to sign up for anything I haven't requested = instant delete. I do this with snail mail too, using the shredder. Don't even open the damn things.
2014-01-14 02:32:45 PM
1 votes:

Three Crooked Squirrels: I got an e-mail from Target saying that I might me one of the many that had their info stolen.  They are offering a year of free credit monitoring through Experian.  So I went and signed up for the coverage.  But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.


It's funny, and a little scary, just how some sophisticated some of those fake e-mails are getting. My parents are continually asking me if one's real or not.

One trick my not-terribly-computer-literate ass has learned is to check the hyperlinks in all of these things. I'll search them through Google, if I need to. Generally, though, if the hyperlink has a .ru anywhere in the address, instant delete. If it's a bunch of number salad that a search doesn't return any satisfactory results, instant delete.
2014-01-14 02:30:02 PM
1 votes:

cannotsuggestaname: Also things like this make me wonder why in the world the US market didn't back the use of smart chips on cards, it would have really helped keep this kind of crap down. Maybe Visa/MasterCard/Discover/Amex will finally move to that in the US?


Blame the merchants -- they're the ones that don't want to spend the money to upgrade their equipment so they could accept chip cards.

But after this mess, you'd think Target and other merchants would just make the charge to try and rebuild consumer confidence in credit card security.
2014-01-14 02:25:55 PM
1 votes:

TV's Vinnie: It really is time for these US retailers to step out of the 1980's and provide some cards with a secured chip in them. Magnetic strips are just begging for trouble.


VISA is mandating EMV in the US in 2015
rpm
2014-01-14 02:20:53 PM
1 votes:

reductive: Here is the actual email that Target sent to offer credit monitoring services. The garbled headers and third party domain speak for themselves. Of course getting hacked was some kind of crazy fluke.

[i.imgur.com image 850x515]


I've seen major banks do the same with e-mail, it's not limited to merchants.
2014-01-14 02:15:16 PM
1 votes:
Here is the actual email that Target sent to offer credit monitoring services. The garbled headers and third party domain speak for themselves. Of course getting hacked was some kind of crazy fluke.

i.imgur.com
2014-01-14 02:11:31 PM
1 votes:

dletter: Isn't there a certain number of persons data lost that it is required by law to notify the public, or is that only with compromised health information?


If the company has a physical presence in CA and the victim resides in CA then SB 1386 will require that the company notify the victim in writing about their data being compromised. This also assumes a couple of other things, that CC /and/ PIN were compromised, SSN, CA DL or ID # were compromised or some combination of the above occurred.

pippi longstocking: encrypted hash



What is an encrypted hash? I think you might have meant cryptographic hash (or just hash).

Also things like this make me wonder why in the world the US market didn't back the use of smart chips on cards, it would have really helped keep this kind of crap down. Maybe Visa/MasterCard/Discover/Amex will finally move to that in the US?
2014-01-14 02:08:34 PM
1 votes:

pippi longstocking: Magnetic cards are a huge joke, it's not 1980 anymore. If the general public, banks, and retailers were really concerned about individual transaction security they would use encrypted hash and salt algorithms at the point of sale.


Salt algorithms?  Hell yeah, I'm golden for that then.

<----- works at a salt mine
rpm
2014-01-14 02:06:51 PM
1 votes:

pippi longstocking: Magnetic cards are a huge joke, it's not 1980 anymore. If the general public, banks, and retailers were really concerned about individual transaction security they would use encrypted hash and salt algorithms at the point of sale.


They do (granted, a weak crypto), but they found malware that takes it out of RAM before encryption on some of the POS machines.
2014-01-14 02:05:43 PM
1 votes:

dletter: Isn't there a certain number of persons data lost that it is required by law to notify the public, or is that only with compromised health information?


It really bothered me when I discoeverd that number is 40,000. Anything less and they don't HAVE to inform anyone.
2014-01-14 02:05:43 PM
1 votes:
I only shop at stores that enter each transaction into a giant ledger with a quill pen. I should be OK.
2014-01-14 02:00:40 PM
1 votes:
Magnetic cards are a huge joke, it's not 1980 anymore. If the general public, banks, and retailers were really concerned about individual transaction security they would use encrypted hash and salt algorithms at the point of sale.
2014-01-14 01:55:03 PM
1 votes:
obvious tag was sleeping?
2014-01-14 01:54:57 PM
1 votes:

DarkSoulNoHope: Phony_Soldier: I just got off the phone with Wellsfargo. I've got fraudulent charges. One of them is for Christian Mingle via Paypal or some shiat:

WTF is this:

CHKCARDPAYPAL *CHRSTIANMGL 4029357733 UT

Apparently some Christian decided the Jesusy thing to do was to steal someone's credit card information in order to find the love of his fraudster life.


Or god hates me and is trying to hook me up with ANOTHER fat chick.
2014-01-14 01:50:35 PM
1 votes:

Three Crooked Squirrels: I got an e-mail from Target saying that I might me one of the many that had their info stolen.  They are offering a year of free credit monitoring through Experian.  So I went and signed up for the coverage.  But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.


images3.wikia.nocookie.net

/sorry I couldn't resist
//going to hell
///slashies!
2014-01-14 01:49:32 PM
1 votes:
I just got off the phone with Wellsfargo. I've got fraudulent charges. One of them is for Christian Mingle via Paypal or some shiat:

WTF is this:

CHKCARDPAYPAL *CHRSTIANMGL 4029357733 UT
2014-01-14 01:49:32 PM
1 votes:
And the others were.......
2014-01-14 01:41:25 PM
1 votes:
I only pay for things in gold press latinum. It's heavier to carry around but I don't have to worry about this sort of thing.
 
Displayed 58 of 58 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report