If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Bit9)   Data breaches now estimated to cost everyone a kagillion billion trillion zillion infinity dollars   (blog.bit9.com) divider line 44
    More: Obvious, data breach, National University of Singapore, dollars  
•       •       •

1888 clicks; posted to Main » on 19 Mar 2014 at 2:37 PM (27 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



44 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest
 
2014-03-19 02:25:32 PM
Maybe we could, you know, have some goddamn data privacy laws which require proper encryption and security standards.

Also increase prison time for identity theft and banking fraud, and generally improve the system for catching identity thieves.

Oh and could we finally get away from our outdated credit card system? Magnetic strips, guys? Really?
 
2014-03-19 02:43:24 PM
I'm starting I wonder if cash-only is the way to go until they get this shiat taken care of. I have a friend who was caught in the Target breach and he says it's been a pain in the ass.
 
2014-03-19 02:43:43 PM

bdub77: Maybe we could, you know, have some goddamn data privacy laws which require proper encryption and security standards.

Also increase prison time for identity theft and banking fraud, and generally improve the system for catching identity thieves.

Oh and could we finally get away from our outdated credit card system? Magnetic strips, guys? Really?


This. I do get some schadenfreude from seeing banks like Chase having to take a big hit on these data breaches (even if there are no losses, the extra rep time on the phone and the card replacements are a big cost), when it is their own damn fault for not getting chip and pin rolling in the US. They tried to do it cheap to make the shareholders happy short term, and it bit them on the ass in a big way.
 
2014-03-19 02:43:51 PM
I have looked very closely at my magnetic strip and I can't distinguish ANY numbers or personal information on it therefore it must be secure!
 
2014-03-19 02:44:26 PM
Damn that pasty skinned Brent Spiner..
 
2014-03-19 02:46:31 PM
I'm getting a kick here with my cash in my safe and my gun in my closet.

/you Bank whipped suckers
 
2014-03-19 02:47:23 PM

Cerebral Ballsy: I'm starting I wonder if cash-only is the way to go until they get this shiat taken care of. I have a friend who was caught in the Target breach and he says it's been a pain in the ass.


I agree with you. I wonder what the Bitcoin Brigade might have to say about this, though.

/*ducks*
 
2014-03-19 02:47:46 PM
Just got a letter in the mail that my credit card was one of the numbers that got taken in the Target mess and they're sending me a new one to be on the safe side.  It's probably going to get to the point where we just ought to switch numbers every single year.
 
2014-03-19 02:47:53 PM
Perhaps if we killed people who commit these crimes they'd stop committing these crimes.
 
2014-03-19 02:49:09 PM

bdub77: Maybe we could, you know, have some goddamn data privacy laws which require proper encryption and security standards.

Also increase prison time for identity theft and banking fraud, and generally improve the system for catching identity thieves.

Oh and could we finally get away from our outdated credit card system? Magnetic strips, guys? Really?


Better yet, ban collection of data useful to identity theft outside of a few narrowly-defined exceptions.  It's creepy when stores know you better than you know yourself.
 
2014-03-19 02:49:19 PM
People often fail to see the positives of crime. Criminals can't very well horde the money in IRA's and other legitimate assets. They have to spend the money which means it goes back into the economy.

Criminals are the lifeblood of society.
 
2014-03-19 02:49:27 PM

Cerebral Ballsy: I'm starting I wonder if cash-only is the way to go until they get this shiat taken care of. I have a friend who was caught in the Target breach and he says it's been a pain in the ass.


It really wasn't that big of a pain for me. Chase sent me a new card number without me having to ask, I checked my account for any weird activity, and I spent maybe 15 minutes updating all of my auto bill pays. They even kept my old number live though the transistion so I didn't lose use of the card. To me it was marginally worse than when my expiration date changes on my cards.

Maybe there is someone who got screwed, but for something this high profile I'd expect most banks will reverse the charges in an instant if they saw the card was used at Target during the time period, since they know they can get money back in the inevitable lawsuit against Target for their botched security.
 
2014-03-19 02:56:57 PM

Carn: Just got a letter in the mail that my credit card was one of the numbers that got taken in the Target mess and they're sending me a new one to be on the safe side.  It's probably going to get to the point where we just ought to switch numbers every single year.


My check card wears out every three or four months.  When i go to get a new one they say "do you want to keep the same number?" I just say no.  The first time I did it I needed a new card ASAFP and after seeing a few breaches it made a lot of sense to get a new number.  I have to update my Netflix account and that's about it.
 
2014-03-19 02:59:36 PM
upload.wikimedia.org
Meh, 4.68 potato of these can cover that.
 
2014-03-19 03:00:40 PM

Zeeba Neighba: I have looked very closely at my magnetic strip and I can't distinguish ANY numbers or personal information on it therefore it must be secure!


You're secure as long as the criminals don't have any magnetic viewing paper.
 
2014-03-19 03:01:16 PM
bdub77:

Maybe we could, you know, have some goddamn data privacy laws which require proper encryption and security standards.

PCI-DSS, while not a law, is widely accepted and covers things such as encryption standards for all companies that process, store and transmit credit card data. It's not like there is *no* standards at the moment

I agree that privacy, cybersecurity standards, breach disclosure laws and codified penalties for breaches resulting from negligence should be passed or updated though. There is a lot that could be legislated to protect the consumer and businesses alike by toughening such laws.


Also increase prison time for identity theft and banking fraud, and generally improve the system for catching identity thieves.

Sounds good, but it probably wouldn't have too much effect. Most hackers are not based in the united states, and they are notoriously hard to catch wherever they are; the reality is the technological advantage is on their side, it is easy for them to remain hidden while carrying out attacks.


Oh and could we finally get away from our outdated credit card system? Magnetic strips, guys? Really?

Whats wrong with magnetic strips? the data needs to be transmitted from card to card processor somehow. Why should it matter if it is on a magnetic strip on on an RFID chip. Maybe RFID chips could be harder to counterfeit? but that is a temporary solution at best, where there is a will there is a way, and fraudsters will figure it out.

I think better algorithms for detecting fraud would be a good start for protecting consumers. Better partnerships between government and private industry would be useful as well.
 
2014-03-19 03:08:45 PM

Ivo Shandor: Zeeba Neighba: I have looked very closely at my magnetic strip and I can't distinguish ANY numbers or personal information on it therefore it must be secure!

You're secure as long as the criminals don't have any magnetic viewing paper.


Noooooo!

And they offer gift wrapping too??
 
2014-03-19 03:10:25 PM
2.images.spike.com
 
2014-03-19 03:11:43 PM
Just think, some people bought Bit Coin thinking it was more secure
 
2014-03-19 03:13:32 PM

Ivo Shandor: Zeeba Neighba: I have looked very closely at my magnetic strip and I can't distinguish ANY numbers or personal information on it therefore it must be secure!

You're secure as long as the criminals don't have any magnetic viewing paper.


I did not know that credit cards generate a magnetic field.
Credit cards, how do they work?
 
2014-03-19 03:13:47 PM
picard578.hostoi.com
Did somebody say Data breach?
 
2014-03-19 03:20:24 PM
What a Data breach may look like:

movies.trekcore.com
 
2014-03-19 03:21:26 PM
The breaches will stop when we disconnect Russia.
 
2014-03-19 03:22:27 PM

KidneyStone: Carn: Just got a letter in the mail that my credit card was one of the numbers that got taken in the Target mess and they're sending me a new one to be on the safe side.  It's probably going to get to the point where we just ought to switch numbers every single year.

My check card wears out every three or four months.  When i go to get a new one they say "do you want to keep the same number?" I just say no.  The first time I did it I needed a new card ASAFP and after seeing a few breaches it made a lot of sense to get a new number.  I have to update my Netflix account and that's about it.


For as much as I use my credit card, nearly every purchase I make, it manages to hold up really well.  I already had this card number stolen and a couple rogue purchases made, well about two numbers ago.  My bank (PNC) has an awesome no-fault fraud policy so I feel good that if it ever happens again they'll take care of it.  We better get used to these types of things.
 
2014-03-19 03:25:53 PM

Bith Set Me Up: What a Data breach may look like:

[movies.trekcore.com image 850x365]


Too slow.
 
2014-03-19 03:28:44 PM

Trashy: Damn that pasty skinned Brent Spiner..


Now everytime I hear Data Breach I'll think Android Fart.
 
2014-03-19 03:31:00 PM

ReverendJynxed: The breaches will stop when we disconnect Russia.


Absolutely.  I think the common setup is to send cousin Vladimir to run the local gas station and as he smiles he swipes numbers all day long.  Then the kin in Motherland use a handy system at Google (cousin Sergey) to process tons of $49.00 charges as the bank acts like its your fault.
 
2014-03-19 03:32:20 PM

Rhino_man: Bith Set Me Up: What a Data breach may look like:

[movies.trekcore.com image 850x365]

Too slow.


I don't care. It still seems appropriate.
 
2014-03-19 03:33:28 PM

Trashy: Damn that pasty skinned Brent Spiner..


And those horribly overpriced breaches he wears.
 
2014-03-19 03:40:28 PM
I WILL NOT ALLOW A NETWORKED COMPUTER ON MY BATTLESTAR.

scifimafia.com
 
2014-03-19 03:45:15 PM

manbart: Sounds good, but it probably wouldn't have too much effect. Most hackers are not based in the united states, and they are notoriously hard to catch wherever they are; the reality is the technological advantage is on their side, it is easy for them to remain hidden while carrying out attacks.


This is true, the data hackers themselves are often outside the US (someone said it best, this is a great excuse to simply firewall Russian and eastern European IPs - not that this works). But most US-based companies worth their salt will detect any fraudulent activities coming from those countries and those transactions will never happen.

But what I've noticed happens is the hackers end up selling your data to some low level criminal who does live in the US. And those transactions are easily traceable. Almost every single time someone has hit me with ID theft they've ended up purchasing something on a website like QVC. Finding that low level person person should be fairly easy to figure out by reverse engineering the purchase.

There are problems within the states however with actually finding and capturing the low level criminal within the US, things like transport, interstate policing, etc. This is mostly what I'm talking about. It would be nice if we had effective internet security so these breaches didn't happen constantly.
 
2014-03-19 03:48:32 PM

ZMugg: Ivo Shandor: Zeeba Neighba: I have looked very closely at my magnetic strip and I can't distinguish ANY numbers or personal information on it therefore it must be secure!

You're secure as long as the criminals don't have any magnetic viewing paper.

I did not know that credit cards generate a magnetic field.
Credit cards, how do they work?


My old boss in retail told a story about someone who had an eel skin wallet, and it turned out that it erased all the data on their credit cards somehow. Never did figure out if he was bullshiatting, but I thought it sounded semi plausible, like if it was a handmade wallet they picked up on vacation or something so they didn't know the exact source...

Who knows, though. He may have been full of it.
 
2014-03-19 03:57:09 PM

ladyfortuna: ZMugg: Ivo Shandor: Zeeba Neighba: I have looked very closely at my magnetic strip and I can't distinguish ANY numbers or personal information on it therefore it must be secure!

You're secure as long as the criminals don't have any magnetic viewing paper.

I did not know that credit cards generate a magnetic field.
Credit cards, how do they work?

My old boss in retail told a story about someone who had an eel skin wallet, and it turned out that it erased all the data on their credit cards somehow. Never did figure out if he was bullshiatting, but I thought it sounded semi plausible, like if it was a handmade wallet they picked up on vacation or something so they didn't know the exact source...

Who knows, though. He may have been full of it.


Did have magnets in it? I'm betting it had magnets in it. Either that or they passed it through an MRI machine.
 
2014-03-19 04:00:26 PM

ladyfortuna: My old boss in retail told a story about someone who had an eel skin wallet, and it turned out that it erased all the data on their credit cards somehow. Never did figure out if he was bullshiatting, but I thought it sounded semi plausible, like if it was a handmade wallet they picked up on vacation or something so they didn't know the exact source...


Probably true, but it was the magnetic clasp on the wallet which erased the cards rather than the eel skin itself.
 
2014-03-19 04:02:50 PM

monoski: Just think, some people bought Bit Coin thinking it was more secure


I invested in Zorkmids, myself. It isn't accepted as legal tender anywhere on the known planet, so even if someone robs me blind, I haven't actually lost anything.

www.thezorklibrary.comwww.thezorklibrary.com

/along that same line of thinking, my video collection only contains Ewe Boll movies, my shelves are filled with books by Dan Brown and Ayn Rand, my pantry is stocked with Keystone beer and Dinty Moore, my entire wardrobe is designed by Kanye West, and I'm typing this on an old HP Pavilion. It's a Zen style of materialism, in which even though I have a lot of stuff, I actually have a whole lot of nothing.
 
2014-03-19 04:08:15 PM

EdgeRunner: It's a Zen style of materialism, in which even though I have a lot of stuff, I actually have a whole lot of nothing.


It's kinda a keystone of stoic philosophy. Nothing you have matters because it can all go away in a fit of the same fortune by which you gained it. So do good acts while you can, because those cannot be taken away.
 
2014-03-19 04:09:01 PM

manbart: Whats wrong with magnetic strips? the data needs to be transmitted from card to card processor somehow. Why should it matter if it is on a magnetic strip on on an RFID chip.


The point of a smart card is that it has a private key which stays on the chip and generates digital signatures on a per-transaction basis. Snooping on the messages from one purchase does not* enable an attacker to charge anything else to that card

*Assuming a sufficiently bug-free design and implementation of the system
 
2014-03-19 05:01:40 PM

Acidicnads: I'm getting a kick here with my cash in my safe and my gun in my closet.

/you Bank whipped suckers


be right over
 
2014-03-19 05:04:40 PM

ZMugg: [upload.wikimedia.org image 850x421]
Meh, 4.68 potato of these can cover that.


At what point does the ink, paper, labor and transit to the bank become more expensive than the note?
serious question.  Pre war Germany could answer too.
Seen newsreels of wheel barrows of money and thinking, damn wheelbarrow is worth more than all that.
 
2014-03-19 05:24:46 PM

JC22: I WILL NOT ALLOW A NETWORKED COMPUTER ON MY BATTLESTAR.

[scifimafia.com image 601x301]


Funny how he changed his tune on that one after Gaeta networked the computers to figure out where the fleet misjumped to so they could go get Doc Caudill and save his life.
 
2014-03-19 05:27:39 PM
So, like an Obama Bailout, then?
 
2014-03-19 05:42:49 PM

bdub77: Maybe we could, you know, have some goddamn data privacy laws which require proper encryption and security standards.


Um....we do.  There are laws that set minimum security policies and requirements when handling PII (Personally identifyable information) or credit card/financial information.  The problem is not that these requirements aren't being met it's that, once met, no one really cares to maintain it or make sure they remain met. They buy the security software and set up the systems, but they don't update the software or have corporate policies educating people NOT to write down passwords or whatever else causes the security measures to be circumvented.

In the end it's rarely the systems or policies themselves that fail, but the people who use or are responsible for enforcing those systems and policies.
 
2014-03-19 06:25:59 PM
that sounds like a lot.
 
2014-03-19 11:32:29 PM

Ivo Shandor: ladyfortuna: My old boss in retail told a story about someone who had an eel skin wallet, and it turned out that it erased all the data on their credit cards somehow. Never did figure out if he was bullshiatting, but I thought it sounded semi plausible, like if it was a handmade wallet they picked up on vacation or something so they didn't know the exact source...

Probably true, but it was the magnetic clasp on the wallet which erased the cards rather than the eel skin itself.


That is a good point; he never mentioned if that were the case, but I could see it.
 
Displayed 44 of 44 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report