Episode 016: Credit Card Compromise

Music provided by: Denis Kreynin https://soundcloud.com/denis-kreynin

In brief EP016  was supposed to be a review of news articles but ended up being about credit card compromise as  there were a rash of high profile compromises.

There’s the Target breach (70 M): http://www.cbc.ca/news/business/target-data-hack-affected-70-million-people-1.2491431, and compromise analysis http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/

 Neiman Marcus (1.1 M 3 months undetected): http://www.nytimes.com/2014/01/24/business/neiman-marcus-breach-affected-1-1-million-cards.html

Chip & Pin (or evm) seems better and better but I am guessing the start-up cost is prohibitive since banks & CC companies only make billions a year in profit (http://www.bloomberg.com/news/2013-02-07/visa-profit-climbs-26-as-credit-card-spending-picks-up.html)  [I’m not talking crazy talk here]

And here’s one in Canada(700): http://www.theglobeandmail.com/technology/tech-news/hundreds-of-canadian-credit-cards-hacked-by-infected-terminals-firm-warns/article16785563/

 Maybe Kickstarter? : http://threatpost.com/kickstarter-compromised-user-data-stolen/104296

Lessons learned: http://www.darkreading.com/database/lessons-learned-from-4-major-data-breach/240164264


Subscribe to the ‘bugtraq’ security vulnerability mailing lists at http://www.securityfocus.com/

Here’s a funny video that I kept thinking about during the show as we kept discussing Chip & Pin. This comes courtesy of whomever illegally uploads copyrighted content from shows to YouTube.  But mostly it comes from the brilliant minds of Mitchell & Webb : http://www.youtube.com/watch?v=B80SyRmtbdI

UPDATE: Here’s a very good breakdown of direct costs to Target based on the compromise: http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data#p1

Yikes! forgot to add the reference video for the conference discussion on Chip and Pin being broken. see it at https://www.youtube.com/watch?v=JABJlvrZWbY

And we discussed the mag stripe track 1 and track 2 vaguely so here’s some details on that: http://money.howstuffworks.com/personal-finance/debt-management/credit-card2.htm

Leave a Comment